Security Stories April 17

Evernote’s Mac app could have allowed remote code execution; now fixed [Video]

Evernote’s Mac app had a vulnerability that could have allowed an attack to remotely launch malicious code …

Security Stories April 8

In yet another abuse of the enterprise distribution program, security analyst Lookout has identified apps (via TechCrunch) that were pretending to be published by cell carriers in Italy and Turkmenistan. The apps were available for iPhone users to download through Safari as they were signed by an enterprise certificate. These apps used carrier branding and pretended to offer utilities for the users’ cell plans when in reality they would ask for every permission they could to track location, collect contact, photos, and more, and had the capability to listen in on users’ phone conversations.

Apps using enterprise certificates are not available through the App Store, but malicious criminals can target iOS users through Safari (perhaps with a phishing attack-esque email) and get people to download the app over the web, outside of the purview of the App Store review process.

expand full story

Security Stories April 3

Facebook caught exposing millions of private records from users on Amazon servers

In the latest security gaffe for Facebook, millions of private records from the platform’s users have been found unprotected on Amazon’s cloud servers.

Security Stories March 21

Two zero-day Safari exploits found, one allowing complete takeover of Mac

White-hat hackers at a security conference in Vancouver have found two zero-day Safari exploits, one of which allowed them to escalate their privileges to the point that they were able to completely take over the Mac …

Microsoft is renaming its Windows Defender antivirus software to Microsoft Defender Advanced Threat Protection (ATP), and bringing it to macOS for the first time.

While Macs are significantly less vulnerable to malware than Windows machines, they are not immune. Examples include fake Flash Player installers and cryptocurrency-stealing browser exploits and apps

expand full story

Sylvania HomeKit Light Strip

Security Stories March 11

Apple is one of a number of high-profile companies which had corporate data exposed through their Box accounts, an enterprise cloud storage service.

In all, cybersecurity firm Adversis found that data from more than 90 companies was exposed …

expand full story

Powered by WordPress.com VIP