CVE-2024-35282

A cleartext storage of sensitive information in memory vulnerability CWE-316 affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain...

CVE-2024-35282

CVE-2024-35282 describes a vulnerability in FortiClient VPN for iOS where sensitive information is stored in cleartext in memory (CWE-316). The issue can allow an unauthenticated, physically proximate attacker on a jailbroken device to obtain cleartext passwords via a keychain dump. Affected vers...

New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data

Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been...

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x8664 and ARM64 architectures. "Banshee...

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

CVE-2024-27837 is a downgrade flaw in macOS tied to Keychain access, addressed by stronger code-signing restrictions. The Apple security content indicates the issue affects macOS Sonoma and is fixed in Sonoma 14.5; a local attacker could exploit the downgrade to gain access to Keychain items. Pub...

PT-2024-22071 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.5 Description: A downgrade issue was addressed with additional code-signing restrictions, which could allow a local attacker to gain access to Keychain items. Recommendations: For macOS Sonoma versions prior ...

Apple macOS Sonoma 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma. An attacker exploiting the vulnerability was able to gain access to the Keychain project...

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end...

New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new "Stolen Device Protection" feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple...

Apple to introduce new feature that makes life harder for iPhone thieves

Reportedly, Apple has plans to make it harder for iPhone thieves to steal your personal information even if they have your device’s passcode. A new feature called Stolen Device Protection is included in the beta version of iOS 17.3. The feature limits access to your private information in case...

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast suffers from a security vulnerability that stems from a lack of permission...

Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after MacStealer, Pureland, Atomic Stealer, and Realst. "Threat actors are proactively targeting macOS businesses by posi...

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer or AMOS on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim's machine, including...

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer or AMOS on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim's machine, including...

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...