Security News

Microsoft finds macOS bug that lets malware bypass security checks
2022-12-19 19:37

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw is now tracked as CVE-2022-42821.

Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper
2022-12-19 19:37

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Apple addressed the bug in macOS 13, macOS 12.6.2, and macOS 1.7.2 one week ago, on December 13.

Google Adds Passkey Support to Chrome for Windows, macOS and Android
2022-12-12 14:24

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. This calls for websites to build passkey support on their sites using the WebAuthn API. Essentially, the technology works by creating a unique cryptographic key pair to associate with an account for the app or website during account registration.

Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
2022-10-27 10:15

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "An app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
2022-10-13 12:17

A previously undocumented command-and-control framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News.

New Alchimist attack framework targets Windows, macOS, Linux
2022-10-13 12:00

Cybersecurity researchers have discovered a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems. Alchimist offers a web-based interface using the Simplified Chinese language, and it's very similar to Manjusaka, a recently-emerged post-exploitation attack framework growing popular among Chinese hackers.

Security and privacy features in macOS Ventura
2022-10-10 08:00

Apple announced additional security and privacy features for its newest operating system - macOS Ventura. In this Help Net Security video, you'll learn about new security and privacy features in macOS Ventura.

Details Released for Recently Patched new macOS Archive Utility Vulnerability
2022-10-06 12:20

Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and "Could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis.

Lazarus hackers drop macOS malware via Crypto.com job offers
2022-09-27 18:55

The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. In August 2022, Lazarus was seen targeting IT workers with malicious job offers that impersonated Coinbase and targeted users with Windows malware or macOS malware.

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs
2022-09-27 09:46

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com.