Hackers keep trying to get malicious Windows file onto MacOS

A laptop monitor warns of an impending encounter with malware.

Malware pushers are experimenting with a novel way to infect Mac users that runs executable files that normally execute only on Windows computers.

The files and folders found inside a DMG file that promised to install Little Snitch.

The files and folders found inside a DMG file that promised to install Little Snitch. (credit: Trend Micro)

Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files.

“We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design,” Trend Micro researchers Don Ladores and Luis Magisa wrote. “We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine.”

Read 5 remaining paragraphs | Comments

Bevy acquires community-focused networking company CMX

Bevy announced today that it has acquired CMX, which it describes as “the world’s largest community for community professionals.”

In other words, CMX is trying to connect and support the people whose job is to build communities around their companies. To do that, it organizes the CMX Summit and also offers membership to a private network called CMX Pro.

Bevy, meanwhile, has built software for companies to manage community events. In fact, the company was created by the organizers of Startup Grind, who said they initially built Bevy because of the challenge involved in managing all the different Startup Grind events.

The company now says it works with customers including Slack, Atlassian, Asana, Gainsight and Duolingo — in fact, Duolingo uses it to host 1,000 monthly events.

In an email, Bevy CEO Derek Andersen told me, “I’ve been a  CMX community speaker, sponsor, and member for many years, and there is no better way to get educated and networked in the community industry than CMX.”

The financial terms of the acquisition were not disclosed. CMX’s co-founder and CEO David Spinks will continue to lead CMX initiatives within Bevy, and he will become the company’s vice president of community.

“People are in desperate need of meaningful community,” Spinks said in the acquisition announcement. “They’re craving more depth, and that often comes through in-person, real world connection. [CEO Derek Andersen] and the Bevy team have built a great platform to help teams scale their IRL community programs. We’re thrilled to join forces and work toward a more meaningfully connected world.”

The Power Of Purpose: How Entrepreneurs Need To Practice An Abundance Mindset

Ajit Nawalkha, the author of the book “Live Big: The Entrepreneur’s Guide to Passion, Practicality and Purpose” talks about how entrepreneurs need to focus on creating more time to travel, spend time with family, work on personal health and otherwise promote a sense of prosperous fulfillment.

‘El Chapo’ jurors appear to focus on top U.S. charge; no verdict

The jury weighing the fate of accused Mexican drug kingpin Joaquin “El Chapo” Guzman on Monday appeared focused on the main charge against him, whether he engaged in a continuing crime spree that could land him in prison for life.

Exclusive: Brazil miner Vale knew deadly dam had heightened risk of collapse

Vale SA, the world’s largest iron ore miner, knew last year that the dam in Brazil that collapsed in January and killed at least 165 people had a heightened risk of rupturing, according to an internal document seen by Reuters on Monday.