Security Stories December 1

The LastPass security breach that occurred back in August did allow attackers to access customer data, says the company. It had previously said that no customer data was compromised.

LastPass owner LogMeIn stresses that customer passwords have not been compromised, as the company uses end-to-end encryption so that only the subscriber has the decryption key …

expand full story

Security Stories November 28

Elon Musk recently hinted that Twitter encrypted DMs were on the way, using full end-to-end encryption – and code spotted in the iOS app suggests that it will use the same E2E encryption standard as Signal.

Plans for E2E encryption of Twitter direct messages date back to at least 2018, and it appears that the company has resuscitated code written back then …

expand full story

Security Stories November 25

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression …

expand full story

Security Stories November 21

iOS privacy concerns were raised last week when security researchers appeared to demonstrate that iPhones send the same analytics data to Apple whether you grant or decline permission.

The same researchers have now demonstrated that Apple can – despite assurances to the contrary – link this data back to individual users, as the same ID is used as that for iCloud accounts …

expand full story

Security Stories November 14

A potentially sensitive US Army iOS app is among thousands of iOS and Android apps to include user-profiling code from a Russian company that pretended to be an American one – raising both privacy and security concerns.

The Centers for Disease Control and Prevention (CDC) also used the code in seven of its apps. Both organizations have now removed the code, but it remains present in thousands of other apps

expand full story

Security Stories November 8

The major US carriers have been working to increase account security to prevent a notorious hack fraudsters use called SIM swapping (or port-out scam). However, Verizon offers something beyond the competitors with its “Number Lock” feature. Read on for how to stop SIM swap attacks on iPhone.

expand full story

Security Stories October 27

Along with announcing its new Lockdown Mode feature this past summer, the company mentioned an upgraded bounty program, a donation to fund ethical security research, and more. Now Apple Security Research has officially launched with a dedicated website, blog, details on the bounty changes, applications open for the Research Device Programs, and more.

expand full story

Security Stories October 26

If you haven’t yet updated to iOS 16.1, you may want to do it sooner rather than later: Among the changes is a patch to a zero-day vulnerability. Apple says that exploits may be in active use.

The security vulnerability is of a type often exploited by hackers to enable them to run malicious code on targeted devices …

expand full story

Security Stories October 21

Security researchers have found a surprising method for exposing location data in otherwise secure messaging apps WhatsApp, Signal, and Threema.

While the method sounds imprecise, tests showed that it provided greater than 80% reliability …

expand full story

Security Stories October 12

A security researcher back in August found a significant flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue.

The first problem was that opening a VPN app should close all existing connections, but didn’t. The second is that many Apple apps send private data outside the VPN tunnel, including Health (above) and Wallet …

expand full story

Security Stories October 10

Update: The names of the apps are now known. Apple has removed them from the App Store, but the apps also need to be removed from devices – see the list added to the end of the piece.

Meta has issued a Facebook security warning to around one million users that their login credentials may have been stolen by scam apps. While most of the apps were Android ones, 47 of them were iOS apps found in Apple’s App Store

expand full story

Security Stories October 3

A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.

It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …

expand full story

Security Stories September 30

Use two-factor authentication (2FA) at all these websites

We imagine no 9to5Mac reader needs to be told to use two-factor authentication (2FA) security wherever possible, but how do you know which websites support it … ?

Security Stories September 26

One of the important new features in iOS 16 is Safety Check. Designed as a tool for those at risk for domestic abuse or similar situations, Safety Check for iPhone lets users immediately revoke location access others have – including apps – and also walks through a security review.

Brought to you by Mosyle, the only Apple Unified Platform. Mosyle fully integrates 5 different applications on a single Apple-only platform. Businesses can automatically deploy, manage & protect all their Apple devices. Request a FREE account to learn how to put your Apple fleet on auto-pilot at a price point that is hard to believe.

expand full story

Security Stories September 16

An Uber hacker who has gained access to a number of the company’s internal systems, including its Slack channels, claims to have full control of the company’s cloud-based servers and more. This includes the company’s servers on both Amazon Web Services and Google’s GSuite.

Incredibly, the attack appears to have mimicked the one back in 2016, which compromised the personal data of 57 million. This suggests that Uber failed to fix a massive security hole, enabling the same attack to be made six years later …

expand full story

Security Stories September 15

Smart home cybersecurity could become mandatory in Europe, with ongoing support

Smart home cybersecurity is a growing concern, as more Internet of Things devices come onto the market. Now the European Union wants to give device makers a legal obligation to ensure their products are safe from hackers, and to update them as needed to keep them that way …

Security Stories September 13

Even if you like to wait for new iOS and macOS updates to settle down before you take the plunge, you will want to update your iPhone and Mac asap, even if you opt to remain on iOS 15 for now. On iPhones, Apple is offering a choice between iOS 15.7 and iOS 16 when you update.

An update is urgent because iOS 15.7 (and iOS 16) and macOS Monterey 12.6 fix zero-day security vulnerabilities, which Apple says may currently be in active use by attackers …

expand full story

Security Stories September 7

Ring doorbell security has been a source of controversy for some time, but the company finally appears to be taking privacy issues seriously. It is now supporting end-to-end encryption of video footage for wireless as well as wired products.

The change will finally address security flaws which have been highlighted as far back as 2019 …

expand full story

Security Stories August 31

Apple is frequently releasing new updates to its operating systems with bug fixes and security improvements. In addition, macOS also has a system that lets Apple silently deliver anti-malware protections to Mac computers. And according to a recent research, the company this year introduced major under-the-hood security updates to macOS.

expand full story

Security Stories August 26

A DoorDash hack has been confirmed by the company, with full customer contact details exposed by the security breach: name, address, and phone numbers.

Separately, LastPass has also confirmed an attack on its own systems, but says it doesn’t believe that any user data was obtained …

expand full story

iPhone Lockdown Mode is an extreme form of security designed to protect people who might find themselves targets of state-sponsored spyware, like Pegasus. However, a privacy activist says it also makes it easy for a website to detect when someone is using it – and has demonstrated this.

So what is designed to be protection against rogue governments could actually end up helping them identify people who may be of interest …

expand full story

Security Stories August 25

How to check who can see your iPhone location

Apple holds privacy and security as two of its core values and it has detailed resources on how to protect your devices, accounts, and personal safety. Follow along for a look at the recommended steps to check who can see your iPhone location including how to make sure no one can track you.

Shown off at this year’s Def Con is an unassuming and powerful hacking tool, the O.MG Elite cable. With the physical appearance of a standard Lightning or USB-C cable, the hidden modifications mean this cable can log keystrokes, perform attacks, and even transmit data stealthily from air-gapped devices with its own WiFi network.

expand full story

A Twitter investigation has been announced by the Senate Judiciary Committee, following claims of “extreme” security failings at the social network. The claims were made in an 84-page report by the company’s former head of security, Peiter Zatko.

Concerns have been expressed about the national security risks of bad actors being able to fake tweets from the accounts of world leaders and major media organizations …

expand full story

Powered by WordPress VIP