Checklist 201: Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month, and the National Cybersecurity Alliance has kicked things off by releasing some timely recommendations for 2020.

TikTok and WeChat bans on hold for now

With the United States threatening to make good on its promise to pull them from U.S. app marketplaces, popular apps TikTok and WeChat are granted a last-minute stay of execution.

macOS Big Sur security and privacy guide

Apple will soon release macOS Big Sur to the public — and it looks like it will bring a number of important security and privacy enhancements. In this guide, we’ll tell you everything you need to know about the Mac’s new and improved OS!

About the name and number

Ever since 2013, Apple has used California landmarks to name each new version of their flagship OS, and macOS “Big Sur” is no exception. However, there is one major change this time around: the version numbering system has been updated. Instead of following …

New iPads, Apple Watches, and more at the Apple Special Event

Apple held a special event this week to introduce several new devices and features. Here are some of the highlights: 

Apple Watch Series 6

As expected, Apple used the special event to introduce the Apple Watch Series 6. Although a number of cosmetic and design changes were mentioned (including a new (PRODUCT)RED case, seamless watch bands, and more faces than ever before), the Apple Watch Series 6 was presented first and foremost as a next-gen health and wellness device.

The Apple Watch Series 6 has a number of new health features, but perhaps …

Is App Notarization broken?

Security researchers have discovered a variant of Shlayer malware — an extremely common macOS threat — that appears to have circumvented Apple’s App Notarization process.

What is geofencing?

Federal judges in the United States are starting to push back against police requests for “geofence warrants”, citing constitutional concerns. In this short article, we’ll introduce you to the issue, tell you what it means for your privacy, and explain how you can limit the ability of the government (and others) to track you.

What is geofencing?

Broadly speaking, geofencing refers to the practice of creating a virtual boundary around a real-world physical area. The technique is often used by marketers and advertisers who want to show more relevant ads or offer …

Ransomware attacks by amateur Iranian hackers used “off-the-shelf” malware

Threat researchers are reporting that low-skilled Iranian hackers carried out a number of successful attacks against enterprise targets in June. The incident highlights the growing threat of off-the-shelf malware to businesses and individuals.

In this short article, we’ll tell you what happened, give you some background to the issue, and let you know what you can do to stay safe.

The incident

According to researchers at Singapore-based Group-IB, newbie hackers in Iran managed to penetrate the networks of a number of companies across the globe and infect their systems with Dharma ransomware. The …

XCSSET: New Mac malware infects Xcode projects

Security researchers have discovered an interesting new variety of macOS malware that spreads by attacking Xcode projects. It’s called XCSSET, and in this article, we’ll tell you what you need to know about this unusual threat in order to stay safe.

What is XCSSET?

XCSSET is a suite of malicious components that spreads through infected Xcode projects.

Xcode is a tool used by app developers to write software for Apple platforms. An Xcode “project” simply refers to the repository of files, information, and resources that are used to build an app for deployment.

If …

DEF CON Safe Mode Highlights

DEF CON, a major annual event in the world of cybersecurity, was held just last week. This year, the organizers decided to go virtual, calling the event “DEF CON Safe Mode”. 

There were a number of great talks and panels at the conference, and while some of them were quite technical, many also focused on topics likely to be of interest to a wide audience. 

In what follows, we’ll offer some curated highlights from DEF CON Safe Mode that you may want to check out, along with links to the full video …

Disinformation in the age of social media: Renée DiResta’s Black Hat 2020 keynote

Black Hat USA is a major event in the world of information security. This year, due to the ongoing pandemic, the conference went virtual — and the organizers offered open access to many of the most important talks and sessions. 

Among these were two timely keynote addresses that deal with issues around election security, one of which was delivered by Renée DiResta. DiResta is the Research Manager at Stanford Internet Observatory, an interdisciplinary program that studies the misuse of information technologies. Her work focuses on the way in which narratives spread …

ThiefQuest malware for macOS is a triple threat

In this piece, we’ll discuss ThiefQuest’s key capabilities, and we’ll also tell you how to protect yourself from an infection.

Chris Hadnagy on social engineering

Chris Hadnagy is one of the world’s foremost authorities on social engineering. He has written four books on the topic, including Social Engineering: The Science of Human Hacking and Unmasking the Social Engineer: The Human Element of Security. Hadnagy has been a prominent figure in the security industry for many years, founding the popular Social Engineering Village (SEVillage) at DEF CON, and establishing the Innocent Lives Foundation, a non-profit organization that coordinates the resources of the infosec community to fight online child predators. Hadnagy’s company, Social-Engineer, LLC, helps …