None of this is mine, just some things I’ve been looking at closely recently. New user, so limited to 2 links. Objective-See and @cedowens put out great work detailing the recent Gatekeeper Bypass, and bradleyjkemp[.]dev found another interesting issue with /usr/local/bin permissions and file integrity/execution.
Press 5 keys and become r00t aka CVE-2021-30655
(4) ConfiantIntel on Twitter: “OSX/Bundlore Loader found (0 detections in VT) compiled for ARM (targeting the new M1 MacBook!) , and notarized by Apple …
It was delivered through malvertising. Downloads Bundlor and an unknown payload Developer ID Application: Bobbie Miller (PX3WCCP368) https://t.co/SjrIEv6wcu” / Twitter