Malware on Macs? GnuPG is Flawed & Docker Hub Has a Problem – ThreatWire

Spread the love

Malware on Macs? GnuPG is Flawed & Docker Hub Has a Problem - ThreatWire

Malware on macs? Yeah, it’s a thing. Apple blocks cops from using lightning ports to steal data, spoofed signatures are a problem in GnuPG, and a slew of backdoored images were found on docker hub.. All that coming up now on ThreatWire.

—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Shop → http://www.hakshop.com
Subscribe → http://www.youtube.com/hak5
RSS Feeds → https://www.hak5.org/subscribe
Support → http://www.patreon.com/threatwire
Amazon Associates → https://amzn.to/2pHgf8T

Our Site → http://www.hak5.org
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999

Help us with Translations! → http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ

For Business Inquiries, please use our contact forms → https://www.hak5.org/contact

Producer: Shannon Morse → https://www.youtube.com/shannonmorse
Editor: Colleen Cavolo
Host: Shannon Morse → https://www.twitter.com/snubs
Host: Darren Kitchen → https://www.twitter.com/hak5darren
Host: Mubix → http://www.twitter.com/mubix
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆

MAC:
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
https://www.cnet.com/news/cybersecurity-tools-could-have-let-nasty-files-live-on-your-mac/

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files


https://motherboard.vice.com/en_us/article/evkq3m/apple-macos-malware-okta-research
https://www.cnet.com/news/apple-iphones-usb-restricted-mode-cuts-off-police-criminal-access/
https://www.theverge.com/2018/6/13/17461464/apple-update-graykey-ios-police-hacking
https://motherboard.vice.com/en_us/article/pavwzv/cops-are-confident-iphone-hackers-have-found-a-workaround-to-apples-new-security-feature

GnuPG Flaw:
https://neopg.io/blog/gpg-signature-spoof/
https://thehackernews.com/2018/06/gnupg-encryption-signature.html
https://arstechnica.com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/
https://neopg.io/blog/enigmail-signature-spoof/
https://neopg.io/blog/pass-signature-spoof/

Docker:

Malicious Docker Containers Earn Cryptomining Criminals $90K


https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/
https://www.bleepingcomputer.com/news/security/17-backdoored-docker-images-removed-from-docker-hub/

Fishing for Miners – Cryptojacking Honeypots in Kubernetes


https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers

Photo credit:
http://gizmobic.com/wp-content/uploads/2013/08/iPhone-5S-iPhone-5C-06.jpg

Author: administrator