#mac

Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege.

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Researchers explore a love-hate relationship with AI tools like ChatGPT, which can be used to both attack and defend more efficiently.

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report

An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect value of the carry flag. Any software that relies on this flag may experience corruption in execution.

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Omron  Equipment: SYSMAC CS/CJ Series  Vulnerability: Missing Authentication for Critical Function  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron CS/CJ series, programmable logic controllers, are affected:  SYSMAC CJ2H-CPU6[]-EIP: all versions  SYSMAC CJ2H-CPU6[]: all versions  SYSMAC CJ2M-CPU[][]: all versions  SYSMAC CJ1G-CPU[][]P: all versions  SYSMAC CS1H-CPU[][]H: all versions  SYSMAC CS1G-CPU[][]H: all versions  SYSMAC CS1D-CPU[][]HA: all versions  SYSMAC CS1D-CPU[][]H: all versions  SYSMAC CS1D-CPU[][]SA: all versions  SYSMAC CS1D-CPU[][]S: all versions  SYSMAC CS1D-CPU[][]P: all versions  3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306  Omron CS/CJ series programmable...

Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS

Categories: News Categories: Ransomware Tags: LockBit Tags: ransomware Tags: Patrick Wardle Tags: macOS ransomware Tags: first Mac ransomware Tags: Azim Khodjibaev Tags: BleepingComputer Tags: Mark Stockley With plans to offer more ransomware, LockBit has just created a variant for macOS. But, as experts have pointed out, it's hardly ready for anything. (Read more...) The post LockBit ransomware on Mac: Should we worry? appeared first on Malwarebytes Labs.

Categories: News Tags: Some tips that can enhance your browser's speed Tags: so you have more time to enjoy the outdoors Some tips that can enhance your browser's speed, so you have more time to enjoy the outdoors. (Read more...) The post Spring cleaning tips for your browser appeared first on Malwarebytes Labs.