Posted in Commentary with tags Apple on July 9, 2025 by itnerd
Researchers have found the Atomic macOS Stealer (AMOS) now has an embedded backdoor allowing hackers to maintain persistent access to a victim’s Mac, run arbitrary tasks from remote servers, and gain extended control over compromised machines.
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“The evolution of AMOS into a dual-purpose threat, infostealer plus backdoor marks a critical escalation in macOS-targeted malware. What makes this particularly concerning is the shift from quick data theft to long-term persistence and remote control, which dramatically increases the attacker’s dwell time and options. This is no longer just about stealing saved passwords; it’s about full-scale surveillance, data exfiltration, and even lateral movement into connected enterprise environments.
Given that AMOS is now only the second known backdoor operating at this scale on macOS, following a North Korean state-linked campaign, it signals that macOS is no longer flying under the radar. Enterprises with mixed-OS environments need to treat macOS endpoints as equally high risk and ensure EDR coverage, script execution controls, and user behavior monitoring are in place.”
This is a dangerous evolution in this malware which you should pay attention to. You can avoid being a victim by avoiding downloads from unverified sources and avoiding pirated software. In other words, good computer hygiene should keep you safe.
Nova Scotia Power has disclosed new impacts from a ransomware attack first detected in April. While power delivery was not disrupted, communications between smart meters and utility systems were affected, causing delays in billing and a shift to estimated charges. Sensitive customer data—including Social Insurance numbers and banking information—was also stolen. The breach affects approximately 280,000 customers, including some U.S. residents, due to the utility’s parent company, Emera, operating in both countries.
Debbie Gordon, CEO and Founder, Cloud Range had this comment:
“This incident underscores a persistent and dangerous gap between IT and OT security teams. As smart meters and other operational technologies become increasingly connected to enterprise networks, many organizations still operate in silos—leaving critical infrastructure exposed. Without joint incident response plans, shared training programs, and regular cyber range exercises, it’s nearly impossible to respond effectively to ransomware or AI-driven attacks. Cyber simulation training is one of the most effective tools we have to close this gap. It builds real-world muscle memory, fosters cross-team coordination, and helps IT and OT teams learn to think like attackers, before they’re forced to respond like defenders.”
While the scale isn’t the biggest that I’ve seen. But the effects are pretty far reaching. Underscoring the need to make sure the bad guys never, ever have the chance to get in to do anything bad.
As companies continue to adapt to evolving workplace models, these guidelines address the unique security challenges that arise when employees shift between remote and in-office environments. KnowBe4’s suggested guidelines aim to empower organizations to safeguard their sensitive data and maintain a strong security culture during such a transition.
KnowBe4’s Cybersecurity Best Practices for Returning to the Office:
Secure Your Devices: Ensure all devices, including laptops and mobile phones, are updated with the latest security patches before connecting to the corporate network.
Reinforce Password Hygiene: Encourage employees to enable phishing-resistant multifactor authentication (MFA) for all accounts to reduce the risk of unauthorized access.
Audit and Update Access Controls: Review and adjust user permissions to ensure that only authorized personnel have access to sensitive systems and data.
Conduct a Security Awareness Refresher: Provide employees with updated training on cybersecurity policies and potential threats to reinforce a culture of security.
Physical Security Considerations: Establish clear protocols for handling sensitive information in shared spaces and securing devices when unattended.
KnowBe4 today released a set of cybersecurity best practices to help organizations navigate return-to-office transitions securely that is worth your time to read.
With tariff uncertainty and shrinking promotions, shoppers are expected to turn to resale in record numbers, while AI-powered personalization will drive both in-store and online sales to new highs.
Salesforce’s 2025 holiday shopping predictions:
#1 – Hyper-personalized product discovery is here
Salesforce predicts product discovery via AI-powered product recommendations will drive $260B in online sales and $1.6T in in-store sales.
59% of shoppers using AI chat services for product recommendations plan to use it to find holiday gifts for family and friends.
