Search cyberveille.decio.ch

Found 328 bookmarks

Custom sorting

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple * The payload is a new version of the recent Atomic Stealer for OSX

#malwarebytes #EN #2023 #macos #AtomicStealer #stealer #tradingview

·malwarebytes.com·Sep 7, 2023

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Is macOS’s new XProtect behavioural security preparing to go live?

Apple released its first update to its new behavioural security protection in XProtect Behaviour Service on 8 August, and again on 1 September. Here are the details.

#eclecticlight #EN #2023 #macOS #XProtect #Behaviour #Service

·eclecticlight.co·Sep 4, 2023

Is macOS’s new XProtect behavioural security preparing to go live?

How NightOwl for Mac Added a Botnet

NightOwl was supposed to make Macs work in dark mode. After a recent update, one developer discovered it was siphoning users’ data through a botnet.

#gizmodo #EN #2023 #macOS #App-Store #NightOwl

·gizmodo.com·Aug 31, 2023

How NightOwl for Mac Added a Botnet

macOS 0day: App Management

App Management is a new macOS security feature in Ventura introduced at WWDC last year: If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps. Clicking on the notification sends people to System Settings, where they can allow an app to update and modify other apps.

#lapcatsoftware #EN #2023 #macOS #0-day #AppManagement

·lapcatsoftware.com·Aug 22, 2023

macOS 0day: App Management

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

#sentinelone #EN #2023 #XLoader #macOS #dropper #payload

·sentinelone.com·Aug 22, 2023

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Mac systems turned into proxy exit nodes by AdLoad

AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.

#ATT #Alien #AT&T-Alien-Labs #EN #2023 #macOS #AdLoad

·cybersecurity.att.com·Aug 14, 2023

Mac systems turned into proxy exit nodes by AdLoad

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.

#wired #EN #2023 #Apple #macOS #Task-Manager #PatrickWardle #bypass

·wired.com·Aug 14, 2023

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.

#sentinelone #EN #2023 #Apple #Crimeware #Rust #Infostealer #Campaign #macOS #Sonoma

·sentinelone.com·Jul 31, 2023

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

ShadowVault is the latest Mac data-stealer malware, reportedly

ShadowVault data stealer Mac malware made headlines in the Apple press this week. Here is what we know about it so far.

#intego #EN #2023 #macOS #ShadowVault #Mac #malware

·intego.com·Jul 14, 2023

ShadowVault is the latest Mac data-stealer malware, reportedly

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both.

#talosintelligence #EN #2023 #MSRPC #macOS #VMWare #vCenter #vulnerabilities

·blog.talosintelligence.com·Jul 14, 2023

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #CVE-2023-37450 #Apple #iOS #iPad #iPhone #Mac #macOS #Rapid-Security-Response #Zero-Day

·bleepingcomputer.com·Jul 12, 2023

Apple releases emergency update to fix zero-day exploited in attacks

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

#sentinelone #EN #2023 #BlueNoroff #DPRK #macOS #RustBucket #Evade #analysis

·sentinelone.com·Jul 5, 2023

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -

Emerging Threat! Exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

#elastic.co #EN #2023 #JOKERSPY #macOS #Python #backdoor

·elastic.co·Jun 22, 2023

Emerging Threat! Exposing JOKERSPY

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

#bitdefender #EN #2023 #macOS #malware #Cross-Platform #Backdoor

·bitdefender.com·Jun 22, 2023

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

#Cloudsek #EN #2022 #malware #macOS #Gimmick #C2

·cloudsek.com·May 27, 2022

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

Exploiting an Unbounded memcpy in Parallels Desktop

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

#ret2 #EN #2022 #macOS #Parallels #Pwn2Own #escape #exploit #VM #vulnerability #research #reverseengineering #binary-exploitation #program-analysis

·blog.ret2.io·May 20, 2022

Exploiting an Unbounded memcpy in Parallels Desktop

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

#darkreading #macOS #EN #2022 #bugs #Apple #vulnerabilities #Fitzl #XCSSET

·darkreading.com·May 12, 2022

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

MacOS Two-machine Kernel Debugging

Diverto is an information security company. We provide consulting and managed services.

