POPULARITY
Patrick Wardle's a busy guy, and 2025 is no exception! No Starch Press just published volume two of the Art of Mac Malware on Detection, including a free PDF version. Objective by the Sea is back in October in the Balearics. iOS Security Research is a new area of focus, but there's plenty to talk about. Welcome back, Patrick! Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Patrick Wardle - LinkedIn Links: The Art of Mac Malware Volume 2 Sponsors: Kandji 1Password Nudge Security Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
Patrick Wardle from DoubleYou and the Objective See Foundation joins us to talk about their recent event in Kyiv, as well as everything Mac Security, along with Mikhail, his collaborator at DoubleYou. Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Patrick Wardle - LinkedIn Mikhail Sosonkin - LinkedIn Links: Art of Mac Malware, Volume 2: https://nostarch.com/art-mac-malware-v2 OBTS v7.0: https://objectivebythesea.org/v7/index.html https://x.com/patrickwardle/status/1851026703683813771 https://x.com/lorenzofb/status/1836820420747563260 https://www.trellix.com/blogs/research/macos-malware-surges-as-corporate-usage-grows/ Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim's environment.Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act on his recommendations to fix it.CISA are reporting on the Seaspy and Whirlpool backdoors after obtaining malware samples from a compromised device.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Learn more about some of our favorite presentations from the Vegas conferences, including: Susan Paskey on threat hunting in MFA logsJeremi Gosney on "passwords, but nihilism" (an apparently unscheduled, live threat modeling exercise on password risks)Patrick Wardle on Zoom LPE vulnerabilitiesGaurav Keerthi, Pete Cooper, and Lily Newman on global policy challengesJake Baines on Cisco ASA vulnerabilities and weaknesses (check out the blog post, too)Jonathan Leitschuh on fixing OSS vulnerabilities at scaleEugene Lim on so many iCal standards within standards Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.
Inflation in Asia has peaked compared with other major economies such as the US and Europe, according to the chief Asia economist at Morgan Stanley. China's tech giants, in an unprecedented move, have revealed details of their algorithms to the country's government. And Bhavish Aggarwal aims to bring an Ola Electric car to market in 2024. Notes: Inflation in Asia has peaked compared with other major economies such as the US and Europe, according to the chief Asia economist at Morgan Stanley, CNBC reported yesterday. “Absolutely, inflation has peaked if you look at the data that's already indicative of that. More importantly, going forward, we think you should see downside risks to inflation,” Chetan Ahya, from the investment bank told CNBC's Squawk Box Asia on Monday. “Asia's average inflation peaked at 5.5 percent and it's already down” by about half a percentage point from there, Ahya told CNBC. The US peaked at 9 percent and Europe is also around 8.5 percent and 9 percent, he added. Ola Electric's founder Bhavish Aggarwal yesterday announced plans for the company to build its first electric car, scheduled for a 2024 launch. He also launched the Ola S1, a more affordable version of the company's electric scooter, Ola S1 Pro. Ola Electric will also expand its factories and mass-produce its lithium-ion cells. The car will go from 0-100 kph in 4 seconds, with a range of more than 500 kilometres per charge, according to Aggarwal. Ola will build three factories: a 40-acre two-wheeler facility, a 100-acre lithium-ion cell plant and a 200-acre four-wheeler factory, he said, in a live-streamed event. China's biggest tech giants have shared details of their proprietary algorithms – the software behind their massive consumer success – with the country's regulators, in an unprecedented move, as Beijing looks for more oversight over its domestic internet sector, CNBC reported yesterday. The Cyberspace Administration of China, one of the country's most powerful regulators, released a list of 30 algorithms, with a brief description of their purpose, from companies including e-commerce behemoth Alibaba and internet giant Tencent, on Friday. Zoom users on a Mac should immediately manually update the video conferencing software, Ars Technica recommends. Zoom's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system, according to Ars Technica. The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a non-profit Mac OS security group. Wardle detailed in a talk at Def Con – a well-known annual hacker conference – last week, how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, didn't need one. Wardle found that Zoom's updater is owned by and runs as the root user, according to Ars Technica. Theme music courtesy Free Music & Sounds: https://soundcloud.com/freemusicandsounds
Ever wonder why there's so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!Our Guest: Cat SelfCat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands. Follow Cat on Social MediaTwitter: @coolestcatiknowLinkedIn: Cat SelfResources mentioned in this episode:A highlight of new security changes in macOS Ventura:https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/ For securing a macOS device, I highly recommend installing Patrick Wardle's endpoint tools. https://objective-see.org/tools.html My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette. Cat's “GoTo” blogsPatrick Wardle Objective-SeeJaron Bradley The Mitten MacHoward Oakley The Eclectic Light CompanyCody Thomas MediumSarah Edwards mac4n6Leo Pitt MediumChristopher Ross MediumCsaba Fitzl THEEVILBIT Blog Open Source ProjectsPlaybooks with Datasets to practice OTRFCode snippets aligned to MITRE ATT&CK Atomic Red TeamJupyter notebook environment setup by Anna PastushkoVirtual environment setup Hold My BeerSponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team membeJoin us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!
We hear from Patrick Wardle, former NSA “White Hat” hacker, NASA researcher, and basically a character in Mr. Robot. We loved chatting with Patrick; he's a ton of fun and we get to hear amazing on-the-job hacking stories, tales of tinder dates with Russian spies, and even more from the wild world of hacking. Even if you're not a computer wiz (like Jaimie), you'll love this episode! Follow Patrick on Twitter and Instagram @patrickwardle to learn more!
Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708
This week, we kick off the show with a technical segment, all about working with OpenVAS! Next up, we welcome Patrick Wardle, founder of Objective-See, to talk Trends in Mac Malware and Apple Security!! In the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin,& more! Show Notes: https://securityweekly.com/psw708 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708
This week, we kick off the show with a technical segment, all about working with OpenVAS! Next up, we welcome Patrick Wardle, founder of Objective-See, to talk Trends in Mac Malware and Apple Security!! In the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin,& more! Show Notes: https://securityweekly.com/psw708 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
For the 200th episode of the Intego Mac Podcast, we welcome independent security researcher Patrick Wardle, who shares tales of finding bugs and vulnerabilities on the iPhone and Mac. Show Notes: Objective-See Objective by the Sea Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Mac security researcher Patrick Wardle joins Dennis Fisher to talk about the evolution of Mac malware, the relative security of macOS to other platforms, and Apple's current approach to platform safety.
The macOS security architecture continues to evolve. We have new boot modes, fallback recovery operating systems, sealed key protection for Filevault, revive. The new security documentation is a solid read. So we’re curious, what does a security researcher see when looking at that! What new green fields of hackerationing opportunity lie in front of us? In this episode we chat with Patrick Wardle to see what he’s been up to and to talk about the evolving security footprint of Apple devices. Guest: Patrick Wardle Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Marcus Ransom - @marcusransom Links: The Art Of Mac Malware Apple’s security documentation Objective-See Github Safari Extension nerderation Sponsors: Kandji VMWare Workspace One Halp Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast!
The first two pieces of malware for the first Apple Silicon processor - the M1 - have been spotted. The first, GoSearch22, was found by Mac security expert Patrick Wardle. He stops by to talk about that one, about the other piece of malware - Silver Sparrow, and the future of malware on Apple Silicon. All of that on episode 220 of The Checklist, brought to you by SecureMac. Keep up with Patrick on his website: Objective-See.com Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
Mac-fans rejoice, as Patrick Wardle stops by to talk all things nerdy and Apple on the show today. Fresh off the 1Password virtual cruise, come and join us for some mac malware myth-busting, and discover the benefits mac users can expect from Big Sur and the M1 chip.We also uncover some horror stories in Watchtower Weekly this episode. With a hacker's attempt to poison Florida's water supply, and an ugly ransomware attack on the Cyberpunk 2077 studio, we're hoping we can sleep tonight.
