An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 12 of 12 < 1 2 ... 10 11 12
Topic Options
#35397 - 08/05/15 07:29 AM Re: thunderstrike revisited [Re: Virtual1]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#35405 - 08/06/15 04:57 AM Re: thunderstrike revisited [Re: jchuzi]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa

So is Apple abandoning security update for (current os - 1) ?
_________________________
I work for the Department of Redundancy Department

Top
#35407 - 08/06/15 07:47 AM Fake Safari update installs MacKeeper, ZipCloud [Re: Hal Itosis]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
_________________________
I work for the Department of Redundancy Department

Top
#35408 - 08/06/15 07:50 AM Re: thunderstrike revisited [Re: jchuzi]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa

More information here:

https://blog.malwarebytes.org/mac/2015/07/privilege-escalation-vulnerability-found-in-os-x/

Quote:
Fortunately, the bug only exists in Yosemite (OS X 10.10), while previous versions of OS X and betas of El Capitan (OS X 10.11) are unaffected.

Quote:
The bigger problem in this story is the fact that this vulnerability, along with all the necessary information to exploit it, was disclosed by Esser without any effort to alert Apple to the problem. (In his blog post revealing the vulnerability, Esser says “At the moment it is unclear if Apple knows about this security problem or not.”)

Oh, what a nice guy...
_________________________
I work for the Department of Redundancy Department

Top
#35409 - 08/06/15 09:28 AM Re: thunderstrike revisited [Re: Virtual1]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Good info, V1, thanks!

Alas, now I wonder if I should or need to remove MalwareBytes Anti-Malware. confused

Waddya think?
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#35410 - 08/06/15 09:44 AM Re: thunderstrike revisited [Re: Virtual1]
dkmarsh Offline
Moderator

Registered: 08/04/09

Originally Posted By: Virtual1
So is Apple abandoning security update for (current os - 1) ?

It appears that the vulnerability doesn't exist in prior OS versions.
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#35424 - 08/07/15 10:02 AM Re: thunderstrike revisited [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Pendragon
... now I wonder if I should or need to remove MalwareBytes Anti-Malware. confused

Waddya think?

I may be missing something, but I fail to see the logic of removing MAM in this context. After all, MAM is only the messenger here. Shooting it isn’t going to do much for you, quite probably to the contrary. Remember, MAM is essentially a monitor, until you tell it to do something specific. So far, there is no indication that any of its actions are deleterious in and by themselves (other than to the affected malware, that is). Beyond that, just as surgery may require rehab, that may also apply to malware removal, i.e. reinstalling malware-affected software etc.
_________________________
alternaut moderator

Top
#35428 - 08/07/15 02:19 PM Re: thunderstrike revisited [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The problem was partially, but not completely, fixed in 10.10.4. It is completely fixed in 10.10.5, which is now being seeded to Apple developers.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35540 - 08/16/15 06:32 AM Re: thunderstrike revisited [Re: tacit]
jchuzi Offline


Registered: 08/04/09
Loc: New York State


Edited by jchuzi (08/16/15 06:32 AM)
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#35566 - 08/17/15 05:19 AM Re: thunderstrike revisited [Re: jchuzi]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
wheeeee! so now they can patch the patch that patched the patch!
_________________________
I work for the Department of Redundancy Department

Top
#35590 - 08/17/15 04:17 PM Re: thunderstrike revisited [Re: Virtual1]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
Here's another: New Zero-Day memory injection vulnerability discovered in OS X Quote: "As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program."
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#35595 - 08/18/15 06:27 AM Re: thunderstrike revisited [Re: jchuzi]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: jchuzi
Here's another: New Zero-Day memory injection vulnerability discovered in OS X Quote: "As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program."


Quote:
As a result, you might be better off waiting for an official fix from Apple, and in the mean time simply observe good computing practices and avoid running any program unless you know exactly where it came from and understand its purpose. By simply doing this, you will be very well protected from this and practically all other exploits for OS X, which similarly require you initially download and run some unknown program.

My my, they certainly do close with quite the broad statement there...
_________________________
I work for the Department of Redundancy Department

Top
#35862 - 09/02/15 08:17 AM Genieo again [Re: Virtual1]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#35863 - 09/02/15 08:28 AM Re: Genieo again [Re: jchuzi]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
I just checked MalwareBytes-Anti Malware v1.0.2.8, and it checks for Genieo. Well, at least the run routine indicates that it does.

Of course, should such be discovered, the cure/remediation is another issue...
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#46645 - 10/16/17 07:47 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
alternaut Offline

Moderator

Registered: 08/04/09
The disclosure of the KRACK WiFi vulnerability affecting WPA2 WiFi security (read: WiFi using devices) looks like a good occasion to revive this thread. Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those.
_________________________
alternaut moderator

Top
#46646 - 10/16/17 12:54 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
The linked article also contains the following Apple update
Quote:
Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.
_________________________
joemikeb • moderator

Top
#46650 - 10/16/17 05:47 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: alternaut
Fixing this vulnerability ultimately depends on software/firmware updates, so keep an eye out for those.

Thanks for this.I not only keep up to date but also, when at home, I am tied to an ethernet feed. If I'm away and stuck with wi-fi, I simply do not access my banking; do not use any other sites involving confidential information; do not make any on-line purchases. I use wi-fi at home for my iPad but follow the same rules as when away.


Edited by ryck (10/16/17 05:49 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#46651 - 10/16/17 06:21 PM Re: THE CYBER-SECURITY THREAD [Re: joemikeb]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: joemikeb
The linked article also contains the following Apple update
Quote:
Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.

Thanks for pointing that out; apparently the article has been updated as new info became available. That said, at this point Apple’s updates are beta stage only and not readily available for the average user: the wait is still for the final versions.
And about as important is the question whether/when Apple will make patches available for its (discontinued) WiFi routers. Of course, non-Apple routers will need to be patched as well.
_________________________
alternaut moderator

Top
#46701 - 10/26/17 11:29 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
Keranger: the first “in-the-wild” ransomware for Macs. But certainly not the last. Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt?
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#46705 - 10/26/17 04:17 PM Re: THE CYBER-SECURITY THREAD [Re: jchuzi]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: jchuzi
Note that this post is called "sponsored", and that, near the end, there is a link to Bitdefender. Should this be taken with the proverbial grain of salt?

It never hurts to keep that grain of salt in mind, but that being said, this threat is real and people(s computers) do get hit by it, even though the odds may be small. E.g., last week it turned out that Elmedia software updaters for its Player and Folx software were infected by the OSXProton malware after a hack of the updater server. If you recently updated Elmedia Player and/or Folx, you should definitely make sure you’re not infected. The article I linked to above was published by Malwarebytes Labs, and suggested Malwarebytes for Mac to deal with the infection. Nothing wrong with that, as long as these things are out in the open for the consumer to decide.

And since we’re on the topic of what to do about such infections, here’s yet another recent link that might come in handy: What to do when ransomware strikes your Mac.
_________________________
alternaut moderator

Top
#46841 - 11/12/17 11:40 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Security Breach and Spilled Secrets Have Shaken the NSA to Its Core

• Leaks of the National Security Agency’s cyberweapons have damaged morale, slowed operations and resulted in hacks on businesses and civilians worldwide.

• Current and former officials say disclosures by a mysterious group that obtained NSA tools have been catastrophic, calling into question the agency’s value to national security.

Top
Page 12 of 12 < 1 2 ... 10 11 12

Moderator:  alternaut, cyn