Headlines 24.nl verzamelt actueel nieuws via de rss feeds van online kranten. Op elk moment geven wij al het laatste nieuws overzichtelijk weer.

Tevens kunt u inloggen om uw eigen nieuws pagina samen te stellen en zo alleen het nieuws te zien dat u interesseert.


 
 

Jamf The exploit isn’t what gives attackers away

05/07 08:15 - Jamf The exploit isn’t what gives attackers away
Jamf this week unveiled Beacon, a threat-hunting service that aims to provide dedicated, proactive detection and analysis of Mac threats. The new security tool relies on Jamf’s Mac telemetry, which equips Jamf Threat Labs with the kind of deep visibility it needs to hunt for Apple-specific attacks, anomalous activity and suspicious behaviors.  Security is always a major issue, but the threat environment is only becoming more complex, with AI adding a whole new set of dangers to fear. The unique nature of the Mac creates a paradox: while more employees want to use Macs, organizations sometimes lack the relevant internal expertise to support and secure them. Even with the correct endpoint security tools and policies in place, blue teaming can be under-resourced. As a result, organizations struggle to start, scale, repeat, and measure effective Mac threat-hunting programs. Even the smallest business needs security protection at quite a high level — but who can afford a whole threat detection and remediation team? With that in mind, Jaron Bradley, director of Jamf Threat Labs, offered more details about the company’s newly-introduced security service and broader security issues affecting Mac fleets in the business world. Jaron Bradley, director of Jamf Threat Labs. Jamf AI is boosting attackers, what is the current environment, and why is awareness becoming more essential? “AI is primarily changing the speed at which attackers operate. We’re seeing this across the board: malicious websites go live faster, malware gets built faster, and malware adapts faster once it’s detected in the wild. That said, AI isn’t only benefiting attackers; defenders have gained just as many new capabilities from it. The bigger question is who can use it better. “AI has effectively lowered the skill floor, so someone who would have once been dismissed as a ‘script kiddie’ can now build functional malware or ransomware with far less expertise than before. That’s why awareness matters more now: the pool of capable attackers is growing even faster.” Is perimeter security a realistic ambition anymore? “This may depend on the company and its office requirements, but many would argue that security shifted from the perimeter to the endpoint long ago. That doesn’t mean perimeter security is dead; it simply means it’s one layer in a broader defense strategy. Many security analysts have found detection and analysis of novel threats to be more achievable at the endpoint level.” If AI identifies a vulnerability and moves to exploit it, how likely is Beacon to identify the attack taking place? “AI has certainly changed the threat landscape, especially around vulnerability discovery and exploit development. The good news for expert threat hunting is that this doesn’t have a large effect on our ability to detect attacks. “Zero-days have always existed, and while AI raises the stakes by accelerating how quickly they’re found and weaponized, it’s usually the activity attackers perform after using an exploit, not the exploit itself, that gives them away. No defense is ever truly complete, so the real differentiator has always been how fast and how well you notice when something’s wrong. That’s exactly where Beacon is built to add value: expert knowledge of what this malicious activity looks like in the Apple environment.” Q: What sort of threats are you seeing right now? “Infostealer malware remains the single biggest threat to macOS right now. These stealers trick users into running them through convincing fake websites and social engineering, then exfiltrate as many credentials and secrets as possible for the attacker to use, sell, or trade on the dark web.  “Apple regularly ships new protections, and attackers just as regularly adapt their social engineering to stay ahead of them. Techniques like ClickFix, where users are tricked into pasting and running malicious commands themselves, have become especially effective because they bypass many protections entirely by getting the user to do the work. Beyond that, supply chain attacks are growing at an alarming rate, with attackers compromising developer libraries that get pulled into internal or production projects, quietly introducing backdoors without the creator’s knowledge.” Q: What about the manufacturing sector? Is there any excuse to use legacy kit at all in an AI threat age? “AI generated threats won’t necessarily be different than traditional ones, but they will stress the seams of traditional security programs that will need to have improved visibility at scale and be able to work at a new kind of speed and agility from start to finish.” Q: Should IT delay security releases at all anymore? “It’s difficult to find a one-size-fits-all answer here. Delaying a release makes sense when the risk of shipping outweighs the cost of waiting, and that calculation looks very different for a hospital system than it does for a consumer app. The more meaningful shift in recent years isn’t about delaying more or less; it’s about catching problems earlier, so delaying becomes the exception rather than the standard. Both rushing and waiting carry real risks, so the decision should weigh multiple factors, particularly when security updates are on the line.” Please join me on social media at BlueSky,  LinkedIn, or Mastodon, and do subscribe my daily human-curated Apple news headline summary on Substack. ...


