Threat Actor: Dark Angels Ransomware Group | Dark Angels Ransomware Group Victim: Nexperia | Nexperia Price: Not mentioned Exfiltrated Data Type: Various types of data including quality control data, client …
Tag: APPLE
Summary: Cybersecurity researchers have discovered a renewed cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.
Threat Actor: LightSpy …
Summary: This article discusses two sub-techniques that have been exploited by North Korean threat actors: TCC manipulation on Apple’s macOS and “phantom” DLL hijacking on Windows. These techniques allow hackers …
The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, …
Summary: Apple has updated its warning system to alert users when they may have been individually targeted by mercenary spyware threats, such as the surveillance tools developed by NSO Group.…
Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides …
Podcasts provide an easy and effective way to stay up to date on the threat intelligence landscape. They cover a wide range of topics, including insights into the most recent …
A hacker has confessed to orchestrating his own death to evade over $100,000 in child support payments to his ex-wife. Jesse …
Insikt Group examines a large-scale Russian-language cybercrime operation using fake Web3 gaming initiatives to distribute malware designed to steal information from both macOS and Windows users. These Web3 games, which …
Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal …
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023.
In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has …
____________________ Summary: A PhaaS campaign called “Darcula” has been targeting organizations in over 100 countries using more than 20,000 fake domains. The campaign utilizes unique tools and platforms to carry …
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
IntroductionOver the …
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of …
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers …
____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 🛡️: – The number …
____________________ Summary: Apple users are being targeted by a campaign that bombards them with phony password reset requests, leading to potential security risks.
Key Point 🚨 – Users are flooded …
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains
‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more …
____________________ Summary: Google fixed two zero-day vulnerabilities in Chrome exploited during Pwn2Own 2024.
Key Point: 🔒 CVE-2024-2887: High-severity type confusion weakness in WebAssembly. 🔒 CVE-2024-2886: Use-after-free weakness in WebCodecs API. …
I recently became aware of an awesome DNS Analysis tool called Validin which can be used to analyse malicious domains and show related infrastructure using DNS records.
This has been …
Article Summary:
🔍 Google’s new AI-powered ‘Search Generative Experience’ algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.…Summary: 🏆 Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 by demonstrating 29 zero-day vulnerabilities. 🎯 Various categories were targeted, including web browsers, cloud-native/container, virtualization, and automotive systems. 💰 …
**Summary:** — 🔍 Threat actors are targeting enterprise software and network infrastructure vulnerabilities at a higher rate, according to Recorded Future’s annual threat analysis report.
📈 The number of high-risk …
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.
Manfred Paul (@_manfp) earned a $100,000 award …
An unpatchable vulnerability in Apple’s M-series chips has been reported. The Apple M-series chip vulnerability could potentially leak secret encryption keys. This flaw, embedded deep within the architecture of the …
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks,…A team of seasoned bug hunter move that highlights the perceived inadequacy of bug bounty programs, s has announced their decision to sell exclusive, exploitable vulnerabilities directly to interested parties.. …
While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable …
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection …
TikTok once again finds itself in a precarious position as lawmakers in Washington move forward with a bill that could lead to a nationwide ban on the platform.
The House …
Mar 14, 2024NewsroomMalware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.…
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, …
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.
SmartScreen is a …
“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the …
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.…
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, …
Brave has seen a sharp increase in users installing its privacy-focused Brave Browser on iPhones after Apple introduced changes to adhere to the new European Digital Markets Act.
To comply …
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.
Tuta Mail is an open-source end-to-end encrypted email service with ten million users. …
Ever since the Internet became a commercial entity, hackers have been using it to impersonate businesses through a variety of clever means. And one of the most enduring of these …
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm by adding two such vulnerabilities in Apple’s iOS and iPad to its Known Exploited Vulnerabilities catalog. These vulnerabilities are …
In this article, we’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. We’ll take a classic approach to exploring Apple’s …
The US Justice Department has charged a former Google software engineer with stealing artificial intelligence-related trade secrets from the company, with an eye to using it at two AI-related firms …
Mar 08, 2024NewsroomInteroperability / Encryption
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) …
HP announced on Thursday that several of its business PCs now benefit from protection against quantum computer attacks thanks to a new security chip.
The tech giant said the 5th …
COMMENTARY
Artificial intelligence (AI) is challenging our preexisting ideas of what’s possible with technology. AI’s transformative potential could upend a variety of diverse tasks and business scenarios by applying computer …
The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade …
Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe that is striving to give consumers more choices — at the risk …
ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a …