Security

1,164 'Security' stories July 2011 - February 2020

Comment: Mac malware is growing, but there are three important riders

Ben Lovejoy Feb 12 2020 - 5:33 am PT

Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.

For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]

In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.

That’s getting a lot of headlines today, but there are three key things that need to be understood…

Expand
Expanding
Close

Apple joins Fido Alliance, wants to replace passwords with trusted devices

Ben Lovejoy Feb 11 2020 - 4:16 am PT

0 Comments

Fido Alliance wants trusted devices to replace passwords

The Fido Alliance, an organization committed to eliminating the need for passwords, received a big boost last week when Apple signed up as a board member. Fido stands for Fast IDentity Online.

Apple apparently wasn’t ready to announce its support immediately, as tweets from a Fido Alliance conference were quickly deleted, but as of today, the news is official…

Expand
Expanding
Close

Popular iOS and Mac email apps scrape inboxes to profit from personal data, report finds [U]

Michael Potuck Feb 10 2020 - 8:05 am PT

0 Comments

A new report from Motherboard today dives into a few iOS and Mac email apps/services that aren’t being very transparent about selling users’ personal data. Notably, one of them is even in Apple’s App Store ranked in the top 100 for productivity apps.

Expand
Expanding
Close

Apple pushed fix for Mail app encryption bug with latest macOS Catalina release

Michael Potuck Feb 5 2020 - 12:24 pm PT

0 Comments

Last fall we learned about a flaw with the Mail app in macOS that would prevent encrypted emails from being encrypted. With the public release of macOS 10.15.3 last week, the researcher who discovered the bug says it has been fixed.

Expand
Expanding
Close

Despite known methods, FBI claims it still can’t unlock iPhones in Pensacola case

Michael Potuck Feb 5 2020 - 11:35 am PT

0 Comments

In early January, the FBI asked Apple to unlock two iPhones as part of the Pensacola case. Apple stood its ground and said it wouldn’t create a backdoor for iOS but would help as much as it could without crossing that line. Even though the FBI has the ability to unlock the iPhone 7 and iPhone 5 with the help of third-parties, today it said it still hasn’t been able to get to the data on the devices.

Expand
Expanding
Close

PSA: Update WhatsApp on Mac as old versions allow attackers access to files

Ben Lovejoy Feb 5 2020 - 6:12 am PT

0 Comments

Latest WhatsApp on Mac or Windows fixes a major security hole

If you use WhatsApp on Mac, you’ll want to make sure the desktop app has been updated to the current version, 0.4.316. This closes a very nasty security hole.

The vulnerability was discovered by security researcher Gal Weizman. It built on an earlier issue in which replies could fake the original text…

Expand
Expanding
Close

Philips Hue vulnerability lets hacker control bulbs, could escalate to network

Ben Lovejoy Feb 5 2020 - 3:00 am PT

0 Comments

Philips Hue vulnerability lets hacker control bulbs

A Philips Hue vulnerability allows a hacker to take control of individual bulbs, switching them on or off at will, as well as changing both color and brightness. This can be done remotely using a laptop with radio transmitter. You can watch a demonstration video below.

While that risk remains, the company has acted to block an escalation vulnerability that previously allowed the attacker to compromise the Hue bridge and from there the rest of the network, including any PCs connected to it…

Expand
Expanding
Close

Iowa caucus app: no security vetting, no testing, no training – NYT [U]

Ben Lovejoy Feb 4 2020 - 4:43 am PT

0 Comments

Update: The Iowa Democratic Party has issued a statement, below, saying that data was correctly logged but not properly reported due to a bug in the app. It also claims that it did put the app through independent security testing, contradicting the claim made by the NYT.

Failures surrounding the use of a new Iowa caucus app have seen the Iowa Democratic Party unable to promptly report the results of the first party member vote for its 2020 presidential candidates. A report on the debacle describes it as a ‘systematic disaster’…

Expand
Expanding
Close

Make smart home devices secure, says UK government

UK plans three simple requirements to make smart home devices secure

Ben Lovejoy Jan 28 2020 - 5:16 am PT

0 Comments

One of Apple’s key goals with HomeKit was to make smart home devices secure. The UK government has announced it wants to play its part in achieving the same thing by requiring all devices to meet three simple security requirements…

Expand
Expanding
Close

Jeff Bezos iPhone hack: Evidence not conclusive, say other security experts

Ben Lovejoy Jan 24 2020 - 4:37 am PT

0 Comments

Doubt is today being cast on a reported Jeff Bezos iPhone hack, which was said to have given attackers full access to the photos and messages stored on his iPhone X.

The report was based on analysis by a cybersecurity firm commissioned by the Amazon founder to find out how private messages and photos were obtained by the National Enquirer…

Expand
Expanding
Close

Jeff Bezos iPhone X hack gave full access to his photos and messages

Ben Lovejoy Jan 23 2020 - 4:29 am PT

0 Comments

A forensic analysis shows that a sophisticated attack on Jeff Bezos’ iPhone X gave full access to both his photos and messages.

The attack, and the alleged attempted blackmail that followed, led to the famous “No thank you, Mr Pecker” blog post in which the Amazon founder decided to go public about the existence of embarrassing texts and photos…

Expand
Expanding
Close

Security

Google researchers disclose multiple privacy flaws in Safari’s Intelligent Tracking Prevention feature

Chance Miller Jan 22 2020 - 11:01 am PT

0 Comments

Google researchers have discovered “multiple security flaws” in Apple’s Safari browser, a new report from the Financial TImes says. The flaws were found in Safari’s Intelligent Tracking Prevention feature, which is designed to protect users from cross-site tracking and other online privacy concerns, and have since been fixed.

