Microsoft has warned that a new variant of XCSSET malware is actively targeting macOS users. “The latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4,commented:
“Downloading, running, or re-using any code from any repository is taking a big risk. If you download and reuse code that you yourself or someone you greatly trust did not write, you have to inspect it. This is a lesson the world has known about the threat of reusing other people’s code since the late 1970’s. In 1984, one of the co-creators of Unix, Ken Thompson, wrote a seminal paper on the trustworthiness of code titled Reflections on Trust. He summarized it by stating, “You can’t trust code that you did not totally create yourself.” He footnotes a 1974 paper on software security paper entitled Multics Security Evaluation: Vulnerability Analysis that says the same. Unfortunately, almost none of today’s programmers are taught basic ‘secure code’ skills, and hence each generation of programmers seems to have to learn the same mistakes of the past. We need all of today’s programming curriculums teaching secure coding, including the need to be wary of and inspect others’ code, and we need employers who hire programmers requesting that those programmers come with secure coding skills.”
“It’s a little ironic to see Microsoft pointing out and defending against Mac vulnerabilities and threats, especially before Apple does. But that’s testament to today’s interconnected world and the shift that Microsoft has made in better protecting the entire ecosystem.”
This is a reminder that Mac users are not immune to threats. They need to practise good computing habits such as these. Because threats like this one are starting to become more and more common on the Mac platform. Which means that you need to be on guard at all times.
Like this:
Like Loading...
Related
This entry was posted on February 18, 2025 at 1:48 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
XCSSET macOS Malware Reappears With New Attack Strategies
Microsoft has warned that a new variant of XCSSET malware is actively targeting macOS users. “The latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4,commented:
“Downloading, running, or re-using any code from any repository is taking a big risk. If you download and reuse code that you yourself or someone you greatly trust did not write, you have to inspect it. This is a lesson the world has known about the threat of reusing other people’s code since the late 1970’s. In 1984, one of the co-creators of Unix, Ken Thompson, wrote a seminal paper on the trustworthiness of code titled Reflections on Trust. He summarized it by stating, “You can’t trust code that you did not totally create yourself.” He footnotes a 1974 paper on software security paper entitled Multics Security Evaluation: Vulnerability Analysis that says the same. Unfortunately, almost none of today’s programmers are taught basic ‘secure code’ skills, and hence each generation of programmers seems to have to learn the same mistakes of the past. We need all of today’s programming curriculums teaching secure coding, including the need to be wary of and inspect others’ code, and we need employers who hire programmers requesting that those programmers come with secure coding skills.”
“It’s a little ironic to see Microsoft pointing out and defending against Mac vulnerabilities and threats, especially before Apple does. But that’s testament to today’s interconnected world and the shift that Microsoft has made in better protecting the entire ecosystem.”
This is a reminder that Mac users are not immune to threats. They need to practise good computing habits such as these. Because threats like this one are starting to become more and more common on the Mac platform. Which means that you need to be on guard at all times.
Share this:
Like this:
Related
This entry was posted on February 18, 2025 at 1:48 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.