Tag Archive for: Designed

Mysterious malware discovered on 30,000 new Macs – and researchers have no idea what it was designed to do

/in


Security researchers have discovered a piece of malware called Silver Sparrow on 30,000 Mac computers, including those with Apple’s latest M1 chips.

Instead, spreading across 153 countries, the malware is designed to deliver a payload that the researchers have yet not discovered.

It also has a system in place to self-destruct – hiding its existence totally.

As Ars Technica reports, infected computers check a server every hour to see if there are any new commands from malicious individuals to execute.

The malware is even stranger due to the fact it uses the macOS Installer JavaScript API to execute commands, which makes it hard to analyse the contents of the package.

When the malware is executed, all that the researchers found were two messages: for computers using Intel chips, the malware displays the words “Hello World!”, while for M1 Macs it says “You did it!”

The researchers hypothesise that these are simply placeholders for a later execution.

“We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates”, the researchers describe.

Apple has already revoked the binaries that could be mean users accidentally install the malware. The malware does not seem to have delivered any malicious payload, and the company emphasises that using its own Mac App Store is the safest place to get software for its computers Mac.

For programs downloaded outside the store Apple does use technical technical mechanisms including as the Apple notary service detect and block malware.

“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints… and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” says Patrick Wardle, a macOS security expert, according to Ars Technica.

“That’s pretty widespread… and yet again shows the macOS malware is becoming ever more pervasive and commonplace,…

Source…

Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say

/in


News Highlights: Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say

“This is what we do,” Powell said.

The SCADA of the city of Xenia water treatment plant is also not connected to the Internet for security reasons, said Joe Bates, water treatment supervisor.

A hacker gained access to the system that controls the water treatment plant of an Oldsmar, a Florida city of 15,000 residents, and attempted to contaminate the water supply with a caustic chemical, exposing a hazard that cybersecurity experts say has grown as systems both become more automated as more accessible via the internet.

The hacker who broke the system at the Oldsmar city water treatment plant on Friday using a remote access program shared by factory workers briefly increased the amount of sodium hydroxide by a factor of a hundred (from 100 parts per million to 11,100 parts per million), Sheriff Bob Gualtieri of Pinellas County said during a news conference Monday.

Experts say municipal water and other systems have the potential to be an easy target for hackers, as local governments’ computing infrastructure is often underfunded.

Robert M. Lee, CEO of Dragos Security, and a specialist in industrial operating system vulnerabilities, said remote access to industrial operating systems such as those …

Read more from Source
Copyright @ www.daytondailynews.com

  • Check the latest Hacking news updates and information.
  • Please share this news Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say with your friends and family to support us your one share helps us a lot.
  • Follow us on Facebook and Twitter if you need more updates like this.
Disclaimer: If you need to remove this content from our site then kindly contact us Learn more

Source…

The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance

/in

Whatever your views on the EU’s General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored “at rest”, the proposed ePrivacy Regulation deals with with personal data “in motion” — that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or “cookie walls”, have been dropped, as has the right of Internet users to refuse to accept tracking cookies. In the most recent version of the text (pdf) put together under the Austrian Presidency of the Council of the European Union (one of the three EU institutions that has to agree on the final law), there’s even a new bad idea:

In some cases the use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment may also be necessary for providing an information society service, requested by the end-user, such as services provided to safeguard freedom of expression and information including for journalistic purposes, such as online newspaper or other press publications…that is wholly or mainly financed by advertising provided that, in addition, the end-user has been provided with clear, precise and user-friendly information about the purposes of cookies or similar techniques and has accepted such use

This section would give the news publishing industry a special right, enshrined in the ePrivacy Regulation, to use tracking cookies to support advertising, even though the original impetus behind the new law was to stop precisely this kind of obligatory commercial surveillance. Following its lobbyists’ success in obtaining a special link tax included in the awful EU Copyright Directive, this latest legal privilege is further testament to the power of the publishing industry in the EU.

Judging by the most recent draft text, the ePrivacy Regulation has been almost completely gutted of any strong protections for Internet users. And yet it seems even what little remains is too much for some EU member states, as a story on Euractiv reports:

The European Commission will present a revised ePrivacy proposal as part of the forthcoming Croatian Presidency of the EU, Internal Market Commissioner Thierry Breton announced on Tuesday (3 December), after previous talks failed to produce an agreement among member states.

The revamped measures will be made in a bid to find consensus between EU countries on the ePrivacy regulation which would see tech companies offering messaging and email services subjected to the same privacy rules as telecommunications providers.

Although the new Internal Market Commissioner Breton is quoted as saying: “You can count on me to find consensus between each of us”, others are not so sure. Some now believe that the entire ePrivacy Regulation will be dropped as being too hard to fix. That would be an incredible waste of years of work, a missed opportunity — and a huge victory for the lobbyists.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Permalink | Comments | Email This Story

Techdirt.