Tag: MACOS

### #Web3Security #MeetenMalware #CryptoTheft

Summary: Cybercriminals are exploiting the Web3 sector by using fake business meetings to distribute malware that targets cryptocurrency assets. Dubbed “Meeten,” this campaign employs sophisticated social engineering tactics to lure victims into downloading malicious software.

Threat Actor: Cybercriminals | Meeten Victim: Individuals in Web3 | Web3 professionals

Key Point :

The “Meeten” campaign uses fraudulent video conferencing software to distribute Realst stealer malware targeting both Windows and macOS systems.…
Read More

### #IndustrialAutomation #HMIExploits #SCADAThreats

Summary: Researchers have identified critical vulnerabilities in mySCADA’s myPRO software that could allow remote attackers to gain unauthorized access to critical infrastructure. The vulnerabilities pose significant risks due to the software’s widespread use in industrial sectors and its compatibility with various operating systems.…

Read More

### #BansheeStealer #MalwareLeak #MacOSThreats

Summary: The source code for the macOS malware Banshee Stealer has been leaked and published on GitHub, leading to the shutdown of its operations by its developers. This malware, which targeted sensitive data, was previously promoted by Russian hackers.

Threat Actor: Russian hackers | Russian hackers Victim: Banshee Stealer users | Banshee Stealer users

Key Point :

Source code for Banshee Stealer was leaked and published by VXunderground on GitHub.…
Read More

### #MacOSMalware #BANSHEEStealer #MaaSThreats

Summary: In August 2024, Russian hackers released BANSHEE Stealer, a macOS malware designed to steal sensitive data from browsers and cryptocurrency wallets. The malware’s source code was later leaked, leading to the shutdown of its operations.

Threat Actor: Russian Hackers | Russian Hackers Victim: macOS Users | macOS Users

Key Point :

BANSHEE Stealer targets both x86_64 and ARM64 architectures, capable of stealing data from nine different browsers.…
Read More

### #MallocStackLoggingExploit #LocalPrivilegeEscalation #AppleVulnerability

Summary: A critical vulnerability in Apple’s MallocStackLogging framework allows attackers to achieve local privilege escalation on macOS systems, posing a significant security risk. Despite Apple’s mitigations, the flaw can be exploited through clever manipulation of log file writes.

Threat Actor: Unknown | Unknown Victim: Apple | Apple

Key Point :

The vulnerability, designated CVE-2023-32428, has a CVSS score of 7.8, indicating high severity.…
Read More
Summary: The discovery of the malicious NPM package “jest-fet-mock” highlights an innovative supply chain attack that utilizes Ethereum smart contracts for command-and-control operations. This cross-platform malware targets development environments by impersonating legitimate testing utilities, showcasing a new method of leveraging blockchain technology in cyber attacks. #SupplyChainAttack #BlockchainMalware #NPMThreatKeypoints: First observed instance of malware utilizing Ethereum smart contracts for C2 server address distribution in the NPM ecosystem.…
Read More

### #AppleSecurity #ThreatAnalysis #ZeroDayVulnerabilities

Summary: Apple has released critical security updates addressing two actively exploited vulnerabilities in its operating systems, discovered by Google’s Threat Analysis Group. The vulnerabilities, CVE-2024-44308 and CVE-2024-44309, primarily affect Intel-based Mac systems and could allow for arbitrary code execution.

Threat Actor: Government-backed hackers | government-backed hackers Victim: Apple Inc.…

Read More

Threat Actor: Ransomhub | Ransomhub Victim: Mexico’s Legal Affairs Office | Mexico’s Legal Affairs Office Price: Not disclosed Exfiltrated Data Type: Personal information, contracts, insurance, and financial documents

Key Points :

The ransomware attack was confirmed by Mexico’s president amidst rising cybersecurity concerns. Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office.…
Read More

### #WorkflowKitExploit #RaceConditionThreat #ShortcutSecurityFlaw Summary: A critical security flaw in WorkflowKit, identified as CVE-2024-27821, allows malicious apps to intercept and modify shortcut files during the extraction process. This vulnerability poses significant risks, including the potential for arbitrary code execution and data exposure.

Threat Actor: Malicious Actors | malicious actors Victim: Apple Users | Apple Users

Key Point :

The “WorkflowKit Race Vulnerability” allows exploitation during the shortcut extraction process due to a race condition.…
Read More

### #CyberSecurity #Malware #AIThreats Summary: Fake AI image and video generators are being used to distribute Lumma Stealer and AMOS malware, targeting Windows and macOS systems to steal sensitive information such as credentials and cryptocurrency wallets. These malicious sites impersonate a legitimate AI application, tricking users into downloading harmful software.…

Read More

Summary: Security researchers from Hunt.io have identified a cyber operation utilizing the Sliver command-and-control framework and Ligolo-ng tunneling tool, targeting victims by impersonating Y Combinator. The operation highlights the evolving tactics of cybercriminals leveraging trusted brands to establish credibility and evade detection.

Threat Actor: Cybercriminals | cybercriminals Victim: Y Combinator | Y Combinator

Key Point :

The attackers registered a domain mimicking Y Combinator to deflect suspicion and establish a facade of authenticity.…
Read More

Summary: Researchers at Group-IB have uncovered a new stealth technique used by the North Korean APT group Lazarus, which targets macOS systems through a code-smuggling method that utilizes custom extended attributes to evade antivirus detection. This method involves the deployment of a Trojan named RustyAttr, developed with the Tauri framework, allowing the malware to operate discreetly while distracting users with decoy applications.…

Read More

Summary: Zoom has addressed six vulnerabilities in its video conferencing platform, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. The vulnerabilities affect various Zoom applications and require updates to mitigate risks.

Threat Actor: Remote attackers | remote attackers Victim: Zoom | Zoom

Key Point :

Two high-severity vulnerabilities (CVE-2024-45421 and CVE-2024-45419) allow privilege escalation and information disclosure.…
Read More

Summary: Security researcher Ron Masas from Imperva Threat Research has revealed a new method for attackers to exploit Chrome users via the File System Access API, which can bypass security mechanisms on both Windows and macOS. This exploit can lead to severe security vulnerabilities, particularly for macOS users, if they inadvertently grant file access to malicious applications.…

Read More

Summary:

Jamf Threat Labs has identified malware samples linked to North Korea, utilizing Flutter for obfuscation. The malware, discovered in late October, includes applications that were signed and temporarily passed Apple’s notarization. The analysis reveals complex techniques employed by the malware, which targets macOS devices.

Keypoints:

Malware samples tied to North Korea discovered by Jamf Threat Labs.…
Read More

Summary: Cybersecurity researchers have identified six vulnerabilities in the Ollama AI framework that could be exploited for various malicious activities, including denial-of-service attacks, model poisoning, and model theft. These vulnerabilities pose significant risks, particularly as many instances of Ollama are exposed to the internet without proper security measures.…

Read More

Summary: Researchers have uncovered a malicious Python package named “CryptoAITools” that masquerades as a cryptocurrency trading tool but is designed to steal sensitive data and drain crypto wallets. The malware, distributed via PyPI and fake GitHub repositories, has been downloaded over 1,300 times and employs deceptive tactics to execute its malicious activities.…

Read More

Summary: Apple has issued security patches for 90 of its services and operating systems to address critical vulnerabilities, emphasizing the importance of keeping software updated for user security. The update, released on October 29, affects all major Apple operating systems and services, fixing issues that could allow unauthorized access to sensitive information and potential denial-of-service attacks.…

Read More