Security

Although the previous White House incumbent threatened a US TikTok ban and then quietly dropped it, the idea never quite went away. A new report says that fresh meetings have taken place between Bytedance, the Chinese owner of the app, and US government officials.

Things kicked off back in the summer of 2020 when the previous administration said that it was considering the possibility of banning TikTok over unspecified security concerns that data could be used by the Chinese government. Since the app uses very little personal data, the nature of these fears was not explained …

On Thursday, Apple publicly released iOS 16.6.1, which brings no new features but fixes security vulnerabilities, as we previously reported. Interestingly, we now know that iOS 16.6.1 also fixes an exploit used by Pegasus spyware.

This year we’ve seen a powerful new malware launch called Atomic macOS Stealer (AMOS) that specifically targets Apple users. Now in the latest development, AMOS has been found in malicious ads for Google searches. Here’s how to avoid this threat and help others do the same.

The future of iMessage in the UK had seemed in doubt, as the British government was demanding that the company break end-to-end encryption to allow messages to be scanned. Apple had said that it would withdraw iMessage from the UK rather than compromise user privacy.

WhatsApp and Signal had similarly threatened to withdraw their messaging apps from the UK, but the government has now done a U-turn, while issuing a meaningless, face-saving statement …

Update: The MTA flaw has been eliminated, but the Apple Pay question remains. See the end of the piece.

An inexcusable NYC subway security flaw has been revealed, allowing anyone with knowledge of a user’s credit card number and expiry date to track all journeys made within the past seven days.

But what’s far more concerning is that the vulnerability applies to journeys where Apple Pay was used to tap into stations, despite the fact that this should be completely impossible …

Just under a year ago, Apple launched a new Security Research hub along with an upgraded bug bounty program, updates to the Security Research Device Program, and more. Starting today for a limited time, Apple has opened up applications for next year’s Security Research Device Program. Here’s how to apply.

Apple says that plans to increase the scope and powers of the UK’s Investigatory Powers Act is “a serious and direct threat to data security and information privacy” – not just to British citizens, but to all tech users worldwide.

The company says that the British government is trying to make itself “the de facto global arbiter of what level of data security and encryption are permissible” after a report last week noted that companies like Apple could be banned from issuing security updates without permission …

Everyone in the tech industry facepalms almost every time legislators try to pontificate on technology, but the British government appears to be trying to set a new record. After putting iMessage and FaceTime at risk, the government is now suggesting that it might ban some Apple security updates.

Under the latest plans, tech companies would need to notify the British government before rolling out a security fix but might be refused permission if it blocks a vulnerability that’s being exploited by security services…

macOS has a number of built-in tools to detect Mac malware, with Background Task Manager added to the defenses last year. However, a security researcher says that this can be trivially bypassed, and that Apple failed to act on his recommendations to fix it.

Patrick Wardle presented his findings at the Defcon hacker conference, making the unusual decision to do so without advising Apple ahead of time …

Following its 2023 State of Malware report back in February, Malwarebytes is out with its yearly State of Ransomware study. As attacks continue to grow, the US saw 7 times more ransomware incidents than the second most attacked country. Here are the details of what the report found.

Cybersecurity firm Guardz has found Russian hackers offering for sale a Hidden VNC tool specifically designed to give attackers full access to Macs. It follows a similar tool for accessing Windows PCs, and is geared to stealing personal data and logins.

The HVNC (Hidden Virtual Network Computer) is being sold on the dark web, and as a sign of good faith that the tool works as claimed, the hackers have deposited $100K in an escrow account …

Coming on the heels of ShadowVault, a new infostealer malware dubbed “Realst” is being implemented into fake blockchain games by cybercriminals in a massive campaign targeting Windows and macOS users, including those on macOS 14 Sonoma.

Apple has released iOS 16.6 today for everyone and while the update doesn’t come with new user-facing features, it has over a dozen important security fixes. And notably, two of the fixes are for actively exploited flaws.

As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly found a zero-day exploit in Google Chrome – and that bug was never reported to Apple by that person.

The White House has announced a plan intended to improve the security of smart home tech. The government will test everything from smart speakers to Wi-Fi routers, awarding a US Cyber Trust Mark logo to products which pass the tests.

The National Institute of Standards and Technology (NIST) will set the standards to be met, and the Federal Communications Commission (FCC) will manage the program …

The Russian security service, the FSB, has extended its earlier ban on the use of iPhones. The latest ban applies to thousands more government workers, and now includes iPads and Macs.

The FSB has repeated its earlier claims that Apple has provided the NSA with a backdoor into its devices, allowing US security services to spy on Russian officials …