Security Focus: From Malware to Passwords, Protect Your Technology

Clip “Silver Sparrow” ASAP

Over the last week, security researchers found a new mysterious malware – referred to as “Silver Sparrow” – that is said to be leveraging the macOS Installer JavaScript API to execute suspicious commands.

Drummond has learned that although the security firm Red Canary has not yet observed any final payload, the exact threat continues to be a mystery. This previously undetected malware seems to be affecting Mac users around the world.

HITRUST clients are encouraged to take action to detect and remove the malware as soon as possible if found within your systems. While a final payload has yet to be determined by security researchers, the placement of the malware on the system could enable a quick installation and/or execution of a malicious payload.

For any related questions or to learn more about the malware, we urge you to contact Apple support and/or see articles posted in the following publications:

• https://www.macworld.com/article/3608621/30k-macs-are-infected-with-silver-sparrow-virus-and-no-one-knows-why.html
• https://redcanary.com/
• https://9to5mac.com/2021/02/20/macos-malware-m1-mac/
• https://www.macrumors.com/

Passwords in Peril

HITRUST Domain 10 focuses specifically on Password Management. HiTrust requires an organization to maintain a list of commonly used/compromised passwords that is updated every 180 days, and that should be communicated to workforce members to remind them not to use the words identified. The importance of securing your organization’s technology is linked to user education and should include regular maintenance, such as sharing a list of commonly used and compromised or “known” passwords.

A recent article, The 20 Most Common Passwords Found on the Dark Web, includes a great list to send within your organizations to ensure the passwords are not used on work systems and in their personal lives as well.

Other sites serve as great references, too, including:

• https://haveibeenpwned.com/
• https://nordpass.com/most-common-passwords-list/
• pcmag.com
• zdnmet.com

FYI: Breaches

Accellion, a software application firm that provides file transfer services, was breached in late December. Known companies affected are names like Kroger, Jones Day Legal, Washington State Auditor’s office and the University of Colorado, just to name a few. If you use Accellion for any services, you should contact them immediately to see if your company has been impacted.

Ubiquiti Networks, a major provider of wireless and networking gear, suffered a major data breach in January. They informed customers to change passwords on their systems as a precaution, as the data compromised included user IDs, names, email addresses, and salted and hashed passwords of people using UI.com. For more details, contact Ubiquiti Support. If you utilize Ubiquiti products and have not yet changed your passwords, it would be recommended to do so as soon as possible.