Sorry for the Twitter link, but Patrick Wardle doesn't yet have a Mastodon account that I can find.

https://twitter.com/patrickwardle/status/1611482670156091392

Microsoft security blog post "comes close" to ripping off Wardle's "The Art of Mac Malware," and doesn't cite prior research, which it clearly draws upon, he says.

The post in question: https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/

Have you ever thought that people hundreds and thousands of years ago weren't stupider than us? I used to think they were stupider. I guess because of our comparative technologies.

But now I think they were smarter. We have a short memory. We are disconnected from the systems that sustain us like food production, climate, and basic survival skills or even craftsmanship. We know celebrities we'll never meet but not all of our neighbors.

Timeline cleanse....

Someone really likes leaves.

🤭🥰😍

Huh, never thought to look this up, because we sort of took it as gospel that the OPenSSL "Heartbleed" thing was a massive problem.

In actuality, doing a survey of searches - the impact to the environment was not supposedly massive caches of lost or stolen data, or even the primary route for a breach... but instead was the resources consumed looking for and patching the vuln.

There's only two real notable stories on orgs reporting an impact from a Heartbleed exploit, from Community Health Systems (CHS) which was reported by TrustedSec through "anonymous, but trusted contacts of those responding to the breach" (supposedly through grabbing creds from a policy device, I think Palo Alto). But not much reporting afterwards.

Second is a "whiz kid" in Canada who two years after his supposed use of the Heartbleed exploit, resulted in 900 Canadian equivalent to their social security number, being stolen. Reporting doesn't indicate how they were stolen, just ties it to the Heartbleed exploit. Even the case reporting doesn't detail it, so I find it highly suspect.

Much like most things it seems, if there's a vuln that's new closely released to a breach or other incident, it's often convenient to tie it to that exploit, without verification. Funny, these stories were within two weeks of the vuln... and then zero... and for something as wide ranging in scope and breadth as OpenSSL, one wonders why more hasn't been reported globally other than these tow incidents.

I think we dodged a bullet with Heartbleed, short of the work to patch.

I also would like to share that the narrative about OpenSSL's vuln being impactful was merely from the triage level and awareness, not the actual monetary value of loss sort of resource expenditure and not data theft or even a major breach.

So, now you know. I feel wiser for looking into it (due to clarifying a statement on a report coming out) and I was curious, since it is the whipping boy for software supply chain security.

Probably one of my favourite pictures I've taken on my phone! The best camera is the one you have on you :)

It's portrait, so please expand to see the whole thing!

#photography #mastoart

NEW: On a recent threat hunt, our MDR team uncovered multiple Raspberry Robin infections using a DLL spreader.

The USB worm was first spotted in Sept 2021 by Red Canary. Back then, its purpose wasn’t clear. Since then, it’s spread – a lot.

1/10