Stealthy Linux Malware || Automated Security Config - macOS
CyberInsights #50
This is the 50th edition of CyberInsights!
Over 50 editions, we have tried to keep our focus on 2 news items that have long term security impact and ask you to take action on it.
Along the way, we realised that some some topics needed to be explored further.
We started the CyberInsights LongReads - a series that does deep dive on certain topics which we feel are important to the cybersecurity professional. Read the first few here:
Open Source Security and SBOM, CERT-In Incident reporting directive, Verizon Data Breach Report 2022 anaysis
It’s been a great journey and we hope you enjoyed it as much as we enjoyed creating this!
Symbiote - Linux malware
All malware need an executable process to run, right?
Wrong! Well, Symbiote is malware with a difference.
File-less malware is passé. Who needs files to run malware anyway. All you need is to run a process that does malicious activity. Well, Symbiote does not even need a process. It latches on the running processes in Linux and does its job! It can also filter out packets that it does not want any nosey packet capturing software to see.
Take Action:
Read the link above. It is very interesting and very advanced. Currently this malware is targeted only at certain financial institutions in Brazil. If you are not one them, then it does not apply to you. But like the article says, with stealth so advanced, how do you really know?
Know someone who might find this useful? Share this post.
Automated configuration guide for your macOS
Essentially, it is a GitHub project that maintains yaml files of security configurations for macOS in line with NIST 800-53. It then allows you to run some scripts on the yaml files to generate the baseline documents, or even customise your baseline. Here is one that I generated for macOS Monterey with a moderate level of security configuration.
It’s easy to setup and generate. This one generated a 183 page document relevant to my OS requirement and my security requirement.
Take Action:
Use this to generate secure configuration documents for your macOS systems and follow the generated guidelines for securing them!
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.