10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac.
… as if any machine that runs code could possibly be immune to malware…?
Boy, was that a stretch.
The untruthiness of the notion that Macs are immune to malware has been proved by multiple MacOS-focused malwares. Examples include Silver Sparrow, the malware capable of targeting Apple’s then-new M1 ARM architecture Macs back in February 2021. Another: the variant of the Shlayer Mac OSX malware with advanced stealth capabilities that was spotted in the wild in June 2020, actively using poisoned Google search results in order to find victims.
Do you still hear people say “Oh, I’m on a Mac. I can’t get a virus”?
Jamie Levy, director of R&D at Huntress, recently hosted one of the company’s “Tradecraft Tuesday” webinars, where she dug into the threat landscape on the MacOS side of the aisle to take a look at which threats are the most dangerous. If you’re still hearing Mac users swear they’re invulnerable, this is the podcast to listen to. … or to get them to listen to.
She dropped by the Threatpost podcast to bring us the highlights of that webinar, including:
Please see below for a list of MacOS security tools that Jamie listed in the show.
You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.
These are the tools to protect MacOS that Jamie recommended during the podcast:
_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _FREE downloadable eBook, “Cloud Security: The Forecast for 2022.”****We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.
traffic.libsyn.com/digitalunderground/033122_Huntress_Jamie_Levy_mixdown.mp3
bit.ly/3Jy6Bfs
media.threatpost.com/wp-content/uploads/sites/103/2022/03/31164420/mac-vs-pc-ad-e1648759503948.png
objective-see.com/products/blockblock.html
objective-see.com/products/lulu.html
objective-see.com/products/ransomwhere.html
support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web
threatpost.com/microsite/threatpost-podcasts-going-beyond-the-headlines/
threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
threatpost.com/silver-sparrow-malware-30k-macs/164121/
www.huntress.com/resources/tradecraft-tuesday?wchannelid=zy8dl5egyy&wmediaid=o9d63nfb4b
www.obdev.at/products/littlesnitch/index.html
www.youtube.com/watch?v=eF7habaTvAY&ab_channel=LearnitTraining
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C