21 Nov, 2024

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of […]

2 mins read

Hackers use macOS extended file attributes to hide malicious code

Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection. The new technique is similar to how the Bundlore adware in 2020 hid its […]

3 mins read

North Korean hackers create Flutter apps to bypass macOS security

North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by a legitimate Apple developer ID. This means that the malicious apps, even if temporarily, passed Apple’s security checks, so macOS systems treat them as verified and allow them to execute without […]

3 mins read

Microsoft investigates OneDrive issue causing macOS app freezes

​Microsoft is investigating a newly acknowledged issue causing macOS applications to hang when opening or saving files in OneDrive. As the company explained, this known issue impacts only systems running macOS Sequoia, Apple’s latest operating system release. “Opening or saving files within Desktop or Documents folders can cause the file’s app to freeze. This occurs […]

2 mins read

North Korean hackers use new macOS malware against crypto firms

North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel […]

4 mins read

Microsoft Office 2024 now available for Windows and macOS users

Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. Office 2024 includes updated, locked-in-time versions of Word, Excel, PowerPoint, OneNote, and Outlook for Windows and macOS systems.  It also requires a Microsoft account and an internet connection (likely needed during the installation and for […]

2 mins read

macOS Sequoia brings better Gatekeeper, stalkerware protections

Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. Gatekeeper is a security feature that checks all apps downloaded from the Internet to see if they’re developer-signed (approved by Apple) and notarized by checking an extended attribute named com.apple.quarantine that is […]

3 mins read