Posted by: David Harley | January 13, 2018

Fruitfly – Graham Cluley’s take for ESET

… Fruitfly malware spied on Mac users for 13 years – man charged

David Harley

Posted by: David Harley | January 12, 2018

Fruitfly: alleged author’s wings clipped…

…well, charged, not convicted.

Sophos considers the story here: Man charged with spying on thousands of Mac users for 13 years

Taylor Armerding tells us that an Ohio man

‘was charged with Computer Fraud and Abuse Act violations, Wiretap Act violations, production of child abuse imagery, and aggravated identity theft, according to a Department of Justice (DoJ) press release.’

David Harley

Posted by: David Harley | January 12, 2018

macOS DNS Hijacker

Patrick Wardle/Objective-See: Ay MaMi – › Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi

(Speaks for itself, really).

David Harley

Posted by: David Harley | January 12, 2018

‘AdultSwine’ Android malware

The Register: ‘Mummy, what’s felching?’ Tot gets smut served by Android app – Google’s Play Store fails again

Actually, I didn’t know about felching, either, and I wish I hadn’t looked it up.

Based on Checkpoint’s blog article Malware Displaying Porn Ads Discovered in Game Apps on Google Play. Checkpoint says that this is a triple-threat attack: it may display ads that are often (very) pornographic, engineer users into installing fake security apps, and/or induce them to register with premium services.

David Harley

Posted by: David Harley | January 11, 2018

Apps: enterprise blacklist data

Appthority released its latest report: Q4 Appthority Pulse Report Finds Tinder and Instagram Added to Enterprise Blacklists. In fact, there’s rather more to it than Tinder and Instagram. If you aren’t sure whether to jump straight in and give Appthority your contact details, you could check Help Net Security’s summary to see whether you want to find out more: Apps most frequently blacklisted by enterprise security teams.

David Harley

Posted by: David Harley | January 11, 2018

Unwanted mobile redirects

Lily Hay Newman for Wired: Pop-Up Mobile Ads Surge As Sites Scramble To Stop Them

I virtually never use my phone where I can use a laptop, so I haven’t really been aware of this is a big issue. Interesting.

David Harley

Posted by: David Harley | January 11, 2018

Password problem in High Sierra

Tech Crunch: Another macOS password prompt can be bypassed with any password

The Register: Stop us if you’ve heard this one: Apple’s password protection in macOS can be thwarted – Developers (again) find preferences hole (again) that bypasses login box (again)

David Harley

Posted by: David Harley | January 5, 2018

Sometimes you _want_ to uninstall…

…but the macOS System Integrity Protection process may make de-installation difficult…

Thomas Claburn for The Register: Apple macOS so secure some apps can’t be easily deleted – Welcome to the Hotel California* security model

“An Apple macOS security process called System Integrity Protection can prevent certain apps from being easily uninstalled, which isn’t ideal when the code may be vulnerable or malware.”

David Harley

*Info for our younger readers: “You can check out any time you like/but you can never leave”

Posted by: David Harley | January 5, 2018


Commentary from Apple: About speculative execution vulnerabilities in ARM-based and Intel CPUs  Also, About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

And from Google: Today’s CPU vulnerability: what you need to know

Related Resources:

David Harley

Posted by: David Harley | December 20, 2017

OSX.Pirrit: Not a pretty boy, but very interested in pieces of eight

Hacker Combat brought my attention to Cybereason’s research into the OSX.Pirrit adware: MacOS Malware That Steals Bank Account Logins and Intellectual Property.

According to Cybereason’s Amit Serper, the company’s research has attracted

‘cease and desist letters from a firm claiming to be TargetingEdge’s legal counsel. The letters demand that we stop referring to TargetingEdge’s software as malware and refrain from publishing this report….

…Cybereason isn’t the only security company that identifies OSX.Pirrit as a threat. Twenty-eight other antivirus engines on Virus Total also classify it as such.’

Certainly OSX/Pirrit is a widely-known adware family found across a range of platforms.

David Harley

« Newer Posts - Older Posts »