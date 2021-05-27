Cancel
CreatorsPublishersAdvertisers
View more in
Software

Malware Caught Using macOS Zero-Day to Secretly Take Screenshots

By Tech Crunch Comments
acm.org
 14 days ago

Cover picture for the articleResearchers from software company Jamf have reported that the XCSSET malware has been exploiting a newly discovered zero-day vulnerability that allows it to bypass macOS security defenses and take screenshots without the user's permission. Previously discovered zero-days are used by the malware to steal cookies from the Safari browser to...

cacm.acm.org
IN THIS ARTICLE
#Malware#Screenshots#Macos#Zero Day#Malicious Code#App Permissions#User Security#Tech Crunch#Macos Zero Day#Macos Permissions#Macos Security Defenses#Legitimate Apps#Capture Users#Cookies#Safari#Software Company Jamf#Victim#Entries#Company
YOU MAY ALSO LIKE
News Break
Zoom
News Break
Apple
News Break
Whatsapp
News Break
Technology
News Break
Computers
News Break
Software
Related
Softwarearxiv.org

Resilient and Adaptive Framework for Large Scale Android Malware Fingerprinting using Deep Learning and NLP Techniques

Android malware detection is a significat problem that affects billions of users using millions of Android applications (apps) in existing markets. This paper proposes PetaDroid, a framework for accurate Android malware detection and family clustering on top of static analyses. PetaDroid automatically adapts to Android malware and benign changes over time with resilience to common binary obfuscation techniques. The framework employs novel techniques elaborated on top of natural language processing (NLP) and machine learning techniques to achieve accurate, adaptive, and resilient Android malware detection and family clustering. PetaDroid identifies malware using an ensemble of convolutional neural network (CNN) on proposed Inst2Vec features. The framework clusters the detected malware samples into malware family groups utilizing sample feature digests generated using deep neural auto-encoder. For change adaptation, PetaDroid leverages the detection confidence probability during deployment to automatically collect extension datasets and periodically use them to build new malware detection models. Besides, PetaDroid uses code-fragment randomization during the training to enhance the resiliency to common obfuscation techniques. We extensively evaluated PetaDroid on multiple reference datasets. PetaDroid achieved a high detection rate (98-99% f1-score) under different evaluation settings with high homogeneity in the produced clusters (96%). We conducted a thorough quantitative comparison with state-of-the-art solutions MaMaDroid, DroidAPIMiner, MalDozer, in which PetaDroid outperforms them under all the evaluation settings.
Softwarelatesthackingnews.com

Apple Patched Three Actively Exploited Zero-Day Bugs In macOS/tvOS

Apple has recently addressed three serious zero-day bugs in macOS and tvOS that were under attack before a fix was deployed. Specifically, Apple has addressed two zero-day bugs in tvOS and one zero-day in macOS under active exploitation. According to their advisory, one of the two bugs in tvOS include...
Softwarethreatpost.com

HPE Fixes Critical Zero-Day in Server Management Software

The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary. Hewlett Packard Enterprise (HPE) has fixed a critical zero-day remote code execution (RCE) flaw in its HPE Systems Insight Manager (SIM) software for Windows that it originally disclosed in December.
Technologytherecord.media

SVR cyberspies used iOS zero-day in recent phishing campaign

The Russian hacking group that breached software provider SolarWinds in an infamous supply chain attack last year has returned to its regular skullduggery and, for the past few months, has conducted a massive spear-phishing operation aimed at government agencies, think tanks, consultants, and NGOs. Tracked as APT29 or Cozy Bear,...
Softwarexda-developers

XDA Basics: How to take a Screenshot on macOS, using keyboard shortcuts, apps, and more!

Taking a screenshot is a necessary task on just about any device you use for work or play. Most users are well aware of how to take a screenshot on the most popular mobile phones. However, if you recently switched to Mac from Windows, you might be wondering how to take a screenshot on your new computer. Luckily, taking a screenshot is a very simple task in macOS.
Technologybleepingcomputer.com

Microsoft: Russian hackers used 4 new malware in USAID phishing

Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID). Thursday night, the Microsoft Threat Intelligence Center (MSTIC) disclosed that the Russian-backed hacking group APT29, also known as Nobelium, had compromised the Contact Contact account...
Softwarearxiv.org

