#mac

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine. LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase. We discovered the use of a custom-made information stealer implant that can exfiltrate victim files of interest and deploy additional payloads as directed by the attackers. Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infe...

Categories: Explained Categories: News Tags: Fuzzing Tags: fuzz testing Tags: memory leaks Tags: runtime errors Tags: race conditions Tags: control flow error Tags: memory allocation Tags: buffer overflow Fuzzing is an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws. (Read more...) The post Explained: Fuzzing for security appeared first on Malwarebytes Labs.

Categories: Apple Categories: News iOS 16 has landed and it comes with a lot of features to strengthen a user's account security and privacy. We've taken a look. (Read more...) The post Here are the new security and privacy features of iOS 16 appeared first on Malwarebytes Labs.

### Impact Users with the permission to create VMIs can construct VMI specs which allow them to read arbitrary files on the host. There are three main attack vectors: 1. Some path fields on the VMI spec were not properly validated and allowed passing in relative paths which would have been mounted into the virt-launcher pod. The fields are: `spec.domain.firmware.kernelBoot.container.kernelPath`, `spec.domain.firmware.kernelBoot.container.initrdPath` as well as `spec.volumes[*].containerDisk.path`. Example: ```yaml apiVersion: [kubevirt.io/v1](http://kubevirt.io/v1) kind: VirtualMachineInstance metadata: name: vmi-fedora spec: domain: devices: disks: - disk: bus: virtio name: containerdisk - disk: bus: virtio name: cloudinitdisk - disk: bus: virtio name: containerdisk1 rng: {} resources: requests: memory: 1024M terminationGracePeriodSeconds: 0 volumes: - containerDisk:...

By Waqas Executives across the globe are already advocating the use of artificial intelligence (AI) to tackle cybersecurity threats. This is a post from HackRead.com Read the original post: Why Artificial Intelligence is Must for Cybersecurity

A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

This Tech Tip walks through the steps to set up signed commits with SSH keys stored in 1Password.

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want ...