Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12/12/2018
12:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Mac Malware Cracks WatchGuard’s Top 10 List

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

Mac users may have known in their hearts that this was coming: For the first time, Mac-based malware appeared on WatchGuard's Top 10 list of the most common types of malware for Q3 2018. 

The latest "Internet Security Report" report, which analyzed the 100,000 most visited websites on Alexa.com, also found that 6.8% of those sites still support insecure versions of the SSL encryption protocol.

On the Mac front, users can no longer assume that the operating system offers more effective security, says Corey Nachreiner, WatchGuard's CTO. The Mac malware — which came in sixth on the security vendor's list — is primarily delivered via email and tries to trick victims into installing fake cleaning software.

"Mac users that haven't installed a security suite on the endpoint need to do so," Nachreiner says. "The days where Mac users can go to airports, coffee shops, and use home networks without added protections like a firewall and IP reputation services are over."

Marc Laliberte, senior security analyst at WatchGuard, says while it's true Apple designs security into the MacOS, the market dynamics have shifted.

"Hackers look for where they can get the most ROI, and for several years it was with Windows machines," Laliberte says. "Over the last five years, Mac laptops have become very popular, which is why we believe there is a surge in Mac malware."

Websites Need to Upgrade to TLS
As for the sites that still support insecure versions of the SSL, it's time for them to consider upgrading to TLS, Nachreiner says.

In fact, for organizations that don't collect sensitive information, it may make more sense to run an insecure site because running the website with https:// gives users the impression that the site is secure when it's not, he adds.

"The last thing you want to do is give people a false sense of security," Nachreiner says. "We recommend that organizations running websites with sensitive information use TLS 1.2 or TLS 1.3."

The WatchGuard report found that 5,383 websites in the top 100,000 websites visited on Alexa.com still accept SSL 2.0 and SSL 3.0 encryption. SSL 3.0 has been outdated since 2015, while SSL 2.0 was deprecated in 2011. The report also found that 20.9% of the top 100,000 websites do not use encryption at all.

Related Content:

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25136
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25135
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.
CVE-2020-25134
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25133
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25132
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Inject...