3 din 6
3
(IN)Securitate
  [ Ignoră ]   [ # 31 ]
Avatar
RankRankRankRank
Sr. Member
Din: 
Macuser din: 20.06.09

Hmm:
http://thehackernews.com/2016/10/macbook-camera-hacked.html

Profil
 
  [ Ignoră ]   [ # 32 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

Ahem.
https://arstechnica.co.uk/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 33 ]
Avatar
RankRank
Jr. Member
Din: Galati
Macuser din: 27.11.08

Ransomware macOS

Ajuns una dintre cele mai răspândite ameninţări informatice, malware-ul din categoria ransomware are ca principal obiectiv „sechestrarea” fişierelor importante de pe hard disk în spatele unui algoritm de criptare şi solicitarea plăţii unei sume de bani pentru recuperarea acestora, de obicei prin cedarea cheii de criptare folosită iniţial.

Din păcate plata sumei cerute înainte de expirarea termenului limită impus de atacatori nu garantează şi recuperarea ulterioară a datelor, după cum au aflat utilizatorii de PC-uri cu sistem macOS atacate cu o nouă formă de ransomware numită „Patcher”, propagat cu ajutorul site-urilor BitTorrent şi deghizat în aplicaţii de tip Cracking Tool folosite la activarea frauduloasă a pachetelor Adobe Premiere Pro şi Microsoft Office for Mac.

 Semnătură 

MacBook Pro (Intel i5 2.2 Ghz, 4 GB RAM, 500 GB HDD, Yosemite 10.10.4)
iMac 21.5” late 2013 (Intel i5 2.7 Ghz, 8 GB RAM, 1 TB Fusion Drive, Yosemite 10.10.4)
Time Capsule (500 GB, dual-band & guest-networking)

Profil
 
  [ Ignoră ]   [ # 34 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

Smart TV-urile hăcuite prin semnal DVB-T:

https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal.
That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung.
By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs.
By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
[...]
Once a hacker has control over the TV of an end user [...] the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.

Ce surpriză.

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 35 ]
Avatar
RankRankRankRank
Sr. Member
Din: 
Macuser din: 20.06.09

http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

Profil
 
  [ Ignoră ]   [ # 36 ]
Avatar
RankRankRankRank
Sr. Member
Din: 
Macuser din: 20.06.09

Daca ati descarcat HandBrake 1.0.7 in ultimele zile, verificati-va urgent sistemele:

https://forum.handbrake.fr/viewtopic.php?f=33&t=36364

Profil
 
  [ Ignoră ]   [ # 37 ]
Avatar
RankRankRankRank
Sr. Member
Din: Dublin, Ireland
Macuser din: 07.05.09
Maclean - 02 Aprilie 2017 10:13 PM

Smart TV-urile hăcuite prin semnal DVB-T:

https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal.
That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung.
By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs.
By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
[...]
Once a hacker has control over the TV of an end user [...] the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.

Ce surpriză.

Din acest motiv am stupid TV si cand voi upgrada tot stupid TV voi lua smile. TV at trebui sai aibe cel mai bun panel si atat.

 Semnătură 

Navighez pe net deci exist smile

MBA ‘15 | iPad mini 2 & 4 | iPad Air 2 | iPhone 6 & 7 | Apple Watch I | aptv 2 & 4 | AirPort Express

Profil
 
  [ Ignoră ]   [ # 38 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

o CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Spor la pătchuit.

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 39 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

Actualizați repejor VLC la 2.2.5.1. Și Kodi, PopcornTime, pe orice platforme le folosiți.
Deși versiunea de Mac nu este explicit menționată, parserul de subtitrări este comun. Dacă payload-ul este țintit către MacOS n-o să vedeți prompt de parolă, VLC este cel care execută codul din payload.

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/

By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.

Damage: By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device. The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.

Platforms Update:

PopcornTime– Created a Fixed version, however it is not yet available to download in the official website.
The fixed version can be manually downloaded via the following link: https://ci.popcorntime.sh/job/Popcorn-Time-Desktop/249
Kodi– Officialy fixed and available to download on their website. Link: https://kodi.tv/download
VLC– Officially fixed and available to download on their website
Link: http://get.videolan.org/vlc/2.2.5.1/win32/vlc-2.2.5.1-win32.exe

In the demo below we see the subtitles essentially activating a TinyVNC connection with the attacker’s machine, allowing full access for the desktop.

https://youtu.be/vYT_EGty_6A

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 40 ]
Avatar
RankRankRankRank
Sr. Member
Din: 
Macuser din: 20.06.09

http://www.scmp.com/news/china/society/article/2097487/chinese-apple-staff-suspected-selling-personal-data

Profil
 
  [ Ignoră ]   [ # 41 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

Inhalați o gură de heliu și spuneți repede “Hey Siri”.

Voice-controlled assistants by Amazon, Apple and Google [...] responded to commands broadcast at high frequencies that can be heard by dolphins but are inaudible to humans.
They were able to make smartphones dial phone numbers and visit rogue websites.

http://www.bbc.com/news/technology-41188557

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 42 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

https://arstechnica.com/information-technology/2017/09/apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/

“Optionsbleed”

There’s a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets

Interestingly, the bug was first identified in 2014. Why it’s only now being patched is unclear.

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 43 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

macOS 10.13 High Sierra, cald și proaspăt din cuptor cu o vulnerabilitate .. ziceți voi cât de majoră este:

https://www.macrumors.com/2017/09/25/macos-high-sierra-security-vulnerability/

Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords. Normally you are not supposed to be able do that programmatically.

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 44 ]
Avatar
RankRankRankRank
Sr. Member
Din: București
Macuser din: 23.03.09

... and earlier macOS versions.

Whopsie.

 Semnătură 

Mac Mini Intel MGEN2LL/A, MC815LL/A - Sierra, MC239LL/A - ESXI 5.5, MB138LL/A Lion
Power Mac G4 M8787LL/A OpenBSD/macppc
Power Mac G5 Leopard
AppleTV2, iPhone 6+/64, iPhone 4, iPhone 2G

Profil
 
  [ Ignoră ]   [ # 45 ]
Avatar
RankRankRankRank
Administrator
Din: The Colony, TX
Macuser din: 11.10.05

Acuma sa vedem cat ii pasa lui nenea Tim de oamenii care folosesc mac-urile sa faca bani cu ele si nu doar de instagramerii care au ultimul model cu ultimul os - pentru cate versiuni de OS X in spate o sa produca patch-ul ?

 Semnătură 

Apple:5x macmini (G4, 2007, 2009, 2010, 2012)
UNIX:IBM 7011-250/AIX 5.1, HP Jornada 680/JLime, HP 9000 F20/HP-UX 11.11
PC:PentiumD/Debian, HP t5300/Debian
Misc:Spectrum 48k, 8x Raspberry Pi, 2x CHIP

Profil
 
   
3 din 6
3