As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple’s operating system.

What Are the Rising Threats to macOS?#

There is a common misconception among macOS fans that Apple devices are immune to hacking and malware infection. However, users have been facing more and more dangers recently. Inventive attackers are specifically targeting Mac systems, as seen with the “Geacon” Cobalt Strike tool attack. This tool enables them to perform malicious actions such as data theft, privilege elevation, and remote device control, placing the security and privacy of Mac users at grave risk.

Earlier this year, researchers also uncovered the MacStealer malware, which also stole sensitive data from Apple users. Documents, iCloud keychain data, browser cookies, credit card credentials – nothing is safe from the prying eyes.

But that’s not all. CloudMensis is malicious software that specifically targets macOS systems, spreading through email attachments and compromising device security. It can steal sensitive information and grant unauthorized access to users’ systems. JockerSpy, on the other hand, can infiltrate a system through deceptive websites or bundled with seemingly harmless software. Once installed, it can monitor users’ activities, capture keystrokes, and access personal data.

Even state-sponsored hacking organizations, like the North Korean Lazarus Group, have started targeting Apple Macs. Do you think this was a wake-up call for many Apple users who thought their devices were immune to getting attacked?

images from Hacker News

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what’s believed to be an intentional backdoor that could have potentially exposed sensitive information.

The issues, discovered by Midnight Blue in 2021 and held back until now, have been collectively called TETRA:BURST. There is no conclusive evidence to determine that the vulnerabilities have been exploited in the wild to date.

“Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning,” the Netherlands-based cybersecurity company said.

Standardized by the European Telecommunications Standards Institute (ETSI) in 1995, TETRA is used in more than 100 countries and as a police radio communication system outside the U.S. It’s also employed to control essential systems like power grids, gas pipelines, and railways.

images from Hacker News

How do you overcome today’s talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team’s ability to defend the organization against new and current threats.

This is why many security leaders find themselves turning to managed security services like MDR (managed detection and response), which can offer an immediate solution. The right MDR partner can act as an extension of your existing team, while offering a fast and budget-friendly option for uplevelling security at organizations of virtually any size.

Here’s a look at common staffing challenges that MDR helps solve:

Overcoming Cybersecurity Talent Challenges#

From stopping ransomware to securing the attack surface of the environment, most security teams have more to do than they can manage. This leads to security gaps that increase both cyber risk and frustration for stakeholders across the business. The challenges of today’s lean IT and cybersecurity teams are legion. Problems arise when any of the following takes place:

• Digital transformation projects are placed on hold to focus on security.
• Digital transformation projects proceed while critical security tasks are left undone.
• Attempts to cover all holidays, vacations, and leaves-of-absence lead to staff burnout.
• Experienced but exhausted staff resigns.
• Junior staff is hired, but find cutting-edge technology too complex to use effectively.
• Staff matures and gains more responsibilities, diluting their efforts.
• The entire cycle repeats itself.

Add the time-consuming process of hiring and training, and this cycle becomes even more problematic; in fact, it’s often considered one of the top reasons to consider MDR. Furthermore, ramping up an in-house SOC (security operations center) can take months — or, in some cases, years — andcost millions.

images from Hacker News

A new security vulnerability has been discovered in AMD’s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second.

The issue is part of a broader category of weaknesses called speculative execution attacks, in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers.

“Under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly,” AMD explained in an advisory. “This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

Web infrastructure company Cloudflare noted that the attack could even be carried out remotely through JavaScript on a website, thereby obviating the need for physical access to the computer or server.

images from Hacker News

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems.

The list of the flaws is below –

• CVE-2023-22505 (CVSS score: 8.0) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and 8.4.0)
• CVE-2023-22508 (CVSS score: 8.5) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 7.19.8 and 8.2.0)
• CVE-2023-22506 (CVSS score: 7.5) – Injection, RCE (Remote Code Execution) in Bamboo (Fixed in versions 9.2.3 and 9.3.1)

CVE-2023-22505 and CVE-2023-22508 allow an “authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction,” the company said.

While the first bug was introduced in version 8.0.0, CVE-2023-22508 was introduced in version 7.4.0 of the software.

images from Hacker News