Security

We learned last month that Apple was tricked into releasing personal data to hackers, after they posed as law enforcement officials with emergency data requests. A follow-up report reveals that some of this data was used to sexually extort minors.

The latest report also sheds light on how the hackers were able to fool Apple and other tech giants, including Facebook, Google, Snap, Twitter, and Discord …

T-Mobile has suffered another data breach, this time carried out by young hackers that were part of the LAPSUS$ group. While T-Mobile has said that no customer or government information was compromised, it appears LAPSUS$ gained access to T-Mobile’s source code repositories along with its customer account management system.

An iCloud crypto wallet attack saw an estimated $650,000 worth of cryptocurrency and NFTs stolen from a trader within seconds.

While the attack relied on a sophisticated piece of phishing, it also revealed a key iCloud vulnerability with MetaMask …

NSO spyware Pegasus targeted US iPhones indirectly, despite the company forbidding customers from infecting phones with American SIMs. Devices belonging to Catalan politicians and others were also infected, with the Spanish government suspected to be responsible.

Additionally, it was discovered that a device connected to the network at 10 Downing Street – the office of British prime minister Boris Johnson – was also infected …

With the release of macOS Monterey 12.3.1 on March 31, Apple has fixed two zero-day exploits in its operating system. However, the company is yet to patch these exploits in macOS Big Sur and macOS Catalina – as these versions were likely affected by the same vulnerabilities and are still supported by the company.

It’s been revealed that NSO’s Pegasus hacked the iPhone of an award-winning journalist, just weeks after Apple sought an injunction that would bar the company from targeting iPhone users.

NSO’s Pegasus software is so dangerous for two reasons. First, it gives access to almost all the data on the phone, including messages, photos, and location. Second, it works via a zero-click approach …

With the release of iOS 15.4.1 and macOS Monterey 12.3.1 on Thursday, Apple has fixed some bugs in its operating systems. However, in addition to bug fixes, the company also made security enhancements to iOS and macOS, which include patches for multiple zero-day exploits.

A major Wyze Cam security flaw easily allowed hackers to access stored video, and it went unfixed for almost three years after the company was alerted to it, says a new report today.

Additionally, it appears that Wyze Cam v1 – which went on sale back in 2017 – will never be patched, so it will remain vulnerable for as long as it is used …

A report today says that ‘Russian Google’ Yandex is sending data harvested from millions of iOS app users to Russia – whether or not you use the company’s apps. Laws there could compel the company to make the data available to the Russian government.

Your data can be grabbed from a wide range of third-party apps which use a developer tool created by Yandex. Developers save time and money by using the Yandex API AppMetrica to obtain analytics data for their app, while the company gets user data in return …

Messaging interoperability encryption challenges are being discussed by security experts, following the European Union’s decision to make cross-platform messaging capabilities a legal requirement.

There was much debate on whether or not to include messaging interoperability in the Digital Markets Act (DMA), and the challenges of maintaining end-to-end encryption was one of the key issues …

The Okta hack revealed yesterday, and which dated back to January, may have impacted up 366 clients, says the company’s chief security officer, David Bradbury. Okta hasn’t named any of them, so it’s not known at this stage how many end users may be affected.

We noted yesterday that Okta offers single sign-on services to a huge range of blue-chip clients, with its services running on Mac, iOS, Windows, and Android …

Hackers have posted credible screengrabs to back reports of an Okta security breach. Otka provides single sign-on user authentication tools in the enterprise sector, with a huge range of blue-chip clients. Its tools are available for Mac and iOS, as well as Windows and Android.

The hacking group LAPSUS$, known for its ransomware attacks, says that it is targeting Otka users …

A password-less future could be even more convenient, thanks to the latest addition to the FIDO standard – which Apple brands as Passkeys in iCloud Keychain.

The proposal means that you could automatically log in to a secure website, for example, simply by having a second Apple device with you …

Apple’s TestFlight is a tool created to help developers distribute their beta apps to users before they are released on the App Store to everyone. However, scammers have been using the platform to distribute malicious apps without Apple’s knowledge.

A company selling password-cracking tools says that a newly-discovered T2 Mac security vulnerability allows it to crack passwords on these machines, bypassing the lockouts.

The method used is far slower than conventional password-cracking tools, but although the total time needed could run into thousands of years, that could fall to as little as 10 hours when the Mac owner has used a more typical password…

9to5Mac has learned that the Cellebrite kit sold to customers can’t unlock iPhones – but the company can and will if customers send the phones to them.

It’s likely Cellebrite wants to keep its methods in-house, fearful of another intervention like the Signal one last year…

There are more than 2,800 US government Cellebrite customers, according to the smartphone hacking company. The tech can be used to extract most data from both iPhones and Android phones.

The company also boasts that its private sector clients include “six out of the world’s 10 largest pharmaceutical companies and six of the 10 largest oil refineries”…

Apple’s two-factor authentication autofill feature makes it painless to enter verification codes sent via SMS, but phishing attackers are getting savvy to this.

When they trick people into clicking on a fake link to a site that prompts for an SMS code, they do the same, so it looks legit when autofill offers to paste it in for you …