Apple has made a significant move away from the iMessage exclusivity that has dominated its environment for more than ten years and toward the adoption of a universal texting standard. This action is anticipated to close the messaging gap between Android and iPhone users, representing a big step toward seamless cross-platform communication.
For years, iPhone users have enjoyed the benefits of iMessage, an exclusive messaging platform that offers enhanced features, including read receipts, high-quality media sharing, and end-to-end encryption. However, the downside was the notorious "green bubble" dilemma, where Android users received messages in a different format, devoid of the enhanced functionalities available on iMessage. This created a sense of division in the messaging experience.
Apple's decision to embrace a universal texting standard is a welcome change, as it signals a departure from the walled-garden approach that has defined the company's messaging strategy. The move is expected to eliminate the disparities between iPhone and Android users, creating a more inclusive and integrated messaging environment.
Adopting a universal texting standard is not only a boon for users but also a strategic move by Apple to stay relevant in a rapidly evolving tech landscape. With increasing users relying on cross-platform communication, the demand for interoperability has never been higher. Apple's decision to collaborate with Android in this endeavour is a testament to the company's commitment to user-centric innovation.
While the specifics of the universal texting standard are yet to be fully revealed, the potential benefits are already generating excitement among tech enthusiasts. Interoperability between iOS and Android devices will enhance the overall user experience and foster a sense of unity in the digital communication space.
According to a study conducted by Elastic Security Labs, the malware, dubbed as ‘KandyKorn’ is a sophisticated backdoor that could be used to steal data, directory listing, file upload/download, secure deletion, process termination, and command execution.
At first, the attackers used Discord channels to propagate Python-based modules by pretending to be active members of the community.
Apparently, the social engineering attacks pose as an arbitrage bot intended to generate automatic profits by coercing its members into downloading a malicious ZIP archive called “Cross=platform Bridges.zip.” However, there are 13 malicious modules that are being imported by the file to work together in order to steal and alter the stolen information.
The report reads, “We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.”
Users of Unibot were notified by blockchain analytics company Scopescan about an ongoing hack, which was subsequently verified by an official source:
“We experienced a token approval exploit from our new router and have paused our router to contain the issue.” Later, Unibot guaranteed that it would compensate all the victims who lost their funds in the exploit.
Lazarus Group/ Lazarus is a North Korean state-sponsored cyber threat group, linked to the Reconnaissance General Bureau that operates out of North Korea. As part of a campaign called Operation Blockbuster by Novetta, the group, which has been operating since at least 2009, is said to have been behind the devastating wiper attack against Sony Pictures Entertainment in November 2014. The malware that Lazarus Group uses is consistent with other known campaigns, such as DarkSeoul, Operation Flame, Operation 1Mission, Operation Troy, and Ten Days of Rain.
However, in certain definitions of the North Korean group, security researchers apparently report all North Korean state-sponsored cyber activities under the term Lazarus Group instead of tracking clusters or subgroups like Andariel, APT37, APT38, and Kimsuky.
The crypto industry remains a main target for Lazarus, with a primary motivation of profit rather than espionage, which is their second primary operational focus.
The fact that KandyKorn exists proves that macOS is well within Lazarus's target range and highlights the threat group's amazing ability to create subtle and sophisticated malware specifically designed for Apple devices.
HVNC is a malware, sharing similarities with a VNC (Virtual Network Computing), a tool used in remotely controlling computers over the internet or other networks.
An employer with an IT department might, for instance, utilize VNC to diagnose a worker's computer, and the worker can see that the computer is being accessed. However, with an HVNC, the target user is unaware of the access, allowing a threat actor to utilize an HVNC for malicious practices.
Reportedly, the malware has been distributed to the Russian cybercrime forum – Exploit. For a "lifetime price of $60,000," the threat agent is selling the HVNC, and for an extra $20,000, the customer can add "more malicious capabilities to the arsenal."
However, Guardz did not mention any instance of such a case except in Mac. Moreover, the CVE.report database that identifies various vulnerabilities and exploits did not yet make an entry of the HVNC malware, and neither did Apple release an official statement.
While malware attacks are inevitable, users can protect themselves by taking certain measures.
First, one must make sure to update their macOS to the latest version. Moreover, Apple provides safeguards within macOS, along with releasing security patches regularly through OS updates, thus it becomes necessary to adopt them whenever they are made available to the users.
With macOS Ventura 13.5 being the latest version, a user who is using any other version is in fact running an older version, which needs to be updated. However, Apple has released security updates for its operating systems like Monterey and Big Sur – Monterey 12.6.8 and Big Sur 11.7.9 on July 24.
Since malware are often presented as legitimate software distributed to users via email or on web forums and slipshod websites, another way that can keep users from falling prey to the malware is by only downloading software from trusted sources, like App Store or directly from the developers.
Moreover, users can make use of the several guides provided online, such as the guides on ‘whether or not you need antivirus software,’ list of Mac viruses, malware, and Trojans, and a comparison of Mac security software.
Passkey functionality, which enables users to securely log in to apps and websites without a password, will be made accessible to 1Password's customers by early 2023, the company announced.