Security

Cybersecurity firm Guardz has found Russian hackers offering for sale a Hidden VNC tool specifically designed to give attackers full access to Macs. It follows a similar tool for accessing Windows PCs, and is geared to stealing personal data and logins.

The HVNC (Hidden Virtual Network Computer) is being sold on the dark web, and as a sign of good faith that the tool works as claimed, the hackers have deposited $100K in an escrow account …

Coming on the heels of ShadowVault, a new infostealer malware dubbed “Realst” is being implemented into fake blockchain games by cybercriminals in a massive campaign targeting Windows and macOS users, including those on macOS 14 Sonoma.

Apple has released iOS 16.6 today for everyone and while the update doesn’t come with new user-facing features, it has over a dozen important security fixes. And notably, two of the fixes are for actively exploited flaws.

As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly found a zero-day exploit in Google Chrome – and that bug was never reported to Apple by that person.

The White House has announced a plan intended to improve the security of smart home tech. The government will test everything from smart speakers to Wi-Fi routers, awarding a US Cyber Trust Mark logo to products which pass the tests.

The National Institute of Standards and Technology (NIST) will set the standards to be met, and the Federal Communications Commission (FCC) will manage the program …

The Russian security service, the FSB, has extended its earlier ban on the use of iPhones. The latest ban applies to thousands more government workers, and now includes iPads and Macs.

The FSB has repeated its earlier claims that Apple has provided the NSA with a backdoor into its devices, allowing US security services to spy on Russian officials …

Apple yesterday released an iOS 16.5.1 update to fix a security vulnerability which is being actively exploited by attackers – but then withdrew it again.

The problem, it appears, is that a tiny change in Safari caused a number of websites to break …

Earlier this year, we saw a new malware designed for Macs called MacStealer that can compromise passwords, credit card numbers, crypto wallets, and more. After a second version of that popped up in April, a third advanced Mac malware called ShadowVault macOS Stealer has surfaced. Here’s what it can do and how to protect your Mac.

Back in April, Proton launched a beta for the service that’s been one of the most requested by its users. Now Proton Pass, the end-to-end encrypted password manager has officially launched for all users on desktop and iOS/Android. And there’s even a free version that includes storing unlimited credentials and notes.

Last week, Australia’s prime minister offered some security advice for iPhone users, suggesting that everyone should turn off their iPhone for five minutes every night. On the surface, this may seem like harmless advice for iPhone users, but the reality is quite a bit more nuanced.

In fact, such broad and generalized statements like this one can do a disservice to most people. Here’s why.

Australia’s prime minister has echoed the advice of cybersecurity professionals, in recommending that you turn off your iPhone for five minutes every night.

No, it’s not so you can reduce your daily Screen Time to 23 hours and 55 minutes, but to stop any spyware that may be running in the background on your device …

Coming with the release iOS 16.5.1, macOS 13.4.1, and more today, Apple has shipped two important fixes for security flaws. The updates arrive for devices on the latest public software and those on older versions of its software. Notably, Apple has heard the flaws have been actively exploited.

Earlier today, the Federal Security Service accused the NSA of hacking iPhones of citizens and foreign diplomats in Russia as part of a an espionage operation. Apple has now responded indirectly to Russia’s claim that the alleged operation included close cooperation between the company and the NSA. 9to5Mac has the statement below.

Russia has claimed that the NSA hacked iPhones belonging to both Russian citizens and foreign diplomats based in the country.

More than this, it claims that Apple assisted the NSA by providing backdoor access into iPhones …

The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.

Graphite reportedly has the same capabilities as Pegasus, and the US Drug Enforcement Administration (DEA) is said to be using it …

Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries.

The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked …

An Apple security fix in iOS 15.6.1 back in August of last year was said to close two major security vulnerabilities, one of which could have allowed a rogue app to execute arbitrary code with kernel privileges (aka do Very Bad Things). But it’s now been revealed that the more serious vulnerability wasn’t closed after all.

Apple did succeed in blocking a specific way of exploiting the vulnerability, but didn’t address the root issue until last week’s iOS 16.5 update, some nine months later …