Years before he became the world’s most well known MacOS hacker, Patrick Wardle was a high school nerd curious about hacking. His first hack was figuring out that he could program his fancy calculator and hide a backdoor in it that could help him with his calculus tests. His teacher never caught him, and he actually learned how to solve calculus equations by programming his calculator. “So I’m sure that in retrospect my calculus teacher would be stoked...or that’s what I tell myself,” Wardle said. See acast.com/privacy for privacy and opt-out information.
Years before he became the world's most well known MacOS hacker, Patrick Wardle was a high school nerd curious about hacking. His first hack was figuring out that he could program his fancy calculator and hide a backdoor in it that could help him with his calculus tests. His teacher never caught him, and he actually learned how to solve calculus equations by programming his calculator. “So I'm sure that in retrospect my calculus teacher would be stoked...or that's what I tell myself,” Wardle said. See acast.com/privacy for privacy and opt-out information.
Years before he became the world’s most well known MacOS hacker, Patrick Wardle was a high school nerd curious about hacking. His first hack was figuring out that he could program his fancy calculator and hide a backdoor in it that could help him with his calculus tests. His teacher never caught him, and he actually learned how to solve calculus equations by programming his calculator. “So I’m sure that in retrospect my calculus teacher would be stoked...or that’s what I tell myself,” Wardle said. See acast.com/privacy for privacy and opt-out information.
Mat X and JD talk with Patrick Wardle about his newly Open Source Objective-See Mac Security tools, Objective by the Sea 4.0 conference, and The Art of Mac Malware Analysis.
We hear from Patrick Wardle, former NSA “White Hat” hacker, NASA researcher, and basically a character in Mr. Robot. We loved chatting with Patrick; he's a ton of fun and we get to hear amazing on-the-job hacking stories, tales of tinder dates with Russian spies, and even more from the wild world of hacking. Even if you're not a computer wiz (like Jaimie), you'll love this episode! Follow Patrick on Twitter and Instagram @patrickwardle to learn more!
There's new malware attacking cryptocurrency apps, WhatsApp warns users about data it is sharing with Facebook, and Apple loses a copyright fight with a company that virtualizes iOS so security researchers can look for vulnerabilities. We also look at how you can manage and secure notifications on your devices, so you don't get too distracted, and also so personal information isn't visible when your devices are locks. Show Notes: Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets Patrick Wardle’s ElectroRAT write-up Mandatory WhatsApp Privacy Policy Update Allows User Data to be Shared With Facebook Apple loses copyright battle against security start-up Corellium Apple begins shipping ‘rooted’ iPhones to members of the Security Research Device Program Manage and Secure Notifications on Your iPhone, iPad, and Mac Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Diane Woodburn of Maui No Ka Oi Magazine speaks with Maui-based cybersecurity expert Patrick Wardle. In this podcast Patrick talks about how he got into a career in tech, what brought him from New England to Maui, how studying at the University of Hawaii kick-started his career in tech, the difference in offensive and defensive hacking, how the pandemic has affected his job, how he hopes to help grow tech opportunities on Maui, and the advice he would give students who want to pursue a career in tech industries.
You trust Apple. You trust the firewall you've set up on your Mac. But - do you trust Apple to decide what your firewall should stop and what it shouldn't? Patrick Wardle joins us to discuss the issue on Checklist 209 - brought to you by SecureMac. Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
In this episode of the Apple @ Work podcast, Bradley is joined by Patrick Wardle and Josh Stein from Jamf to discuss a recent IT survey about Mac and PC security in the enterprise. Links mentioned in this episode New Research Finds 77% of Organizations Who Use Both Mac and Non-Mac Devices View Mac as the Most Secure Device Out of the Box Connect with Bradley Twitter LinkedIn Listen and Subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS
Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- Trojan Malware Targets Trump Supporters Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0 Tyler Technologies finally paid the ransom to receive the decryption key 5G in the US averages 51Mbps while other countries hit hundreds of megabits Apple’s T2 security chip has an unfixable flaw Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance Android Ransomware Has Picked Up Some Ominous New Trick --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip, the T2 chip. not a very good thing, frankly and so going through all of this right now and we're going to move upscale just slightly here. I love this quote here. It was in ARS Technica this week, and it is from a gentleman who worked for the NSA his name's Patrick Wardle. He's an Apple security researcher at the enterprise management firm JAMF JAMF. I've talked about them on the show before they have some great management software. He's also a former NSA researcher. And he said I had already assumed that since T2 was vulnerable to CheckM8 Check M eight. It was toast. He said, okay, there really isn't much that Apple can do to fix it. It's not the end of the world, but this Chip, which was supposed to provide all this extra security is now pretty much moot. So it's, an interesting time here. Wardle points out that for companies that manage their devices using Apple's activation lock and find my features, the jailbreak could be particularly problematic, both in terms of possible device theft and other insider threats. He knows that the jailbreak tool could be a valuable jumping-off point for attackers looking to take a shortcut to develop potentially powerful attacks Quote you likely could weaponize this and create a lovely in-memory implant that by design disappears. On reboot. By the way, that is a very common method now for much of the smell where it's memory resident, there's no sign of it on disc. It never hits the disc. So your antivirus software, ain't gonna find it because when it scans the disc, it's just not there. It's just amazing. So the bottom line here is building in hardware security mechanism is always a double-edged sword. That is true, not just of the Apple side, but over on the windows side and the union Linux sides, there's something called a trusted platform module also called TPM. This is an ISO standard here. It's standard for a secure cryptoprocessor. Just like that T2, it is a processor. It is a computer and it's designed physically to be almost impenetrable. I call it elephant snot. It's that really hard epoxy that they put onto the chips so that you can't get into the chip without destroying it. There are other methods for it as well, to try and keep that data safe. But it's been around now for quite a few years, the most recent edition of it came out in about 2016. There've been a few errata, but it is designed to have a hardware, random number generator. Now that's important because having a secure cryptographic key, it means you have to have a very good source to generate that key with, and that means a very good, random number generator. Most processors aren't that great, man. I could talk for hours about the problems we've had over the years of these types of things. That's the whole idea behind the trusted platform module. It can also store those keys. It can also identify itself and the computer uniquely, which is very handy when you are trying to log in, you can use the TPM to help to identify the machine. It has bind keys. It's public key cryptography. It's an RSA key and ceiling as well. So it allows the TPM to be used or not be used. I'm trying to keep this pretty simple. Department of Defense is now specifying that all new computer assets that are purchased by the DOD must include a TPM or a trusted again remember platform module that is version 1.2 or higher. There are details on that. You can look those up, but I've gotten to say no matter who you are, what business you're in, you really should make sure the computer you buy has a TPM in it. Now we have seen security problems with TPMS by certain vendors. They've fixed them, just like this T2 problem with Apple. I'm sure it'll be fixed. By the way, the T1 chip from Apple does not have this problem, it's just the T2 chip, but the whole TPM is really there to help ensure the integrity of the platform. In other words, the operating system, the hard desk, the encryption for the heart. So if you're using BitLocker on Windows, it works best with a TPM. So BitLocker and windows will encrypt the desk using the key that is generated by and stored in the TPM on the machine. So write that one down and in my cybersecurity mastery course. We talk about BitLocker and how to use it and TPMs and how to just select those. Also nowadays, you're going to find the newer computers no longer have bios in them. You probably already figured that one out. Most of you guys, right? You are the best and brightest out there. But they have UAF, I mentioned earlier, that's the unified extensible firmware phase to boot. So the UEFI works with the TPM to create this kind of circle of trust crust if you will. It's absolutely phenomenal. So Linux has its own little thing called the unified keys set up. I already mentioned BitLocker's private core and various other things. Full disk encryption. Very important. There are utilities to do that again on Apple. It's very easy to set up full disk encryption in all these cases here where you should be using your TPM or T2 chip in order to do that. The authentic catered mechanism. It just me authentication mechanism in. The software can be hacked in hardware. Usually can't be hacked. What have we just been talking about for the last half hour? yeah. Hacking the hardware. But that's what the TPMS is all about. That's what gene to do. There's discreet, TPMS, there's TPMS that are built right onto the motherboard. And, there are also some that run as software-only solutions inside the CPU itself. That's part of their trusted execution environment. Not really fond of those. But now, you know what to look for. There are other things as well that we go through a lot of other things in the cybersecurity mastery course. But, one more thing before we go. And that is we talked about encryption on the hard disk level. So the physical hard disk itself can have encryption, which is great, but that encryption is really only useful for when you are getting rid of that disk. So you destroyed the key by removing a jumper or shorting out a jumper and now that disks data is effectively destroyed. And the disk can actually be reused again. Certain standards, federal government standards. we have a system that literally melts the aluminum platters right down. It's Kiln. I forgot what you call these things, but a very hot, yeah. Over a thousand degrees, but for a regular business computer, you're not going to have to worry about that. You need to also have a TPM and make sure that on top of that you are using BitLocker or some other type of encryption. And when you get. Way up there into the CMMC as part of the department of defense standards or the 800-171 standards from NIST, then you have to have special key management remotely that has a different key for every desk. And it gets pretty complicated pretty quickly, but the whole idea is to secure your data and remember. Just because it's all encrypted doesn't mean it's safe from hackers. We should talk about that at some point, but when we get back, we're going to talk about, but our final two final do articles of the day, listening to Craig Peterson, and you'll find me online at craigpeterson.com. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553
In the final installment of our post-JNUC podcast takeover, hear about all things security from Patrick Wardle and Andrew Medearis!
