Domain: objective-see.com
Stories and comments across the archive that link to objective-see.com.
Comments · 12
-
Re:Building a decrypter?
Re "Which would be a method for blocking a ransomware attack in progress. "
Have look at "monitoring the file-system for the creation of encrypted files by suspicious processes"
https://objective-see.com/prod... -
Best AV = hosts (stalls this too)... apk
0.0.0.0 string2me.com
0.0.0.0 flux2key.com* Those are either offline AWAITING to give orders (OR they are denying back ICMPEchoReply (easily settable in IP stack settings)).
You BLOCK those, this thing won't get orders for more havoc it is doubtless out to wreak (couldn't be worse than HAVOC I wreaked on the JACKASS I destroyed here https://it.slashdot.org/commen... & here https://it.slashdot.org/commen... that had to DOWNMOD HIDE those SELF-DEFEATS of his - WHICH WHIPSLASH IN A FIT DELETED, lol!)
SOURCE: https://objective-see.com/blog...
APK
P.S.=> Soon, I'll have a MacOS version of these (completing my multiplatform agenda I had all along):
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)
-
Re:AV works best with...sigs
The other weird part was the
"the signing certificate(s) of all the samples are revoked"
"... this certificateand thus surely this malware as well."
From the linked https://objective-see.com/blog... -
Re:AV works best with...sigs
When unexpected software tries to copy itself deep into an OS X location that change can be detected in real time.
From the linked https://objective-see.com/blog...
""First, good news, Objective-See’s tools such as BlockBlock and KnockKnock are able to both detect and block this malware with no a priori knowledge" ... -
Re:One wonders if others used this
Some news on the Mac functionally
OSX/FruitFly
https://objective-see.com/blog...
"New Mac backdoor using antiquated code"
https://blog.malwarebytes.com/... -
Re:Best sources for Mac vulnerability information?
Re "Mac specifically"
The https://objective-see.com/inde... site has some in the blog, talks sections. -
Re:so if I understand correctly...
To make the GUI look nice and have the GUI be more responsive sooner the OS has a nice easy way to show the thumbnails on file the user looks over in their encrypted external drive.
More at the linked "Cache Me Outside" AC.
https://objective-see.com/blog... -
Re:Cross-platform?
Different OS have different AV and third party software. Connection alerts. https://www.obdev.at/products/...
Software detecting requests for any software to get persistently installed https://objective-see.com/prod...
That adds to the complexity when trying to make software work on different OS.
Malware can try and see if an OS has such software and not install to try and not get detected.
Thats more complexity to look after over different OS. -
It's the most obvious thing
that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try.
If you are ever testing (or writing) a login thing, make sure you test the case with no password. Not only is it so obvious that many laypeople think of it, but also this bug keeps happening, most recently on Intel chips. Not only that, it apparently works on any disabled user account, not just root
-
Re:Sounds like an intentional back door
It seems as if it's a logic bug when upgrading the password store. The store is upgraded with the password entered. I think the reasoning behind the code may have stemmed from the fact that to upgrade a password hash to a more secure hash, you wait for the user to enter their password so that you can hash it with the new hash function... but that's not a reason to enable accounts that are disabled, or to update the hash if the provided one doesn't match. See https://objective-see.com/blog...
-
What a Mac user can do
Get good AV like Intego. https://www.intego.com/
A firewall product like https://www.obdev.at/products/...
RansomWhere? https://objective-see.com/
Malwarebytes https://www.malwarebytes.com/m... -
Re:But...
https://objective-see.com/blog... has a good blog on that topic.