Analyzing OSX.DazzleSpy
A fully-featured cyber-espionage macOS implant
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.
The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
Un inquiétant cheval de Troie très discret et multiplateformes vient d'être repéré. Baptisé SysJoker et mis en lumière par la firme de sécurité Intezer, il peut cibler autant Windows, Linux que macOS. Pire encore, celui-ci passait sous les radars des antivirus depuis un bout de temps. Les versions Linux et macOS n'étaient jusqu'à présent pas du tout détectées par des sites
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
In December 2021, we discovered a new multi-platform backdoor that targets Windows, Mac, and Linux that we have named SysJoker.
Earlier today (January 11th), Researchers at Intezer published an report titled, “New SysJoker Backdoor Targets Windows, Linux, and macOS.”
In this report, they detailed a new cross-platform backdoor they named SysJoker. Though initially discovered on Linux, the Intezer researchers shortly thereafter also found both Windows and Mac versions:
"SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions." -Intezer
An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites and Google ads to infect systems.
Evidence of the new campaign was first seen around early November 2021. The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine.
A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
A series of reports into how the Israeli police spied on their own citizens has finally grabbed everyone’s attention – and nowhere more so than among Benjamin Netanyahu’s loyal followers
La société américaine iBasis a subi une attaque informatique ces derniers jours. Elle pourrait être utilisée comme transporteur de données appartenant à des opérateurs suisses.
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin ...Read More
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
L’entreprise américaine iBasis, qui travaille avec des centaines d’opérateurs télécoms au niveau mondial, a vu une partie de ses données volées et publiées. Les opérateurs suisses sont concernés, révèle «Le Temps»
Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
A vast location-tracking network is being built around us so we don’t lose our keys: One couple’s adventures in the consumer tech surveillance state.
Free Maze / Sekhmet / Egregor ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
