Security News

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.

Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. The vendor said it fixed the flaw with improved bounds checks and has released patches for iPhone 6 and later, iPad Pro, iPad Air 2 and later, and iPad 5, iPad mini 4, and iPod touch models and all newer kit.

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents.

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malware is similar to a sample discovered by ESET in May, which also included a signed executable disguised as a job description, was compiled for both Apple and Intel, and dropped a PDF decoy, researchers said.

The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

The tamper protection feature in Microsoft Defender for Endpoint for macOS is getting rolled out to all customers, the company has announced on Monday. "While in Audit mode, TP signals can be viewed via Advanced Hunting and in local on-device logs. No tampering alerts are raised in the Security Center while in Audit mode. Alerts are raised in the portal only in block mode," explained Camilla Sophie Djamalov, a Program Manager Intern at Microsoft.

Microsoft Defender for Endpoint's Tamper Protection in macOS has entered general availability. It represents one more layer of protection and prevents the unauthorized removal of Microsoft Defender for Endpoint on macOS. It also prevents tampering with files, process and configuration settings for Defender for Endpoint, and applies at device level.

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.