Oct 31, 2025The Hacker NewsEndpoint Safety / Community Safety
A design agency is modifying a brand new marketing campaign video on a MacBook Professional. The artistic director opens a collaboration app that quietly requests microphone and digicam permissions. MacOS is meant to flag that, however on this case, the checks are unfastened. The app will get entry anyway.
On one other Mac in the identical workplace, file sharing is enabled by means of an outdated protocol known as SMB model one. It is quick and handy—however outdated and weak. Attackers can exploit it in minutes if the endpoint is uncovered to the web.
These are the sorts of configuration oversights that occur on daily basis, even in organizations that take safety significantly. They are not failures of {hardware} or antivirus software program. They’re configuration gaps that open doorways to attackers, they usually usually go unnoticed as a result of no one is in search of them.
That is the place Protection In opposition to Configurations (DAC) is available in.
Misconfigurations are a present to attackers: default settings left open, distant entry that must be off (like outdated community protocols reminiscent of SMB v1), or encryption that by no means bought enabled.
The objective of the most recent launch from ThreatLocker is easy. It makes these weak factors seen on macOS to allow them to be mounted earlier than they change into incidents. Following the August 2025 launch of DAC for Home windows, ThreatLocker has launched DAC for macOS, which is presently in Beta.
The built-in ThreatLocker function scans Macs as many as 4 instances per day utilizing the present ThreatLocker agent, surfacing dangerous or noncompliant settings in the identical dashboard you already use for Home windows.
Excessive worth controls within the Beta
The agent runs a configuration scan and stories outcomes to the console. On macOS, the preliminary Beta focuses on excessive worth controls:
Disk encryption standing with FileVault
In-built firewall standing
Sharing and distant entry settings, together with distant login
Native administrator accounts and membership checks
Computerized replace settings
Gatekeeper and app supply controls
Chosen safety and privateness preferences that scale back assault floor
Findings are grouped by endpoint and by class. Every merchandise consists of clear remediation steerage and mapping to main frameworks reminiscent of CIS, NIST, ISO 27001, and HIPAA. The intent is to shorten the trail from discovery to repair, to not add one other queue of alerts.
Why DAC issues
Design corporations, media studios, and manufacturing groups usually construct their workflows round Macs for good cause. The M-series processors are highly effective, quiet, and environment friendly for video and design software program. However safety visibility hasn’t at all times saved up.
Extending configuration scanning to macOS helps these groups discover weak spots earlier than they’re exploited, issues like unencrypted drives, disabled firewalls, leftover admin accounts, or permissive sharing settings. It closes the gaps that attackers search for and offers directors the identical degree of perception they already depend on for Home windows.
This Beta is not nearly macOS protection. It is about giving IT and safety groups actual perception into the place they stand. When DAC reveals a Mac out of compliance, it would not cease there. It connects these findings to the ThreatLocker insurance policies that may repair them. That visibility helps organizations align with their safety frameworks, meet insurance coverage necessities, and harden their environments with out guesswork. Some customers come to ThreatLocker particularly due to DAC and keep as a result of it makes the opposite ThreatLocker controls make sense. Configuration visibility is the gateway to actual management.
Discovered this text attention-grabbing? This text is a contributed piece from one among our valued companions. Observe us on Google Information, Twitter and LinkedIn to learn extra unique content material we put up.
