Vulnerability In Mac OS Went Unnoticed For Years

Researchers at Okta Security have stumbled across something big.  Recently, they discovered a flaw in Apple’s OS that would have allowed hackers to completely undermine Apple’s code signing process.

While at first glance that doesn’t sound so bad, the implications are terrifying.  In a nutshell, code signing uses cryptographic “signatures” to verify and validate code.  If code bears the digital signature, it is considered trusted.  If it’s trusted, then it’s given an automatic free pass, straight into the heart of any system.

Unfortunately, this flaw in Apple’s code signing process dates back more than a decade. It was only recently discovered, and purely by chance at that.

An extensive forensic analysis has turned up no evidence suggesting that this exploit was ever used for nefarious purposes, which is the one silver lining in all of this.

Upon discovering the flaw, Okta personnel reached out to Apple and other vendors who could have been impacted by the flaw, including tech giants like Google, Facebook and also smaller players like VirusTotal, Objective Development, Yelp, and Carbon Black.

Apple moved swiftly and has since fixed the issue, so this one can be considered a bullet dodged.

Josh Pitts, an Okta engineer, sums the issue up:

“Different types of tools and products use code signing to implement actionable security; this includes whitelisting, antivirus, incident response and threat hunting products.  To undermine a code signing implementation for a major OS would break a core security construct that many depend on for day to day security operations.”

A completely fair assessment.  Thankfully (at least in this particular case), although the issue was hiding in plain sight, it does not appear to have been exploited before being fixed.  We won’t always be so lucky.

Watch Out For Rise In Microsoft Office Attacks 

Menlo Security has recently published a new report that will probably dismay you if you’re a business owner.

Microsoft Office has been named as the attack vector of choice for hackers around the world. The most common form of the attack is a malicious Word document or other office document attached to an innocent looking email.

There are, of course, plenty of other ways to take advantage of various security weaknesses in MS Office and Office 365.  These include the use of remotely hosted malicious components embedded within documents that deliver zero-day exploits when the document is opened.

The reason MS Office is such a wildly popular choice isn’t because it has an unusual number of security loopholes that can be exploited (although it’s certainly got its share).  Rather, it has everything to do with the overwhelming popularity of the office suite.  Simply put, lots of people use it on a regular basis, and that means the pool of potential victims is enormous.

As the report explains:

“There is likely to be an increase in attacks via malevolent email attachments using stealthily embedded, remotely hosted malicious components that leverage applications and operating system vulnerabilities, both old and new.

With CVE-2018-8174 and CVE-2018-5002, the attackers leveraged Word as a vector to exploit Adobe Flash Player and Internet Explorer.  By using Word as the vector, the attackers were able to exploit a browser, even if it is not the default browser, and exploit Flash, even though Flash is blocked by most enterprises…Microsoft is therefore undoubtedly going to become the platform that attackers leverage most to deliver their zero-day exploits.”

All true, and beyond troubling.  If your business uses Microsoft Office or Office 365 (and odds are excellent that it does), continued vigilance is the key.

Healthcare Sector Facing Rise In Ransomware Attacks

The Department of Health and Human services has issued a warning to healthcare providers to be on high alert for the SamSam strain of ransomware, which has been used to attack eight different health care entities so far this year.

SamSam made its first appearance in 2016 and is seeing increasingly widespread use so far this year.  Unfortunately, the healthcare industry is considered by most to be a soft target. On the Dark Web, healthcare data has become more highly sought after than credit card data, which is only going to put more healthcare entities at risk.

The most tragic component of this is that when a hospital’s network goes down, they stand to lose more than just money and control over patient data.  Lives are also at risk.  Although none of the attacks to this point have resulted in patient deaths, it’s statistically inevitable.  As these attacks continue to increase in frequency, scope and scale, sooner or later, someone will die because of them.

According to security experts, the root of the problem lies in the fact that guarding against such attacks is seen as fundamentally an IT issue.  The truth is that it is an organization-wide issue, and should be treated as such, because attacks like these pose an existential threat.  Treating the issue as something for a single department to be responsible for inevitably leads to a lack of funding and an inadequate incident response plan. This leaves most organizations completely unprepared to deal with an attack and its aftermath.

