Step In The Right Direction For .mac Campaign Monitor
- Step In The Right Direction For .mac Campaign Monitors
- Step In The Right Direction For .mac Campaign Monitor
Month in Review: Apple Security in May 2017 Posted on May 31st, 2017 by May 2017 was yet another crazy month for Apple security. New Mac malware was distributed through phishing e-mails, a popular Mac app's download server got compromised and distributed infected copies of software, notorious Windows malware was ported to Mac, Apple released numerous security patches, and more! Read on for more details. New Mac Malware OSX/Dok Distributed Via Phishing Campaign Phishing e-mails began circulating in late April and early May that contained an attachment with new Mac malware (detected by as OSX/Dok.A or OSX/Dok.B).
The first variant (OSX/Dok.A) disguises itself as an old version of the macOS Preview app and the Mac App Store, tricking users into typing their password, which then allows the malware to install a malicious SSL/TLS certificate and a TOR proxy to intercept all Web traffic, including sites that would normally be (and may still appear to be) secure. The second variant (OSX/Dok.B) is a full-fledged remote access Trojan (RAT) that attempts to steal keychains, iOS backups, iMessage chat history, and more from your Mac. For more details, see Although Apple updated its XProtect signatures and revoked the Apple Developer ID used to sign the first variant, that the attackers already began using a new Developer ID and began to further obfuscate their code to try to avoid detection. New Mac Malware OSX/Proton.B Distributed Via HandBrake Download Server The download server of popular video transcoding software HandBrake was compromised in early May, causing many who downloaded the software to inadvertently infect their Macs. The compromised version of HandBrake put up an unusual dialog box, claiming, 'HandBrake needs to install additional codecs,' and prompted the user for their administrator username and password. Users who fell victim were encouraged by HandBrake's developer to change all passwords in their macOS keychain and any saved browser passwords.
For details, see. Panic Source Code Compromised After HandBrake Hack The founder of, a Mac software company known for its Coda and Transmit software (and unrelated to HandBrake), that the source code of Panic software was allegedly stolen as a result of having installed the infected version of HandBrake on his Mac. Panic warned that its code may be repackaged into fake or infected copies of its software. Be sure to only download Panic's software from a trusted source. New Mac Malware 'Snake' Ported from Windows that the Windows malware known variously as Snake, Turla, Uroburos, and Agent.BTZ has been ported to Mac (or in other words, the malware's code was re-engineered to work with Macs). The Windows version of the malware has been around for many years and has been used in targeted attacks.
The Mac version of the Snake malware was discovered in a compromised Adobe Flash Player installer, signed with a then-valid Apple Developer ID (although not one issued to Adobe) to bypass Apple's Gatekeeper protection. Apple has since revoked the certificate, but of course variants signed by another Developer ID could yet appear. If you must run Adobe Flash Player content, it's safest to use the version built into Google Chrome, or if you must install the plug-in for Safari and Firefox, be sure to only obtain it from this URL: Apple Security Updates On May 15, Apple released security updates for its operating systems and other software, in part to used to hack Apple products by several researchers competing in the annual Pwn2Own contest (which we mentioned briefly in our ). Apple also appears to have patched the kernel vulnerability in macOS Sierra 10.12.4 that was reported by Patrick Wardle, which we mentioned in our.
Apple's Mac operating system, macOS Sierra, has been updated to version 10.12.5, and its mobile operating system iOS has been updated to version 10.3.2 for eligible iPhone, iPad, and iPod touch devices. Security updates were also released for El Capitan, Yosemite, Safari, watchOS, and tvOS. For details, see. Apple iCloud to Require App-Specific Passwords on June 15 Effective June 15, Apple will require those who use third-party applications with their iCloud account to enable two-step or two-factor authentication and use app-specific passwords for third-party apps (such as Microsoft Outlook, Mozilla Thunderbird, and BusyCal and BusyContacts). This is a good step in the right direction; however, as, there's more that Apple could do to further protect users.