Apple news sites were rife this week with news of an unpatchable vulnerability in the Cupertino-company's T2 security processor. Not great, but probably not the “sky is falling” moment headlines would have us believe. Security researcher Patrick Wardle joins us to explain What the T2 is supposed to do How the vulnerability works Ways to protect ourselves and more Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Marcus Ransom - @marcusransom Sponsors: Workspace One Mac Business Solutions Patreon Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast!
Dave and I kick off the 158th edition of the Kaspersky Transatlantic Cable Podcast, by looking at some malware that – gasp – is now on Macs. In a new post, Patrick Wardle talks about how Shlayer malware was actually approved by Apple. So much for Macs get no viruses. From there, we head to a story that is almost made for a TV or Netflix movie. The tale looks at espionage and how the FBI and Tesla halted a cyberattack. Our third story heads to the gaming sector and the illicit marketplace for Fortnite accounts. From there, we head into a vulnerability in Slack. To close things out, we look at an advisory from the FBI where older daters are being targeted in a scam.
Security pro Patrick Wardle is writing a book, and he may just want your help. We'll cover some Mac malware basics, talk about the book he's writing, and how the security and Mac communities can help on episode 196 of The Checklist, brought to you by SecureMac. Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
TikTok - harmless fun? Or existential threat to the United States? The answer you get depends on who you ask. We're asking security pro Patrick Wardle on this edition of The Checklist, brought to you by SecureMac. Follow Patrick on Twitter: @patrickwardle And follow his work: Objective-see.com Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
Rossibel: Año 1994, un joven matemático de la provincia China de Shandong de nombre Eric Yuan que hacía vida en Japón, tuvo la oportunidad de escuchar una conferencia de Bill Gates. Esto lo inspiró a emigrar a Silicón Valley en 1997. Cuando finalmente pudo llegar a los Estados Unidos se unió rápidamente como programador a una startup de videoconferencias llamada Webex, está se convertiría en uno de los protagonistas del mercado, tanto así que en 2007 sería adquirida por Cisco Systems por 3,2 Billones de $. Yuan siguió trabajando en la compañía hasta llegar a Vicepresidente de Ingeniería. Bajo su mando Webex alcanzó ventas anuales de 800M. La aplicación comenzaría a tener muchos problemas, la conexión era inestable, el audio y vídeo podían retrasarse. Yuan consciente de estos problemas y con una visión de crear una aplicación útil también para móviles y tabletas, presionó a sus superiores para implementar de inmediato estos cambios. Pero su proyecto fue rechazado. Yuan decide renunciar en 2011 y fundar su propio negocio ¿Cómo lo llamo? ZOOM! Por suerte no estaba solo, muchos de los ingenieros de Webex se fueron con él y además, tuvo la confianza de varios inversionistas, lo que le permitió levantar 3M $. Antes de irse, comentó que pasó mucho tiempo comunicándose con los clientes de Webex y con todas las quejas, formó una dirección, las resumió todas dedicándose a crear una app que las resolviera. En dos años, para enero de 2013, lanza la primera versión siendo un éxito inmediato, en dos meses ya contaba con 1 millón de usuarios -Funcionaba en conexiones lentas -Videoconferencias en HD -Versión para dispositivos móviles. Todo esto por un precio inferior a la competencia. Ya en abril de 2019 se convierten en una empresa pública, con una valoración de 16 Billones $. Lo demás es historia, en tan solo 14 meses gracias al incremento en la demanda debido a la pandemia alcanzan los 63 Billones $. Y desde inicio de año sus acciones se han apreciado 205%. Pero… ¿Realmente Zoom es una aplicación segura? ¿Estará Yuan realmente preparado para el desafío de otorgar seguridad en las comunicaciones de más de 300 millones de usuarios activos? ¿Es la mejor aplicación en este momento para llamadas de conferencia? Mi nombre es Rossibel García y en este episodio estaremos analizando la trayectoria de esta aplicación y sus temas de Seguridad y Privacidad… Te invito a que te quedes y resolvamos todas estas dudas. Jean: Bienvenido una vez más a este Podcast Tecnológico llamado Conciencia Virtual, mi nombre es Jean Carlos Gutierrez y estoy aquí acompañado de Rossibel, quienes juntos estaremos analizando si es seguro o no conectarse en la aplicación ZOOM. Hola Rossi, como estas? Has hecho un trabajo Genial con ese resumen histórico de Eric Yuan. Rossibel: aproveché estos días en cuarentena para investigar (Saludo a tu gusto y respuesta de la interacción) así que los invitamos a que se pongan cómodos para que disfruten de este nuevo episodio. Jean que te parece si hablamos de la decisión oficial por parte de Eric sobre aplicar cifrado end 2 end para todos los usuarios, rectractandose de la idea que solo el cifrado seria para las cuentas de pago. Jean: ¿Supiste la razón por la que se retractaba? Rossibel: Bueno Jean, desde el propio blog informaban que solo las cuentas pago iban a recibir el cifrado, y que si habían conversaciones privadas, podrían abrirlas en “caso de ser necesario” si sospechaban que las cuentas estarían implicadas en actividades delictivas. Jean: Aquí volvemos con el tema Privacidad vs Seguridad, pero OJO no estoy refiriéndome a la Seguridad de la aplicación porque ha estado muy insegura últimamente, sino la excusa que ofrecen los Gobiernos del mundo que quieren espiar a sus usuarios, diciendo que es por Seguridad Nacional. Para mi esto es solo un simple pretexto que tiene la empresa para decirte: Si estas en desde la opción gratuito, te sacaré el dinero con tus datos personales. Porque para que ibas a descartar a tus usuarios de cuentas gratuitas al cifrado si en menos de un mes decías públicamente que ibas a implementar Oracle Cloud Infrastructure para respaldar el crecimiento y satisfacer la necesidades de los usuarios. Los usuarios claramente te están pidiendo mejor privacidad y tú seguías sin querer otorgárselas. Rossibel: Jean, tengo entendido que esa función es para mejorar la demanda. Es decir la capacidad de usuarios ya superaba de manera significativa para con los servidores que estaban usando desde ese momento. Jean: Eso es totalmente cierto, pero yo también tengo otra hipótesis con ello. Eric viene jugando al CEO que le gusta complacer a Gobiernos, Rossibel: (forma de interrupción) Jean, algo que debemos considerar al analizar esto, es que ha sido prohibido su uso desde El Ministerio de Defensa del Reino Unido, Servicio Nacional de Salud del mismo, Gobiernos como la India o Taiwan, Ministerio de Defensa de Australia, el Ministerio de Asuntos Exteriores de Alemania, escuelas de Singapur, sin contar empresas estadounidenses como SpaceX, Tesla, Bank of America, empresas Europeas como Siemens AG, Ericsson, Daimler AG, Standard Chartered, NXP Semiconductor NV y la filipina Smart Communications. Jean: Todo eso es cierto. Y todo era porque de sus 73 Servidores de conexión 5 de ellos estaban ubicados en China y no solo tenían la posibilidad de compartir a ti como usuario las claves que necesitabas para entrar en una llamada de ZOOM con X persona, sino que también existía posibilidad que en esos servidores también pasara trafico de esa llamada y para nadie es un secreto que China en ocasiones les exige a las empresas las llave de cifrado y si tu les das ese contenido entonces ellos podrían saber lo