#2 – AI agents will boost employee productivity
Salesforce predicts that 35% of retailers will be using agentic AI to boost their workplace and employee productivity.
#3 – Unified commerce experiences will supercharge online and offline sales
Salesforce predicts that for every $1 that Gen Z spends online, they will spend $3 more in-store this holiday season, making brick-and-mortar a critical channel for success with younger generations.
#4 – Trade uncertainty will push shoppers to resale, as promotions are cut back
Salesforce predicts shoppers will spend $64B on resold merchandise as they look to cut costs and reduce waste.
46% of shoppers report that they are planning on buying a previously owned item in order to give as a gift over the next six months.
#5 – Price and quality will drive loyalty
Salesforce predicts loyal shoppers will spend 20%more this holiday compared to every new shopper acquired.
Honestly, I am not surprised that this is happening. It just took longer than I expected. And what I am talking about is Twitter/X CEO Linda Yaccarino has decided to leave Twitter:
Elon Musk-owned social platform X’s CEO Linda Yaccarino said on Wednesday she would step down from the role in a surprise move.
Her exit comes at a difficult time for Musk, who is dealing with falling sales at his EV maker Tesla and is embroiled in a war of words with U.S. President Donald Trump.
Yaccarino did not give a specific reason for her decision. X and Yaccarino did not immediately respond to requests for comment.
I am sure we will find out what prompted this move eventually. Any bets on what the reason might be?
Abstract Security, the leader in streaming-first security data operations, today announced Juul Labs, a leader in consumer electronics manufacturing, as a new customer.
In an industry long burdened by operational complexity and rising costs, Juul Labs is transforming its approach to cybersecurity and IT infrastructure. Under the leadership of Pablo Quiros, VP & Global Head of Security and Information Technology / CISO, the company has quickly improved its security posture by using modern platforms including Abstract Security to get real-time visibility, reduce complexity, and empower the existing teams so they can focus on real threats without noise.
When Pablo Quiros joined Juul Labs, the company faced a complex and fragmented security environment. With a lean, high-impact team and no room for complexity, Quiros recognized the need for a solution that could provide powerful security capabilities without requiring a massive headcount or heavy operational lift.
Security Without Compromise: Innovation at Speed and Scale
After evaluating the market, Juul Labs chose Abstract Security for its modern approach to security operations. With built-in data pipelines, streaming threat detections, and native cold storage through LakeVilla, Abstract is designed from ground up to cut complexity, speed up response, and boost team efficiency — all without the overhead of traditional solutions.
Immediate Impact, Measurable Gains
With Abstract, Juul Labs now enjoys:
Full visibility across its entire attack surface – Juul now has “full understanding of our attack surface — who, what, where, when, and why.”
4x engineering efficiency — “What previously took four days can now be done in a single day, freeing up engineering time for high-value tasks,” said Quiros.
Projected 75% infrastructure savings – Juul expects infrastructure costs to drop by up to 75% over the next year as legacy systems are phased out.
A Platform for What’s Next– Rethinking Security for Modern Architecture
Juul Labs is now expanding its use of Abstract Security to include advanced analytics, which enables its team to increase capacity without increasing headcount.
Quiros sees Abstract Security as more than a platform — it’s a strategic partner. “We like that Abstract is young and responsive. We feel like we have a voice in shaping where the product goes.”
SIOS Technology today announced that EGGER Group, a global leader in wood-based materials manufacturing, has achieved 99.99% uptime for its mission-critical applications using SIOS LifeKeeper for Linux. With SIOS, EGGER has ensured uninterrupted operations across its 22 manufacturing facilities in 11 countries, safeguarding essential SAP, Oracle, and custom applications from downtime.