For example, Apple could theoretically tighten app-specific passwords to only permit specific functionality, such as allowing access to only contacts or calendars, depending on the app's actual needs. Users should be aware that whenever they reset their primary Apple ID password, their old app-specific passwords will no longer work.
More details can be found in Apple's Using app-specific passwords. Even if you don't use third-party apps with your iCloud account, it's still wise to enable two-factor authentication to protect the security of your Apple ID.
Step In The Right Direction For .mac Campaign Monitors
Apple recently changed the process of enabling two-factor authentication in iOS 10.3, so check for the latest steps to follow for iOS and macOS. FTC Cracks Down on Tech Support Scams The United States Federal Trade Commission (FTC) announced that it is partnering with federal, state, and international organizations to crack down on tech support scams. Fake tech support alerts are becoming increasingly common. Image credit: Josh Long The that victims have spent millions of dollars on 'tech support' to fix non-existent problems with their computers, having been duped by scary scam sites. The sites often claim to be run by Microsoft or Apple, as seen in the screenshot above, and encourage victims to call a phone number to be walked through a process to supposedly clean their computers (while, in reality, victims' computers were never really infected in the first place). Several fraudulent organizations based in the United States have recently been stifled, as the FTC's efforts have led to indictments and arrests of scam operators. Nevertheless, scams like this will continue, so be vigilant; if you see fake warnings in your browser like the one above, don't fall for them, and be sure to to the FTC.
Windows World: Macs Affected By WannaCry? You've most likely seen major news media coverage of WannaCry, which is Windows ransomware capable of spreading itself across a network. Although the vulnerabilities exploited by WannaCry do not affect macOS, those who use Windows on their Macs (either via Boot Camp or a virtual machine such as VMware Fusion, Parallels Desktop, or Oracle VirtualBox) should be aware of the vulnerability and install the necessary updates. For more information, including how to protect your Mac from ransomware, see. Windows World: Macs Reportedly Unaffected By Intel AMT Vulnerability A serious vulnerability in Intel's Active Management Technology (AMT) was recently disclosed to the public that 'can allow an unprivileged attacker to gain control of the manageability features' in PC hardware with AMT. Intel has released guidance on how to check for the vulnerability on your systems, how to mitigate the vulnerability if it's present, and where to obtain firmware patches from various hardware manufacturers.
Mac users may wonder about whether their computers are vulnerable. 'Apple Macs, although they use Intel chips, do not ship with the AMT software, and are thus in the clear.' Subscribe to The Mac Security Blog Be sure to subscribe to The Mac Security Blog to stay informed about Apple security throughout each month. If you missed Intego's previous Apple security news roundups for 2017, you can check them out. Have something to say about this story? Share your comments below!
About Joshua Long Joshua Long , Intego's Chief Security Analyst, is a renowned security researcher and writer. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Business Administration and Computer and Information Security. His research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's security articles at and follow him on. This entry was posted in and tagged,. Bookmark the.
Hi Rudi, To change the monitor settings to left to right or right to left refer to the following steps: a. Right click a blank area on the desktop. Select the option Personalize and then Display settings.
Step In The Right Direction For .mac Campaign Monitor
In the Monitor window that opens you should see your two monitors. Click and drag the right hand monitor left to the left of the original left monitor and release the drag and check if it helps. To move apps from the Windows Store around your screen, press the Windows logo key +Left Arrow or Windows logo key +Right Arrow.
To move the Windows Store app to a different monitor, press the Windows logo key +Shift+Left Arrow or Windows logo key +Shift +Right Arrow. To move desktop apps to the left, center, and right on a screen and then to the next monitor, press Windows logo key +Right Arrow and Windows logo key +Shift+Left Arrow. More information you may refer to the following article: Do more with multiple monitors: Refer- Set up what’s on the screen: Keyboard shortcuts: Keep us posted on the status of the issue.