Just after confirming the controversial practice of using 2FA phone numbers to send targeted ads to Facebook users, the platform has discovered a flaw that’s left at least 50 million accounts compromised to attackers.
Gizmodo ran a piece a couple of days ago suggesting that Facebook uses the phone number you provide for two-factor authentication in order to target you with ads.
Although the company previous suggested that it didn’t deliberately misuse security details, it has now admitted that it does in fact do this …
A security vulnerability discovered in Apple’s Device Enrollment Program (DEP) could allow an attacker to gain full access to a corporate or school network.
The DEP is a free service offered by Apple to allow new devices to be automatically configured with everything from custom apps to VPN settings. All that is needed is the serial number of the device, and that’s the root of the problem, says the security researcher who discovered it …
On the launch day of macOS 10.14 Mojave, a new flaw has been shared that has to do with bypassing the new operating system’s privacy protections. This leaves supposedly private data like a user’s contacts vulnerable.
In conjunction with the release of iOS 12 today, Apple has released a new version of its iOS Security Guide. This update includes new details on the Secure Enclave, DFU and recovery mode, Screen Time, Shortcuts, and more.
A new exploit discovered by F-Secure is said to put “almost all” Mac and Windows laptops and desktops at risk for data theft. The vulnerability even leaves Macs with FileVault turned on susceptible.
While AT&T, Verizon, T-Mobile, and Sprint are often battling for an edge over each other, the major US carriers have come together to create a new approach to password management as well as a more secure 2FA solution. Named Project Verify, the new collaboration has the goal of replacing individual passwords with an approach that offers more security and a simpler user experience.
A security researcher who found a security hole in Safari says that Apple has still not fixed it, more than three months after he informed the company. The same vulnerability was present in Microsoft’s Edge browser, but the company issued a patch a month ago …
[Update 9/10 4:50 am PT: The certificate issued for the domain drcleaner.com is registered as Trend Micro, Inc. Also, the domain where the data is uploaded to is a subdomain of trendmicro.com, this means the apps are in fact distributed by Trend Micro, Inc.]
[Update 9/9 7:46 pm PT: The apps discussed in this article have been removed from the Mac App Store.]
When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice about doing it. It looks like we’re seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data – especially browsing history – and upload it to their analytics servers.
Today, we’re talking specifically about the apps distributed by a developer who claims to be “Trend Micro, Inc.”, which include Dr. Unarchiver, Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” account on the Mac App Store collect and upload the user’s browser history from Safari, Google Chrome and Firefox to their servers. The app will also collect information about other apps installed on the system. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer’s servers.
[Update 8:54 am PT: Apple has pulled Adware Doctor from the Mac App Store. See below for more.]
Adware Doctor, the number one paid utility in the Mac App Store, is secretly logging the browser history of users, and sending it to a server in China.
Security researcher Patrick Wardle says that he notified Apple of this a month ago, but the malware app still remains available in the Mac App Store today …
A ‘sophisticated’ attack on British Airways’ mobile app and website has exposed the names, email addresses and full credit card details of 380,000 customers.
Of particular concern is the fact that the attackers captured the three-digit CVV security codes on the backs of cards, something that should not normally be possible …
mSpy, a company which makes spyware used by suspicious parents and partners to spy on iPhone usage, has accidentally exposed millions of private records on the web. Data exposed includes passwords, text messages, contacts, call logs. notes and location data …
Thieves have raided the fifth Bay Area Apple Store in less than two weeks, grabbing around $50,000’s worth of display products in less than 30 seconds.
It’s also the fourth time that this particular store has been robbed …
More than a dozen tech giants are meeting today to discuss countermeasures for state-sponsored disinformation campaigns on their platforms during the run-up to the 2018 midterm elections …
T-Mobile has disclosed that hackers gained access to the personal data of some two million of its customers.
Compromised information includes names, zip codes, phone numbers, email addresses, account numbers and account types …
Facebook’s former security head, Alex Stamos, has said that it is now too late for America to prevent foreign interference in this year’s midterm elections. Stamos left Facebook earlier this month, reportedly unhappy with the limited transparency of the company in disclosing Russian abuse of the platform …
Security researchers at Versprite have identified security flaws in Airmail for Mac that can expose private data, including an entire account’s email database. The attack requires a user to open a maliciously crafted email and tap a link inside the message. With a combination of technical exploit and phishing attack, it seems like a significant problem.
Yesterday, we reported on a hacking incident by an Australian teenager, who downloaded about 90 GB of data from Apple servers.
Apple has given a statement to the press that confirms no personal customer data was exposed or compromised in this incident.
An Australian high school student repeatedly hacked into Apple servers, succeeding in downloading 90GB of what were described as ‘secure files.’ The teenage boy also reportedly accessed customer accounts …
Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer …
Hundreds of Instagram users are reporting that their accounts have been hacked, locking out their owners, with a number of the incidents pointing to a possible Russian link …
The Australian government has today proposed a new law which would require tech companies like Apple to give authorities access to encrypted data on receipt of a warrant. Failure to comply would leave the company liable to fines of up to A$10 million ($7.3 million), and potential jail time.
Apple does already comply with court orders demanding access to encrypted data where it has the means to do so and is satisfied that doing this is legal, but cannot do so for Messages and FaceTime …
Security research and former NSA staffer Patrick Wardle says that he will demonstrate on Sunday a set of automated attacks against macOS High Sierra, in which he is able to bypass security checks.
The checks are ones that ask the user to confirm that an app should be granted permission to do things like access contacts or location data …
A security researcher employed by Google has suggested that Apple should pay almost $2.5M to charity in return for reporting the iOS bugs he has discovered …