🍎 🚨 New variants of Adload adware are going undetected by Apple's anti-malware XProtect despite Apple rolling out last week an unprecedented 74 new rules to XProtect. In the latest investigation by Phil Stokes ⫍🐠⫎, we look at one variant that is almost entirely undetected on…

Best wishes to the organizers, speakers and attendees heading to Spain for PIVOTcon. We support these vendor-agnostic cons!

LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec, by hakan

sentinelone.com/labs/labscon23…

Video: youtube.com/watch?v=Dei9WI…

macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown, by Phil Stokes ⫍🐠⫎

sentinelone.com/blog/macos-adl…

LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec, by hakan

sentinelone.com/labs/labscon23…

Video: youtube.com/watch?v=Dei9WI…

Swisher asks Chris Krebs (former dir of cybersecurity policy for Microsoft) about recent gov report that eviscerates Microsoft for security failures. 'The US gov has put a lot of eggs in the Microsoft basket and if you see some of the decisions they've made...at the expense of…

Well, there are 74 new rules in XProtect v2192 🤩, so it's going to take me a bit to update github.com/SentineLabs/XP… with sample hashes, but interesting to see Apple trying to disrupt Adload's entire codebase. 🙌🦾

❤️‍🔥!! CALL FOR PAPERS !! ❤️‍🔥

Submission Deadline: June 21, 2024

- Talks are 20 minutes long + 5 minutes for Q&A
- Workshops are 90 minutes long.

LABScon is primarily a threat intelligence and vulnerability research conference but we keep an open-mind.

CFP is live:…

Worth your 20m 👇

If you're interested in Iranian drones, my LABScon talk from October is now online. It's about Mado, the company powering Iran's drones around the world, and how we can verify and learn from troves of hacked data about the company. twitter.com/TomHegel/statu…

For attendees at SentinelOne's LABScon last year, the Treasury Department just sanctioned a couple of the people who featured in my talk on Mado, the Iranian UAV engines company ('Meet the Iranian Company Powering Russia’s Drone War on Ukraine')
home.treasury.gov/news/press-rel…

Lots of foreign election influence news/drops this week. Here's one from Cybersecurity and Infrastructure Security Agency, FBI, & Office of the DNI highlighting a few tactics we're seeing from the 'usual suspects' (Russia, China, Iran): narrative farming, AI generated images & Audio clips, hack & leaks, paying witting &

Turns out, we've got APT44 (Sandworm) here:

Ref: services.google.com/fh/files/misc/…

It's coming... #LABScon24
labscon.io

Come see Alex Delamotte at SLEUTHCON 👇!

This week on @clickhereshow, we learn about #NorthKorea 's obsession with The Daily NK and the special unit of #hackers that targeted them.

LISTEN: podcasts.apple.com/us/podcast/120… #cyber #tech

🇷🇺 New from SentinelLabs: We have discovered a novel malware variant of AcidRain, which we call AcidPour and connect to threat clusters previously publicly attributed to Russian military intelligence. This new malware could be targeting telecoms networks in Ukraine.

Read the

Ah, that is interesting. Well, the parents ('droppers') ar better detected, but clever that they're just pullling the malicious code in remotely rather than embedding it in the binary.

A good time to resurface a truly excellent talk by Poul-Henning Kamp on a fictional operation to take over / derail OSS security.
youtube.com/watch?v=fwcl17…

Fascinating set of activity I was happy to research - Not your everyday hack-and-leak! 👇