macOS

Clever macOS malware delivery campaign targets cryptocurrency users

Clever macOS malware delivery campaign targets cryptocurrency users 2024-06-19 at 14:16 By Zeljka Zorz Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorder Future’s researchers are warning. The threat actor behind this complex scheme is going after both Windows and Mac users, and leverages social media and messaging […]

Clever macOS malware delivery campaign targets cryptocurrency users Read More »

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers 2024-05-15 at 18:31 By Ionut Arghire Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software. The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers Read More »

Apple backports iOS zero-day patch, adds Bluetooth tracker alert

Apple backports iOS zero-day patch, adds Bluetooth tracker alert 2024-05-14 at 16:32 By Zeljka Zorz Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has

Apple backports iOS zero-day patch, adds Bluetooth tracker alert Read More »

Attackers leverage weaponized iMessages, new phishing-as-a-service platform

Attackers leverage weaponized iMessages, new phishing-as-a-service platform 2024-03-27 at 12:31 By Zeljka Zorz Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial institutions, government

Attackers leverage weaponized iMessages, new phishing-as-a-service platform Read More »

Lynis: Open-source security auditing tool

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

Lynis: Open-source security auditing tool Read More »

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate 2024-03-15 at 13:10 By Kevin Townsend Red Canary’s 2024 Threat Detection Report is based on analysis of almost 60,000 threats across 216 petabytes of telemetry from over 1,000 customers’ endpoints. The post Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate appeared

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »

Apple Patches WebKit Flaws Exploited on Older iPhones

Apple Patches WebKit Flaws Exploited on Older iPhones 30/11/2023 at 23:02 By Ryan Naraine Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Apple Patches WebKit Flaws Exploited on Older iPhones Read More »

New MacOS Malware Linked to North Korean Hackers

New MacOS Malware Linked to North Korean Hackers 07/11/2023 at 18:04 By Kevin Townsend New macOS malware, tracked by Jamf as ObjCShellz, is likely being used by North Korean hackers to target crypto exchanges The post New MacOS Malware Linked to North Korean Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

New MacOS Malware Linked to North Korean Hackers Read More »

KandyKorn macOS malware lobbed at blockchain engineers

KandyKorn macOS malware lobbed at blockchain engineers 03/11/2023 at 15:46 By Helga Labus North Korean hackers are using novel MacOS malware named KandyKorn to target blockchain engineers of a cryptocurrency exchange platform. The attack By impersonating blockchain engineering community members on Discord, the attackers used social engineering techniques to make victims download a malicious ZIP

KandyKorn macOS malware lobbed at blockchain engineers Read More »

From Windows 9x to 11: Tracing Microsoft’s security evolution

From Windows 9x to 11: Tracing Microsoft’s security evolution 31/10/2023 at 09:01 By Mirko Zorz Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex

From Windows 9x to 11: Tracing Microsoft’s security evolution Read More »

Apple news: iLeakage attack, MAC address leakage bug

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

Apple news: iLeakage attack, MAC address leakage bug Read More »

Apple Ships Major iOS, macOS Security Updates

Apple Ships Major iOS, macOS Security Updates 25/10/2023 at 23:01 By Ryan Naraine Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. The post Apple Ships Major iOS, macOS Security Updates appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Apple Ships Major iOS, macOS Security Updates Read More »

macOS 14 Sonoma Patches 60 Vulnerabilities

macOS 14 Sonoma Patches 60 Vulnerabilities 27/09/2023 at 15:30 By Eduard Kovacs macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities. The post macOS 14 Sonoma Patches 60 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

macOS 14 Sonoma Patches 60 Vulnerabilities Read More »

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones 22/09/2023 at 13:19 By Zeljka Zorz Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citizen Lab at The University of Toronto’s Munk

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones Read More »

MetaStealer malware is targeting enterprise macOS users

MetaStealer malware is targeting enterprise macOS users 13/09/2023 at 14:32 By Helga Labus Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS presentation).dmg and

MetaStealer malware is targeting enterprise macOS users Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »

MacOS malware has a new trick up its sleeve

MacOS malware has a new trick up its sleeve 07/09/2023 at 15:02 By Helga Labus A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April

MacOS malware has a new trick up its sleeve Read More »

Scroll to Top