💾 Archived View for cjc.im › 2016 › 11 › 22 › Infosec-Weekly › index.gmi captured on 2022-04-29 at 11:19:41. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
Nov 22, 2016
System Integrity Protection is a mechanism that has been shipping with MacOS (Previously, Mac OSX) that would stop specific files being altered, even by the root user in order to prevent any malicious changing of them. Whilst it is possible users can disable this, it was generally seen as good for most beyond some power users. The new-fangled Touch Bar enabled Macbook Pros have been shipping with this feature disabled in some circumstances. Apple will release a patch soon.
Source: (Apple Insider)[http://appleinsider.com/articles/16/11/17/system-integrity-protection-disabled-by-default-on-some-touch-bar-macbook-pros/amp/]
A security researcher discovered that outlook 365 was signing forwarded emails that came from a spoofed microsoft.com with it's own DKIM key (DomainKeys Identified Mail). This would mean that email applications such as gmail would display a small verified lock against an email that came via this path allowing someone to create a convincing phishing email from Microsoft. This was patched in October 2016.
Source: (Security Week)[http://www.securityweek.com/office-365-flaw-made-fake-microsoft-emails-look-legitimate]
Several high profile Twitter accounts started sending out spam tweets. The exact method of compromise has not been release.
Source: (RT)[https://www.rt.com/news/367480-twitter-accounts-hacked-spam/]