Latest news with #PositiveTechnologies
Mid East Info
5 days ago
- Mid East Info
Apple thanks Positive Technologies for discovering a vulnerability in its Shortcuts app - Middle East Business News and Information
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch . Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors aimed at maintaining access to the system even after vulnerability patching Ransomware infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability ( CVE-2018-4251 ) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE , which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Positive Technologies is the first and only cybersecurity company in Russia on the Moscow Exchange (MOEX: POSI), with 220,000 shareholders and counting. Follow us on X , LinkedIn , and in the News section at
Tahawul Tech
5 days ago
- Tahawul Tech
Don't take any ‘shortcuts' – Positive Technologies find critical vulnerability in macOS application
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros[1] that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors[2] aimed at maintaining access to the system even after vulnerability patching Ransomware[3] infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability (CVE-2018-4251) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE, which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. [1] A macro is a pre-programmed sequence of actions defined by the user. [2] A backdoor is a type of malware that allows unauthorized access to data or enables remote control of the compromised system. Typically, an attacker installs a backdoor on a target system for future access. [3] Ransomware is a type of malware that encrypts a victim's files or locks them out of their computer system, giving the attacker control over any personal information stored on the compromised device. The attacker can then demand a ransom, threatening to leave the files or system inaccessible to the victim or to disclose confidential data if the ransom is not paid.
TECHx
6 days ago
- TECHx
Critical macOS Shortcuts Flaw Reported by PT SWARM Expert
Home » Emerging technologies » Cyber Security » Critical macOS Shortcuts Flaw Reported by PT SWARM Expert PT SWARM expert Egor Filatov has discovered a critical vulnerability in Shortcuts, a built-in Critical macOS app used to automate user actions. The flaw, if exploited, could give an attacker full control over a device. Positive Technologies revealed that the vulnerability is tracked as BDU:2025-02497 and carries a severity score of 8.6 out of 10 on the CVSS 3.0 scale. It affects Shortcuts version 7.0 (2607.1.3). The app has been part of macOS since Monterey, and is also supported in Ventura, Sonoma, and Sequoia. If a compromised device is connected to a corporate network, attackers could infiltrate the internal infrastructure. Filatov warned that it would be enough for a victim to run a malicious macro unknowingly. Positive Technologies reported that the vendor was notified in line with responsible disclosure policies. A patch has already been issued. Users are advised to upgrade to macOS Sequoia 15.5 or later. If an OS update is not possible, users should avoid downloading unknown shortcuts or using the app altogether. According to the report, possible consequences of exploitation include: Theft or deletion of sensitive data Remote malware installation and ransomware attacks Business disruption in corporate environments The company emphasized that threat actors could upload infected shortcut templates to the app's library. Before the patch, the flaw could be used to bypass macOS security and execute arbitrary code. Positive Technologies has a long track record of studying Apple products. In 2018, its researchers discovered a firmware flaw in Intel Management Engine that affected Apple computers. In 2017, vulnerabilities in Apple Pay were reported, allowing unauthorized transactions. The Shortcuts app is also available on iOS. To prevent threats on mobile, companies are advised to use solutions like PT MAZE. It protects apps by making reverse engineering difficult and costly for attackers.
Forbes
18-06-2025
- Forbes
Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users. New warnings have been issued for Chrome's 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away. More critically, an ongoing update mandate deadline in now just 7 days away. America's cyber defense agency warns Chrome 'contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.' CISA says update before June 26 or stop using Chrome. The formal mandate applies just to federal employees, but CISA operates 'for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.' That means all organizations should take note of this deadline and adhere if possible. That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered 'a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web browser.' Now, Positive Technologies says its Threat Intelligence Department 'analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)' dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate. The current CISA update mandate is for CVE-2025-5419, which is also an 'out-of-bounds read and write in V8,' a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We're two weeks into CISA's mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads. While home users should adhere to CISA warnings, it's more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it's a race against time for attackers to use it or lose it when browsers are patched. Do that right away.
Mid East Info
17-06-2025
- Business
- Mid East Info
Positive Technologies identifies key cyberthreats for financial companies in 2025–2026 - Middle East Business News and Information
Positive Technologies has outlined the major cyberthreats that the financial sector may face in the coming years. These include ransomware attacks, malicious use of QR codes, exploitation of API vulnerabilities, DDoS campaigns, and attacks targeting suppliers and partners. These conclusions are based on the company's analysis of security incidents and publicly available data concerning threats to banks and other financial institutions. The financial sector remains one of the top five most targeted industries by cybercriminals, according to Positive Technologies data for the period from 2024 to Q1 2025. In 67% of successful cyberattacks, attackers stole data and used it to blackmail victims by threatening to delete or expose the information. Another 26% of incidents caused operational disruptions, while 5% resulted in financial theft. Social engineering was used in 57% of successful cyberattacks on financial organizations in 2024. Positive Technologies analysts predict that such incidents will continue to rise as cybercriminals leverage the generative capabilities of artificial intelligence (AI) to craft convincing phishing emails. On the defensive side, security teams are also expected to use AI to detect AI-generated malicious content. The growing use of application programming interfaces (APIs) poses significant risks. Without adequate security measures, APIs could become an entry point for cybercriminals. This risk is exacerbated by the proliferation of shadow APIs, which often lack proper protection, and the widespread adoption of AI in the financial sector. According to a report by Wallarm, the number of vulnerable AI-enabled APIs increased tenfold in 2024. Another key cyberthreat in 2025–2026 will be the growing number of attacks on contractors and suppliers. Cybercriminals are likely to target less secure partners to gain access to larger financial organizations. Small and medium-sized businesses may also be affected, especially if attackers fail to reach their main targets. Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies, says: 'Cybercriminals continue to exploit legitimate and widely used tools in fraudulent schemes. For example, attacks involving QR codes have become more frequent. Hackers replace legitimate QR codes with malicious ones in public spaces and bypass email security by taking advantage of the difficulty in detecting QR codes within messages. In the future, we may see malware capable of altering QR codes directly on device screens during payment. That's why it's important to be careful with QR codes and avoid scanning ones from unknown or suspicious sources. At the same time, defensive measures are evolving too. For instance, a company can protect itself from emails containing malicious QR codes by using PT Sandbox, which identifies QR codes in email images and attachments, extracts the embedded links, and checks them for malicious activity.' The access-as-a-service market presents another serious challenge. Positive Technologies reports that nearly 9% of dark web listings for access sales are related to the financial sector. This market is expected to grow as new technologies lower the barriers to entry into cybercrime. Inexperienced attackers may sell discovered access points to more skilled cybercriminals. Ransomware attacks are also projected to increase. Cybercriminals have begun demanding ransoms lower than the potential fines for data breaches. Analysts anticipate this tactic will become more common in countries with turnover-based fines such as Russia, Brazil, and China. DDoS campaigns will continue to pose a significant threat to the financial sector in 2025. Hackers are expected to create massive botnets of compromised IoT devices and use AI to launch adaptive attacks that respond to victims' countermeasures. To protect against these evolving threats, financial organizations must adopt a comprehensive cybersecurity strategy built on advanced tools, including: next-generation firewalls (NGFWs) like PT NGFW to prevent cyberattacks and enforce security policies; web application firewalls (WAFs) such as PT Application Firewall for detecting and blocking attacks, including threats from the OWASP Top 10 list; SIEM systems, including tools like MaxPatrol SIEM, to identify malicious activity across infrastructure and endpoints, integrated with EDR solutions like MaxPatrol EDR. In addition, sandboxes (such as PT Sandbox) and NTA or NDR systems (like PT NAD) should be used to protect against malware and detect hacker movement within the network.