que estaba pasando en esa conversación. Cuando estas empresas y países se enteran de esto, claro que deciden prohibirlo. Cualquiera en su sano juicio habría pensando en lo mismo. Pero hace ratico te decía que Eric juega a complacer Gobiernos, si tu como usuarios decides no usar la app porque tienes claro que algunas de sus llamadas pasan por servidores Chinos y luego como dueño de la empresa te anuncio que me estoy uniendo a Oracle, es para justo decirte, vente de nuevo, estoy de moda, ya estoy cumpliendo con tus requisitos de usuario. Dejándote dicho que también han realizado censuras desde la propia app indicando que estaban cumpliendo con las leyes locales de China. Para mi este CEO va procurar complacer a todos los que puedan, siempre y cuando para mantenerse en el mercado del país y segundo para estar activo en todos los países posibles. Rossibel: ¿Entonces bajo tu opinión el que se haya aplicado el cifrado es solo para complacer a la audiencia y seguir creando la confianza, en vez de mejorar en la Seguridad de la aplicación para que sea lo menos atacada posible?. Jean: Rossi, cuando esta aplicación fue utilizada desde el confinamiento, esta aplicación se conectaba con las Api Grafica de Facebook. Entonces ZOOM recolectaba de ti (usando o no la aplicación) datos como: usuario, nombre completo, dirección física, correo electrónico, numero telefónico y todo tipo de datos que pudiera identificarte, sin contar información de tu trabajo, tarjetas de crédito y débito, información de tus cuentas de Facebook, tanto la personal como Fanpage y demás servicios que utilizaras de esa empresa. Como te estabas conectado, IP, Mac Address, Sistema Operativo, la versión. Todo esto era enviado a Facebook y a su vez esta empresa los usaba para cruzar la data y al administrador de la llamada podía indicarle donde estabas, si estabas prestando o no atención a la reunión porque indicaba si la ventana esta activa o no, es más podías entrar a la sala de modo Anónimo y el Admin podía claramente saber que eras tu. Todo esto lo expuso en su momento Will Strafach un Investigador de IOS y cuando soltó la Bomba, lo que hizo ZOOM fue decir: Nosotros estábamos usando la SDK de Facebook y no teníamos idea de la información innecesaria que estaba recopilando de nuestros usuarios, esas herramientas solo la usábamos para facilitar al usuario el ingreso a nuestra plataforma. Actualmente eliminando todo eso para que luego tu actualizando la aplicación ya no tengas ese problema. Pedimos disculpas y estamos comprometidos en la Seguridad de nuestros usuarios. Rossibel: Si, recuerdo ese hecho, es más en esos mismos tiempos, veíamos en las noticias, como podías secuestrar una sala en particular, a modo administrador y enviar material pornográfico a todos los integrantes de esa reunión. Claro ese no seria el único problema de Seguridad que tendría. Patrick Wardle, un ex-hacker de la NSA descubrió que un atacante local con privilegios de usuario de bajo nivel puede inyectar al instalador de Zoom código malicioso para obtener el nivel más alto de privilegios de usuario ("root") Jean: Esos privilegios significan que el atacante puede acceder al sistema operativo macOS subyacente, que generalmente está prohibido para la mayoría de los usuarios, lo que facilita la ejecución de malware o spyware sin que el usuario lo note. Rossibel: ahora, ¿qué otras fallas y vulnerabilidades has podido notar en esta aplicación? Jena: El segundo error explotaba una falla en cómo Zoom manejaba la cámara web y el micrófono en Macs. Wardle dijo que un atacante podía inyectar código malicioso en Zoom para engañarlo y darle al atacante el mismo acceso a la cámara web y al micrófono que Zoom ya tiene. Una vez que se carga el código malicioso, "heredará automáticamente" alguno o todos los derechos de acceso de Zoom. También las vulnerabilidades recientemente parcheadas En una que aprovechaba la forma como se utilizaba el servicio GIPHY (buscador de gifs) donde no se confirmaba si el archivo a compartir provenía de ese servicio y a su vez tampoco verificaba el nombre del archivo entonces el atacante podría hacerte llegar un gif infectado de un servidor tercero y hasta almacenarlo en tu carpeta de inicio. Y la otra vulnerabilidad era aprovecha la forma como enviaba ZOOM fragmentos de códigos, permitiendo al atacante plantar binarios arbitrarios en computadoras especificas, logrando la ejecución de código remota. Jean: Ahora, Rossi, si un usuario necesita usar la aplicación de Zoom luego de todo lo que te he comentado ¿Que recomendaciones le darías para estar seguro en la aplicación? Rossibel: Eso es algo que deberías de decir tú! Pero yo también las conozco. Tú me vas diciendo si voy bien o no! 1. ¡Agregar una contraseña a todas las reuniones! 2. Usar salas de espera 3. Nunca compartir el ID de reunión por medios públicos 4. Desactivar el uso compartido de la pantalla del participante 5. Bloquear reuniones cuando todos se hayan unido 6. Mantener Zoom actualizado 7. Usar la autenticación multifactor (MFA) Pero ajá Jean, no has dicho si es preferible usar ZOOM o no? Jean: En realidad es una decisión final del usuario. Yo te podría decir ahora mismo que la historia que hemos comentado se parece MUCHÍSIMO a la historia de Whatsapp y no necesariamente el usuario tomaría la decisión de irse a otra plataforma. Y eso es por la cantidad de usuarios activos que hay en la plataforma. Si fuera así entonces ahora mismo Signal seria la aplicación de mensajería más usada por ser públicamente más segura. Algo que intenta ahora mismo mostrar ZOOM al liberarte en la plataforma de Github el código con el que esta cifrando su aplicación Rossibel: Pero Jean y liberando su código ¿No hace que la app sea más insegura? Ya que otros usuarios pueden ver como funciona y con ello atacar. Jean: El que otros usuarios puedan usar ese código para tratar de crear nuevas maneras de atacar, también te puedo decir que la comunidad puede ayudar a mejorar ese código, creando confianza en desarrolladores y comunidad que a su vez ayuda mucho a los usuarios finales. Rossibel: Claro, Claro! Pero si con todo lo que hemos comentado hoy, sabiendo que ZOOM sigue haciendo cambios en pro para liberarse de vulnerabilidades y hasta de prohibiciones en diferentes países, ¿qué aplicación podrías recomendar distinta a ZOOM para hacer videollamadas grupales?. Jean: Que yo pueda decirte, esta es la más segura en realidad no lo puedo hacer, porque hoy te puedo recomendar una y mañana sale una vulnerabilidad que la afecta. Hay muchas aplicaciones, Skype, Microsoft Teams, Cisco Webex, Facetime, Google Meet, Google Duo, menos conocidas como: BlueJeans, Zoho, Lifesize, Intermedia AnyMeeting, GoToMeeting, RingCentral Meetings, entre otras y solo tu decides cual cumple tus expectativas de Seguridad. Rossibel: Estoy seguro que todas estas recomendaciones serán de gran utilidad para muchos, ha sido un episodio más que completo. En el siguiente aprenderemos a como mejorar nuestras contraseñas ya que ha sido una de las recomendaciones hechas. Jean: Pueden encontrarnos en redes sociales como: Rossibel: www.facebook.com/concienciavirtual Jean: En instagram como @concienciavirtual Rossibel: y en Twitter como @concienciavirt Jean: Para contenidos similares como este puedes irte a la Liga.Fm en donde encontrarás podcast amigos. Rossibel: de este lado nos despedimos. Quienes te acompañamos en este viaje para geeks y no tan geeks, Jean Carlos Gutierrez y Rossibel García. Seguiremos compartiendo mas conciencia virtual. Jean: y no me queda más nada que decir que: Un Saludo y un Abrazo Virtual.
