Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more

MITRE ATT&CK 2024 Results for Enterprise Security

December 11, 2024 at 12:20PM MITRE’s latest evaluation challenges security vendors to demonstrate their protection capabilities against modern attacks, focusing on ransomware and DPRK threats targeting Windows, Linux, and macOS. Trend Vision One achieved impressive detection rates but faced challenges in blocking all threats. The evaluations guide improvement and reinforce the importance of vigilance in … Read more

Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked

November 27, 2024 at 07:07AM The Banshee Stealer cybercriminal operation has ceased after the malware’s macOS source code was leaked online. Vx-Underground reported this development, stating that the malware, capable of stealing extensive data from infected systems, was previously advertised for $3,000 monthly. The source of the leak remains unidentified. ### Meeting Takeaways on Banshee … Read more

Hackers use macOS extended file attributes to hide malicious code

November 14, 2024 at 11:16AM Hackers are using a new technique called RustyAttr to conceal malware in macOS file metadata, evading detection by employing decoy PDFs. This method, reminiscent of Bundlore adware, attributes the samples to North Korean group Lazarus. The malware remains undetected by security agents, indicating an experimental delivery approach. ### Meeting Takeaways … Read more

North Korean hackers create Flutter apps to bypass macOS security

November 12, 2024 at 10:46AM North Korean threat actors are targeting macOS systems with trojanized cryptocurrency-themed apps built using Flutter, which bypassed Apple’s security checks. Discovered by Jamf Threat Labs, these signed and notarized apps connected to DPRK servers and executed scripts. Apple revoked their signatures, but the full extent of the operation is unclear. … Read more

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

September 3, 2024 at 12:54AM Eight vulnerabilities found in Microsoft applications for macOS could allow an adversary to gain elevated privileges or access sensitive data. By exploiting the Transparency, Consent, and Control (TCC) framework, an attacker could leverage affected applications, circumventing user consent. The vulnerabilities impact apps like Outlook, Teams, Word, and Excel. Measures like … Read more

Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds

August 22, 2024 at 03:12PM Cthulhu Stealer is a new Apple macOS malware designed to steal cryptocurrency and gaming credentials as well as browser data. It mimics the successful Atomic Stealer and is becoming prevalent. As macOS threats are increasing, organizations with macOS devices should enhance their security measures due to the lack of expertise … Read more

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

August 19, 2024 at 03:07PM Eight vulnerabilities in Microsoft’s macOS apps pose security risks by allowing unauthorized access to sensitive data, recording video and sound, and escalating privileges. Microsoft has been reluctant to address the issues, deeming them low risk and insisting that certain applications require the ability to load unsigned libraries. Apple’s security measures … Read more

New Banshee Stealer macOS Malware Priced at $3,000 Per Month

August 16, 2024 at 07:45AM Cybercriminals are promoting Banshee Stealer, a new macOS malware capable of stealing various data from compromised systems. Advertised for $3,000/month, it targets macOS passwords, hardware/software info, keychain passwords, browser data, and cryptocurrency wallets. While it evades detection by checking for analysis signs, its evasion methods are basic, leaving it susceptible … Read more

Adobe Calls Attention to Massive Batch of Code Execution Flaws

August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more