EGGER, headquartered in St. Johann, Tyrol, Austria, operates over 5,000 virtual machines on 350 physical servers, supporting a wide range of systems including delivery logistics, inventory management, and enterprise resource planning. To meet its demanding uptime requirements, the company selected SIOS LifeKeeper for its exceptional reliability, simplicity, and ability to support both off-the-shelf and custom services within a Linux-based enterprise infrastructure.
More than 20 years ago, the EGGER IT team began its search for an HA solution that could scale with its growing global footprint while minimizing system complexity. After evaluating several alternatives, including open source and traditional clustering tools, the team chose SIOS LifeKeeper. The solution provided seamless support for complex database environments, including SAP HANA, Oracle, and customized PostgreSQL, as other internal services.
A critical advantage was the SIOS Application Recovery Kit (ARK), which enabled EGGER to tailor HA protection for its custom applications and services. Combined with a user-friendly GUI and powerful command-line capabilities, SIOS LifeKeeper has allowed EGGER to simplify configuration, reduce setup errors, and streamline management across two-node clusters in its virtualized environment.
With SIOS, EGGER has not only reduced downtime risk but also gained the ability to perform maintenance and upgrades without taking systems offline. The company continues to evolve its infrastructure strategy, with SIOS LifeKeeper remaining a key pillar in its ongoing innovation.
This summer, Samsung is launching its most stylish and intelligent ecosystem yet: the Galaxy Z Fold7, Galaxy Z Flip7, and Galaxy Watch8 / Watch8 Classic. Built to work seamlessly together, this lineup empowers social expressors and entertainment-first users to stay connected, create on the go, and live hands-free, all without compromising on style or function.
Whether you’re capturing moments for your feed, jumping between group chats, tracking your wellness goals, or syncing your look, this ecosystem is built to flex with your lifestyle.
Galaxy Z Flip7 – Style-forward and made for content creators
Designed for the selfie-lover, vlogger, and trendsetter, the Galaxy Z Flip7 is Samsung’s most expressive Flip yet, compact, powerful, and uniquely stylish.
Lightest Galaxy Flip ever at just 188g, with a sleek clamshell form and strong outer shell
New 4.1″ Flex Window with Gemini AI lets you manage tasks, get updates, and preview content, all without flipping open
Enhanced FlexCam for hands-free selfies, vlogging, and social video capture with gesture controls and auto-framing
Infinity Display aesthetic for elevated design and visual flow
Powered by Galaxy AI, you can automate tasks, generate content ideas, or post directly from your cover screen
It’s your statement piece and smart content studio in one compact device.
Galaxy Z Fold7 – Built for immersive entertainment and multitasking
Slimmer, lighter, and more powerful, the Galaxy Z Fold7 is designed for entertainment enthusiasts who live in multiple apps, windows, and dimensions.
26% thinner than Fold6 and weighing just 216g, now as comfortable as a bar type phone
Snapdragon 8 Gen 3 Elite processor, paired with advanced cooling for gaming and streaming performance
Massive, unfolded display for cinematic viewing, editing reels, or using floating windows for multitasking
200MP main camera with wide-angle and macro for professional-level shots
Gemini AI features like AI Select and Audio Eraser streamline your content capture and communication
All-day battery with up to 78 hours of music / 24 hours of video playback
Perfect for creators who demand performance and premium design in a foldable form.
Complete your look (and your workflow) with Galaxy’s sleekest watches ever. The new Watch8 and Watch8 Classic are more than just stylish; they keep you synced, healthy, and hands-free.
Just 8.6mm thin, with dynamic lugs and improved comfort
Choose Galaxy Watch8 for minimalist chic or Watch8 Classic for the rotating bezel and premium finish
Gemini AI integration provides voice-powered control, task reminders, and daily summaries
Use gesture controls (pinch, knock, shake) to take photos, dismiss calls, or control your Z Flip or Fold
Track sleep, stress, cardiovascular load, and more, all from your wrist
Seamless ecosystem integration means your Galaxy Watch, Galaxy Fold, and Galaxy Flip work together to power your day (and your night out)
Whether you’re filming on your Galaxy Z Flip7, gaming on your Galaxy Fold7, or navigating it all with your Galaxy Watch8, this is the ecosystem built for self-expression, content creation, and total lifestyle control.