There are things we all know about encryption. But do we really know them? Or do we just know about them. Objective-see.com's Patrick Wardle joins us this week to clue us in. Don't forget to check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
The Register: “La seguridad de iOS está jodida", dice Zerodium, el broker de exploits y desploma los precios para los exploits de Apple. ¿Quien es Zerodium? Según su página web: ZERODIUM es la plataforma de adquisición de exploits líder en el mundo para premium 0 Days y capacidades avanzadas de ciberseguridad. Pagamos GRANDES recompensas a los investigadores de seguridad para adquirir sus 0 days sin reportar. Mientras que la mayoría de los programas de recompensas existentes aceptan casi cualquier tipo de vulnerabilidades y PoC, pagan recompensas muy bajas, en ZERODIUM nos enfocamos en vulnerabilidades de alto riesgo con exploits completamente funcionales y pagamos las recompensas más altas (hasta $ 2,500,000 por cada uno “movil”). Hace 5 años, Zerodium ofrecia 1M de dólares por ciertos exploits para dispositivos Apple, pero ahora la compañía ha anunciado que no pagará por exploits nuevos debido a la enorme cantidad que está recibiendo. Via Twitter la compañía dijo que no aceptará nuevos exploits tipo Escalamiento de Privilegios Local, Ejecución de Código Remota en Safari, sandbox escapes durante los próximos 3 meses. También dijo “Los precios para los exploits en cadena con un click vía Safari sin persistencia, por ejemplo, probablemente también bajen de precio”. https://zerodium.com/program.html#changelog. iOS 13 ha sido muy defectuoso, tanto que Craig Federighi, vicepresidente senior de ingeniería de software de Apple, tuvo que revisar el proceso de pruebas de software. Por otro lado Patrick Wardle, fundador de Objective-See, dijo que la supuesta sobreoferta de vulnerabilidades también puede ser una consecuencia de la actual crisis de salud global. "Es probable que haya muchos hackers atrapados en casa con tiempo extra en sus manos, o tal vez que han perdido sus trabajos o están en una situación financiera difícil, como lo es una gran parte de la población" “Agrega tiempo y motivación financiera, y obtendrás más bugs.” Pero cómo utilizan esos exploits para comprometer un teléfono iOS. Este es un ejemplo de LightSpy, un “full remote iOS exploit chain (Exploit remoto en cadena, es decir, si el primero es exitoso, el segundo puede ejecutarse y así...)“ que ataca a usuarios en Hong Kong y le permite a los atacantes una vigilancia profunda y un control total sobre los dispositivos iOS infectados. Esta actividad se detectó durante el pasado Enero. Actividad: Los atacantes escriben un post muy atractivo en un foro que atrae la atención de las víctimas “Watering hole attack”. Al darle clic al link dentro del post son redirigidos a un sitio infectado y bajo control de los atacantes. Cuando la página carga en el navegador del usuario, la página carga un iFrame que carga otra página en el background, la cual ejecuta código malicioso que explota una vulnerabilidad de “Ejecución de Código Remoto” en el navegador, La “Ejecución de Código Remoto” permite ejecutar códigos dentro del dispositivo que permite la ejecución del exploit para tomar el control total del dispositivo. Dentro del proceso del “exploit” se ejecuta una otro código que permite elevar los privilegios “Local Privilege Escalation”, en resumen te permite saltar de un nivel usuario a un nivel administrador. Ya con premisos de administrador en el dispositivo, se descarga un malware (en este caso un troyano), lo instala y lo ejecuta. Ya que este troyano ya está siendo ejecutado con privilegios de administrador, puede tomar el control total o parcial del dispositivo.
Michael Barber of Brigham Young Univ on pandemic politics. Levi Hanssen of Visit Faroe Islands on virtual tourism. Dan Thompson of Stanford Univ on vote by mail. Patrick Wardle of Jamf and Objective-See on Zoom. Michele Hlavsa of the US Centers for Disease Control and Prevention on pool pathogens.Kip Ioane of Willamette Univ’s Men’s basketball team on healthy masculinity.
Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users. Zoom’s rapid growth in user adoption came from its focus The post Zoom Vulnerabilities with Patrick Wardle appeared first on Software Engineering Daily.
Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users.Zoom's rapid growth in user adoption came from its focus on user experience and video call quality. This focus on product quality came at some cost to security quality. As our entire digital world has moved onto Zoom, the engineering community has been scrutinizing Zoom more closely, and discovered several places where the security practices of Zoom are lacking.Patrick Wardle is an engineer with a strong understanding of Apple products. He recently wrote about several vulnerabilities he discovered on Zoom, and joins the show to talk about the security of large client-side Mac applications as well as the specific vulnerabilities of Zoom.
Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users. Zoom’s rapid growth in user adoption came from its focus The post Zoom Vulnerabilities with Patrick Wardle appeared first on Software Engineering Daily.
Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users. Zoom’s rapid growth in user adoption came from its focus The post Zoom Vulnerabilities with Patrick Wardle appeared first on Software Engineering Daily.
Topics: -Joe cracks one open to start the show -Jerry & Joe discuss business at the start of the new year -As a follow up to Joe’s recent client security issues, they talk about various pieces of advice that clients may or may not follow -As things change, it does create work for our consultancies -With Catalina, Migration Assistant has proven challenging as it can misreport successful migrations -As Joe goes deeper into some Catalina war stories, Mail data loss becomes a bit of a nightmare -The battle rages on over upgrading early and challenges persist -Joe & Jerry take a stroll down memory lane in Mac history -Joe reveals that Tim Nyberg, of The Mac Guys+ & patron of the show sent him a Macintosh SE30 to add to his Mac Museum -Jerry has rave reviews about a product called Turbo Boot Switcher, recommended by Marco Arment. He says it has done wonders to improve battery life on his MacBook Pro: https://www.rugarciap.com/turbo-boost-switcher-for-os-x/ -Mac Updater will scan your system to tell you which apps need updating: http://www.corecode.io -As Jerry keeps the recommendations rolling, he talks about some great apps from Patrick Wardle, including knockknock & lulu: https://objective-see.com -Jerry’s latest peeve is when clients respond with “no worries”
It's New Year's Eve, the perfect day to reflect on the year's best episodes of the Collective Intelligence Podcast. It also happens to be the 50th episode, so thanks for subscribing, listening, and sharing the podcast so far. Enjoy the recap. Flashpoint's Allison Nixon on SIM swap fraud (1:04) Troy Hunt on changing behaviors around password reuse (11:27) Marty Roesch reflecting on 20 years of Snort and growing a commercial company around security's most popular open source project (21:05). Patrick Wardle relives research he did on synthetic clicks in MacOS (31:10) Alex Klimburg discusses how ideologies shape conflict in cyberspace (38:41) Bruce Schneier talks about the need for public-interest technology (48:02) And Flashpoint's Eric Lackey shares his experience and insight on mitigating the insider threat (58:05).
