Skip to main content

macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown 

It’s been little more than a week since Apple rolled out an unprecedented 74 new rules to its XProtect malware signature list in version 2192. A further 10 rules were appended in version 2193 on April 30th. Cupertino’s security team were clearly hoping that a concerted effort would serve to disrupt prolific adware distributor Adload’s assault on macOS devices. Those behind the adware, however, appear to have pivoted quickly as dozens of new Adload samples are already appearing that evade Apple’s new signatures.

In this post, we take a look at one variant of these new samples that is almost entirely undetected on VirusTotal at this time. We hope this exposure will both help inform security teams looking to keep adware nuisances out of their environment and serve to boost detection recognition across other vendor engines.

Apple’s Massive Adload Signature Update

With XProtect version 2192, Apple added 74 new rules to XProtect.yara. While a few of these were targeted at other malware and adware distributors, the vast majority targeted adware widely known as Adload.

Well, there are 74 new rules in XProtect v2192 , so it's going to take me a bit to update https://t.co/Fgr7MGgRL2 with sample hashes, but interesting to see Apple trying to disrupt Adload's entire codebase. pic.twitter.com/n0eX6FfSEh

— Phil Stokes ⫍⫎ (@philofishal) April 25, 2024

Continue reading

Meet three Swift Student Challenge winners changing the future through coding

Meet Dezmond Blair, Elena Galluzzo, and Jawaher Shaman, three winners of Apple’s 2024 Swift Student Challenge.

Original author: Apple Newsroom

Hydrogen fuel cells will deliver reliable power with zero emissions

Hydrogen has a role to play in delivering power with zero emissions at the point of use, including as part of mission critical and backup power systems.

Earlene Gibbons | A 2024 Top 25 Women In Technology Winner

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Earlene Gibbons.



Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

PinnacleOne ExecBrief | Commercial Industry in Contested “Space”

Last week, PinnacleOne examined the state of aviation cybersecurity given recent incidents and federal action.

This week, we boost our view into orbit and dive into the intersection of cybersecurity and geopolitical risk facing the rapidly expanding space economy.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus: Commercial Industry in Contested “Space”

In early April, the United States Space Force (USSF) released their first Commercial Space Strategy, embarking on a major shift in its approach to space operations, one that recognizes the pivotal role of the private sector in driving innovation. This USSF move to integrate commercial space solutions into “hybrid architectures” will raise critical issues of “dual-use capabilities” facing cyber and counterspace threats from China and Russia across peacetime, crisis, and conflict.

Continue reading

Collaborating to Tackle the Talent Shortage

Mission Critical recently sat down with CNet Training to find out more about the Digital Futures Program, a collaborative between a group on industry organizations and university technical colleges. 


Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

The Good, the Bad and the Ugly in Cybersecurity – Week 17

The Good | U.S. Govt Sends Spyware Abusers, Cybercriminals, and Crypto Launderers to Court

The U.S. government this week took three decisive actions against cyber criminals: a visa ban on thirteen spyware makers and sellers, sanctions against four Iranian nationals for their roles in recent cyberattacks, and an official charge for two cryptomixers.

Following the February announcement to set visa restrictions on commercial spyware developers and vendors, the Department of State has cracked down on the first thirteen individuals and their families. Excluding visa applications in this case effectively bans those who are linked to such operations from entering the U.S. The abuse of spyware has been a rising issue in recent years as adversaries use it to target persons of interest such as journalists, human rights advocates, academics, and government employees.

Two front companies and four individuals were sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) for their association to cyber activities supporting the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) over the span of five years. Collectively, the identified threat actors have targeted over a dozen U.S. organizations, including the U.S. government and defense contractors through spear phishing and malware attacks, compromising over 200,000 employee accounts.

Up to $10 Million Reward & Possible Relocation

These individuals conducted malicious cyber ops against U.S. firms and government agencies on behalf of Iran’s IRGC.

Continue reading

Addressing diesel emissions for a cleaner future

As the demand for digital services surges, embracing sustainable practices becomes not just an ethical imperative but a strategic advantage for data centers shaping the digital landscape.

Video | World Backup Day

Andy Syrewicze is a security evangelist at Hornetsecurity. Hear what he has to say about World Backup Day and why it deserves to be recognized. 


Amie Fish | A 2024 Top 25 Women In Technology Winner

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Amie Fish.


Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit

Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original RaaS agreements, especially as financial squabbles between threat actors emerge in the ransomware economy. The affiliates in such instances are starting to work with third-parties or external data leak services in order to re-extort victims who have already paid the ransom to the original attackers.

