New "Quimitchin" Mac Malware Emerges Targeting
Scientific Research
… It was discovered when an IT admin noticed unusual
traffic coming from a particular Mac. Investigation led Malwarebytes to the
espionage malware it now describes as Quimitchin (named after Aztec spies who would
infiltrate other tribes -- the spies and the code are both ancient).
… Its primary
purpose seems to be screen captures and webcam access, making it a classic
espionage tool. "It seems that this
malware is trying to exfiltrate data from anything it can access. Since this has been seen infecting Macs at
biomedical facilities, we believe it's being used for espionage to steal
scientific data -- but we don't know at this point who might be behind the
malware," he said.
Somewhat surprisingly the code uses antique system calls. "These are some truly ancient functions,
as far as the tech world is concerned, dating back to pre-OS X days," he
wrote in the blog post. "In
addition, the binary also includes the open source libjpeg code, which was last
updated in 1998."
… Quimitchin
consequently presents a conundrum. It is
simple in design, yet seems to have been undetected for several years. "The only reason I can think of that this
malware hasn't been spotted before now," suggests Reed, "is that it
is being used in very tightly targeted attacks, limiting its exposure.
Interesting. I
wonder if we can get the raw data to do some more detailed research?
Cyber Skills Gap Quantified in Terms of Supply and Demand
Indeed.com, which describes itself as the world's number
one jobs site, has now provided
facts and figures from its own experiences. It does this by comparing security vacancies
(industry demand) against click-interest (supply) from job seekers. The difference between the two figures
demonstrates the size of the skills gap in terms of both security specifics and
global region. Since Indeed is able to
compare the difference today with the difference from two years ago, it is also
able to quantify whether the skills gap is widening
or narrowing.
Some of these files address topics I thought were urban legends.
Silly me.
http://www.bespacific.com/welcome-to-the-new-cia-freedom-of-information-act-electronic-reading-room/
Welcome to the new CIA Freedom of Information Act Electronic
Reading Room
by Sabrina I.
Pacifici on Jan 18, 2017
“The CIA’s declassified database is now
online. Thanks to a MuckRock lawsuit
and Mike Best’s diligence, you can now read over 13 million pages of Agency records – Back in December, we
wrote about how the CIA would be placing its previously-inaccessible CREST database online. The move was a response to our lawsuit,
handled pro bono by with Kel McClanahan of National Security Counselors, as well as Mike
Best’s diligence in trying to manually print and scan the archive. Today, we’re happy to announce that all 25
years worth of declassified documents are now available – no trip to the
National Archives required.”
Stuff I can use in class.
Free for All: NYPL Enhances Public Domain Collections For
Sharing and Reuse
by Sabrina
I. Pacifici on Jan 18, 2017
New York Public Library – “Today we are proud to announce
that out-of-copyright materials in NYPL Digital Collections are now
available as high-resolution downloads. No permission required, no hoops to jump
through: just go forth and reuse! The
release of more than 180,000 digitized items represents both a simplification
and an enhancement of digital access to a trove of unique and rare materials: a
removal of administration fees and processes from public domain content, and
also improvements to interfaces — popular and technical — to the digital assets
themselves. Online users of the NYPL Digital
Collections website will find more prominent download links and
filters highlighting restriction-free content; while more technically inclined
users will also benefit from updates to the Digital Collections API enabling
bulk use and analysis, as well as data exports and utilities posted to NYPL’s GitHub account. These changes are intended to facilitate
sharing, research and reuse by scholars, artists, educators, technologists,
publishers, and Internet users of all kinds. All subsequently digitized public domain
collections will be made available in the same way, joining a growing
repository of open materials.
No comments:
Post a Comment