Check out Objective-See: https://objective-see.com/Objective-See Twitter: https://twitter.com/objective_seeObjective-See Patreon: https://www.patreon.com/objective_seeWhile In Russia: Patrick's RSA talk on hacking journalists - Patrick's Twitter: https://twitter.com/patrickwardle This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
SYNOPSIS: Live from the Hyatt Regency Nicollet Ballroom and JNUC 2019, Tom and Charles talk with Patrick Wardle and Josh Stein about Jamf Protect. YOUR HOSTS: Tom Bridge, Partner, Technolutionary LLC [@tbridge777] Charles Edge, Director of Marketplace, Jamf [@cedge318] OUR GUEST: Josh Stein, Director, Product Strategy – Jamf Protect, Jamf Patrick Wardle, Senior Security Researcher, Jamf LISTEN! LINKS & NOTES Jamf Protect Apple GamePlayKit SUPPORTING SPONSORS: Start a 30-day no-string-attached trial of SimpleMDM today! Kandji: The MDM Worthy of Your Apple Devices PATREON SPONSORS The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Randy Wong, Weldon Dodd, Jonathan Spiva, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Jason Dettbarn, Seb Nash & Will O’Neal. Thanks everyone! MAC ADMINS PODCAST COMMUNITY CALENDAR, SPONSORED BY WATCHMAN MONITORING Conference Sites Event Name Location Dates Cost Jamf Nation User Conference Minneapolis, MN 12-14 November 2019 $1199 Meetups Event Name Location Dates Cost San Diego Mac Admins UC San Diego Health 20 November 2019, 6:00 p.m. PT Free Atlanta Apple Admins VMWare 21 November 2019, 6:00 p.m. ET Free Apple Admins of Seattle and the Great Northwest HBO 21 November 2019, 6.00 p.m. PT Free Dallas Apple Admins Meetup Bottle Rocket Studio 21 November 2019, 6.30 p.m. PT Free Los Angeles Mac Admins Meetup [Universal City – See Jamf Nation for more information] 21 November 2019, 6:00 p.m. PT Free MacDeployment Meetup 1000 5 Ave SW (9th floor), Calgary, Canada 28 November 2019, 6:30 p.m. MT Free SPONSOR MAC ADMINS PODCAST! If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. SOCIAL MEDIA Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!
Google security researchers say they've uncovered evidence of a continued effort to hack iPhones over a period of two years. A recent vulnerability discovered by Google's Threat Analysis Group shows that hackers had been using malicious websites to gain access to the iPhone user's private information quietly. And new evidence suggests vulnerabilities in other company's' operating systems allowed for similar hacks. Principle Security Researcher at JAMF, Patrick Wardle weighs in on today's podcast. Some have blamed violence in video games for aggression in the real world. Professor of Psychology at Stetson University Dr. Chris Ferguson explains why studies show that video games aren't connected to violence, while Founder of Digital Citizen Academy Dr. Lisa Strohman discusses where the link exists. Plus, commentary by Former Utah Congressman and FOX News Contributor Jason Chaffetz. Learn more about your ad choices. Visit megaphone.fm/adchoices
Summer is when hackers get together to present and discuss malware, vulnerabilities, and exploits. Two big hacker conventions - Black Hat and DEF CON - were held recently, and we discuss some of the Mac-related discoveries. We also look at some interesting news, including certain Macs being banned by the FCC, and answer a listener question about ransomware and files on a Mac. Facebook admits to reviewing Messenger app audio with ‘hundreds of contractors’ The FAA has banned recalled MacBook Pros from all flights — like any other bad battery How a 'Null' License Plate Landed One Hacker in Ticket Hell Four major dating apps expose precise locations of 10 million users The full version of Josh’s 28-minute Objective by the Sea v2.0 talk “Fun with Mac Malware Attribution” is now available to watch online HT201222 (Apple's security updates page) CUPS (Common UNIX Printing System) These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer Apple expands its bug bounty, increases maximum payout to $1M Patrick Wardle's talk about “Harnessing Weapons of Mac Destruction” Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons McDonald's restaurant turns to opera to drive out loitering teenagers NCC Group Uncovers Dozens of Vulnerabilities in Six Leading Enterprise Printers Get 40% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Brandon and Steve take to the studio discussing the ransomware payout in Rivieria Beach. The guys interview Apple Security Researcher and regular security con speaker Patrick Wardle to discuss his research and thoughts on Apple Security. As always they end with One Cool Thing. Show Notes Resources: Objective-See https://objective-see.com/ Riviera Beach Ransomware https://securityaffairs.co/wordpress/87381/breaking-news/riviera-beach-city-ransomware.html CHS BSides […] The post Patrick Wardle, Apple Security Researcher Interview and Rivieria Beach Ransomware appeared first on MUSC Podcasts.
Digita Security Chief Research Officer Patrick Wardle discusses a macOS Mojave vulnerability he recently disclosed whereby an attacker can abuse synthetic clicks allowed by the OS to spy on users, access private data, or install additional malicious code. Wardle disclosed the vulnerability during the Objective By The Sea conference in Monte Carlo earlier this month. He previously had privately disclosed the issue to Apple, which has yet to patch it, but has introduced a temporary mitigation. The bug bypasses additional security protections Apple introduced in Mojave that specifically ban synthetic clicks without the user physically clicking through and permitting this action.
Dennis Fisher sits down with Mac security researcher Patrick Wardle to talk about his entry into entry, his development of the Objective See suite of Mac security tools, the state of Mac malware and his Objective By the Sea conference.
