Apple Users Open to Remote Control via Tricky macOS Malware

The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots. [TechWeb]( Follow Dark Reading: [RSS]( August 02, 2023 LATEST SECURITY NEWS & COMMENTARY [Apple Users Open to Remote Control via Tricky macOS Malware]( The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots. ['DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web]( The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base. [CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security]( A China-nexus cyber-espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug — with severe threat of lateral movement, CISA warns. [White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage]( A lot of what the strategy proposes is well-intentioned but somewhat aspirational at the moment, industry experts say. [Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations]( The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks. [Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi]( Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties. [Why the California Delete Act Matters]( Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause. [Lessons Not Learned From Software Supply Chain Attacks]( Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales]( From the upcoming Billion Dollar Heist to docs on the Ashley Madison breach and Stuxnet, here are a bevy of films that can scratch that wanna-be hacker itch. [Best Practices for Enterprise Private 5G Security]( Omdia's latest research with Trend Micro and CTOne sheds light on 5G security challenges and ways to effectively extend enterprise-grade security to 5G networks [CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency]( The malware, along with a sister strain dubbed "FakeTrade," was found lurking in Google Play. [MORE]( EDITORS' CHOICE [China's Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure]( US officials are concerned that the Beijing-directed cyberattacks could be a precursor to military disruption and broader destructive attacks on citizens and businesses. LATEST FROM THE EDGE [Companies Must Have Corporate Cybersecurity Experts, SEC Says]( Enterprises must now describe their management's expertise in cybersecurity. But what exactly does that entail? LATEST FROM DR TECHNOLOGY [BloodHound Rewrites Open Source Tool, Launches Community Edition]( The open source ecosystem for offensive and defensive security technologies is flourishing, giving security teams access to a wide range of tools to do their jobs. LATEST FROM DR GLOBAL [Saudi Arabia's Tuwaiq Academy Opens Cybersecurity Bootcamp]( Registration has opened for the cybersecurity specialty track at Tuwaiq Academy, where students will learn a variety of related skills. WEBINARS - [Implementing Zero-Trust With A Remote Workforce]( The shift to remote work and a distributed workforce model highlighted the importance of the zero-trust model for organizations. Corporate endpoint devices are no longer protected behind the enterprise perimeter, connect to routers with unknown levels of security, and share ... - [Best Practices and Tools for OT and IT Security]( For years, information technology and operations technology systems have existed in parallel, but that is no longer the case. As the attack against Colonial Pipeline illustrated, attacks against IT can potentially impact OT, and vice versa. OT environments have their ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Nile Raises $175M Series C Funding to Redefine Enterprise Networks]( [MEF and CyberRatings.org Partner on SASE Certification Program]( [Devo and Cybermindz Partner to Address the Mental Health of Front-Line Cybersecurity Workers in the US]( [Forescout's Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117565&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.02.23&sp_cid=49357&utm_content=DR_NL_Dark%20Reading%20Daily_08.02.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#6b If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)