 
 

Meer over computer

05/07 15:15 Apple’s memory problem is your problem, too

05/07 15:15 Disappointed with AI, Ford moves to re-hire 350 former workers

05/07 15:15 Q&A: Nvidia exec on how ‘confidential computing’ can secure AI agents

05/07 15:15 Microsoft unveils Memora to tackle AI agents’ memory problem

05/07 15:15 First Foxconn, now Tata — Apple suppliers keep getting hacked

05/07 15:15 12 handy hidden Google Docs tricks for Android

05/07 15:15 US reverses export restrictions on Anthropic’s Fable 5, Mythos 5 AI models

05/07 15:15 Europe looks to fight any forced shutdown of AI

05/07 15:15 Apple signals that the new attack surface is time itself

05/07 15:15 Microsoft struggles to address AI notetaker governance nightmare

05/07 15:15 About the Best Places to Work in IT

05/07 15:15 Microsoft 365 Office meets genAI and agents

05/07 15:15 Jamf The exploit isn’t what gives attackers away

05/07 15:15 Cheap Chinese chips could offer way out of RAM price crisis, Apple suggests

05/07 15:15 Microsoft plans to lay off several thousand employees

05/07 15:15 Microsoft and Amazon devote billions of dollars to thousands of FDEs

05/07 15:15 Meta’s AI chief says new Muse Spark update will sharpen coding, agentic AI

05/07 15:15 Adobe premieres a second Patch Tuesday each month to deliver fixes faster

05/07 15:15 Microsoft 365 users fall victim to one-in-a-million password spray attack

05/07 15:15 Meta reuses old RAM in new servers with custom bridge chip

05/07 15:15 Waarom je monitor meer invloed heeft op je creatieve werk dan je denkt

05/07 15:15 Hoe Spectre gevoelige gegevens uit cloudomgevingen kan halen

05/07 15:15 Deze 3 ASUS-laptops scoor je tijdelijk met een gratis extra jaar garantie

05/07 15:15 Gegevens in de cloud beveiligen met Confidential Computing

05/07 15:15 Comet Backup wordt title partner van MSP GLOBAL 2026

05/07 15:15 Trust Vyran ergonomisch ontwerp met enkele kanttekeningen

05/07 15:15 AI-coding kan straks misschien duurder worden dan een ontwikkelaar

05/07 15:15 Dit is waar je op moet letten bij het kopen van een mini-pc

05/07 15:15 Deze opslagtechniek kan het energieverbruik met 45 procent verlagen

05/07 15:15 Asus NUC 16 PRO AI in mini-formaat

05/07 15:15 GIGABYTE en AMD Instinct MI350: een doorbraak voor AI- en HPC-workloads

05/07 15:15 Kan deze miljardeninvestering de RAM-markt weer in balans brengen?

05/07 15:15 Windows 10 krijgt onverwacht een jaar extra beveiligingsupdates

05/07 15:15 Controle over je netwerkverbindingen met Little Snitch voor Linux

05/07 15:15 Een professionele monitor kopen? Let op deze 7 punten

05/07 15:15 AI als de meeste taalmodellen falen in start-upsimulatie

05/07 15:15 Synology op de Computex 2026: AI moet helpen, niet de controle overnemen

05/07 15:15 Europese alternatieven voor Microsoft meer grip op data en privacy

05/07 15:15 Hoe kwantumcomputers moderne encryptie bedreigen

05/07 15:15 Google integreert Gemini verder in Android Automotive

05/07 15:15 FortiBleed gekoppeld aan ransomwaregroepen INC en Lynx

05/07 15:15 Google verliest definitief strijd om EU-boete van 4,1 miljard euro

05/07 15:15 Device code phishing- een ongeluk zit in een klein hoekje

05/07 15:15 AI-gebruik in cloud is vaak indirect en onduidelijk

05/07 15:15 OpenAI biedt regering VS belang van 5 procent aan

05/07 15:15 Anthropic overweegt eigen AI-chip met Samsung

05/07 15:15 Meta had meer verwacht van eigen agentic AI

05/07 15:15 Omgekeerde Alibaba beschuldigt Anthropic van backdoor

05/07 15:15 Koi Security aangeklaagd om vermeend AI-gegenereerd rapport

05/07 15:15 Slechts fractie AI-waarschuwingen is kritiek

 

login Member login

Emailadres

Wachtwoord