Friday March 5
08:15
About the security content of iOS 10.3
This document describes the security content of iOS 10.3.
|
Read more »
08:09
About the security content of iTunes 12.7.4 for...
This document describes the security content of iTunes 12.7.4 for Windows.
|
Read more »
08:05
About the security content of Safari 11.1
This document describes the security content of Safari 11.1.
|
Read more »
08:01
About the security content of watchOS 4.3
This document describes the security content of watchOS 4.3.
|
Read more »
07:58
About the security content of iCloud for Windows 7.4
This document describes the security content of iCloud for Windows 7.4.
|
Read more »
07:54
About the security content of tvOS 11.3
This document describes the security content of tvOS 11.3.
|
Read more »
07:50
About the security content of iOS 11.4
This document describes the security content of iOS 11.4.
|
Read more »
07:46
About the security content of tvOS 11.4
This document describes the security content of tvOS 11.4.
|
Read more »
07:41
About the security content of watchOS 4.3.1
This document describes the security content of watchOS 4.3.1.
|
Read more »
07:38
About the security content of iTunes 12.7.5 for...
This document describes the security content of iTunes 12.7.5 for Windows.
|
Read more »
07:32
About the security content of iCloud for Windows 7.5
This document describes the security content of iCloud for Windows 7.5.
|
Read more »
07:27
About the security content of Safari 11.1.1
This document describes the security content of Safari 11.1.1.
|
Read more »
07:22
About the security content of iOS 12.1
This document describes the security content of iOS 12.1.
|
Read more »
07:07
About the security content of iOS 12.1.3
This document describes the security content of iOS 12.1.3.
|
Read more »
07:01
About the security content of macOS Mojave 10.14.3,...
This document describes the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra.
|
Read more »
06:56
About the security content of tvOS 12.1.2
This document describes the security content of tvOS 12.1.2.
|
Read more »
06:48
About the security content of watchOS 5.1.3
This document describes the security content of watchOS 5.1.3.
|
Read more »
06:43
About the security content of iOS 12.3
This document describes the security content of iOS 12.3.
|
Read more »
06:31
About the security content of watchOS 5.2.1
This document describes the security content of watchOS 5.2.1.
|
Read more »
Thursday March 4
06:05
Powershelling Away At Bitlocker
The Enable-BitLocker cmdlet is available in Powershell to encrypt drives. The command is fairly straight forward once we figure out how to do a few things. In the following we’ll use -mountPoint to define that it’s the default C: drive that we’re encrypting, followed by -EncryptionMethod as an Aes128 or an Aes256 and then who can unlock, in this case, the CharlesEdge short name on the Krypted domain, then we’ll prompt (that can be removed) and define a -pin of 2345 to unlock the recovery key and finally drop the key off at a -RecoveryKeyPath. Seems like a lot but it’s not and there are ways to do a password instead of a key but since the target location should be write only we don’t want to put too much of a barrier up for the script in f: that, let’s say, might pick it up and pop it into a database or device management tool:
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -AdAccountOrGroup "Krypted\CharlesEdge" -AdAccountOrGroupProtector -Confirm -Pin 2345 -...
|
Read more »
Wednesday March 3
10:12
AA21-062A: Mitigate Microsoft Exchange Server...
Original release date: March 3, 2021
Summary
Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.
This Alert includes both tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs)...
|
Read more »
05:02
Riddles in Assembly
Monday March 1
11:40
Developer Mode System Extensions on macOS
System and Network Extensions are fairly easy programmatically. However, there is some nuance around building them. Much of this is in getting the correct entitlements – but also a little in troubleshooting.
To see (or set) those entitlements, look at the .entitlements file located in the root of an Xcode Project. That will be a plist with a few entries. In this one, we’ll see com.apple.developer.networking.networkextension so we’re working on a network extension.
com.apple.security.app-sandbox
com.apple.security.application-groups
$(TeamIdentifierPrefix)com.krypted.firewall
com.apple.developer.networking.networkextension
content-filter-provider
To add one, go to the General screen for the project, and locate the section for Frameworks, Libraries, and Embedded Content.
...
|
Read more »
Saturday February 27
11:15
So Long, Fry’s, Thanks For All The Fish
Thursday February 25
09:22
Create Email Aliases in Office 365
The things are always changing. I write less and less how-to things because as the rate of innovation skyrockets (another way to say changes that are sometimes good and sometimes bad) – the second I hit save the article seems out of date, or technical debt. But hey, sometimes I have to look longer than I should for something. So. To create an email alias in Microsoft Online/Office 365.
