It's and this year I thought I'd share something relevant from . Cybersecurity awareness month every October my recent trip to cover IT Arena in Lviv, Ukraine While I was there I bumped into some of the team from a macOS and iOS software company based in Kyiv, Ukraine. MacPaw I have met MacPaw employees many times at conferences over the years, and even once visited their wonderful offices in Kyiv where I saw their famous Mac museum and met their equally famous office cats. They are probably best known for , , and . But since the beginning of Russia’s invasion, they also created a handful of small apps designed to help personal and digital security in a time of conflict. CleanMyMac Gemini Setapp Inspired to write your own cybersecurity-related article? and enter ! Use our writing prompt the Twingate writing competition SpyBuster - Unmask data spies First is , a free application for iOS, macOS, and Chrome-base browsers. Its main aim is to identify applications with potential connections to Russia or Belarus. This could be due to developers located there, or due to application data sent or received from those countries. SpyBuster I don’t have an iPhone, so first I tried it on macOS. You download the application, open it, and wait a moment. There are two sections in the application window: static analysis and dynamic analysis. Static Analysis This checks for software you have installed by looking at their binaries and resources. On launch, SpyBuster flagged Telegram and Raindrop. It flagged Telegram for “probable ties to the Russian Federation”. Telegram and its possible connections to Russia are a subject of lengthy discussion, and personally, I have always been a little suspicious of Telegram for a whole host of other reasons. But I continue to use it as it’s what many of my friends want to use to communicate, trusting it more than anything from Meta. it’s also very popular in Ukraine, including by people actively using it to oppose Russia, so that’s an interesting conundrum. It also flagged , a cross-platform bookmark manager I rely on heavily. I think I knew the developer (one person) was based in Russia, and they do seem to have dropped all mentions of this fact from the website. Raindrop However, all the application code is open source . and says it only uses AWS infrastructure Dynamic Analysis This checks the data flow of running applications to determine where they might be sending and receiving data to and from. I left it running for a little while, including interacting with Raindrop and Telegram. The only traffic I saw for Raindrop went to and from the USA, and for Telegram to the UK. I didn’t really anticipate any software I ran communicating with Russia, and I guess this confirms it. Browser Extension Next, I added the browser extension to Brave and thought it would be a good chance to trigger it by heading over to 😅. RT.com That instantly caused a warning in the SpyBuster desktop application, but I continued anyway, just to see what would happen. This instantly caused a service called “ ” to get rather upset with me, and doesn’t have a particularly positive history. dos-guard.net which according to Wikipedia is based in Russia I visited their website, which SpyBuster didn’t flag if I visited the English website, but did if I visited the Russian one. I guess the company used different regional hosts for each language. Of course in both cases, these were sites I knew were based in Russia and I don’t think I am personally that likely to access that many sites unknowingly. Together App Taking a different approach to personal security, focuses on keeping track of the well-being of displaced and far-flung employees. Together App It's open source, self-hosted, and runs as a Slack bot that periodically asks employees where they are and how they feel. This then allows everyone to connect with colleagues that ended up near them and provide support to those who need it. Together App requires a handful of prerequisites including: A Slack workspace and the ability to add bots to it A Postgres database server Google Geocoding and Places API keys A Mapbox public key An SSO or OAuth provider And there are optional requirements for setting up scheduled jobs and deployment. These requirements make Together App complex to set up, but help ensure the data it stores is secure, which essential for an application of this function. Over to You For the rest of Cybersecurity awareness month, we're inviting you to contribute your own tips and thoughts. You can , enter , or of course, write anything else related to the topic you wish and use the "cybersecurity" or "cybersecurityawarenessmonth" tags when you do. use our writing prompt the Twingate writing competition

Flow

Google

Slack

Read My Stories

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Cybersecurity Awareness Month - MacPaw Supports Ukraine

Too Long; Didn't Read

Companies Mentioned

Coin Mentioned

Chris Chinchilla

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

Cybersecurity Awareness Month - MacPaw Supports Ukraine

Too Long; Didn't Read

Companies Mentioned

Coin Mentioned

Chris Chinchilla

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES