research tools – WindowsTechs.com

Hackers target Apple developers with backdoor

Posted on March 18, 2021 by Shannon Vavra

Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple’s integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode, is a malicious version of an open-source project that’s been available on GitHub that’s intended to help developers with features in animating the iOS Tab Bar. The attackers have made a version of the project to execute a malicious script and target a victim’s development machine with a backdoor. If they leverage the backdoor properly the attackers could record through the victim’s microphone or camera, or log keystrokes from their keyboard. The hackers could also upload or download files, according […]

The post Hackers target Apple developers with backdoor appeared first on CyberScoop.

Continue reading Hackers target Apple developers with backdoor→

U.S. military researchers may have found a more productive vulnerability discovery process

Posted on August 24, 2020 by Shannon Vavra

A study from the U.S. government shows there is proof of a way to be more efficient when looking for flaws in software. Security researchers of all expertise levels do better with an improved, automated analysis that better allocates human resources during investigations, U.S. military researchers from the National Security Agency, Cyber Command, Navy, Air Force, and Army posit in new research published this month. This differs from a common approach taken when researchers are more naturally inclined to zero in on a given piece of software to try to find flaws. “There is a cognitive bias in the hacker community to select a piece of software and invest significant human resources into finding bugs in that software without any prior indication of success,” they write in the paper. This status quo, which the researchers call the “depth-first” approach, places more of a burden on experienced researchers while beginners get […]

The post U.S. military researchers may have found a more productive vulnerability discovery process appeared first on CyberScoop.

Continue reading U.S. military researchers may have found a more productive vulnerability discovery process→

Apple’s long-awaited security device research program makes its debut

Posted on July 22, 2020 by Shannon Vavra

In order to make it easier for security researchers to find vulnerabilities in iPhones, Apple is launching an iPhone Research Device Program that will provide certain hackers with special devices to conduct security research, the company announced Wednesday. Beyond enhancing security for iOS users and making it easier to unearth flaws in iPhones, the program also aims to improve the efficiency of ongoing security research on iOS, Apple said. The launch comes several months after Apple initially teased out the plans for the security device program last year at the Black Hat conference in Las Vegas. For a company normally reluctant to allowing security researchers to find flaws in its code, Apple’s move could mark a step forward in its willingness to work with the broader information security community to expose and root out vulnerabilities in Apple platforms. Security researchers in recent years found it so difficult to access the inner workings […]

The post Apple’s long-awaited security device research program makes its debut appeared first on CyberScoop.

Continue reading Apple’s long-awaited security device research program makes its debut→

PasteBin just made it easier for hackers to avoid detection, researchers say

Posted on April 16, 2020 by Jeff Stone

A policy change at a seemingly innocuous website could make it more difficult to stop hackers, according to information security experts who track malicious software in the wild. PasteBin, a text repository where developers share internet code, said on Wednesday it has discontinued a service that charged users a $50 one-time fee to search the site for new data. Researchers had used the scraping API to scour PasteBin for cybercriminal activity, as hackers frequently posted stolen personal data and malicious code to the site. PasteBin has a lot of legitimate activity, including posts about software tests and blocks of banal code meant for cryptographic network protocols. The malicious activity makes up a fraction of the content, and is difficult to identify without scraping capabilities because of the construction of the site. A number of Twitter feeds, like @ScumBots and @leak_scavenger, were dedicated to catching malicious uploads early, and then distributing details early […]

The post PasteBin just made it easier for hackers to avoid detection, researchers say appeared first on CyberScoop.

Continue reading PasteBin just made it easier for hackers to avoid detection, researchers say→