#apple

A list of topics we covered in the week of September 16 to September 22 of 2024

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

Apple’s macOS Sequoia update is causing major compatibility issues with popular security tools. Reportedly, users are facing disruptions…

Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more.

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

### Impact There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For). ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.9 - https://github.com/traefik/traefik/releases/tag/v3.1.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in ...

By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.