Security News
Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any software. The first known instance of notarized macOS malware was discovered last week, by a college student who noticed that people who want to download Homebrew and make the mistake of entering the wrong URL are getting served with a warning saying their Adobe Flash Player is out of date and offering an update for download. Security researcher Patrick Wardle analyzed the served package and confirmed that it is not an update, but a notarized version of the macOS Shlayer adware, which doesn't get detected as malicious by Gatekeeper.
The MITRE Corporation has taken the wraps off a knowledge base of common techniques and tactics that defenders can use to ensure their networks and assets are kept secure. Called MITRE Shield, the publicly available, free resource is aimed at cyber-experts looking to engage an active cyber defense and, similarly with MITRE ATT&CK, presents a series of active defense concepts.
The United States Cybersecurity and Infrastructure Security Agency has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.
CISOs at Stanford University, the University of Chicago Medicine, and The Ohio State University list phishing as the top security threat to students, professors, and researchers. The group also agreed zero trust is the best security approach but a hard sell in an academic setting.
The United States Cybersecurity and Infrastructure Security Agency has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries. Dubbed BLINDINGCAN, the malware was apparently used in "Dream Job," a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.
TikTok has stepped up its defense against US accusations that the popular video app is a national security threat, denouncing what it called "Rumors and misinformation" about its links to the Chinese government. US user data is stored here, with a backup in Singapore, according to TikTok.
What's more, in most of the cases, an attacker did not need to do much, beyond gaining an initial foothold, to command full internal network access: in 68 per cent of the trials, the infiltrators only needed to take one or two steps to have the entire organization at their fingertips. Network compartmentalization, and access controls limiting who can see what, may have helped minimize intruders' reach.
KoolSpan and the National Geospatial-Intelligence Agency announced the availability of TrustCall, a secure mobile communications application, to all DoD and IC users for iOS and Android, via the GEOINT App Store. The threats are posed by systemic vulnerabilities in the global telecommunications infrastructure that readily enable interception and monitoring of mobile communications, both voice and data.
Instead of relying on customers to protect their vulnerable smart home devices from being used in cyberattacks, Ben-Gurion University of the Negev and National University of Singapore researchers have developed a new method that enables telecommunications and internet service providers to monitor these devices. The researchers developed a method to detect connected, vulnerable IoT models before they are compromised by monitoring the data traffic from each smart home device.