New malware found on 30,000 Macs has security pros stumped

New malware found on 30,000 Macs has security pros stumped

Red Canary researchers worked with their counterparts at Malwarebytes, with the latter group finding Silver Sparrow installed on 29,139 macOS endpoints as of Wednesday.

Telegram privacy feature failed to delete self-destructing video files

Telegram privacy feature failed to delete self-destructing video files

Telegram has fixed a security issue where self-destructing audio and video files were not being deleted from user's macOS devices as expected.While performing a Telegram security audit on macOS, Mishra discovered that standard chats would leak the sandbox path where received video and audio files are stored.

Does Apple really log every app you run? A technical look

Does Apple really log every app you run? A technical look

macOS uses OCSP to make sure that the developer certificate hasn’t been revoked before an app is launched.As Jeff Johnson explains in his tweet above, if macOS cannot reach Apple’s OCSP responder it skips the check and launches the app anyway - it is basically a fail-open behaviour.

Now-fixed exploit used Microsoft Office macros to hack macOS

Now-fixed exploit used Microsoft Office macros to hack macOS

A now-fixed exploit in the macOS version of Microsoft Office may have allowed attackers to hack a Mac user just by getting them to open a document.

Apple Announces 'Sign in With Apple' for Signing into Apps Using Your Apple ID

Apple Announces 'Sign in With Apple' for Signing into Apps Using Your Apple ID

Apple is releasing a new API to allow developers to add the new sign-in function to their apps for a more convenient way of logging in using Face ID without revealing additional personal information. The new sign-in feature is coming with Apple's new operating systems this fall and will be available across macOS, iOS, and through websites.

GitHub - sh-dv/hat.sh: A Free, Fast, Secure client-side File Encryption.

GitHub - sh-dv/hat.sh: A Free, Fast, Secure client-side File Encryption.

AES-GCM - exportKey. async function exportCryptoKey(key) { const exported = await window.crypto.subtle.exportKey( "raw", key ). async function decryptMessage(key) { let encoded = getMessageEncoding(); let decrypted = await window.crypto.subtle.decrypt({ name: "AES-GCM", iv: iv }, key, ciphertext ) .then(function (decrypted) { (new Uint8Array(encrypted)); }) .catch(function (err) { console.error(err); }); }.

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Most recently, the team at Google has reported and publicly disclosed a “high severity” flaw in the macOS kernel which can grant an attacker access to a users computer without their knowledge.

Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History

Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History

A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave release up to the 10.14.3 Supplemental Update released on February 7.

Brave Previews Opt-in Ads in Desktop Browser Developer Channel

Brave Previews Opt-in Ads in Desktop Browser Developer Channel

How Brave Ads Work Opt-in Users who choose to see Brave Ads are presented with offers in the form of notifications as they browse the web, at a time that the browser finds appropriate and not disruptive.

Call for testing: simplified installation method

Call for testing: simplified installation method

USB images instead of ISO images We need your help to test the simplified installation methods of Tails that we will release with 3.12 on January 29.

New Release: Tor Browser 8.0.4

New Release: Tor Browser 8.0.4

Tor Browser 8.0.4 contains updates to Tor (0.3.4.9), OpenSSL (1.0.2q) and other bundle components. setting back the sandboxing level to 5 on Windows (the Firefox default), after working around some Tor Launcher interference causing a broken Tor Browser experience.