macos

Fake Cloudflare CAPTCHA

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

| | macos, SBN News, Threat Intel
A new macOS infostealer, NukeChain (now Infiniti Stealer), uses fake CAPTCHA pages to trick users into running malicious commands ...
Malwarebytes
Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

| | clickfix, ESET, Huntress cybersecurity findings, infostealer malware, Intego, macos, MalwareBytes, Matanbuchus, Microsoft Threat Intelligence, Ransomware, Rhadamanthys, Windows threats
ClickFix, an attack technique used to trick victims into pasting or clicking on malicious commands, has rapidly become a favorite method of threat groups. Recent reports by Huntress, Microsoft, and Intego detail ...
Security Boulevard
Apple CEO Tim Cook, looking grim

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

| | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Security Boulevard

Get A Day’s Schedule From Fantastical On The Command Line With Shortcuts

| | macos, programming
I use Fantastical as it’s a much cleaner and native interface than Google Calendar, which I’m stuck using. I do like to use the command line more than GUIs and, while I ...
rud.is
Sevco, Apple, DMA, EU, A green worm on a juicy red apple

Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

| | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB Blogwatch
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
Security Boulevard

Deleting Duplicate Notes in Notes.app using AppleScript

| | applescript, macos, notes
I found myself digging through my Notes.app the other day and, lo and behold, there was a whole bunch of duplicate notes hanging around. Pretty sure I goofed and imported them twice ...
Joel Esler
macOS malware cracked software trojan

Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says

| | Cracked Software, Kasperksy, macos, Trojan-Proxy malware
Newly discovered cracked applications being distributed by unauthorized websites are delivering Trojan-Proxy malware to macOS users who are looking for free or cheap versions of the software tools they want. The malware ...
Security Boulevard

Sort emails by year, using AppleScript

| | Apple, applescript, macos
So, way back when I was using Thunderbird, I had this awesome plugin that organized my archived emails by year. It was super handy for finding stuff or just taking a trip ...
Joel Esler
U.S., Korea, North Korea cyberespionage nuclear weapons

N. Korean Threat Groups Mixing Tactics to Evade Detection

| | Cybersecurity, Lazarus Group, macos, North Korea
Researchers with Google-owned Mandiant last month wrote about increasing collaboration among North Korea-supported threat groups as one indication of a larger evolution of the regime’s offensive cyber program. The half-dozen or so ...
Security Boulevard
A closeup of an iPhone, lying screen down on a table

#iLeakage: All Apple CPUs Vulnerable — No Patch in Sight

| | Apple Safari, ARM, Daniel Genkin, iLeakage, ios, macos, mobile safari, Safari, SB Blogwatch, Spectre, speculative execution, Webkit, WebKit engine
Son of Spectre: No fix for iOS, “unstable” workaround for macOS ...
Security Boulevard
Load more