Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12/12/2018
12:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Mac Malware Cracks WatchGuard’s Top 10 List

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

Mac users may have known in their hearts that this was coming: For the first time, Mac-based malware appeared on WatchGuard's Top 10 list of the most common types of malware for Q3 2018. 

The latest "Internet Security Report" report, which analyzed the 100,000 most visited websites on Alexa.com, also found that 6.8% of those sites still support insecure versions of the SSL encryption protocol.

On the Mac front, users can no longer assume that the operating system offers more effective security, says Corey Nachreiner, WatchGuard's CTO. The Mac malware — which came in sixth on the security vendor's list — is primarily delivered via email and tries to trick victims into installing fake cleaning software.

"Mac users that haven't installed a security suite on the endpoint need to do so," Nachreiner says. "The days where Mac users can go to airports, coffee shops, and use home networks without added protections like a firewall and IP reputation services are over."

Marc Laliberte, senior security analyst at WatchGuard, says while it's true Apple designs security into the MacOS, the market dynamics have shifted.

"Hackers look for where they can get the most ROI, and for several years it was with Windows machines," Laliberte says. "Over the last five years, Mac laptops have become very popular, which is why we believe there is a surge in Mac malware."

Websites Need to Upgrade to TLS
As for the sites that still support insecure versions of the SSL, it's time for them to consider upgrading to TLS, Nachreiner says.

In fact, for organizations that don't collect sensitive information, it may make more sense to run an insecure site because running the website with https:// gives users the impression that the site is secure when it's not, he adds.

"The last thing you want to do is give people a false sense of security," Nachreiner says. "We recommend that organizations running websites with sensitive information use TLS 1.2 or TLS 1.3."

The WatchGuard report found that 5,383 websites in the top 100,000 websites visited on Alexa.com still accept SSL 2.0 and SSL 3.0 encryption. SSL 3.0 has been outdated since 2015, while SSL 2.0 was deprecated in 2011. The report also found that 20.9% of the top 100,000 websites do not use encryption at all.

Related Content:

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...