Tag: APPLE

The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
Banshee stealer evades detection using Apple XProtect encryption algo
Summary: A new variant of the Banshee info-stealing malware for macOS has been evading detection by utilizing string encryption techniques similar to those used by Apple’s XProtect. This malware, which targets sensitive data from macOS users, has continued to spread through deceptive methods despite the original operation being shut down after its source code was leaked.…
Read More
Apple says it does not use Siri audio for advertising
Summary: Apple has reiterated its commitment to user privacy, stating that it does not use Siri audio for marketing or advertising purposes. This clarification follows a $95 million settlement related to allegations of Siri audio being shared with third parties for targeted advertising.

Threat Actor: N/A | N/A Victim: iPhone owners | iPhone owners

Key Point :

Apple confirms that Siri data has never been used for marketing profiles or advertising.…
Read More
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Summary: A new variant of the macOS-focused Banshee Stealer malware has emerged, utilizing advanced encryption techniques to evade detection and posing a significant threat to macOS users worldwide. This iteration, which has been detected since late September 2024, is distributed through phishing websites and fake software repositories.…
Read More
GFI KerioControl Firewall Vulnerability Exploited in the Wild
Summary: Threat actors are exploiting a recently disclosed vulnerability in GFI KerioControl firewalls, allowing for one-click remote code execution (RCE) via HTTP response splitting attacks. This flaw, tracked as CVE-2024-52875, has been deemed high severity due to its potential impact on network security.

Threat Actor: Unknown | unknown Victim: GFI KerioControl users | GFI KerioControl

Key Point :

The vulnerability allows attackers to perform HTTP response splitting, leading to reflected cross-site scripting (XSS) and RCE.…
Read More
The Feed 2025-01-09
This article explores various cyber threats, including voice phishing by the “Crypto Chameleon” group, exploitation of vulnerabilities in Kerio Control and Ivanti Connect Secure VPN, and North Korean hackers targeting cryptocurrency wallets through fake job interviews. The rise of ransomware among state-sponsored APT groups is also highlighted, indicating a troubling trend in modern cyber threats.…
Read More
Multiple vulnerabilities in Ivanti products could lead to remote code execution. The most critical vulnerability affects Ivanti Connect Secure, with active exploitation reported. Affected: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways

Keypoints :

Multiple vulnerabilities discovered in Ivanti products. Most severe vulnerability allows for remote code execution.…
Read More
Washington Attorney General Sues T-Mobile Over 2021 Data Breach
Summary: Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a significant data breach in 2021 that compromised the personal information of millions. The lawsuit claims T-Mobile failed to implement adequate security measures and misled customers about the breach’s severity.

Threat Actor: John Binns | John Binns Victim: T-Mobile | T-Mobile

Key Point :

The 2021 breach affected over 76.6 million individuals, including more than 2 million Washington residents.…
Read More

The video discusses a new vulnerability that was revealed in the Common Unix Printing System (CUPS), particularly affecting network printers on Linux systems. Alex Lyn joins Darren Kitchen to explore this remote code execution (RCE) exploit and demonstrate some of its implications, including how malicious printers can potentially compromise systems on the same network.…
Read More

Summary: Recent developments in cybersecurity reveal significant vulnerabilities in trusted software like browser extensions and voice assistants, exposing sensitive user data to malicious actors. This week’s focus highlights the ongoing risks associated with digital convenience and the importance of vigilance in online activities.

Threat Actor: Flax Typhoon (Chinese state-sponsored) | Flax Typhoon Victim: Cyberhaven | Cyberhaven

Key Point :

Dozens of Google Chrome extensions were found stealing sensitive data from 2.6 million devices.…
Read More

Summary: A new Android malware called ‘FireScam’ is being distributed as a fake premium version of the Telegram app through phishing sites that imitate RuStore, Russia’s app marketplace. This malware is designed to steal user credentials and sensitive information while employing advanced evasion techniques.

Threat Actor: Unknown | FireScam Victim: Android users | Telegram

Key Point :

FireScam is delivered via a dropper module that installs the main malware payload while evading detection.…
Read More

Summary: Researchers from Korea University have introduced “SysBumps,” a groundbreaking attack that successfully breaks Kernel Address Space Layout Randomization (KASLR) on macOS systems using Apple Silicon. This vulnerability exposes critical kernel memory addresses, posing significant risks to macOS users despite Apple’s enhanced security measures.

Threat Actor: Unprivileged attackers | unprivileged attackers Victim: macOS users | macOS users

Key Point :

SysBumps exploits speculative execution vulnerabilities in macOS system calls.…
Read More

This article outlines critical vulnerabilities affecting various software products, including Citrix, Cisco, Fortinet, and Microsoft. Threat actors are exploiting these vulnerabilities, such as CVE-2023-3519 and CVE-2023-34362, to gain unauthorized access and execute malicious activities. Regular updates and security patches are essential to mitigate these risks. #CyberSecurity #VulnerabilityManagement #ThreatIntelligence

Keypoints :

Multiple critical vulnerabilities identified across various software products.…
Read More

Summary: Over three million POP3 and IMAP mail servers are exposed on the Internet without TLS encryption, making them vulnerable to network sniffing attacks. Shadowserver has suspended its TLS reports due to potential false positives while notifying mail server operators of these risks.

Threat Actor: Shadowserver | Shadowserver Victim: Mail Server Operators | mail server operators

Key Point :

3.3 million hosts are running POP3/IMAP services without TLS, exposing usernames and passwords in plain text.…
Read More

Summary: Apple has reached a $95 million settlement in a class action lawsuit concerning allegations that Siri unintentionally recorded conversations. The lawsuit claims that this feature led to unauthorized recordings and targeted advertising based on private discussions.

Threat Actor: Apple Inc. | Apple Inc. Victim: Mobile device owners | mobile device owners

Key Point :

Settlement covers the period from Sept.…
Read More

Summary: Apple has agreed to a $95 million settlement over allegations that its Siri assistant recorded private conversations and shared them without user consent. The lawsuit claims this led to targeted advertising based on sensitive discussions inadvertently captured by Siri.

Threat Actor: Apple Inc. | Apple Victim: Users of Siri-enabled devices | Siri users

Key Point :

Settlement covers all U.S.…
Read More

### #SiriPrivacySettlement #AppleLawsuit #VoiceAssistantConcerns

Summary: Apple has agreed to a $95 million settlement in a class action lawsuit over privacy violations related to its Siri voice assistant. The lawsuit accused Apple of improperly collecting and sharing users’ private voice communications without consent.

Threat Actor: Apple Inc.…

Read More