StormBamboo compromised an ISP to poison DNS responses and redirect update requests to attacker‑controlled servers, enabling malware installation on macOS and Windows via insecure software update mechanisms. The operation included MACMA and POCOSTICK (MGBot) w…
Tag: MACOS
Summary: Google Chrome has introduced app-bound encryption to enhance cookie protection on Windows systems, improving defenses against information-stealing malware. This new feature ties encrypted data to app identity, making it more difficult for malicious tools to access sensitive information. Thr…
Summary: In 2023, Homebrew underwent a security audit funded by the Open Technology Fund and conducted by Trail of Bits, resulting in a report with 25 findings. The audit revealed various security issues, with 16 items fixed, 3 in progress, and 6 acknowledged by maintainers. Threat Actor: Trail of B…
Summary: Apple has released a critical zero-day patch for older Mac models running macOS Monterey 12.7.6 to address a vulnerability (CVE-2024-23296) that has been actively exploited. The flaw, stemming from a memory corruption issue, could allow attackers to bypass kernel protections and execute arb…
MacOS malware masquerades as The Unarchiver to harvest user data via an unsigned disk image. The analysis finds Swift-based components that exfiltrate data to a remote URL, with Russian-language comments suggesting the malware author’s origin. #TheUnarchiver #…
Securonix Threat Research describes an ongoing DEV#POPPER campaign that targets software developers with new malware variants, expanding to Windows, Linux, and macOS while using advanced obfuscation to enable data exfiltration. The campaign adds enhanced FTP c…
Summary: The Blue Report 2024 reveals critical insights into the evolving landscape of cybersecurity threats, highlighting vulnerabilities in organizational defenses and offering actionable recommendations for improvement. Key findings indicate a significant percentage of environments are at risk of…
Summary: Researchers have discovered a malicious Python package named “lr-utils-lib” that targets a specific set of macOS machines to steal Google Cloud Platform credentials. The campaign employs social engineering tactics, including a fake LinkedIn profile of the package owner, to enhance its decep…
The Python package lr-utils-lib uploaded to PyPi in June 2024 contained malicious code that targets macOS and exfiltrates Google Cloud Platform credentials to a remote server. It also ties social engineering through a fake LinkedIn profile for Lucid Zenith, il…
Summary: The Chinese espionage group Daggerfly has significantly enhanced its malware toolkit, allowing it to target major operating systems including Windows, Linux, macOS, and Android. Recent attacks have been noted against organizations in Taiwan and a US NGO based in China, showcasing the group’…
Symantec reports a Daggerfly intrusion against an African telecom operator involving new MgBot-related plugins and a heavily updated Macma macOS backdoor. The campaign expands C2 options to TCP or cloud-based OneDrive, introduces multi-stage tools (including S…
Summary: The cybercriminal group known as Revolver Rabbit has registered over 500,000 domain names using registered domain generation algorithms (RDGAs) to facilitate infostealer campaigns targeting Windows and macOS systems. This operation, which has cost them more than $1 million, is primarily foc…
Summary: Grype is an open-source vulnerability scanner that identifies security vulnerabilities in container images and filesystems, integrating effectively with the Software Bill of Materials tool, Syft. It supports a wide range of operating system and language-specific packages, making it a versat…
Summary: A newly identified cyberespionage group, TAG-100, is targeting high-profile government and private sector organizations in the Asia-Pacific region using open-source tools and exploiting internet-facing devices. Researchers suggest that the group’s victim profile aligns with historical activ…
BeaverTail is a new macOS stealer/malware attributed to DPRK that masquerades as the MiroTalk meeting app to steal data, log keystrokes, and install remote access (AnyDesk). The post-analysis covers its infection vector, capabilities, IOCs, and defensive recom…