TechRadar: Google Drive is flagging some macOS files for copyright violation. “A disgruntled Reddit user recently reported that a ‘.DS_Store’ file on their Google Drive was flagged by the search giant for violating its copyright infringement policy. Apparently, this isn’t the first time this issue has been encountered as macOS users also reported experiencing similar problems last month.”
Ars Technica: Backdoor for Windows, macOS, and Linux went undetected until now. “The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.”
Ars Technica: Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects. “Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.”
The Hacker News: Apple Removes Several Trend Micro Apps For Collecting MacOS Users’ Data. “Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users’ sensitive data without their consent. The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers.”
Motherboard: Bugs Allowed Hackers to Make Malware Look Like Apple Software . “For years, hackers could hide malware alongside legitimate Apple code and sneak it past several popular third-party security products for Mac computers, according to new research. This is not a flaw in MacOS but an issue in how third-party security tools implemented Apple’s APIs. A researcher from security firm Okta found that several security products for Mac—including Little Snitch, xFence, and Facebook’s OSquery—could be tricked into believing malware was Apple code, and let it past their defenses.”
Hello Web Books: First free zine on command line basics has launched today!. “Over the last few weeks, I’ve been working on a little project to go along with the Kickstarter campaign for Hello Web App (one week left!) I’ve punted around the idea of releasing little mini-books or zines on small ideas, like pairing fonts or working with git. Today I’m releasing my first project, A Really Friendly Command Line Intro for MacOS! For free! This is a great addition to Hello Web App (and will be bundled with it moving forward). I walk through all the basic UNIX/command line commands that a beginner might need to learn when they start coding for the first time.” The graphic for the project notes that Linux and Windows versions are “coming soon”.
The Verge: Major Apple security flaw grants admin access on macOS High Sierra without password. “There’s a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password. Late Tuesday, Apple confirmed that it’s working on a software update to fix the issue and published step-by-step instructions to help customers protect their machines in the meantime.”