Security Focus: From Malware to Passwords, Protect Your Technology

Security Focus: From Malware to Passwords, Protect Your Technology 600 444 Drummond Group
In this issue:
  1. Clip “Silver Sparrow” ASAP
  2. Passwords in Peril
  3. FYI: Breaches
Clip “Silver Sparrow” ASAP

Over the last week, security researchers found a new mysterious malware – referred to as “Silver Sparrow” – that is said to be leveraging the macOS Installer JavaScript API to execute suspicious commands.

Drummond has learned that although the security firm Red Canary has not yet observed any final payload, the exact threat continues to be a mystery. This previously undetected malware seems to be affecting Mac users around the world.

HITRUST clients are encouraged to take action to detect and remove the malware as soon as possible if found within your systems. While a final payload has yet to be determined by security researchers, the placement of the malware on the system could enable a quick installation and/or execution of a malicious payload.

For any related questions or to learn more about the malware, we urge you to contact Apple support and/or see articles posted in the following publications:

Passwords in Peril

HITRUST Domain 10 focuses specifically on Password Management. HiTrust requires an organization to maintain a list of commonly used/compromised passwords that is updated every 180 days, and that should be communicated to workforce members to remind them not to use the words identified. The importance of securing your organization’s technology is linked to user education and should include regular maintenance, such as sharing a list of commonly used and compromised or “known” passwords.

A recent article, The 20 Most Common Passwords Found on the Dark Web, includes a great list to send within your organizations to ensure the passwords are not used on work systems and in their personal lives as well.

Other sites serve as great references, too, including:

FYI: Breaches

Accellion, a software application firm that provides file transfer services, was breached in late December. Known companies affected are names like Kroger, Jones Day Legal, Washington State Auditor’s office and the University of Colorado, just to name a few. If you use Accellion for any services, you should contact them immediately to see if your company has been impacted.

Ubiquiti Networks, a major provider of wireless and networking gear, suffered a major data breach in January. They informed customers to change passwords on their systems as a precaution, as the data compromised included user IDs, names, email addresses, and salted and hashed passwords of people using For more details, contact Ubiquiti Support. If you utilize Ubiquiti products and have not yet changed your passwords, it would be recommended to do so as soon as possible.

Sign up for HITRUST Updates

  • This field is for validation purposes and should be left unchanged.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.