Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

A week in security (September 16 – September 22)

A list of topics we covered in the week of September 16 to September 22 of 2024

Malwarebytes
#ios#apple
New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

Apple’s macOS Sequoia Update Breaks Security Tools

Apple’s macOS Sequoia update is causing major compatibility issues with popular security tools. Reportedly, users are facing disruptions…

Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems

Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more.

Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Vice Society Pivots to Inc Ransomware in Healthcare Attack

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

GHSA-62c8-mh53-4cqv: HTTP client can manipulate custom HTTP headers that are added by Traefik

### Impact There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For). ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.9 - https://github.com/traefik/traefik/releases/tag/v3.1.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in ...

An AI-Driven Approach to Risk-Scoring Systems in Cybersecurity

By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.

Your Phone Won’t Be the Next Exploding Pager

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.