Even more worrisome is the fact that an increasing number of ransomware attacks simply destroy the data.  Sure, the ransom note still gets displayed, but the hackers simply have no intentions of unlocking the files, and they build their software accordingly. Most recently, hackers have taken to corrupting encrypted data files, which can cause lingering problems for months or even years after they’re unlocked.

This problem is only going to get worse until we all start taking data security more seriously.

Facebook Is Adding New Features, Including Dating 

At this year’s F8 Developer’s conference, Facebook announced a raft of changes and updates it will be rolling out later this year.  Some are fun, others practical, but they’re all interesting.  Here are the highlights:

Get Ready for “FaceDate”

This announcement is interesting. Not so much because the idea of using Facebook to meet someone is new, but because of what the announcement did to the stock prices of existing companies.

The new feature will look and feel a bit like Tinder, with a few important caveats:

  • Your FaceDate profile will be separate from your Facebook profile
  • The app will not match you with your existing Facebook friends
  • Your existing friends will not see, or even know about your FaceDate profile (unless you tell them, of course)

Facebook fanatics will no doubt love this feature, but the news caused the stock prices of two online dating companies to fall sharply. These included Match Group (parent company of Match.com) tumbling 22 percent, and IAC (parent company of both Tinder and Match Group) falling 16 percent.

Third Party App Review Starting Up Again

In the wake of the Cambridge Analytica scandal, the company suspended its third-party app review.  That is re-opening starting Tuesday, so by the time you read these words, app review should once again be in full swing.  The major change here is that the company will now require business verification for apps that need access to specialized API’s or extended login permissions.  Apps asking for basic profile information only will not be subject to this new requirement.

Real Time Language Translations In Messenger

A long-anticipated feature addition, the company is taking a cautious approach here.  When the feature is initially rolled out, it will only translate English-Spanish conversations, with additional languages added incrementally.  In addition to the translation feature, the messenger interface will also get some tweaks and improvements.

“Clear History” Feature Being Added

This one is aimed specifically at the lingering privacy concerns Facebook’s CEO was recently grilled about when he appeared before Congress.  In a bid to increase user privacy, Facebook will now allow its users to see the apps and websites that send Facebook information when in use, and allow users to turn off Facebook’s ability to store that data.  It’s a good first step, but it remains to be seen how helpful it will be in terms of increasing user privacy.  There’s no good way to know that until we get the opportunity to see the new feature in action.

All in all though, a productive conference, with a number of interesting changes ahead.

New SSD Drive Can Hold 8TB of Storage

Good news for the business world in general, and the owners of data centers, in particular.

Mass storage is about to get vastly more efficient thanks to Samsung’s recently launched solid state drive, which manages to pack an impressive 8TB of storage into a delightfully small footprint, measuring just 11cm x 3.05cm.

Not only do the new drives deliver twice the storage capacity of the SSDs used in high-end servers and slim line laptops, but it also has an impressive read speed of 3100 MB/s, and write speeds of 2000 MB/s. The read speed of the new drive is five times faster than the speeds you typically get from SATA SSDs, and the write speeds are three times faster.

When hyper-scaled, that means that enterprise server system could perform more than a million IOPS in a 2U rack space, and that translates into a significant ROI for large-scale data centers.

It gets even better. Samsung is planning to release a 512 gigabit version of its 3-bit V-NAND SSD later this year, which will allow significant improvements in processing speeds for big data applications.

What we’re talking about here, ultimately, is storage and processing density. The new SSD is built with 16 512GB NAND package, stacked in sixteen layers of 256 gigabit 3-bit V-NAND chips that were specifically engineered with massive SSDs in mind.

This allows data centers to triple total system density in the same footprint, and allows for a mind-boggling 576 terabytes of storage in 2U rack servers.

This is paradigm shifting and will make cloud-based service providers even more attractive. The most successful of these already have hyper-scale data centers in place, already have a wealth of experience when it comes to handling Very Large Data sets and experience dealing with applications designed to sift through those mountains of data. Enterprise users, rejoice!