In today’s post, We’ll explore the process of designing and developing malware for macOS, which is a Unix-based operating system. We’ll use a classic approach to understanding Apple’s internals. To follow along, you should have a basic understanding of exploitation, as well as knowledge of C and Python programming, and some familiarity with low-level assembly language. While the topics may be advanced, I’ll do my best to present them smoothly.
Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.
Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.
Swisscom a été visé vendredi vers 11h30 par une cyberattaque qui a paralysé les services de paiement comme Twint. L'attaque DDos a été repoussée vers 16h00. Les experts continuaient toutefois à observer attentivement l'évolution de la situation.
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports.
The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
We studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...
French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.
Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.
Welcome to the Finding Malware Series The "Finding Malware," blog series is authored to empower the Google Security Operations community to
A new piece of malware that we're calling TodoSwift downloads its malicious payload alongside a seemingly legitimate piece of content about cryptocurrency.
Researchers have discovered another data-seizing macOS malware, with "Cthulhu Stealer" sold to online criminals for just $500 a month.
Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”.
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
Familiar ransomware develops an appetite for passwords to third-party sites
Le réseau informatique de l'entreprise suisse de fabrication de machines Schlatter a été attaqué via un logici
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
With AI photo editing getting easy and convincing, the world isn’t prepared for an era where photographs aren’t to be trusted.
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.
This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Les escrocs par hameçonnage sont de plus en plus sophistiqués. Actuellement, des e-mails circulent au nom de Swisscom, promettant des remboursements de factures trop élevées.
Après que la Confédération a mis en garde contre les cyberattaques, les CFF ont décidé de remplacer leur logiciel russe Infotrans. Plus facile à dire qu'à faire: la Suisse manque de compétences pour développer son système et cela est très coûteux.
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
#Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.
A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.
Defense contractor gets hacked – what's the worst that could happen
MITRE has just minted its 400th CNA, as the NVD struggles to tame its backlog of CVEs awaiting analysis, which has increased by 30% since June.
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
Looking into the abuse of ITarian RMM and introducing Dolphin Loader
There is a potentially exploitable heap underflow in recent versions of Vixie Cron, that affects both the cron daemon and the crontab command. An attacker can use this vulnerability to obtain root on OpenBSD 7.4 and 7.5.
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.
The two members of Congress called on the Commerce Department to investigate risks related to TP-Link routers amid concerns over state-backed Chinese hacking operations.
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously.
at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us.
half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here?
starting our descent
