There have been significant developments in the Twitter hack which saw the takeover of many high-profile accounts, among them Apple, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Mike Bloomberg, Kayne West, Uber, Floyd Mayweather, Warren Buffett, and Barack Obama.
Twitter said yesterday that passwords were not compromised, but it subsequently locked all accounts where there was an attempted password change within the past 30 days …
In the latest accusation from the US Attorney General against Apple and other major tech companies, today William Barr alleged a number of American companies are “all too willing to collaborate” with China. In particular, Barr accused Apple of making it easier for China to crack iPhone encryption to be able to keep doing business there.
Apple and Google should warn users about the ‘national security risks’ of apps developed by foreign entities, says the chairman of the congressional Subcommittee on National Security, Rep. Stephen Lynch.
Lynch has written to both tech giants arguing that apps by ‘our adversaries’ could be used to gather sensitive information on American citizens …
Amnesty International has lost a court battle against the iPhone spyware company NSO. The human rights organization wanted an Israeli court to block exports of spyware created by the company.
Amnesty had claimed that hackers spied on one of its staff using spyware tools produced by NSO …
Earlier this week, the White House suggested that it might declare TikTok a national security threat, with Secretary of State Mike Pompeo stating that the administration was ‘looking at’ the possibility of banning the video sharing app from the US.
Experts have now weighed in on the question, concluding that it’s not a direct threat, but might be an indirect one …
At least three major Bitcoin wallets are vulnerable to fraud, and could even be completely bricked, leaving them unusable by their owners, according to new research.
Mac users are now exposed to a new “ThiefQuest” ransomware that encrypts files and causes multiple issues with the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps.
Back in February, Apple announced plans to boost HTTPS protections in Safari, with effect from September 1 this year. A new report today notes that other browsers are now following Apple’s example – but it’s not without controversy …
Update: The app is now available to all. The company also announced two additional new features for home users, and two others for work users, described at the end of the piece.
A Dropbox password manager has been quietly added to the App Store, but it is currently listed as ‘by invite.’ This means that you can download it, but can’t yet activate it. An Android version is also available on the Play store, subject to the same restriction …
Anonymizing photos and videos can be a time-consuming task sometimes including multiple steps, especially if you want to strip metadata. Developers Playground.AI decided to tackle that problem and came up with a valuable new iPhone app called Anonymous Camera that handles all of the processing on device in real-time. Playground.AI is also donating all of its proceeds from the app to Black Visions Collective and Unicorn Riot for the first month.
Facebook Messenger will now warn you about scams when you receive a suspicious message from someone you don’t know — or when someone appears to be attempting to impersonate one of your Facebook friends…
Some iPhones, iPads, and Macs are vulnerable to short-range attacks via Bluetooth which could fool them into thinking they are connected to a trusted device. That would then enable an attacker to both send and request data via Bluetooth.
The same security vulnerability is found in a wide range of chips from Intel, Qualcomm, and Samsung, meaning that a large number of non-Apple devices are also affected …
It looks like the most recent contention between the FBI and Apple over device encryption has come to an end as the agency has unlocked the two iPhones belonging to the Pensacola shooter with “no thanks to Apple.” Going further, AG William Barr has again called for the government to force Apple and others to create backdoors into their devices.
Update: We’ve got an official response from Apple on the matter that highlights all the ways it helped the FBI and that it’s precisely because it takes security and privacy so seriously that it doesn’t believe in creating a backdoor:
The terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida was a devastating and heinous act. Apple responded to the FBI’s first requests for information just hours after the attack on December 6, 2019 and continued to support law enforcement during their investigation. We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola and New York over the months since.
On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.
It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.
Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.
A massive data breach dubbed db8151dd has exposed the records of 22M people – including addresses, phone numbers, and social media links. But the source of the data is a mystery …
Exploit acquisition platform Zerodium has shared that it has an oversupply of a few types of iOS and Safari flaws, to the point that it has stopped taking submissions from researchers for the “next 2 to 3 months.”
No fewer than seven serious Thunderbolt security flaws have been discovered, affecting machines with both standalone Thunderbolt ports and the Thunderbolt-compatible USB-C ports used on modern Macs.
The flaws allow an attacker to access data even when the machine is locked, and even when the drive is encrypted …
Free Zoom accounts will get three more security features on May 9 as the company continues its efforts to boost privacy protections and fight abuse like Zoom-bombing …
Apple has made great progress over the years in protecting its customers against two big risks: theft of their Apple devices, and exposure of their personal data.
Activation Lock was introduced in 2013 and made it impossible for a thief to restore an iPhone or iPad to factory settings without the Apple ID credentials of its owner, or proof of purchase. Apple’s T2 chip did the same job for Macs as of 2018.
But while that’s great for protecting data, and making Apple devices far less appealing targets to thieves, there is a big downside …
Apple’s lawsuit against virtualization company Corellium has taken a surprising turn, as the Department of Justice claims that photos Apple wants to introduce into evidence may have ‘national security concerns.’
The DOJ wants Apple to hand over the photos before introducing them into evidence so that it can examine them before deciding whether the government has an interest in the case …
Update: Zoom 5.0.0 is finally landing today, after initially being promised for April 22. It hasn’t yet shown up in all app stores, but should do so shortly.
Zoom security and privacy has been boosted with the addition of no fewer than nine new features in the latest update, Zoom 5.0 …
Last week saw contradictory claims about iPhone Mail vulnerabilities, with a security company claiming that they had been exploited in real-world attacks, and Apple stating that it can find no evidence of this.
Two leading security researchers have now weighed in on this, agreeing with Apple on one point, while stating it remains possible that the bugs have been exploited …
A security company which discovered iPhone Mail vulnerabilities claimed that they have been ‘widely exploited’ in real-world attacks. Apple has now denied this claim, stating that it could find ‘no evidence’ that the exploits have been used.
Additionally, it says that the vulnerabilities in question cannot bypass iPhone and iPad security safeguards …
A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. The security group ZecOps (via Motherboard) says that one of the two vulnerabilities is a zero-click exploit (no user interaction needed) that can be performed remotely.
