The first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple’s macOS.
A proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-13 08:07:312024-04-13 08:07:31Telegram Fixes Windows App Zero-Day Used to Launch Python Scripts
While the mobile phishing campaign has yet to reach some U.S. regions, this can be explained by the fact that complaint information collected so far by IC3 indicates the scam may be moving from state to state.
Apple has issued iPhone security alerts to 92 countries, stating that their devices have been targeted by a mercenary spyware attack, expressing high confidence in the warning.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-12 22:06:522024-04-12 22:06:52iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-12 20:06:312024-04-12 20:06:31House Votes to Extend—and Expand—a Major US Spy Program
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-12 20:06:312024-04-12 20:06:31AI Safety Summit round two draws government, industry leaders to Seoul next month
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
North Korean Hackers Exploit Two MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
/in General NewsThe first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple’s macOS.
Cyware News – Latest Cyber News – Read More
Telegram Fixes Windows App Zero-Day Used to Launch Python Scripts
/in General NewsA proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.
Cyware News – Latest Cyber News – Read More
FBI Warns of Massive Wave of Road Toll SMS Phishing Attacks
/in General NewsWhile the mobile phishing campaign has yet to reach some U.S. regions, this can be explained by the fact that complaint information collected so far by IC3 indicates the scam may be moving from state to state.
Cyware News – Latest Cyber News – Read More
iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks
/in General NewsBy Deeba Ahmed
Apple has issued iPhone security alerts to 92 countries, stating that their devices have been targeted by a mercenary spyware attack, expressing high confidence in the warning.
This is a post from HackRead.com Read the original post: iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISA’s Malware Analysis Platform Could Foster Better Threat Intel
/in General NewsBut just how the government differentiates its platform from similar private-sector options remains to be seen.
darkreading – Read More
New Tool Shields Organizations From NXDOMAIN Attacks
/in General NewsAkamai joins a growing list of security vendors aiming to strengthen companies’ DNS defenses.
darkreading – Read More
House Votes to Extend—and Expand—a Major US Spy Program
/in General NewsThe US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.
Security Latest – Read More
CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.
darkreading – Read More
AI Safety Summit round two draws government, industry leaders to Seoul next month
/in General NewsUK and South Korea are hosting continued AI discussions — including safeguards, equitable access, and future innovation.
Latest stories for ZDNET in Security – Read More
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
/in General NewsA state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek.
SecurityWeek – Read More