The Secure Transportation and Executive Protection News for Monday, September 10th, 2018 In Executive Protection News From SecurityDriver.Com In case you missed it - Does Security Driving have anything to do with Executive Protection? This question was asked while Tony Scotti was observing an EP Training program. The time frame was about five years back. During a break, a group of students approached him and asked the question “What does driving have to do with Executive Protection?”. At the time Tony could understand why they would ask the question, they are paying a considerable amount of money to attend an EP training program, and Security Driving or Secure Transportation was hardly mentioned. This, not a criticism, it is an observation. Tony’s thoughts on the subject are skewed by human bias. The bias comes from his years in the profession and the market segment he worked with and in. His career has been mostly corporate, military, government, and law enforcement. He does not understand the private security (Those that market and supply protective services to the corporate community), and entertainment market – He has little or no experience working with that segment of the profession. This is not a criticism; it is a statement of fact. His reaction to the question was – Wow. He wanted to know what others thought, maybe it’s him. So, at that time, he posted the question on LinkedIn, Facebook Groups, and the ISDA Network. Altogether, there were more than 150 comments, written by practitioners from the various segments of the profession, and varying degrees of experience. The following are some of the responses to the question: “I suspect the reason for the question is that those asking it has limited experience and far less analytical ability.” “I can’t imagine that any “professional” protection agent would ask that question. It is undeniably yes!” “If asked that question I would have the same reaction as you, “wow.” Followed closely by, “really?” Security driving is inextricably linked to the protective envelope.” “Forget attacks; advanced driving skills are essential for safe traveling by road. Road accidents remain a serious threat for EP.” “I think that most protectors just don’t know what they don’t know if they have never received “valid” driving instruction.” http://securitydriver.com/02/does-security-driving-have-anything-to-do-with-executive-protection/ ====================== In Cyber Security News From Venture Beat Apple yanks top Mac app a month after learning it sends user info to China Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and “privacy fighter” @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user’s Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac’s apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store — where it was ranked the number one paid app across all Mac utilities. https://venturebeat.com/2018/09/07/apple-yanks-top-mac-app-a-month-after-learning-it-sends-user-info-to-china/ ====================== In Security News From Security Magazine U.S. Hotels to Arm Staff with Panic Buttons and Safety Training The American Hotel & Lodging Association (AHLA) and the major hotel brands in membership announced the 5-Star Promise, a pledge to provide hotel employees across the U.S. with employee safety devices (ESDs) and commit to enhanced policies, trainings and resources that together are aimed at enhancing hotel safety, including preventing and responding to sexual harassment and assault. https://www.securitymagazine.com/articles/89395-us-hotels-to-arm-staff-with-panic-buttons-and-safety-training ====================== In Training News LaSorsa & Associates, an industry leader in executive protection training, recently announced that they will be partnering with Tony Scotti’s Vehicle Dynamics Institute (VDI), the global leader in specialized driver training, to provide those who matter the most – their students and clients – even greater training value from their standardized and custom executive protection training courses. With this strategic alliance, clients and students of each of these leading-edge training providers stand to reap the benefits. Beginning with the upcoming LaSorsa & Associates nine-day Executive Protection Program, which kicks off on October 20 in Miami, FL, VDI shall provide their highly acclaimed three-day Protective/Evasive Driving course as the driver training component of this comprehensive course. Along with the certificates, LaSorsa & Associates awards for the various components of the course, students who complete the Protective/Evasive Driving component will be presented with a separate certificate of completion from VDI, further enhancing the value this course offers to students. For more information go to https://www.lasorsa.com/executive-protection-training/ ====================== Links to all news stories mentioned in this podcast are available at the archive website securitydrivernews.libsyn.com. You can also listen to past news briefings and leave comments. As a reminder, the news briefing is available on all variations of Apple and Google Play podcast apps and Spotify. Thanks for listening to the Secure Transportation and Executive Protection News podcast. ====================== This podcast is brought to you by the International Security Driver Association ISDA is a valuable resource for all practitioners working in the protection profession. We offer benchmark educational, networking, and marketing programs. The ISDA Membership ISDA Members represent all facets and levels of the protective services profession. The membership can be defined as a group of practitioners from different disciplines within the profession and with years of experience coming together to assist ISDA Members. Read more about our members Here is a collection of Books, and Articles authored by ISDA Members. Learn More about the ISDA Advantage and Become a Member Today
MacOS security researcher Patrick Wardle talks about some recent MacOS firewall research he did into and discloses some of the architectural issues and resulting limitations present in both the native firewall and commercial products.
Last April, while security researcher Patrick Wardle was attending the RSA security conference in San Francisco, a Taiwanese friend who lived in the city asked to meet for coffee, and for his help with what she described as a serious problem: China, she said, was hacking her iPhone. Wardle, a former NSA staffer and a prominent Apple-focused hacker who founded Digita Security, had heard that request from paranoid friends and acquaintances plenty of times before, making him naturally skeptical.
Less than an hour into a Tinder date in a Moscow restaurant last year, Patrick Wardle began to wonder about the laptop he'd left in his hotel room. Wardle had come to the city for a security conference; as a former NSA staffer who'd worked on the elite hacking unit known as Tailored Access Operations, he was paranoid enough to bring only a "burner" PC on his trip, carefully stripped of any sensitive information.
Should you cover your webcam? Is anti-virus software worth the money? How do you know if you’ve been hacked? How do you know what software you can trust? We’ll cover all of these topics and more with Patrick Wardle, a computer security expert and ex-NSA hacker. While Patrick’s focus is Mac security, we also discuss PCs and mobile devices, and much more! Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users. For Further Insight: Website: https://objective-see.com/ Twitter URL: https://twitter.com/patrickwardle Optional guest headshot: https://2016.zeronights.org/wp-content/uploads/2016/09/Patrick_Wardle.jpeg Support Patrick! https://www.patreon.com/objective_see Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons
SYNOPSIS: David Acland of MacADUK gives us the brief preview of MacADUK for 2018, followed by Patrick Wardle of Objective-See and Digita joining the pod to talk about Mac and iOS security, the state of admin tools for security, and the very best TI-83 Calculator games. YOUR HOSTS: Tom Bridge, Partner at Technolutionary LLC [@tbridge] Pepijn Bruienne, R&D Engineer at Duo Security [@bruienne], Proprietor of EnterpriseMac.Bruienne.com Charles Edge, Director of Marketplace at Jamf, [@cedge318] Dr. Emily Kausalik, IT Systems Engineer at The Home Depot [@emilyooo] GUESTS: Patrick Wardle, Chief Research Officer at Digita, Creator at Objective-See David Acland, MacADUK Conference LISTEN! LINKS & NOTES Digita Security Block Block by Objective-See KnockKnock by Objective-See RansomWhere? by Objective-See Objective-See Security Tools Patrick Wardle’s Patreon Digita Security Products TI-83 Calculator Games Mac Admins & Developers Conference, UK MacADUK Speakers Moof-IT Dogcow Technote 31 COMMUNITY CALENDAR, SPONSORED BY WATCHMAN MONITORING Conference Sites Mac AD UK in Leicester Square, February 20-21, 2018 Brainstorm Wisconsin March 4-6, 2018 Brainstorm Sandusky May 6-8, 2018 MacDevOps YVR in Vancouver, June 7-8, 2018 X World in Sydney Australia, June 27-29, 2018 Penn State University Mac Admins in State College, PA July 10th-13th Meetups Mac Admin Monthly will meet at Google in New York City at 4:30pm on Tuesday February 13th. Philadelphia Mac Admins will meet on February 15th at the Walnut Street Apple Store at 6:30pm Seattle Apple Admins will meet on February 15th at Splunk’s Seattle Offices at 6pm. Atlanta Apple Admins will meet on February 15 at Brass Tap in Atlanta Utah Mac Admins will meet on February 21st at Marriott Library on the campus of the University of Utah at 11am. MacAdminsPDX will meet at Lithium Portland on SW 6th Avenue on Thursday Feb 22nd, 2018 at 6pm. MacDMV will meet at TEKsystems in Bethesda, Maryland on February 28th at 6:30pm. MacDeployment Meetup will meet at 1025 10 St SE, in Calgary, Alberta on February 28 2018 at 6:30pm East Midlands Mac Admins will meet in Nottingham at Jigsaw24 at 1900 on March 14th. RATE US ON ITUNES! Give Us Five Stars! SPONSOR MAC ADMINS PODCAST! If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. SOCIAL MEDIA Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!
Flashpoint Editorial Director Mike Mimoso talks to Mac malware expert and researcher Patrick Wardle about his involvement in investigating two pieces of malware targeting the Mac platform since the start of the year. Wardle, chief research officer at Digita Security, recently published his research into CrossRAT, a cross-platform Java-based implant used in a global espionage campaign, as well as MaMi, a MacOS DNS hijacker. MaMi replaces the root certificate on a Mac machine and redirects traffic to an attacker's server. Wardle discusses both with Mike as well as a bigger discussion on some of the continuing misperceptions about the security of Mac computers.
