‭+1 (617) 500-3221

Questions? Need help? Click Here

Welcome! New Office macro attacks against MacOS plus more on Tech Talk with Craig Peterson on WGAN

Podcast

Welcome!

Craig discusses these new macro attacks from MS Office against MacOS and why it is not as big a deal as the media are making it out to be.

For more tech tips, news, and updates visit – CraigPeterson.com

Read More:

Window Swap Lets You Enjoy the View From Other People’s Windows Around the World

Report: Hundreds of apps have hidden tracking software used by the government

Researcher Finds New Office Macro Attacks for MacOS

New cars can stay in their lane—but might not stop for parked cars

Here’s why Apple believes it’s an AI leader—and why it says critics have it all wrong

Snapdragon chip flaws put >1 billion Android phones at risk of data theft

Trump Targets WeChat and TikTok, in Sharp Escalation With China

Pen Testers Who Got Arrested Doing Their Jobs Tell All

Information Operations Spotlighted at Black Hat as Election Worries Rise

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] We’ve got a resurrection of a problem we’ve had for many years. Thanks. Microsoft looks like macros are hitting max now.

Yes indeed. You thought you were safe by using a Mac. You usually are. Okay. The bottom line, Apple Macintoshes are great pieces of equipment. They were developed on software. That was developed at universities, that Unix operating system. It is the operating system. The internet was designed on. It’s still the operating system that is used to run the backbone of the internet.

So if you’re a school and you have a lot of people, students, and others, who would. Kind of like to do the Ferris Bueller thing and change their grade. You better have a secure operating system and you better make sure your internet stack is secure. So we know over the years, the software that Microsoft is using, they started with software from a company called Spider.

And I actually. Hope to port that way back when, to the Microsoft operating system, Windows operating system, when Mt. 1.0 was coming out. Yeah. I’ve been in it for a very, very long time and it wasn’t a great implementation and I did some implementations. For digital equipment corporation as well, so that they had something that was smooth.

And I fixed problems with the stack over the years. So we know that yeah. You know, Unix was designed with security in mind from day one, not the type of security we need today. Mind you, but it has a lot of security in it. And windows were designed as kind of an afterthought. They, they took a big crowbar and, and they put.

And to the windows and internet, that’s kind of basically what they did. And you probably remember some of the others know Val, which almost won that battle. At least in the Windows world, they had a great little stack going and the different protocols and everything. We won’t get into all that right now.

But back then, you remember when. Microsoft introduced macros Mac crows are available in word and Excel and some of the other software packages and it’s to make your life just. That much easier, at least that’s their goal. Let’s make everybody’s life easier. So off they go, trying to make life easier for everybody.

And what ends up happening? Well, uh, yeah, not so easy. What they were doing with Matt with macros is basically allowing you to do programming. They had eventually visual basic in, and you could do a whole bunch of stuff with the visual basic, but. That’s where the creeps started. Right in the side. All of a sudden you have the ability with these macros to do programming.

And when that happens, what are the bad guys do? Well, the bad guys use that to kind of create, been from this height and. Do malicious things like write files, they shouldn’t have been writing or read-files. They shouldn’t have been reading or cross execute things that just shouldn’t have happened.

Putting links in Microsoft has thank goodness. I removed a lot of that functionality. Uh, internet Explorer was. Terrible at some of this stuff, what internet Explorer was doing was frankly, kind of criminal, allowing you to have a website run code on your machine, not, not within the browser, but actually run code on your machine.

And that’s part of the problem seen with other implementations as well. So now we’re finding out from a researcher. His name is Patrick Wartell. He’s a principal security researcher, GMF. You might want to check them out. Jam J M F has some great software for managing your devices, pulling it all together.

Having one centralized management system works great for max works great for windows, et cetera, et cetera. So. He has come up with a real problem. And it’s, it’s kinda sad to see after all these years. How, how long are these macros been around 20 years? I think it is. It’s been a long time. So. Microsoft office, no strangers you’d have vulnerabilities.

