Patrick Wardle

10.4K posts

Patrick Wardle banner
Patrick Wardle

Patrick Wardle

@patrickwardle

🛠 🍎 👾 Objective-See'ing & DoubleYou'ing

Maui, HI Katılım Ekim 2013
980 Takip Edilen40.4K Takipçiler
Sabitlenmiş Tweet
Patrick Wardle
Patrick Wardle@patrickwardle·
Stoked for the next (ad)venture: "DoubleYou" techcrunch.com/2024/04/25/ex-… Cofounded w/ long-time friend @hexlogic, we're empowering those building security tools for Apple devices 🍎🛡️ And by bootstrapping this venture, our core value of democratizing security remains our focus!
English
19
31
182
40.3K
Patrick Wardle retweetledi
Moonlock Lab
Moonlock Lab@moonlock_lab·
1/ New #macOS samples, 0 detections on VT as of writing, but multiple artifacts suggest Sliver-like HTTP(S) C2. Shared by @malwrhunterteam. What stood out: procedural URL patterns, PNG-wrapped network payloads, no plaintext IOCs, and wazero/WASM-related execution. More below👇
Moonlock Lab tweet media
English
2
9
32
3.5K
Patrick Wardle retweetledi
WIRED
WIRED@WIRED·
A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites. wired.com/story/hundreds…
English
13
190
335
30K
Patrick Wardle retweetledi
Kimberly
Kimberly@StopMalvertisin·
CyberScoop | Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools cyberscoop.com/second-ios-exp…
English
0
6
12
1.6K
Patrick Wardle retweetledi
Andy Greenberg (@agreenberg at the other places)
Andy Greenberg (@agreenberg at the other places)@a_greenberg·
This tool has already been used in distinct hacking campaigns against Ukrainians, Malaysians, Saudi and Turkish victims. If other hackers needed any more encouragement to adopt it, too, the Russian spies who used it left it fully unobfuscated with helpful code comments legible.
Andy Greenberg (@agreenberg at the other places)@a_greenberg

A second iOS exploit has been spotted in use by Russian spies to infect websites and hack visitors' iPhones. This one works on iOS 18, and appeared in a very reusable form, so will likely proliferate. If you haven't updated your iPhone, now's the time. wired.com/story/hundreds…

English
0
49
203
27.4K
Patrick Wardle retweetledi
Andy Greenberg (@agreenberg at the other places)
Andy Greenberg (@agreenberg at the other places)@a_greenberg·
A second iOS exploit has been spotted in use by Russian spies to infect websites and hack visitors' iPhones. This one works on iOS 18, and appeared in a very reusable form, so will likely proliferate. If you haven't updated your iPhone, now's the time. wired.com/story/hundreds…
English
3
95
244
70.2K
Patrick Wardle retweetledi
xiu
xiu@osint_barbie·
3/ Before buying a premium version, I decided to download the demo from https://zkcall[.]pro/download and I got: Zk-call-messenger-3.9.2-lts-macos.dmg (335509df3ae8aefe79267e70c70edc4cacd6f277ead4b12abd8e5c836f1b39a1) validly signed & notarized. Signer: FERDI AYSEL (7865HGMABG) User-friendly @patrickwardle's tool for getting codesign info: objective-see.org/products/whats…
xiu tweet media
English
2
2
12
3.7K
Patrick Wardle retweetledi
xiu
xiu@osint_barbie·
1/ Oh 🙊, here we go again! Signed MacSync stealer dropper being delivered via zkcall[.]pro - a fully vibe-coded "secure messenger" for $199/month Premium tier. Same fake app was documented by @txhaflaire in his MacSync write-up: jamf.com/blog/macsync-s…
GIF
English
2
7
34
4.4K
Patrick Wardle retweetledi
littlelailo
littlelailo@littlelailo·
Coruna's seedbell PAC bypass abused the fact that dyld didn't protect certain __DATA_CONST regions in the dyld shared cache as read only after populating GOT entries etc (I think to support certain objc method list types), (1/4)
English
2
21
218
21.3K
Patrick Wardle retweetledi
Billy Ellis
Billy Ellis@bellis1000·
I infected my iPhone with the ‘Coruna’ spyware. Here’s what I found. youtu.be/XQvZ2mLnZVI
YouTube video
YouTube
English
11
138
787
196.1K
Eric Geller
Eric Geller@ericgeller·
After the CrowdStrike outage, Microsoft started working w/ 3rd-party security vendors to redesign Windows so their programs could run outside the kernel. I talked to experts and one of those vendors about how this work is going — & why it's so difficult. cybersecuritydive.com/news/microsoft…
Eric Geller tweet mediaEric Geller tweet mediaEric Geller tweet mediaEric Geller tweet media
English
1
13
60
19.8K
Eric Geller
Eric Geller@ericgeller·
I'm on vacation for the next few days, but I wanted to share my latest story that @CyberSecDive just published...
English
1
0
5
3.1K
Patrick Wardle
Patrick Wardle@patrickwardle·
Apple: “3rd-party security tools can’t run in the kernel because they might panic.” Also Apple: kicks us out and replaces us with their EndpointSecurity kext ...which can be trivially panicked from userland, taking down every security tool + the whole system (macOS 26.3.1)! 🙄
Patrick Wardle tweet media
English
18
35
283
21.3K
Patrick Wardle retweetledi
Jamie Levy🦉
Jamie Levy🦉@gleeda·
sanity checks by using known bodies of work is very powerful
Jamie Levy🦉 tweet media
English
1
2
16
3K
Patrick Wardle retweetledi
Andy Greenberg (@agreenberg at the other places)
Andy Greenberg (@agreenberg at the other places)@a_greenberg·
A full iOS exploit toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been created for the US government. wired.com/story/coruna-i…
English
8
312
720
99.3K
Patrick Wardle
Patrick Wardle@patrickwardle·
A few weeks ago, Apple announce that "iPhone and iPad [are] approved to handle *classified* NATO information" 😂 Turns out even lowly cybercriminals were (ab)using 0days to hack Apple devices 🙈 wired.com/story/coruna-i…
English
7
14
48
5.2K

Keşfet

@malwrhunterteam @Little_34306 @brucedang @txhaflaire @Now_on_VT @virustotal @lorenzofb @TechCrunch