You're listening to the Cyberwire Network, powered by N2K.

Most environments trust far more than they should, and attackers know it.

Threat Locker solves that by enforcing default deny at the point of execution.

With Threat Locker Allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave.

And with Threat Locker DAC, defense against configurations, you get real assurance that your environment is free of misconfigurations, and clear visibility into whether you meet compliance standards.

Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.

It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.

Threat Locker makes zero-trust attainable, even for small security teams.

See why thousands of organizations choose Threat Locker to minimize alert fatigue,

stop ransomware at the source, and regain control over their environments.

Schedule your demo at Threatlocker.com slash N2K today.

Hello, everyone, and welcome to the CyberWires Research Saturday.

I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,

solving some of the hard problems and protecting ourselves in our rapidly evolving cyberspace.

Thanks for joining us.

So we have some different live hunt rules set up, and this one actually stumbled about because of a way in which it was performing shellouts to collect process information.

And we sort of said, hey, like, there's a lot going on with this executable than just collecting

processes, right?

It's doing some really interesting stuff.

That's Jaron Bradley, director of Jamp Threat Labs.

The research we're discussing today is titled, Chili Hell, a deep dive into a modular macOS backdoor.

So that's kind of what initially caught our attention, and then the more we looked at it and kind of observed it, we saw it aligned with a report that had been previously done by Mandy.

...