Displaying items by tag: macos

Remember the iMessage flaw that allowed for a zero click installation of malware? You know, the one that was discovered by Russian cybersecurity firm Kaspersky which was allegedly targeting Russian Apple devices? The one that Russia said was a US cyber op? Yeah, that one. Well, it seems that Apple has rolled out a patch for this flaw which was part of an operation dubbed Triangulation with the backdoor actually being called TriangleBD.

Apple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw and basic security viewpoint, but the same feature also has created challenges for the installation of third-party anti-malware and other security tools since its launch. All that aside, Microsoft, of all people, has shared details on a vulnerability that can be used by attackers to completely bypass the protections that SIP is supposed to offer.

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.

Two new variants of Cobalt Strike written in Ggoogle’s Golang have popped up on the wild internet. According to SentinelOne, this new flavor is set up to target macOS systems. They have also noted that this new beacon (called Geacon) has been popping up on malware review sites like Virus Total in the past few months. The new detections could be part of red-teaming exercises, but the increase seems to indicate that real-world malicious activity is also part of the surge in detections.

When you are hunting, finding out where your target frequents and laying in wait is an often-used tactic. If your information is good, you are going to have a successful hunt. The same is true in cybersecurity, both from an attacker and researcher perspective. These attacks are called watering hole attacks. You are looking for your intended target to come and “take a drink” so you can spring your trap.