Jamf Blog

Posts in the Jamf Threat Labs Category

April 21, 2023 by Jamf Threat Labs

BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket'. What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

April 19, 2023 by Jamf Threat Labs

The web of connections with iOS 16.4.1

In this blog, Jamf Threat Labs analyzes CVE-2023-28206, iOS 16.4.1 patches and CitizenLab’s findings on QuaDream’s exploits.

April 17, 2023 by Jamf Threat Labs

Threat advisory: Mobile spyware continues to evolve

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

March 31, 2023 by Jamf Threat Labs

3CX Supply-chain attack

Newly discovered supply-chain attack affecting 3CX softphone app used by millions of users globally. In this blog, the Jamf Threat Labs discusses how the app was compromised, what it does and how to go about detecting it on your network.

March 30, 2023 by Jamf Threat Labs

MacStealer malware: A growing threat to macOS users

MacStealer has been discovered and linked to a threat actor distributing it in the wild. The malicious code extracts a variety of files, browser cookies, and login information from a victim's system. Also, it collects end-user privacy and sensitive data, like credit card information from popular web browsers. Learn more about this new macOS malware variant and how Jamf Protect safeguards your devices, users and data from this emerging threat.

February 23, 2023 by Jamf Threat Labs

Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community. In this article, we’ll examine this malware and the glimpse it offers into the ongoing arms race between malware authors and security researchers as well as highlight the need for enhanced security on Apple devices to ensure their safe and effective use in production environments.

February 17, 2023 by Jamf Threat Labs

Jamf Threat Labs analyzes the exploited in-the-wild WebKit vulnerability CVE-2022-42856

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

October 14, 2022 by Jesus Vigo

Get to know Aftermath: Jamf’s open-source incident response tool

Your investigation into a security incident is only as good as the forensic data you collect. If that’s off, the entire incident response process will be a waste of time since it may not paint a complete picture of what happened and where. Enter Aftermath, the lightweight tool that knows where to look, helping you gather as much relevant data from the endpoint as quickly as possible to neutralize threats.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.