MalPhase: Fine-Grained Malware Detection Using Network Flow Data

Economic incentives encourage malware authors to constantly develop new, increasingly complex malware to steal sensitive data or blackmail individuals and companies into paying large ransoms. In 2017, the worldwide economic impact of cyberattacks is estimated to be between 445 and 600 billion USD, or 0.8% of global GDP. Traditionally, one of the approaches used to defend against malware is network traffic analysis, which relies on network data to detect the presence of potentially malicious software. However, to keep up with increasing network speeds and amount of traffic, network analysis is generally limited to work on aggregated network data, which is traditionally challenging and yields mixed results. In this paper we present MalPhase, a system that was designed to cope with the limitations of aggregated flows. MalPhase features a multi-phase pipeline for malware detection, type and family classification. The use of an extended set of network flow features and a simultaneous multi-tier architecture facilitates a performance improvement for deep learning models, making them able to detect malicious flows (>98% F1) and categorize them to a respective malware type (>93% F1) and family (>91% F1). Furthermore, the use of robust features and denoising autoencoders allows MalPhase to perform well on samples with varying amounts of benign traffic mixed in. Finally, MalPhase detects unseen malware samples with performance comparable to that of known samples, even when interlaced with benign flows to reflect realistic network environments.
Softwarebleepingcomputer.com

HPE fixes critical zero-day vulnerability disclosed in December

Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager (SIM) software, disclosed last year, in December. HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant...
ComputersGhacks Technology News

Screenshot Capture is a Chrome extension that simplifies taking snapshots to 2-clicks

Firefox has a built-in screenshot tool which is simple to use, and more importantly easy to access. With Google Chrome however, it's a different story. Let me explain. Here's how you can take a screenshot in Chrome. Press F12 to access the developer tools, follow this with the hotkey Ctrl + Shift + P, to open the command panel. Type the word screenshot (in the box that appears) and the browser will display a bunch of options; to capture an area, full size (page), node or a screenshot (of the on-screen content). Select the option and your screenshot is ready.
SoftwareApple Insider

How to rotate your monitor and use it vertically in macOS

You don't always have to keep a display in a landscape orientation. Here's how you can turn a second screen into a vertical monitor, and to adjust macOS to work with it. One of the benefits of buying a new monitor is that you're not only potentially improving the image on your main display, but now you have two screens. You have a second display that you could feasibly connect to your Mac at the same time, increasing the amount of workspace you have to play with when performing tasks. — However, as some movies and TV shows have shown, along with numerous images ofcomputing setups on Reddit and elsewhere, you don't have to stick to the usual landscape orientation. Not everyone with multiple monitors keeps them both horizontal, as some instead use the secondary screen in a portrait orientation.
Computersmaketecheasier.com

Mouse Not Working in macOS? Use these Fixes

If your wired mouse isn’t working, you’re probably out of luck. Those things are generally foolproof and rely on deep system tools like HID configurations to function. If that doesn’t work, it’s probably an issue with the hardware. Wireless mice, including Logitech mice and the Magic Mouse, are far more likely to suddenly disconnect. If your wireless mouse isn’t working with macOS, try these options listed below.
Technologynationalcybersecuritynews.today

Apple says its anti-malware app isn’t spying on you. | #macos | #macsecurity

Apple has been forced to clarify how its Gatekeeper anti-malware platform works after security researchers suggested the system was violating privacy. The company, as spotted by 9to5Mac, has updated its support documentation to explain that the system does not track what its users are doing. At the same time, Apple has said that it will change how Gatekeeper functions in future to further minimize future risks.
Softwarenationalcybersecuritynews.today

Malwarebytes Reports on the State of Mac Malware in 2020 | #macos | #macsecurity

Malwarebytes Labs has published its 2021 report on malware, reflecting on the state of malware threats in 2020 based on detections in the Malwarebytes apps and services. Overall malware detections decreased 38% on the Mac, though Mac malware in businesses increased 31%. It’s worth keeping in mind that actual malware—the truly malicious stuff—accounted for just 1.5% of all Mac detections in 2020, with the rest being adware and so-called potentially unwanted programs (PUPs), which is just a nice term for crapware like browser toolbars that clutter your browser, display ads, and track you.
Computersnationalcybersecuritynews.today

Xcode becomes vector for new Mac malware attack | #macos | #macsecurity

Trend Micro has identified an insidious new form of Mac malware that is propagated by injecting itself into Xcode projects before they are compiled as apps. We’ve seen a similar attack before. The so-called “XCode Ghost” was a malware-infested version of Apple’s developer environment that was distributed outside of Apple’s channels. Apps built using the software were preinstalled with malware.