Tea

• Rosetta 2 is Apple's translation technology for running x86-64 binaries on Apple Silicon (ARM64) macOS systems.
• Rosetta 2 translation creates a cache of Ahead-Of-Time (AOT) files that can serve as valuable forensic artifacts.
• Mandiant has observed sophisticated threat actors leveraging x86-64 compiled macOS malware, likely due to broader compatibility and relaxed execution policies compared to ARM64 binaries.
• Analysis of AOT files, combined with FSEvents and Unified Logs (with a custom profile), can assist in investigating macOS intrusions.

This article examines obfuscation techniques used in popular malware families, and offers some insights into possible opportunities for automating unpacking of these malware samples.

We will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a sandbox performing static analysis to extract crucial malware configuration parameters from such samples.

Malware authors increasingly use advanced obfuscation techniques to evade sandbox detection, enabling widespread distribution. Static analysis is a process performed by sandboxes for examining samples, without directly executing them.

Adversaries use the following techniques to deliver popular malware families like Agent Tesla, XWorm and FormBook/XLoader:

• Code virtualization
• Staged payload delivery
• Dynamic code loading to introduce new code at runtime
• Advanced Encryption Standard (AES) encryption
• Creating multi-stage payloads that are self-contained within the original sample

In response to several court orders, Cloudflare geoblocked more than 400 sports streaming piracy domain names on its pass-through service in France last year. Notably. Cloudflare says that, despite requests, it has not blocked any websites through the 1.1.1.1 Public DNS Resolver. That last comment is relevant to the renewed site blocking push in the United States.

• We are investigating how TikTok uses 13–17-year-olds' personal information to make recommendations to them
• We also announce we are investigating how Reddit and Imgur assess the age of their child UK users
• Investigations are part of our wider interventions into how social media and video sharing platforms use children's data

• We are investigating how TikTok uses 13–17-year-olds' personal information to make recommendations to them
• We also announce we are investigating how Reddit and Imgur assess the age of their child UK users
• Investigations are part of our wider interventions into how social media and video sharing platforms use children's data

It’s been a long time coming, but the trust in Firefox and its mother organization, Mozilla, seems to be mostly gone, after a recent commit on the source code removed the “we don’t sell your data” promise, along with a change of Privacy notice and Terms of Use.

Back during January Steam on Linux dropped by 0.23% to a 2.06% marketshare while overnight the numbers were published for February 2025...

The February numbers show a staggering 0.61% drop to Linux use, putting the overall Linux gaming marketshare at just 1.45%. This is a significant drop and haven't seen Linux numbers this low in quite some time.