Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
Chinese hacking group Evasive Panda compromises ISP to push malware, targeting companies through DNS poisoning and insecure update mechanisms.
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
BIND updates fix high-severity DoS bugs in the DNS software suite
The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.
Windows 10 gets three more years of security updates, if you can afford them | Ars Technica
Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure. As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.
ClearFake Malware Analysis | malware-analysis
There are several malicious fake updates campaigns being run across thousands of compromised websites. Here I will walk through one with a pattern that doesn’t match with others I’ve been tracking. This campaign appears to have started around July 19th, 2023. Based on a search on PublicWWW of the injection base64 there are at least 434 infected sites. I’m calling this one ClearFake until I see a previously used name for it. The name is a reference to the majority of the Javascript being used without obfuscation. I say majority because base64 is used three times. That’s it. All the variable names are in the clear, no obfuscation on them. One noticeable difference from SocGholish is that there appears to be no tracking of visits by IP or cookies. As an analyst you can you go back to the compromised site over and over coming from the same IP and not clearing your browser cache. This also means the site owner is more likely to see the infection as well.
Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes
Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
Apple launches major security updates around the world
Apple has launched its recent major security updates to the whole world.
Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company
Expected in Ventura 13.1 is a new lightweight system for applying security patches. This article explains how it uses cryptexes, already being used in macOS 13.
Last Week on My Mac: Home truths about macOS
True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
Apple launches major security updates around the world
Apple has launched its recent major security updates to the whole world.
Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company
Expected in Ventura 13.1 is a new lightweight system for applying security patches. This article explains how it uses cryptexes, already being used in macOS 13.
Last Week on My Mac: Home truths about macOS
True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.