Expand
Expanding
Close

Here’s what a $10 million lab dedicated to cracking iPhones looks like

Michael Potuck Jan 21 2020 - 12:56 pm PT

0 Comments

Kicking off 2020, security and privacy is a hot topic between the latest standoff between Apple and the FBI over the Pensacola incident as well as Apple reportedly abandoning its plan to bring end-to-end encryption to iCloud backups. With an in-depth report on what a robust iPhone cracking operation looks like from the inside, Fast Company shares some fascinating details and photos of NYC’s $10 million cyber lab.

Expand
Expanding
Close

Apple publishes new transparency report detailing govt data requests and App Store removals

Chance Miller Jan 18 2020 - 6:13 am PT

0 Comments

Huawei says Chinese retaliation against Apple would be wrong

Amid its ongoing encryption battle with the FBI, Apple has published its latest biannual transparency report. This report reveals how many requests were made for user data by governments around the world, and how many with which Apple could comply.

Expand
Expanding
Close

Apple addresses location privacy issue with iPhone 11 chip in second iOS 13.3.1 beta

Michael Potuck Jan 17 2020 - 1:45 pm PT

0 Comments

After a little privacy snafu last month around the iPhone 11 and 11 Pro still tracking location data even when users had turned off location services, Apple has added a toggle specifically for the UWB chip in the latest iOS 13.3.1 beta.

Expand
Expanding
Close

Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID

Ben Lovejoy Jan 15 2020 - 7:30 am PT

0 Comments

If you’re looking for a secure external drive that meets both US military and government security standards, there are a number of encrypted external SSD options around. I reviewed one approach a couple of years ago, the iStorage diskAshur 2, which has a built-in PIN pad for entering a seven- to 15-digit code to unlock the drive.

The SecureDrive BT is a similar idea, but instead of a PIN pad, you unlock it via Bluetooth. Specifically, when you plug the drive into your Mac, you can use Face ID on your iPhone to unlock it…

Expand
Expanding
Close

Mac
Security

Cellebrite expands to computers with $33M acquisition of BlackBag Technologies forensics firm

Chance Miller Jan 14 2020 - 10:13 am PT

0 Comments

The Israeli forensics firm Cellebrite has announced a $33 million acquisition that it says will help it expand its forensics capabilities beyond smartphones. The company has acquired BlackBag Technologies, which is a separate forensics firm with a focus on computer forensics.

Expand
Expanding
Close

Security

Alarming test shows US carriers fail to protect you against SIM-swap attacks

Ben Lovejoy Jan 13 2020 - 4:51 am PT

0 Comments

An alarming test carried out by Princeton shows that the five largest US carriers fail to properly protect their customers against so-called SIM-swap attacks.

They were able to persuade the carriers to assign phone numbers to new SIMs without successfully answering any of the standard security questions. Once a phone number has been reassigned to a SIM in the possession of an attacker, they can reset passwords even on accounts protected by two-factor authentication (2FA)…

Expand
Expanding
Close

PSA: Update Firefox now, says Homeland Security, to block real-life attacks

Ben Lovejoy Jan 10 2020 - 5:36 am PT

0 Comments

If you’re using Mozilla’s browser on your Mac, you’ll want to Update Firefox now. It’s not just the developer urging you to do so: a vulnerability found in older versions is so critical that the Department of Homeland Security has issued an advisory too…

Expand
Expanding
Close

Wyze camera security breach: 2.4M users have personal data exposed

Ben Lovejoy Dec 30 2019 - 3:57 am PT

0 Comments

A Wyze camera security breach has seen a large amount of personal data leaked for more than 2.4 million users…

Expand
Expanding
Close

Apple removes popular chat app ToTok after reports that it’s a govt spy tool

Ben Lovejoy Dec 23 2019 - 3:59 am PT

0 Comments

Aldar Building where ToTok and UAE intelligence agency were both based

Apple has removed ToTok from the App Store after a classified intelligence assessment and a New York Times investigation said that the app was a spy tool used by the United Arab Emirates.

The chat app, which last week became one of the most downloaded social apps in the US, was revealed to be feeding highly sensitive personal data to the UAE government…

Expand
Expanding
Close

Email usernames and passwords can be extracted from locked iPhones on iOS 13.3

Ben Lovejoy Dec 20 2019 - 6:30 am PT

0 Comments

Elcomsoft can access some data from locked iPhones

Elcomsoft, a company which sells tools to law enforcement agencies to access locked iPhones, says that it is now able to extract some data from devices running any version of iOS from 12.0 to 13.3.

It relies on the checkm8 exploit of a vulnerability present in most A-series chips, which made possible the Checkra1n jailbreak.

Crucially, Elcomsoft says that the $1,495 tool works even when the iPhone is in its most secure state, known as BFU…

Expand
Expanding
Close

267 million Facebook user names and phone numbers exposed online

Ben Lovejoy Dec 20 2019 - 4:43 am PT

0 Comments

More than 267 million Facebook user names and phone numbers have been exposed in a database sitting on the web without any password protection…

Expand
Expanding
Close

Security

Apple’s bug bounty program now open to all; pays up to $1.5M

Ben Lovejoy Dec 20 2019 - 4:11 am PT

0 Comments

Apple's bug bounty program now open to all

As first promised back in August, Apple’s bug bounty program is now open to all.

It was previously an invitation-only initiative, which attracted criticism as it incentivized non-invitees to sell vulnerability details to companies and governments who would exploit them to gain unauthorized access to Apple devices…

Expand
Expanding
Close