#mac

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as UNC4166

Categories: News Tags: virtual kidnapping Tags: kidnap Tags: scam Tags: fake Tags: fraud Tags: ransom Tags: victim Tags: wire transfer Tags: digital payment Tags: venmo Tags: cashapp Tags: social engineering Tags: phone call Tags: mobile Tags: relative A recent scam has been making the rounds that attempts to fool you into thinking a loved one has been kidnapped. (Read more...) The post Virtual kidnapping scam strikes again. Spot the signs appeared first on Malwarebytes Labs.

By Habiba Rashid Elon Musk's Twitter is on a suspension spree. This is a post from HackRead.com Read the original post: Mastodon Account Suspended from Twitter Following Ban on Server Links

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited (Read more...) The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by

Alist v3.4.0 is vulnerable to Directory Traversal,

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.