In this episode of IT SPARC Cast, John and Lou tackle the latest tech news, including a troubling Microsoft vulnerability affecting Mac apps, a phishing scam using physical mail, and malware targeting air-gapped networks. They also preview an upcoming book critiquing tech management practices and delve into Gartner’s 2024 tech trends. Tune in for insights, opinions, and practical advice for staying ahead in the IT world.

Show Notes:

News Bytes:

 • Microsoft’s Mac App Vulnerability: The hosts dive into a security issue affecting Microsoft’s Mac apps, where an entitlement disables MacOS’s hardened runtime, potentially allowing malicious DLL execution. Microsoft has partially addressed the issue but left some apps vulnerable.

https://www.macworld.com/article/2432176/microsoft-apps-on-the-mac-have-a-security-hole-that-wont-get-fixed-soon.html

 • Air-Gapped Network Threats: Lou shares news about sophisticated malware targeting air-gapped networks, discovered by ESET. The malware employs USB drives for infiltration and advanced techniques for data exfiltration. The discussion touches on the human factor in security and the evolving threat landscape.

https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/  

 • Old-School Phishing Goes Physical: Phishing has gone back to basics, with scam letters arriving in physical mailboxes in Germany, mimicking legitimate bank correspondence. John shares a personal phishing experience, emphasizing the need for skepticism, even with familiar-looking messages.

https://www.pcworld.com/article/2419859/police-warn-of-deceptively-genuine-phishing-by-post-how-the-scam-works.html

 • Book Preview – “Fatal Abstraction”: Lou introduces an upcoming book arguing that managerial practices are to blame for many tech problems, touching on over-reliance on software and management misunderstandings. The hosts discuss management issues and software’s limitations in solving business challenges.

https://www.theverge.com/2024/10/8/24265264/what-if-techs-problem-is-management 

 • Gartner’s 2024 Technology Trends: The episode touches briefly on Gartner’s top tech trends for the upcoming year, including AI trust and security, continuous threat exposure management, and industry cloud platforms. 

https://www.gartner.com/en/articles/gartner-top-10-strategic-technology-trends-for-2024

CVE of the Week:

 • “PerfCTL” Linux Malware: This week’s CVE is a stealthy malware called “PerfCTL,” which exploits servers for cryptocurrency mining or malicious network activity. The hosts recommend packet-based analytics tools to detect unusual network behavior and discuss how to protect against such threats.

https://www.wired.com/story/perfctl-stealthy-malware-infected-linux-systems

Hosted on Acast. See acast.com/privacy for more information.