#macOSattacks

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities 

by

August 20, 2024 at 08:24AM Cisco discovered vulnerabilities in multiple Microsoft applications for macOS, including Outlook, Teams, PowerPoint, OneNote, Excel, and Word. Attackers could exploit these flaws to bypass system permissions, allowing unauthorized activities such as sending emails, recording audio or video, and accessing sensitive information. Microsoft acknowledges the bugs but considers them low risk, … Read more

PyPi package backdoors Macs using the Sliver pen-testing suite

by

May 13, 2024 at 05:58PM A new malicious Python package, ‘requests-darwin-lite’, mimicked the ‘requests’ library on PyPI to target macOS devices, deploying the Sliver C2 adversary framework with steganography in a PNG file. The campaign’s discovered steps involved executing the Sliver payload on targets. Despite its removal, the incident highlights Sliver’s increased use in breaching … Read more