Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

The Hacker News Daily Updates [Newsletter]( [cover]( [SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond]( The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks. [Download Now]( Sponsored LATEST NEWS Dec 20, 2022 [Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users]( The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Russian Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War]( The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple attacks orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service (FSB). ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [A Guide to Efficient Patch Management with Action1]( Keeping your software up to date is vital for cybersecurity. Read the patching strategy guide by Action1 and learn the best practices to identify, prioritize, and deploy updates effectively. Eliminate patching routine through automation and with a predictable plan at hand. Here are the key elements of the ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service]( An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law]( Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act (COPPA) ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems]( Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data]( Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It]( The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "upscaled" campaign, months after Google disrupted the malicious activity. The ongoing attack is suggestive of the malware's resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a write-up. "In addition, there was a tenfold increase in TOR hidden services being used as C2 ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond]( The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India