- Login to an account with Exchange administrative capabilities
- Click the Admin tab.
- Click Exchange in the left sidebar.
- Click Recipients.
- Click Mailboxes (or Users in the newer interface).
- Click the user to create the alias for (in the old interface click the pencil in the new interface simply double-click).
- At the pop-up (yah, make sure to allow pop-ups if it doesn’t open), select Email Address.
- You then see a list of existing aliases along with the default email address bolded. Click the + sign. Don’t touch any of the...
|
Read more »
Wednesday February 24
06:00
AA21-055A: Exploitation of Accellion File Transfer...
Original release date: February 24, 2021
Summary
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States.
Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal...
|
Read more »
Monday February 22
11:28
Jamf After Dark: The Language Of Design Systems
11:20
MacAdmins Podcast: School Life
09:40
Some Basic Chromeos Troubleshooting (Under the hood)
Chromeos is one of the easier operating systems to use. It’s matured a lot over the years and there are now some great troubleshooting options under the hood. One thing I hate doing is mashing buttons without at least some semblance of proof of a hypothesis about what a problem is. In other words, I like to start troubleshooting with logs. For this let’s use Ctrl+Alt+F2 to bring up a virtual terminal. From there:
- A standard place for logs since Unix System V has been /var/log. In there are files such as libcros_log, which is where chromium dumps logs from services.
- /var/log/messages and subdirectories of /var/log/window_manager/chromeos-wm.LATEST and /home/chronos/user/log/chromoeos-wm.LATEST
- /home/chronos/user/log/chrome_log which is dedicated chrome logs for the internal login manager
- Find installed webapps in /opt/google/chrome/resources
To reconfigure the network stack, use the initctl command along with the restart verb...
|
Read more »
Sunday February 21
11:14
Apple 1997-2011: The Return Of Steve Jobs
Thursday February 18
11:11
From Moveable Type To The Keyboard
Wednesday February 17
08:29
Reviewing TCC dialog prompts using logs on a Mac
I wrote this awhile back on using the logging facilities in macOS to review and parse logs. The log command provides a number of options to see various events on a Mac. I was recently working on an app that was automatically denying a prompt to generate entitlements and thought I’d post how to find the logs for that. First, let’s find all prompts. We’ll do that using the com.apple.TCC subsystem as a predicate. In the below command we simply pipe the output to grep for Prompting.
/usr/bin/log show -style syslog --predicate 'subsystem == "com.apple.TCC"' --info --last 12h | grep Prompting
I’d much rather use “&& contains” in syslog because I suspect it would be more efficient – but I find I prefer grep. Now that we see the output, let’s swap that Prompting in the above to deny and shorten the window for how long it takes to compile and run the app (typically less than an hour):
/usr/bin/...
|
Read more »
08:00
AA21-048A: AppleJeus: Analysis of North Korea’s...
Original release date: February 17, 2021
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies,...
|
Read more »
Monday February 15
11:27
Jamf After Dark: Jamf Now and an Update On Small...
11:19
MacAdmins Podcast: Alectrona Patch
08:30
NeXT Computer && Apple
Friday February 12
07:10
Apple’s Lost Decade
Thursday February 11
11:15
AA21-042A: Compromise of U.S. Water Treatment...
Original release date: February 11, 2021
Summary
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used...
|
Read more »
07:56
Quick and Dirty Avrae and DNDBeyond Commands
Discord is a great service for building quick chat groups, having video chats with multiple people (I’ve even used it to record podcasts), and much more. DNDBeyond has changed the way some of my Dungeons and Dragons groups play the game by allowing us to build character sheets online, giving quick access to information we used to pause games to look up in books, act as an online dice roller for parties where we can all see the results (with buffs added in), and now integrate and stream that to Discord using the Avrae Discord bot.
I don’t think anything has changed the way we play Dungeons and Dragons more since the move from basic to 1st edition or the move to 5e. One thing though, the APIs for DNDBeyond and the Avrae bot keep evolving but there are some really basic game play elements that I can go through to help anyone new to the...
|
Read more »
Tuesday February 9
07:09
The Unlikely Rise Of The Macintosh
Thursday January 28
13:26
Set up home theater audio with HomePod and Apple TV...
Use a HomePod or stereo pair with your Apple TV 4K to create a theater experience with Dolby Atmos or surround sound right in your home.
|
Read more »
Thursday December 6
22:10
About the security content of iOS 12.1.1
Monday May 3
08:17
iPad: How to transfer or sync content to your...