This blog post examines how affiliate attackers are embracing this new third-party extortion method, illustrated most recently by the ostensibly back-to-back cyberattacks on Change Healthcare and the emergence of services like RansomHub and Dispossessor.

ALPHV Exit Scam & Re-Extortion by RansomHub

In February 2024, a subsidiary of healthcare giant UnitedHealth Group (UHG) was forced to take down its IT systems and various services. The root of the disruption was a cyberattack by a BlackCat (aka ALPHV) affiliate on Change Healthcare, a healthcare technology platform used by the subsidiary.

Post-attack, ALPHV ransomware operators reportedly took down their data leak blog, servers, and operation negotiation sites, and failed to pay the affiliate their agreed share of the ransom.

Purportedly, Change Healthcare paid out the $22 million ransom demand, only to be targeted a second time just weeks after recovering from the initial attack. This time around, the ransomware attack was claimed by a threat actor working in conjunction with RansomHub, a new extortion group claiming to hold 4 terabytes of the victim’s sensitive data including personally identifiable information (PII) of active U.S. military personnel, patient records, and payment information.

Continue reading

Apple launches “Made for Business” in select stores around the world

Beginning in May, the Today at Apple series “Made for Business” will show entrepreneurs how Apple products and services can support their success.

Original author: Apple Newsroom

Implementing AI within IT systems ethically and responsibly

It is not enough to simply establish policies for the ethical use of AI. Ensuring its ethical application is an ongoing process that requires continuous learning and adaptation.

Nicole Dierksheide | A 2024 Top 25 Women In Technology Winner

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Nicole Dierksheide.



Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

PinnacleOne ExecBrief | Aviation Cybersecurity

Last week, PinnacleOne reviewed escalation dynamics in the Middle East.

This week, we turn our attention to domestic critical infrastructure with a look at recent developments in aviation cybersecurity.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Aviation Cybersecurity

The aviation sector continues to face a complex and evolving cybersecurity threat landscape with nation-state actors, cybercriminal groups, and hacktivists targeting critical infrastructure. Last week, the FAA issued a ground stop order on Alaska Airlines for one hour due to an “upgrade issue with flight software that calculates weight and balance.” This follows a similar hour-long nationwide ground stop last year caused by a software update at United Airlines, a network-wide outage at WestJet caused by a service provider, and a ransomware breach at Sabre.

Continue reading

Top three data center predictions for 2024

Industry growth is a given, which means company decision-makers are creating the future of data centers in 2024 and beyond today.

Vantage Data Centers expands portfolio with second Zurich campus

Vantage will employ more than 400 individuals during peak construction and create approximately 25 jobs to operate the campus.

City of Irving approves new Edged Energy data center in Texas

Known as Edged Dallas, the facility will be built for high-density AI workloads and equipped with advanced waterless cooling and ultra-efficient energy systems. 

The Good, the Bad and the Ugly in Cybersecurity – Week 16

The Good | DoJ Indicts Cryptojacking Criminal and Botnet Operator Supporting Ransomware Actors

The DoJ doled out two indictments this week: the first announcing the arrest of Charles O. Parks III for his role in an elaborate cryptojacking scheme, the second, charging Alexander Lefterov, owner and operator of a major botnet.

Parks was charged with wire fraud, money laundering, and illegal transactions, tallying up to a maximum of 30 years in prison. According to the DoJ, the basis of Parks’ scheme was renting $3.5 million worth of cloud servers through a number of fake LLCs in order to mine nearly $1 million in cryptocurrency.

After tricking the cloud service providers (CSPs) into escalating his privileges, Parks was given access to services equipped with powerful graphics cards that were then used to mine Monero, Litecoin, and Ether. The mined funds were laundered through purchasing NFTs and converting them through traditional banks and various crypto exchanges to fund a lavish lifestyle.

Lefterov was indicted by a federal grand jury for aggravated identity theft, computer fraud, and conspiracy to commit wire fraud. Through the large-scale botnet he maintained, the Moldovan national and his associates have been linked to thousands of compromised computers across the U.S.

Source: FBI

Using credentials harvested from the infected computers, Lefterov and his co-conspirators targeted victims’ financial accounts across banking, payment processing, and retail platforms to steal money. In tandem, Lefterov allegedly leased his botnet to other cybercriminals for ransomware distribution, later receiving a share of the profits from successful attacks.

Continue reading

AirPlay is now available in select IHG Hotels & Resorts properties

Now, guests at select IHG Hotels & Resorts properties can use AirPlay to seamlessly share entertainment and more to compatible TVs in their rooms.

Original author: Apple Newsroom