They haven’t fixed all of these vulnerabilities, you know, pros and cons to some of this stuff. But I turn off macros. Okay. Just get rid of them. They are nothing but trouble. Okay. That’s the bottom line here. If you need to do some Grammy, do some programming, use real tools to do it that have really great controls on it.

Don’t put any macros into the Microsoft office software. It’s just always been a problem. So most of the vulnerabilities over the years have led from Microsoft office over to Microsoft windows, but now it turns out there is a potential path for Mac Wes as well. And it’s kind of scary. It was discussed a week ago here, over at the black hat conference.

Now, if you’re not familiar with BlackHat, it happens every year. This is the first year that I’m aware of that it’s been virtual. I’m pretty sure it’s the first year it’s been virtual. Usually, everybody gets together in Vegas. Uh, you, you take your phone, you turn it off. You should not feel a laptop. You’re never use anything electronic.

If you were in BlackHat or if you’re in Vegas during BlackHat,  it’s going to be hacked. And there are some real fun sessions there at BlackHat like spotting the fed where the Hill they’ll have everybody who’s in a session. Uh, just say who’s the fan to here, right? Cause there’s always federal guy, IT officers.

There’s FBI there’s secret service, NSA, CIA. Everybody goes to this thing, right? Because it’s not necessary. Sarah Lee all dark black arts from a negative standpoint, but it. Is about how you could do hacking how hacking works. And so they share a lot of information back and forth. Well, this was shared at black hat this year, about a week and a half ago.

Now in most of the macro-based attacks, human enter intervention on the part of the victim is required. If you are on a Mac and there is one of these macro hacks that is with the tube downloaded, right. Mistake one, you haven’t turned off macro execution, mistake two, and you’ve gone even further than that.

And it pops up saying, there’s a macro, do you want to run it? And you say, yeah, go ahead and run it. Okay. You’ve made at least three mistakes. These macros on the Mac must be given explicit permission to be able to run. And if they run, they can cause nothing but trouble for you. Okay. Now, Mac has a special privileged mode now that has really saved the goose of many people out there.

And I think that’s a very, very good thing, frankly, because people need to understand that what they’re doing. And of course, people don’t understand it most of the time. So on the Mac, there are some special privileges that you need in order to get files that might cause problems. Okay. But. It’s the second stage payload here that really starts causing you some problem.

And it can be really, really huge problems. Now, this is from dark reading, a site that I follow all the time and a few words, our security person, or maybe just responsible for the security in your business. You might want to kind of keep an eye on it. It’s kind of like the FBI InfraGard feed that I get from the FBI.

BI InfraGard program, uh, daily with multiple other alerts. It just can be overwhelming if there’s it’s your full-time job. But this second stage payload is doing some nastiness here. It is actually trying to skim your credentials, create a bot, or even encrypt your data as part of a ransomware scheme.

And all of this is happening. On Mac OS now that’s really happened in front of me. All of these machines here that are I’m using are all Macs. Yes, indeed. And so I know a fair amount about them. You probably know that already, right? I helped to write some of the code that’s the basis of today’s MacOS but.

The modern malware writers that are trying to do this through macros through Microsoft office are in a bit more of a bind because of what’s called sandboxes. This is a kind of a Waldorf environment that helps to protect everything. So be very careful, write down, download this stuff. Don’t run macros, turn macros off.

It’s our new. Attack against MacOS but it’s been around for a very long time in the windows world. Hey, if, if you’re looking for that great new car, one that drives itself down the road. I got some big news for you. I’m afraid it’s more dangerous than we thought. Visit me online. Craig, Peterson dot com

More stories and tech updates at:

www.craigpeterson.com

Don’t miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

Listen to this episode

Related posts

  1. Welcome! Big Tech and Our Kids, Cloud Software not a Panacea, Regulatory compliance and Liability and more on Tech Talk with Craig Peterson on WGAN
  2. Fileless Malware, Credential Stuffing, Advanced Malware Protection plus more on this Tech Talk with Craig Peterson Podcast
  3. Do You Know Anyone Who Uses TikTok? Kids Are Dying Because of It!
  4. Welcome! The dangers of Android phones to various scams involving hiring and Black Friday and some tips on staying safe and more on Tech Talk With Craig Peterson today on WGAN