Security News

A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. The new iteration "Continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," SentinelOne threat researcher Phil Stokes said in an analysis published last week.

A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. The new iteration "Continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," SentinelOne threat researcher Phil Stokes said in an analysis published last week.

A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by SentinelOne security researchers. While monitoring this campaign, the researchers observed more than 220 samples, 150 of them unique and undetected by Apple's built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.

NetWitness, an RSA business, unveiled NetWitness Ransomware Defense Cloud Services, a managed cloud service that monitors endpoints without traditional deployment and administration requirements. Ransomware Defense Cloud Services also includes detection intelligence developed from in-depth ransomware research and development, combined with experienced threat hunting in enterprise environments.

In a new report, Proofpoint details how the group TA456, associated with the Iranian Revolutionary Guard, invested years in developing the false profile of a fantasy woman named Marcella Flores, an impossibly shiny haired aerobics instructor from the U.K., to rein in unsuspecting targets. Starting about eight months ago, Proofpoint found TA456 used the Marcella Flores profile to slowly build a relationship with someone who worked for a subsidiary of an aerospace defense contractor in the U.S. Over the months, Marcella shared many emails, pictures and even a video to build trust.

Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. In this report, we highlight those common defense evasion techniques, which are common in malicious Linux shell scripts.

An Iranian state-sponsored threat actor tracked as TA456 maintained a social media account for several years before engaging with their intended victim, cybersecurity firm Proofpoint reports. The newly detailed activity attributed to the group involved the use of the social media persona "Marcella Flores," which was used to engage with an employee of a subsidiary of an aerospace defense contractor over multiple communication platforms, to gain their trust in an attempt to infect them with malware.

The U.S. Department of Energy CyberForce program is expanding this year to include more cyber competitions, webinars and career resources. In 2021, students have many more opportunities to learn about cybersecurity topics and compete within the CyberForce program.

Owl Cyber Defense Solutions announced the opening of its new regional office, located in Abu Dhabi. The new office, hosted and sponsored by Al Makamin Commercial Projects LLC, part of Sultan International Holding, LLC -, will house Owl's in-region field staff that support the company's growing customer base of oil and gas, petrochemical, power generation, transmission and distribution, nuclear, renewable energy and water/wastewater operators; along with serving government agencies.

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.