SHOW NOTES

In this episode of SecOps Weekly, Senior Intelligence Analyst Stef Rand and Senior Information Security Researcher Chris Brook kick off the conversation by discussing the breaking news of an Axios NPM package compromise that affected up to 100 million weekly downloads.

They also discuss the March Intelligence Insights which highlights the top ten threats the Red Canary is seeing in wild. Key topics include the rise of stealer malware, particularly macOS stealers like Atomic Stealer and MacSync, the return of Vidar stealer to their top ten list, and the prevalence of malicious copy and paste (paste and run) attacks.

Chris and Stef discuss ScreenConnect remaining at number one in their threat rankings, supply chain security best practices, and browser security concerns. They also preview upcoming content about malicious browser threats and provide immediate response recommendations for the Axios compromise including checking dependencies, scanning for IOCs, and reimaging affected systems.

Timestamps:

• 00:00: Introduction
• 00:53: Welcome to SecOps Weekly
• 01:32: Axios npm package compromise
• 06:10: March Intelligence Insights
• 08:30: Odds and ends: Risers, fallers, and other observations
• 09:58: Mac infostealers continue to evolve
• 15:14: New ways to evade and execute on macOS
• 18:38: Vidar stealer returns
• 20:38: New blog! Scarlet Goldfinch’s year in ClickFix