Tag: MACOS

Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours – JPCERT/CC Eyes | JPCERT Coordination Center official Blog
Recent reports indicate unauthorized access in Japan, primarily using LinkedIn as an infection vector. The Lazarus attack group has been identified as responsible for these attacks, which have targeted organizations since 2019. Recommendations include restricting the use of social networking services on work devices. Affected: LinkedIn, Bitcoin.DMM.com…
Read More
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…
Read More
Summary: Amazon has issued a security advisory for two critical vulnerabilities (CVE-2025-0500 and CVE-2025-0501) affecting its native clients for Amazon WorkSpaces, AppStream 2.0, and DCV, with a CVSSv4 score of 7.7. These vulnerabilities could enable attackers to execute man-in-the-middle (MITM) attacks, potentially granting unauthorized access to remote sessions.…
Read More
In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0 
Summary: This week’s cybersecurity news roundup highlights significant developments in the field, including new tools, vulnerabilities, and legal actions involving major companies. Key stories include the launch of MITRE’s D3FEND 1.0, a phishing campaign targeting CrowdStrike, and various lawsuits related to data breaches. The roundup emphasizes the evolving landscape of cyber threats and the ongoing efforts to enhance security measures.…
Read More
Google Releases Open Source Library for Software Composition Analysis
Summary: Google has released OSV-SCALIBR, an open-source library for software composition analysis, designed to identify vulnerabilities and manage software inventory. This tool can be utilized as a standalone binary or integrated into Go projects, supporting various operating systems and programming languages. It aims to enhance security by generating software bills of materials (SBOMs) and providing vulnerability scanning capabilities.…
Read More
Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights
The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…
Read More

In recent months, Indonesia has found itself at the center of two significant global cyber threats, highlighting the growing sophistication and reach of state-sponsored and financially motivated hacking groups. These incidents underscore the importance of cybersecurity vigilance in the face of increasingly complex attacks.

FBI Disrupts PlugX Malware Campaign Affecting Indonesia

The U.S.…

Read More
JustJoin Landing Page Linked to Suspected DPRK Activity Resurfaces
This report discusses the identification of a server linked to TA444/BlueNoroff, which employs deceptive domains related to virtual meeting platforms like Zoom for phishing and malware delivery. The analysis reveals a network of domains and shared SSH keys, indicating coordinated infrastructure. Affected: IP address, domain

Keypoints :

Hunt researchers identified a server with HTTP response headers linked to DPRK-related activity.…
Read More
North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks
Summary: North Korea’s Lazarus group has initiated a new campaign, dubbed Operation 99, targeting software developers through deceptive job postings on LinkedIn. The attackers lure victims into downloading malicious Git repositories that steal sensitive data, including source code and cryptocurrency. This sophisticated operation showcases the group’s evolving tactics, including the use of AI-generated profiles to enhance credibility and deception.…
Read More
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Summary: The Lazarus Group, linked to North Korea, has launched a new cyber attack campaign known as Operation 99, targeting software developers in the Web3 and cryptocurrency sectors. The campaign employs fake recruiters on platforms like LinkedIn to lure victims into cloning malicious GitLab repositories, ultimately embedding malware in their environments.…
Read More
Google Releases Open Source Library for Software Composition Analysis
Summary: Nvidia, Zoom, and Zyxel have released critical patches for multiple high-severity vulnerabilities affecting their products, urging users to update immediately. Nvidia’s vulnerabilities could allow for code execution and privilege escalation, while Zoom’s flaw could enable privilege escalation for authenticated attackers. Zyxel addressed an improper privilege management issue that could allow limited users to gain admin rights on certain devices.…
Read More
Chrome 132 Patches 16 Vulnerabilities
Summary: Google has released Chrome 132, addressing 16 security vulnerabilities, including 13 reported by external researchers. Among these, five high-severity flaws were identified, leading to significant bug bounty rewards for the researchers involved. Users are encouraged to update their browsers promptly to mitigate potential risks.

Threat Actor: N/A | N/A Victim: Google Chrome Users | Google Chrome Users

Keypoints :

Chrome 132 includes 16 security fixes, with five high-severity vulnerabilities addressed.…
Read More
Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT
January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…
Read More
Apple Bug Allows Root Protections Bypass Without Physical Access
Summary: Cyber defenders are urged to update macOS systems to address a critical vulnerability (CVE-2024-44243) that compromises the operating system’s security. This flaw allows threat actors to bypass System Integrity Protection (SIP), potentially leading to severe malware installations without physical access.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

Vulnerability allows bypassing of macOS System Integrity Protection (SIP).…
Read More
Adobe: Critical Code Execution Flaws in Photoshop
Summary: Adobe has released critical security updates for multiple products, addressing vulnerabilities that could allow remote code execution by malicious hackers. The updates affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and Substance 3D Designer.

Threat Actor: Malicious Hackers | malicious hackers Victim: Adobe | Adobe

Key Point :

Adobe Photoshop update addresses two critical arbitrary code execution vulnerabilities (CVE-2025-21127 and CVE-2025-21122).…
Read More
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Summary: Microsoft has revealed a security vulnerability in Apple macOS that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. The flaw, identified as CVE-2024-44243, has been patched in macOS Sequoia 15.2.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

The vulnerability allows attackers running as “root” to bypass SIP protections.…
Read More
The Feed 2025, 01, 14
A summary of recent cybersecurity threats including ransomware targeting AWS S3 buckets, a macOS vulnerability allowing SIP bypass, a cyber espionage campaign linked to Russia, and exploitation of a critical RCE vulnerability in Aviatrix Controller. Affected: AWS, macOS, Aviatrix, Microsoft Office

Keypoints :

Codefinger ransomware targets Amazon S3 buckets using SSE-C.…
Read More
Critical Vulnerabilities in SimpleHelp Remote Support Software
A recent security audit of SimpleHelp revealed three critical vulnerabilities that could compromise both the server and client machines. These vulnerabilities include unauthenticated path traversal, arbitrary file upload leading to remote code execution, and privilege escalation from technician to admin. SimpleHelp has since patched these vulnerabilities, and users are urged to upgrade to the latest versions.…
Read More