the JoshMeister on Security: Articles Written from December 2016 to September 2017

Thursday, October 26, 2017

Articles Written from December 2016 to September 2017

It's catch-up time! Here's a list of articles I've written since my last post on the JoshMeister on Security (in reverse chronological order):

October 3, 2017 — Month in Review: Apple Security in September 2017

Featured stories include:

Apple releases macOS 10.13 High Sierra, iOS 11, tvOS 11, and watchOS 4
Patrick Wardle's SKEL and Keychain vulnerability discoveries
DolphinAttack

September 22, 2017 — What is BlueBorne? An Apple Device FAQ

Discussing BlueBorne, a Bluetooth vulnerability that affects some iPhone, iPad, iPod touch, and Apple TV models that Apple is no longer updating

August 30, 2017 — Month in Review: Apple Security in August 2017

Featured stories include:

Touch ID Secure Enclave Processor firmware allegedly decrypted
New Mac malware: Pwnet malware distributed via supposed hack for Counter-Strike game
New Mac malware: Mughthesec and other Mac adware installers

July 31, 2017 — Month in Review: Apple Security in July 2017

Featured stories include:

New Mac malware: OSX/FruitFly.B, a variant of spy malware discovered in January
New Mac malware: OSX/FlashyComposer.A, a variant of OSX/Leverage backdoor malware from way back in 2013
DevilRobber Mac malware makes a comeback

June 29, 2017 — Month in Review: Apple Security in June 2017

Featured stories include:

Mac ransomware and spyware as a service
New Mac malware: OSX/OceanLotus returns with new variant
Scam software in iOS App Store

May 31, 2017 — Month in Review: Apple Security in May 2017

Featured stories include:

New Mac malware: OSX/Dok distributed via phishing
New Mac malware: OSX/Proton.B distributed via compromised Handbrake download server
New Mac malware: Snake gets ported from Windows

May 25, 2017 — WannaCry and the State of Mac Ransomware

Windows systems worldwide were hit by a serious SMB vulnerability called EternalBlue; Macs that run Windows could be affected
A summary of recent macOS-targeted ransomware is also discussed

April 27, 2017 — Month in Review: Apple Security in April 2017

Featured stories include:

Apple introduces security (and, oops… insecurity) updates
SMS phishing scams targeting iPhone users
Find My Mac can be disabled by anyone with physical access
Unofficial app store hidden in an App Store app
Proof-of-concept fake apple.com site revealed a Unicode implementation issue in major browsers (Chrome, Opera, Firefox) that could have facilitated phishing

April 20, 2017 — Windows Vista is Dead; Should You Switch to Apple?

Microsoft is no longer releasing security updates for Windows Vista, and the upgrade path to Windows 10 is rather bumpy; is this a good time for users of a legacy Windows operating system to switch to a Mac or iPad?

March 24, 2017 — Month in Review: Apple Security in March 2017

Featured stories:

Mac hackers get root at Pwn2Own
WikiLeaks' Vault 7 and DarkMatter disclosures highlight previously patched iOS and Mac vulnerabilities

March 20, 2017 — RSA Conference 2017 Highlights

An extensive article featuring my coverage and highlights from RSA Conference (USA) 2017, including authorized audio recordings of these presentations:

Patrick Wardle: 🔊Meet the macOS Malware Class of 2016
Amit Serper: 🔊OSX Pirrit and Why Care About Mac Adware
Robert Graham: 🔊Mirai and IoT Botnet Analysis

February 24, 2017 — Month in Review: Apple Security in February 2017

Featured stories:

New Mac malware: Filecoder/Findzip ransomware
New Mac malware: Sofacy XAgent
New Mac malware: iKitten
New Mac malware: EmPyre Word macro
New Mac malware: PROTON RAT
iCloud was storing "deleted" Safari history
Alleged nude celebrity photo leak blamed on "iCloud hack" but devoid of evidence

January 25, 2017 — Month in Review: Apple Security in January 2017

Featured stories:

New Mac malware: ClientCapture/Fruitfly/Quimitchin
Scam site launched DoS attack against unpatched Macs

December 15, 2016 — What to Do if Your Mac Can't Run macOS Sierra

Apple released a major new operating system, and it isn't compatible with some Macs that could run previous versions of OS X; this article includes ideas for users of older Mac hardware (note: macOS High Sierra, released in late 2017, has the same system requirements as Sierra)

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and Google+.

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)

Subscribe to: Post Comments (Atom)

About Me

the JoshMeister: Joshua Long ("the JoshMeister") is a computer security researcher from California. He currently works as the Chief Security Analyst for an international cybersecurity firm. Josh has a Master of IT degree concentrating in Internet Security, and he has taken doctorate-level coursework studying Computer and Information Security.

Josh has been doing security research for more than 25 years. Apple has publicly acknowledged Josh for discovering a password validation vulnerability. His research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, MacTech Magazine, Naked Security, and The Mac Security Blog.

You can contact Josh via DM on 𝕏/Twitter, Threema, Wire, or Telegram. (For enhanced security: "Start an encrypted message" on 𝕏; "Start Secret Chat" on Telegram; or pre-encrypt using Josh's PGP key.)

Follow @theJoshMeister