The Iru Blog

Iru Team

•

4 min read

How to Level Up Your Security Education Program

Educating end-users is a core responsibility for security teams. Not only are such education programs required by compliance regimes, but they’re also one of the most effective ways to actually maintain security: Users are now one of the key attack vectors for bad actors. The more they know about the threats and how to respond to them, the better they’ll be able to defend themselves and your organization.

Educational September 27, 2024

Alexandre Morin & Brian Van Peski

•

7 min read

Migrating MDM on iOS and iPadOS Using Return to Service

When you’re migrating from one MDM solution to another, you have to move the devices you’re managing with you. They need to be enrolled in that new solution so you can manage them.

Educational August 27, 2024

Christopher Lopez

•

19 min read

TodoSwift Disguises Malware Download Behind Bitcoin PDF

A signed file named TodoTasks was uploaded to VirusTotal on 2024-07-24. This application shares several behaviors with malware we’ve seen that originated in North Korea (DPRK)—specifically the threat actor known as BlueNoroff—such as KandyKorn and RustBucket; given these commonalities, we believe this new malware—which we’re dubbing TodoSwift—is likely from the same source.

Threat Intelligence August 16, 2024

Christopher Lopez

•

13 min read

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

On July 29, @4n6Bexaminer tweeted about a new macOS stealer. Moments later, Hunt.io tweeted about the same new malware and then released a blog post about it on July 30. That post focused primarily on the malicious bash scripts that were downloaded from the command-and-control (C2) server and then executed as the second stage.

Threat Intelligence August 8, 2024

Iru Team

•

8 min read

Apple Intelligence: What Mac Admins Need to Know

One of Apple’s biggest announcements at this year’s WWDC was about the upcoming release of what the company calls Apple Intelligence. But, this being Apple, it wasn’t just a jumping-on-the-bandwagon announcement about AI. Rather, it’s about the very Apple approach the company is taking to artificial intelligence, one that puts user benefits and protections first.

Educational July 30, 2024

Iru Team

•

5 min read

How to Make Device Management Work for End Users

There’s no question that modern device management is a boon to IT teams. It simplifies and centralizes the way you deploy operating systems, apps, and settings on the devices your organization relies on to get its work done. It also gives you visibility into how those devices are being used and whether they’re in compliance with your desired end-states.

Educational July 19, 2024

Csaba Fitzl

•

4 min read

Dock Tile Plugins Could Be Used to Escalate Privileges

I recently came across a persistence feature in macOS that's tied to Dock tile plugins.

Threat Intelligence July 19, 2024

Christopher Lopez

•

7 min read

How Twitch Helper Can Be Used for Privilege Escalation

Privileged helpers are bits of software that assist applications by running elevated privileged actions separate from the app itself. XPC is Apple’s interprocess communication mechanism that makes this possible.

Threat Intelligence June 12, 2024

Adam Kohler & Christopher Lopez

•

5 min read

Update: Cuckoo Malware Evolves

Since our initial report about the Cuckoo malware, there have been some updates to its functionality and infection vector that we wanted to let the Apple security community know about.

Threat Intelligence May 29, 2024

Csaba Fitzl

•

9 min read

How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424)

CVE-2023-40424 is a vulnerability that allows a root-level user to create a new user with a custom Transparency Consent and Control (TCC) database in macOS, which can then be used to access other users’ private data.

Threat Intelligence May 22, 2024

Ali Khan

•

5 min read

How MDM Can Help You Achieve ISO 27001 Compliance

ISO 27001 is a compliance standard that defines in general terms what a good information security management system (ISMS) should do. Such systems protect the security, availability, and confidentiality of an organization’s information assets through technical and organizational policies and procedures. Conformity with ISO 27001 means that an organization has systems in place and is following best practices to manage risks to its data.

Educational May 17, 2024

Adam Kohler & Christopher Lopez

•

28 min read

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.

Threat Intelligence April 30, 2024

Iru Team

•

5 min read

To Improve IT Efficiency, Consider New KPIs

How efficient is your IT team? Historically, that’s been a straightforward question, with an equally straightforward answer: You look at the number of help-desk tickets they receive in a given time period, count the number that were solved, calculate the ratio of tickets solved to tickets received, and—voila! You have a metric.

Thought Leadership April 23, 2024

Iru Team

•

9 min read

How to Add Devices to Apple Business Manager Using Apple Configurator

Before mobile device management solutions for Apple devices—such as Iru—were common, there was Apple Configurator.

Educational April 18, 2024

Adam Kohler & Christopher Lopez

•

11 min read

CloudChat Infostealer: How It Works, What It Does

On April 3, 2024, we came across an undetected file that had been uploaded to the online virus-checker VirusTotal that day named Clip. Right off the bat, we noticed that the file had some red flags that warranted further investigation.

Threat Intelligence April 8, 2024