MALWARE ON APPLE'S MacBook and iMac lines is more prevalent than some users realize; it can even hide in Apple's curated Mac App Store. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. That's why more subtle approaches are significant.

At the Virus Bulletin security conference in Montreal on Wednesday, Mac security researcher Thomas Reed is presenting one such potentially dangerous opening. When you launch an app installer in macOS, a program called Gatekeeper checks to see whether the app originated from the Mac App Store, or is cryptographically signed by a developer who has registered with Apple. All legitimate programs have to be "code signed" to establish their validity and integrity. By checking a file's code signature, Gatekeeper can warn you if a program is malware or if someone has tampered with an otherwise benign installer.

These code signature checks are a vital security step. But Reed, who is the director of Mac and mobile platforms at the security firm Malwarebytes, has noticed that once a program passes a code signature check and gets installed, macOS never rechecks its signature. This means that attackers who buy a legitimate certificate from Apple—or steal one—can potentially trick Mac users into installing their malware. And if it manages to infect other legitimate programs after being downloaded, it could evade detection indefinitely.


MARINE CORPS BASE QUANTICO, Va. -- As the threat of detection on the battlefield rises, troops have been testing a new camouflage net they can quickly throw over their heads to conceal themselves from enemy drones.

Marines at the East Coast School of Infantry tested the Barracuda Individual Warfighter Net this year, said Steve Simmerer, director of business development with Saab Defense and Security. The nets are made from the same materials Marines and soldiers already use to cover and conceal their vehicles, weapons and command posts."Because of the increasing threat and prevalence and prominence of drones on the battlefield, where anyone can buy a drone and put an iPhone on your drone and you can detect people on the battlefield, it's important that even the individual soldier or Marine is concealed," Simmerer said during the Modern Day Marine Expo here. "This will help to do that."

The 6-pound net is available in woodland, desert and battlefield-specific patterns. The hood can be detached, and the entire net rolls up to fit into a small compression bag.

"As the soldier or Marine is out there exposed and a drone flies over, they can pull this out, put it over themselves as the drone passes by, and then continue on with their mission," Simmerer said.

The Marine Corps and Army already use Saab's Ultra Lightweight Camouflage Net System. The net material mitigates detection in the visual, near infrared, shortwave infrared, thermal infrared and broadband-radar wavebands, according to product specifications.

All of that is becoming increasingly important as the nature of warfare changes, Simmerer said.

"We've been operating primarily in Afghanistan and Iraq in the Middle East over the last 15 years or so at forward operating bases," he said. "Now there's more interest in going back into Europe and Korea, where you could find large force-on-force-type engagement where concealment and signature management are very important on the battlefield again."

Saab also produces camouflage net systems that conceal tanks and other vehicles or aviation covers that protect aircraft from sun, sand and light damage.


TORONTO—Cyber-security researcher Keren Elazari came to the SecTor conference here to deliver to the button-down, business crowd a key message: Hackers can help companies improve cyber-security.

Elazari delivered the keynote address on Oct. 2, providing an overview of current cyber-security challenges, including unauthorized cryptocurrency mining, ransomware attacks, SMS phishing, and issues with weak and reused passwords.

"The first lesson that we can learn is that all the digital devices out there have value, and they can and will be used against us," she said.

With unauthorized cryptocurrency mining, also referred to as crypto-jacking, attackers are monetizing whatever they can, injecting code into systems and browsing sessions, according to Elazari.

Another lesson that Elazari preached at SecTor is that organizations need to do a better job with passwords, which are at the root of many data breaches. Passwords are commonly reused, she noted, which is a real problem given the large data breaches in recent years including LinkedIn in 2012. Elazari said the Have I Been Pwned online database, which was created by Australian security researcher Troy Hunt, makes it easy for anyone to see if their email address has been involved in a data breach.

Rather than using passwords, which attackers can crack, Elazari advocates for the use of passphrases, which can be harder to attack while being easier to remember.

Attackers are also increasingly using automation tools, such as the new AutoSploit tool. AutoSploit integrates with the Shodan vulnerability search engine, which can help to identify potential targets, she said. AutoSploit also integrates with the Metasploit penetration testing framework to automatically enable exploits for the vulnerable targets that Shodan finds.


Tiny chips inserted in US computer equipment manufactured in China were used as part of a vast effort by Beijing to steal US technology secrets, a published report said Thursday.

The Bloomberg News report said the chips, the size of a grain of rice, were used on equipment made for Amazon, which first alerted US authorities, and Apple, and possibly for other companies and government agencies.

Bloomberg said a three-year secret investigation, which remains open, enabled spies to create a "stealth doorway" into computer equipment, a hardware-based entry that would be more effective and harder to detect than a software hack.

Citing unnamed US officials, Bloomberg said a unit of the People's Liberation Army were involved the operation that placed the chips on equipment manufactured in China for US-based Super Micro Computer Inc.

Supermicro, according to Bloomberg, also manufactured equipment for Department of Defense data centers, the CIA's drone operations, and onboard networks of Navy warships.

The report said Amazon discovered the problem when it acquired software firm Elemental and began a security review of equipment made for Elemental by California-based Supermicro.

According to Bloomberg, the spy chips were designed for motherboards -- the nerve centers for computer equipment -- used in data centers operated by Apple, Amazon Web Services and others.

Apple said in a statement it "has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server." 

A statement by Amazon to AFP said that "at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems.‎"

Supermicro could not immediately be reached for comment, but Bloomberg said the firm denied any knowledge of the espionage or investigation.