APPLE – Cybersecurity News Everyday

The top 10 brands exploited in phishing attacks – and how to protect yourself | ZDNET

January 26, 2025 admin

Summary: Cybercriminals are increasingly using phishing attacks that spoof well-known brands to deceive users into revealing sensitive information. A recent report from Check Point Research identifies the most commonly spoofed brands and highlights the need for vigilance against these threats. Key brands targeted include Microsoft, Apple, and Google, with specific campaigns impersonating services like PayPal and Facebook.…

Cyber Security News

Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers

January 24, 2025January 25, 2025 CybersecurityNews

Summary: A recent survey by Omdia reveals that phishing scams are the primary security threat for smartphone users, with 24% of respondents reporting they have fallen victim to such attacks. The survey highlights the inadequacies of current smartphone protections against phishing, despite advancements in device security.…

Cyber Security News

The Security Risk of Rampant Shadow AI

January 23, 2025January 25, 2025 CybersecurityNews

Summary: The rise of artificial intelligence (AI) has introduced the concept of shadow AI, where employees use AI tools outside of corporate governance, leading to significant security risks. Organizations, particularly in sensitive sectors like finance and healthcare, are struggling to enforce bans on these tools, which often result in the exposure of sensitive data.…

Cyber Security News

Fake Homebrew Google ads target Mac users with malware

January 22, 2025January 25, 2025 CybersecurityNews

Summary: Hackers are exploiting Google ads to distribute malware through a counterfeit Homebrew website, targeting Mac and Linux users with an infostealer known as AmosStealer. This malware is designed to extract sensitive information, including credentials and cryptocurrency wallets. Security experts warn users to be cautious of sponsored ads and to verify the legitimacy of websites before downloading software.…

Cyber Security News

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

January 22, 2025 CybersecurityNews

Summary: A critical vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users’ systems when extracting malicious files from nested archives. This flaw, tracked as CVE-2025-0411, has been patched, but many users may still be vulnerable due to the lack of an auto-update feature.…

Cyber Security News

Phishing Attacks Are the Most Common Smartphone Security Issue for Consumers

January 21, 2025January 25, 2025 CybersecurityNews

Summary: A recent consumer survey highlights that phishing attacks are the most prevalent security concern among smartphone users, followed by malware and physical theft. Testing reveals that while Samsung S24 excels in anti-phishing protection, other premium devices, including the iPhone 16 Pro, lack adequate security features.…

Trash

Weekly Cybersecurity Roundup: January 13, 2025 – January 19, 2025

January 20, 2025January 20, 2025 iocOne

A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…

Cyber Security News

TikTok shuts down in the US as Trump throws the company a lifeline

January 20, 2025 CybersecurityNews

Summary: TikTok has been banned in the U.S. following a Supreme Court decision due to national security concerns, with the app displaying a message to users about its unavailability. However, former President Trump announced plans to issue an executive order to extend the ban’s enforcement period, allowing TikTok time to find a U.S.…

Trash

10 Most Historic Cyber Attacks That Changed the Internet World

January 19, 2025January 20, 2025 iocOne

This article discusses the evolution of cyber warfare through historical cyberattacks, emphasizing the importance of cybersecurity in the digital age. It highlights ten significant cyber incidents that have shaped our understanding of digital security, the lessons learned, and the ongoing threats organizations face today. Affected: organizations, government, healthcare, energy, transportation, technology sector

Keypoints :

Cyberattacks are malicious attempts to steal, damage, or disrupt computer systems and data.…

Cyber Security News

TikTok Says It Will ‘Go Dark’ Unless It Gets Clarity From Biden Following Supreme Court Ruling

January 18, 2025 SecurityWeek

Summary: TikTok faces a potential shutdown in the U.S. after the Supreme Court upheld a law banning the app unless it is sold by its Chinese parent company, ByteDance. The ruling emphasizes national security concerns over the app’s ties to China, which could compromise user data and content manipulation.…