#MacOS #diverto #2022 #EN #howto #kernel #Debugging

·diverto.hr·May 6, 2022

MacOS Two-machine Kernel Debugging

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems

While Mac enterprise networks are not as common as Windows, and subject to less targeting by adversaries, recent CrowdStrike Falcon Overwatch observations shed light on sophisticated tactics, techniques and procedures (TTPs) targeting Mac environments.

#crowdstrike #2018 #EN #Mac #macos #tactics #TTP #Intrusion

·crowdstrike.com·Apr 28, 2022

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems

Increased Enterprise Use of iOS, Mac Means More Malware

As use of Apple devices has grown in the enterprise, the company has increasingly become a target for malware threats and other attacks. ISMG spoke with experts and

#Apple #iOS #macOS #MDM #malware-threats #bankinfosecurity #EN #2022 #entreprise

·bankinfosecurity.com·Apr 16, 2022

Increased Enterprise Use of iOS, Mac Means More Malware

Analyzing a watering hole campaign using macOS exploits

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.

#macOS #EN #google #wateringhole #exploit #CVE-2021-30869

·blog.google·Feb 15, 2022

Analyzing a watering hole campaign using macOS exploits

Why is the Zoom app listening on my microphone...

I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?

#zoom #EN #macOS #bug #microphone

·community.zoom.com·Feb 13, 2022

Why is the Zoom app listening on my microphone...

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device

#Microsoft #en #2023 #research #vulnerability #macOS #Migraine #bypass #SIP

·microsoft.com·Jun 4, 2023

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #Apple #iOS #iPhone #Mac #macOS #WebKit #Zero-Day

·bleepingcomputer.com·May 23, 2023

Apple fixes three new zero-days exploited to hack iPhones, Macs

How macOS now tracks the provenance of apps

Which extended attributes are attached to downloaded archives and apps? How do they fit in with provenance tracking?

#eclecticlight #EN #2023 #macOS #attributes #how #provenance #tracking

·eclecticlight.co·May 10, 2023

How macOS now tracks the provenance of apps

Snake: Coming soon in Mac OS X flavour – Fox-IT International blog

Summary Snake, also known as Turla, Uroburos and Agent.BTZ, is a relatively complex malware framework used for targeted attacks. Over the past year Fox-IT has been involved in multiple incident response cases where the Snake framework was used to steal sensitive information. Targets include government institutions, military and large corporates. Researchers who have previously analyzed…

#fox-it #2017 #EN #Snake #Turla #Uroburos #malware #framework #macos #OSX

·blog.fox-it.com·May 10, 2023

Snake: Coming soon in Mac OS X flavour – Fox-IT International blog

CVE-2023-25394 - VideoStream Local Privilege Escalation

Videostream is a user-friendly wireless application designed to stream videos, music, and images to Google Chromecast devices. Boasting simplicity and reliability, this app enables you to wirelessly play any local video file with a single click. Videostream even transcodes audio and video from incompatible files into Chromecast-supported formats. With over 5 million installations, Videostream has made its mark in the streaming industry. This figure was obtained from their official website (https://getvideostream.com), while the Chrome app store lists 900,000+ users.

#danrevah #EN #2023 #VideoStream #LPE #CVE-2023-25394 #macOS

·danrevah.github.io·May 8, 2023

CVE-2023-25394 - VideoStream Local Privilege Escalation

Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram

A macOS infostealer being sold on Telegram, Atomic Stealer has a second variant that appears primed to target users directly on YouTube.

#sentinelone #EN #2023 #macos #infostealer #Telegram #Atomic-Stealer #Malware #YouTube

·sentinelone.com·May 4, 2023

Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram