this post was submitted on 08 Aug 2023
129 points (100.0% liked)

Technology

37724 readers
487 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Based on research across established dark web forums, threat actors are targeting macOS, with exploits trading for millions of dollars

you are viewing a single comment's thread
view the rest of the comments
[–] BarryZuckerkorn@beehaw.org 8 points 1 year ago

The general recommendation is to configure your system to allow the use of the minimum number of privileges. If you don't have the need to use software that doesn't come from a trusted repository (like the Apple App Store itself, but also things like homebrew), go ahead and turn off the ability to run software from other sources. If you're coding, make sure your code is properly sandboxed, and that you're not blindly relying on untested packages (see compromised npm packages). Don't give apps accessibility or other rights if they don't need them, etc. And then stay current on all software updates.

Even zero-days often rely on certain configurations, and you can always lock down the built-in apps to not auto-run or auto-preview things they receive. Some of it requires an active user maintenance to decide how to balance convenience versus security on your own system.