Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

News

Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017
 

Poll

Have you ever had your email account hacked?


Yes, but only once.
Yes, several times.
No, never.
Not that I know of.
 
 
 

Zero-day exploit hits fully patched Macs

 
August 5th 2015
Please read the full news item.

Summary

OS X 10.10 has a vulnerability that allows hackers to install malware without system passwords
“While Mac OSX has historically been less targeted - arguably benefiting from a relative level of obscurity - there is an increasing trend for attackers to look beyond the traditional hunting ground of Windows. As such it is likely that non-Windows operating systems will continue to see an increase in malicious activity directed towards them.”

Mazitelli said that good security practice practice remains the same regardless of the operating system involved.

“Basic security 'hygiene' including ensuring regular and prompt application of operating system and application updates; minimisation of the attack surface through removing unnecessary or high risk applications (eg Java, flash); installation of basic security software (ie antivirus); and some user awareness of secure practices and behaviours in regard to email and internet usage goes a long way to mitigating this or any security vulnerability. And just to be sure, good backups of crucial data never hurt either.”

TK Keanini, CTO at Lancope, told SCMagazineUK.com that the only fix is to apply the vendor patch.

“This is an escalation of privilege so the attacker first needs an account, any account before they can escalate it to the super user. This is why it is dangerous to have a weak password on an account on your machine because once identified, it can be used to escalate to the root user and once root, game over,” he said.

“The exploit mentioned installs malware but given the level of access, it could perform any other action the attacker wishes. If left exploitable, this attack vector could be used for ransomware or any other of the attackers objectives.”

“The exploit is extremely effective and attackers will be adding it to their playbook.  Don't be surprised if your OSX machine is compromised at the Blackhat/Defcon show this week by this vulnerability. Patch it or leave your laptop at home,” warned Keanini.