SYNOPSIS: Arek Dreyer’s back this week to talk about his new book, macOS Support Essentials 10.13! He joins us to talk about everything that’s in his new volume, a great discount code for listeners, and more. In news this week, Apple updates their business-facing documentation, some interesting security problems in BitTorrent and two new vulnerabilities discusses via Patrick Wardle’s research. YOUR HOSTS: Tom Bridge, Partner at Technolutionary LLC [@tbridge] Pepijn Bruienne, R&D Engineer at Duo Security [@bruienne], Proprietor of EnterpriseMac.Bruienne.com Charles Edge, Director of Marketplace, Jamf [@cedge318] James Smith, IT Administrator, Culture Amp, [@smithjw] GUEST: Arek Dreyer, Dreyer Network Consultants, Inc., Consultant, integrator, trainer, author [@arekdreyer] LISTEN! LINKS & NOTES macOS Support Essentials 10.13 Book page at Peachpit Code: DREYER35 Offer: Save 35% Good through : 1/8/2018 – 2/28/2018 Apple Style Guides Transmission (and probably other BT clients) bug allows RCE using DNS rebinding to force downloading of malicious torrent, replace user files Patrick Wardle has a quietly patched vulnerability with auth tokens finally acknowledged and assigned a CVE Also a second vuln with an AMD Radeon kext that causes a kernel panic due to out of bounds read, Wardle will publish details soon Patreon for Patrick Wardle Brief period where iOS 10 signing was happening again New Apple Guides for Business Apple Business Page Products & Platform Business – Get Started Business Resources Employee Choice Guide for IT Employee Communications Kit Employee Starter Guide for iOS Employee Starter Guide for Mac Mac Deployment Overview iOS 11 Security Paper Apple is getting very serious about Enterprise IT Apple Training Page Updated COMMUNITY CALENDAR, SPONSORED BY WATCHMAN MONITORING Conference Sites Mac AD UK in Leicester Square, February 20-21, 2018 Brainstorm Wisconsin March 4-6, 2018 Brainstorm Sandusky May 6-8, 2018 MacDevOps YVR in Vancouver, June 7-8, 2018 X World in Sydney Australia, June 27-29, 2018 Penn State University Mac Admins in State College, PA July 10th-13th Meetups Denver Mac Admins Meetup on January 11th 2018 in Centennial, CO at Rewind Technology Dallas Apple Admins will meet on January 18th at Bottle Rocket Studios in Addison Texas [Franken Admins] will meet on 24th January at 6:30pm at Crazy Nate’s West Coast Mexican at Zwingerstraße 9, Nuremberg, Germany MacDeployment Meetup will meet on January 24th at Market Mall Apple Store, in Calgary, Alberta at 6:30pm. London Apple Admins will meet on 25th January at 6:30pm at the London School of Economics. RATE US ON ITUNES! Give Us Five Stars! SPONSOR MAC ADMINS PODCAST! If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. SOCIAL MEDIA Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!
Bring Your Own Security Interviews Patrick Wardle. His background includes stints with NASA, the NSA, 2 Masters Degrees, reverse engineering and public speaking and presentations around the world.
Bring Your Own Security Interviews Patrick Wardle. His background includes stints with NASA, the NSA, 2 Masters Degrees, reverse engineering and public speaking and presentations around the world.
Black Hat 2017 has wrapped up, and by all accounts it was another successful conference, with an active trade show floor, exciting keynotes and engaging, informative educational sessions on a variety of topics. There was business being done, with hopeful entrepreneurs and investors alike looking to identify the next big thing in cyber security. In this CyberWire special edition, we’ve rounded up a handful of presenters and one investor for a taste of Black Hat, to help give you a sense of the event. Patrick Wardle is Chief Security Researcher at Synack, and creator of objective-see, an online site where he publishes the personal tools he’s created to help protect Mac OS computers. He’ll be telling us about his research on the FruitFly malware recently discovered on Mac OS. https://objective-see.com/ Hyrum Anderson is technical director of data science at Endgame, he will discuss research he released on stage at Black Hat showing the pros and cons of using machine learning from both a defender and attacker perspective. https://www.endgame.com/our-experts/hyrum-anderson Zack Allen, Manager of Threat Operations, and Chaim Sanders, Security Lead, of ZeroFOX will be speaking about their Black Hat presentation on finding regressions in web application firewall (WAF) deployments. https://www.linkedin.com/in/zack-allen-12749a76 https://www.linkedin.com/in/chaim-sanders-a7a23713/ And we’ll wrap it up with some insights from Alberto Yepez, founder and managing director of Trident Cybersecurity, on the investment environment and the changes he’s seen in the market in the last year. https://www.linkedin.com/in/albertoyepez/
Malware for the macOS platform is still unusual enough that new variants often draw detailed analysis from researchers, especially when they seem to have unusual capabilities. That’s the case with Fruitfly, which first emerged earlier this year and was seen targeting medical research facilities. Recently, a new variant popped up and it appears to have…
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Patrick-Wardle-DLL-Hijacking-on-OSX-UPDATED.pdf 'DLL Hijacking' on OS X? #@%& Yeah! Patrick Wardle, Director of R&D, Synack Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. In his personal time, Patrick collects OS X malware and writes OS X security tools. Both can be found on his website Objective-See.com
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Patrick-Wardle-Stick-that-in-your-(Root)Pipe-and-Smoke-it-UPDATED.pdf Stick That In Your (root)Pipe & Smoke It Patrick Wardle Director of R&D, Synack You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now. Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. In his personal time, Patrick collects OS X malware and writes OS X security tools. Both can be found on his website Objective-See.com
This week we talk OS X security with Patrick Wardle, the vintage bearded man Jack Daniel is back in studio and stories of the week include topics such as bug bounty programs, are they worth it?, the latest big Apple security bug, and hacking LastPass. All that and more so stay tuned!
This week, we interview Patrick Wardle to talk about Mac OS X security. He built a free application called KnockKnock. Find links to his website and twitter on the wiki here: http://wiki.securityweekly.com/wiki/index.php/Episode423#Guest_Interview:_Patrick_Wardle_-_6:05PM-6:35PM
Slides Here; https://defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf Optical Surgery; Implanting a DropCam Patrick Wardle DIRECTOR OF RESEARCH, SYNACK Colby Moore SECURITY RESEARCH ENGINEER, SYNACK Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But what if they could be maliciously subverted? This presentation details a reverse-engineering effort that resulted in the full compromise of a DropCam. Specifically, given physical access and some creative hardware and software hacks, any malicious software may be persistently installed upon the device. Implanting a wireless video monitoring solution presents some unique opportunities, such as intercepting the video stream, ‘hot-micing’, or even acting as persistent access/attack point within a network. This presentation will describe such an implant and well as revealing a method of infecting either Windows or OS X hosts that are used to configure a subverted DropCam. Patrick Wardle is Director of Research at Synack, where he leads Research and Development efforts. His current focus is on identifying emerging threats in OSX and mobile malware. In addition, Patrick is an experienced vulnerability and exploitation analyst and has found multiple exploitable 0days in major operating systems and popular client applications. In his limited spare time he writes iOS apps for fun (and hopefully one day, for profit). Patrick’s prior roles include security research work with VRL and the NSA. Colby Moore is Security Research Engineer at Synack where he focuses on identifying critical vulnerabilities in various products and services. Ever since setting eyes on a computer he has had a burning desire to hack anything in sight, but prefers to focus on where hardware and software meet. He has been involved in the computer security community for as long as he can remember and has identified countless 0-day vulnerabilities in embedded systems, major social networks, and consumer devices. Some might say Colby has an unhealthy obsession for spontaneous adventure, things that go fast, and the occasional mischief.