April 11, 2024 at 04:09PM MITRE is adding two new techniques to its ATT&CK database due to exploits by North Korean threat actors. One technique involves TCC manipulation on Apple’s macOS, enabling privileged access for espionage. The other technique, phantom DLL hijacking on Windows, involves exploiting nonexistent DLL files. Both have been used by North … Read more
February 23, 2024 at 09:27AM A high-severity vulnerability, tracked as CVE-2024-23204, in Apple Shortcuts allowed attackers to access sensitive user information and system resources without user prompting. Cybersecurity firm Bitdefender discovered the issue, which bypassed Apple’s framework governing access permissions. The vulnerability was addressed with the release of iOS 17.3, iPadOS 17.3, and macOS Sonoma … Read more
February 9, 2024 at 04:09PM Bitdefender reports the discovery of the macOS backdoor RustDoor, linked to ransomware families Black Basta and Alphv/BlackCat. The malware supports Intel and Arm architectures and has been undetected since November 2023. It harvests and exfiltrates files, generates victim IDs, and has variants with different functionalities, including impersonating applications. From the … Read more
February 2, 2024 at 03:09PM Security researchers have identified a new cyberattack using cracked copies of popular macOS software to distribute a backdoor. The campaign is notable for its sheer scale and novel payload delivery. It targets business users with titles of likely interest, potentially leading to a significant number of infections. The attack aims … Read more
January 23, 2024 at 08:24AM Apple macOS users have been targeted by cracked software delivering a new stealer malware, capable of stealing cryptocurrency wallet data. The attack involves booby-trapped disk image files, prompting users to enter the system administrator password and execute a modified executable. The malware establishes contact with a command-and-control server to fetch … Read more
January 22, 2024 at 03:24PM Apple has released iOS 17.3 and macOS Sonoma 14.3 updates to address 16 vulnerabilities including WebKit flaws exploited in zero-day attacks. Apple warns of code execution, denial-of-service, and data exposure threats and suspects recent exploitation. The updates also fix security issues in several other components. Apple hasn’t provided technical details … Read more
January 11, 2024 at 09:00AM Cybersecurity researchers have found an enhanced version of the macOS information stealer, Atomic (AMOS), with updated capabilities, including payload encryption to bypass detection rules. Its cost has risen to $3,000/month with a festive promotion. Malvertising campaigns impersonating Slack and TradingView are used to distribute the malware. Caution is advised when … Read more
January 5, 2024 at 03:06PM TA444, a North Korean state-backed threat actor, has introduced “SpectralBlur,” a new macOS-targeting malware. It offers various capabilities, including file upload/download, shell execution, and command execution. This development underscores the group’s consistent generation of proprietary malware. The malware shares similarities with Lazarus Group’s tools, indicating a significant focus on macOS … Read more
January 5, 2024 at 11:15AM Cybersecurity researchers have identified a new Apple macOS backdoor called SpectralBlur, attributed to North Korean threat actors. It has capabilities such as uploading/downloading files and running shell commands. The malware shares similarities with KANDYKORN, showcasing the growing focus of North Korean threat actors on macOS, particularly in cryptocurrency and blockchain … Read more
January 5, 2024 at 08:42AM Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North … Read more