AirMDR, a leader in AI-native Managed Detection and Response (MDR), announced the company has closed a $15.5 million seed round that will fuel investment in research and development of the company’s flagship technology and increase the efficacy and expertise of AI Analysts. A new $10.5 million infusion investment has been added to an initial $5 million seed round that will be used to scale Sales and Marketing efforts to bring the benefits of AI SOC to enterprise and SMB organizations – a sector that’s sharply underserved by current MDR offerings, as well as managed security services providers (MSSPs).
The round was led by Race Capital with full participation from AirMDR’s earlier backers Foundation Capital and Storm Ventures. This round of capital will further accelerate strong market demand for AirMDR’s AI SOC offering.
AirMDR is led by a team with a very strong DNA in Detection and Response. Before co founding AirMDR, Kumar co-founded Sumo Logic (first cloud-based SIEM), and worked with Fortune 500 SOCs at companies like ArcSight (first generation SIEM leader) and LogicHub (Security Automation). AirMDR CTO Srikant Vissamsetti has co-founded companies like Intruvert (Network Detection and Response) and Attivo (Identity Detection and Response).
Traditional MDRs often fall short in SMB environments, struggling with slow response times and high-quality alert handling. AirMDR solves this with a powerful AI analyst that autonomously triages 100% of alerts in real time. AirMDR’s 24/7 SOC team of expert human analysts then reviews, validates and improves upon the work of the AI Analyst, adding a critical second layer of defense.
AirMDR’s AI analysts offer quality, speed, and affordability. They communicate in plain English, answer questions, learn continuously, and execute tasks with precision. AirMDR’s automated playbooks can quickly investigate, triage, respond, and contain threats in minutes. Every step is documented, substantiated, and processed with full transparency for comprehensive remediation and learning. With 200+ out-of-the-box integrations and the ability to quickly add new ones, AirMDR supports 100% of your security stack.
Beyond its technology platform, AirMDR’s appeal is that it’s also delivered as a fully managed service. Customers gain the full benefit of AI-driven speed and precision, along with white-glove onboarding, curated integrations, and expert oversight from seasoned security analysts. This combination delivers both the efficiency of automation and the reassurance of human judgment, all as part of a unified, always-on solution.
AirMDR will be debuting the platform at Black Hat 2025, booth # 6425. To schedule a briefing, please visit: https://airmdr.com/events and scroll to Schedule a Demo.
Atomic macOS Infostealer’s New Backdoor Enables Persistent Access
Posted in Commentary with tags Apple on July 9, 2025 by itnerdResearchers have found the Atomic macOS Stealer (AMOS) now has an embedded backdoor allowing hackers to maintain persistent access to a victim’s Mac, run arbitrary tasks from remote servers, and gain extended control over compromised machines.
More info here: https://moonlock.com/amos-backdoor-persistent-access
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“The evolution of AMOS into a dual-purpose threat, infostealer plus backdoor marks a critical escalation in macOS-targeted malware. What makes this particularly concerning is the shift from quick data theft to long-term persistence and remote control, which dramatically increases the attacker’s dwell time and options. This is no longer just about stealing saved passwords; it’s about full-scale surveillance, data exfiltration, and even lateral movement into connected enterprise environments.
Given that AMOS is now only the second known backdoor operating at this scale on macOS, following a North Korean state-linked campaign, it signals that macOS is no longer flying under the radar. Enterprises with mixed-OS environments need to treat macOS endpoints as equally high risk and ensure EDR coverage, script execution controls, and user behavior monitoring are in place.”
This is a dangerous evolution in this malware which you should pay attention to. You can avoid being a victim by avoiding downloads from unverified sources and avoiding pirated software. In other words, good computer hygiene should keep you safe.
Leave a comment »