Cyber Attack

In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0

January 18, 2025January 25, 2025 SecurityWeek

Summary: This week’s cybersecurity news roundup highlights significant developments in the field, including new tools, vulnerabilities, and legal actions involving major companies. Key stories include the launch of MITRE’s D3FEND 1.0, a phishing campaign targeting CrowdStrike, and various lawsuits related to data breaches. The roundup emphasizes the evolving landscape of cyber threats and the ongoing efforts to enhance security measures.…

Cyber Security News

Attackers Hijack Google Advertiser Accounts to Spread Malware

January 16, 2025January 25, 2025 DarkReading

Summary: Multiple threat actors are impersonating Google Ads login pages to deceive advertisers into revealing their credentials. This sophisticated malvertising campaign has led to the hijacking of accounts, which are then used to distribute malicious advertisements and malware. Researchers have labeled this operation as one of the most egregious malvertising campaigns ever tracked, affecting thousands of customers globally.…

Cyber Attack

New macOS PoC Exploit for CVE-2024-54498 Breaks Sandbox Security

January 16, 2025January 25, 2025 Cyware

Summary: A security researcher has disclosed a proof of concept exploit for CVE-2024-54498, a high-severity vulnerability that allows applications to escape the macOS Sandbox. This flaw could enable malicious actors to access sensitive user data, posing significant risks to users who have not updated their systems.…

Cyber Security News

Apple Bug Allows Root Protections Bypass Without Physical Access

January 15, 2025January 25, 2025 DarkReading

Summary: Cyber defenders are urged to update macOS systems to address a critical vulnerability (CVE-2024-44243) that compromises the operating system’s security. This flaw allows threat actors to bypass System Integrity Protection (SIP), potentially leading to severe malware installations without physical access.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

Vulnerability allows bypassing of macOS System Integrity Protection (SIP).…

Cyber Security News

Adobe: Critical Code Execution Flaws in Photoshop

January 15, 2025 SecurityWeek

Summary: Adobe has released critical security updates for multiple products, addressing vulnerabilities that could allow remote code execution by malicious hackers. The updates affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and Substance 3D Designer.

Threat Actor: Malicious Hackers | malicious hackers Victim: Adobe | Adobe

Key Point :

Adobe Photoshop update addresses two critical arbitrary code execution vulnerabilities (CVE-2025-21127 and CVE-2025-21122).…

Cyber Security News

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

January 15, 2025 TheHackerNews

Summary: Microsoft has revealed a security vulnerability in Apple macOS that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. The flaw, identified as CVE-2024-44243, has been patched in macOS Sequoia 15.2.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

The vulnerability allows attackers running as “root” to bypass SIP protections.…

Cyber Attack

New Startups Focus on Deepfakes, Data-in-Motion & Model Security

January 14, 2025January 25, 2025 DarkReading

Summary: In 2024, early growth startups faced challenges in securing capital, yet there was a surge in investments focused on data and AI security, particularly addressing deepfakes and disinformation. The landscape saw significant developments in monitoring technologies and data leakage concerns, prompting a shift in how organizations approach cybersecurity.…

Threat Research

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

January 14, 2025 Unit42

This article discusses the proactive detection of cyber threats through automated pivoting on known indicators, showcasing three case studies involving phishing campaigns. It highlights the use of a graph neural network (GNN) to uncover new malicious domains and emphasizes the importance of continuous monitoring of threat actors’ evolving indicators.…

Cyber Security News

Microsoft: macOS bug lets hackers install malicious kernel drivers

January 14, 2025 BleepingComputer

Summary: Apple has patched a critical macOS vulnerability (CVE-2024-44243) that allowed local attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw could lead to severe security risks, including the installation of rootkits and unauthorized access to user data.

Threat Actor: Local attackers | local attackers Victim: macOS users | macOS users

Key Point :

Vulnerability allows bypassing SIP without physical access to the device.…

Tag: APPLE