Credit to Author: Malwarebytes Labs| Date: Mon, 08 May 2017 18:00:38 +0000
 | |
| A compilation of notable security news and blog posts from the 1st of May to the 7th. We touched on topics like Mac malware, OWASP, and password management. Categories: Tags: adwareGooglegoogle docsmacOSOSX.Dokrecapweekly blog roundupWorld Password Day |
The post A week in security (May 01 – May 07) appeared first on Malwarebytes Labs.
Read more
Credit to Author: Lucian Constantin| Date: Mon, 08 May 2017 08:04:00 -0700
Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.
The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.
The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.
To read this article in full or to leave a comment, please click here
Credit to Author: Thomas Reed| Date: Fri, 28 Apr 2017 18:00:07 +0000
 | |
| Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold. Categories: Tags: AppleDokument.zipmacmacOSmalwareOSX.Dokphishing |
The post New OSX.Dok malware intercepts web traffic appeared first on Malwarebytes Labs.
Read more
Credit to Author: Lucian Constantin| Date: Thu, 06 Apr 2017 08:07:00 -0700
With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has acquired Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.
Little Flocker can be used to enforce strict access controls to a Mac’s files and directories as well as its webcam, microphone and other resources. It’s particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.
F-Secure plans to integrate Little Flocker, which it calls “the most advanced security technology available for Macs,” into its new Xfence technology. Xfence is designed to add behavioral-based protection to its existing endpoint security products for macOS.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 11:53:00 -0700
The CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.
One of the documents, dated Nov. 29, 2012, is a manual from the CIA’s Information Operations Center on the use of a technology codenamed Sonic Screwdriver. It is described as “a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”
Sonic Screwdriver allows the CIA to modify the firmware of an Apple Thunderbolt-to-Ethernet adapter so that it forces a Macbook to boot from an USB stick or DVD disc even when its boot options are password protected.
To read this article in full or to leave a comment, please click here
Credit to Author: Gregg Keizer| Date: Wed, 22 Mar 2017 13:23:00 -0700
Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.
“This group is known for getting accounts and credentials, they have gotten credentials in the past,” said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. “But whether they have that many … who knows?”
There’s another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Mon, 20 Mar 2017 12:08:00 -0700
Two teams of researchers managed to win the biggest bounties at this year’s Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.
Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.
One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That’s why VM escape exploits are highly prized, more so than browser or OS exploits.
To read this article in full or to leave a comment, please click here
Credit to Author: Thomas Reed| Date: Wed, 08 Mar 2017 16:00:40 +0000
 | |
| There are many Mac security myths circulating among users. So how can you tell if the advice you’re reading is fact or fallacy? Read on to find out! Categories: Tags: adwareApplemacMac securitymacOSmalwarePUPs |
The post Mac security facts and fallacies appeared first on Malwarebytes Labs.
Read more