Security

The Federal Communication Commission announced today its first set of rules designed to reduce the number of scam texts Americans get. The move will require carriers to block texts from three types of numbers plus one more measure which will be a start to tackling the rapidly growing problem.

Apple devices have always been known for their security features, which include the Find My network that has received major updates in recent years. However, a report from The Wall Street Journal on Friday revealed that these features are not enough to prevent thieves from accessing users’ data. With iOS 17, Apple should invest even more in anti-theft security features for iPhone and iPad.

A new report from The Wall Street Journal looks at a recent trend of iPhone thefts that have happened across the US. Instead of just looking to snatch devices, these thieves are watching for passcodes so they can immediately get into iPhones, change Apple ID passwords, access financial accounts, and more. Here’s a look at the risks of using an iPhone passcode in public, how much power the passcode wields, and some steps to keep yourself safer.

Update: Apple has now commented on the findings – see the end of the piece.

Cybersecurity company Jamf Threat Labs has found Mac cryptomining malware in pirate copies of Final Cut Pro. The firm says that the cryptojacking malware was particularly well hidden, and not detected by most Mac security apps.

Jamf also warned that the power of Apple Silicon Macs is going to make them increasingly popular targets for cryptojacking – where malware uses your machine’s considerable processing power to mine cryptocurrencies for the benefit of attackers …

About a month after Apple released iOS 16.3 and macOS 13.2, it detailed additional security fixes that came with the updates. Now Trellix, the team that found two of those flaws for iOS and macOS has revealed more about how they discovered what they’re calling a “large new class of bugs.” While the new exploits were quickly patched by Apple, Trellix says it’s “still exploring” a “huge range” of potential vulnerabilities that could put messages, photos, location data, and more at risk on iPhone and Mac.

Malwarebytes has released its latest report digging into the state of malware in 2023. The findings include recent key security developments, 5 cyber threat archetypes to watch out for this year, what type of malware was found most on Macs, and more.

A cybersecurity company has revealed that hackers obtained data center logins for Apple and other major companies. They were also able to access surveillance cameras remotely, and the privileges they had could even have allowed physical access to servers.

Hackers gained access to two third-party data center companies used by many major companies, and from there were able to obtain customer support logins for Apple, Amazon, BMW, Goldman Sachs, Microsoft, and as many as 2,000 other companies …

Tile is out with a new feature for its item trackers that hopes to reduce trouble with both theft and stalking. The company is calling the new feature Anti-Theft Mode and there are several components to it including an unscannable mode, a new $1 million penalty for misuse, ID verification, and more. The changes follow similar ones made by Apple last year. Here’s how the approaches compare.

Apple Card has a number of security improvements compared to many credit cards with features like the number/expiration date not being printed on the card, control in the Wallet app on iPhone, and a focus on Apple Pay. Today Apple has shared 5 steps to take “right away” to “protect yourself from fraud and make the most of Apple Card’s security features.”

In honor of Safer Internet Day, Apple has shared a list of features and tips to provide a more secure and private experience for kids on devices like iPhone and iPad. Along with 8 ways to stay safer, Apple has highlighted its dedicated educational hub for parents and families plus a new free Today at Apple session called “Your Kids and Their Devices.”

Pegasus spyware journalists Laurent Richard and Sandrine Rigaud were the first to discover an extensive list of specific people being targeted by NSO’s clients. In working on the story, they said they had to take extreme privacy precautions to avoid their own devices being compromised.

One of the major uses of Pegasus has been to silence journalists working on revealing abuses by tyrannical governments, so the risk of their own devices being hacked without their knowledge was very real …

Apple rolled out hardware security key support in iOS 16.3, but what are they, and should you consider using them? Watch my hands-on video walkthrough as I explain why Apple added hardware security key support for Apple IDs, showcase how to use hardware security keys, and answer some frequently asked questions.

This written walkthrough explains a lot about security keys, but the video walkthrough embedded in this post is more in-depth, touches on additional platforms like macOS, and showcases features that I don’t touch on here. If you’re keenly interested in security keys, be sure to give it a watch, and perhaps consider subscribing to the channel for more in-depth analysis.

A member of the Senate Intelligence Committee has called on both Apple and Google to remove TikTok from their respective app stores.

The demand follows growing concerns about the Chinese-owned app, with the video sharing app already banned from US federal government devices, along with those in more than half of US states …

Anker has admitted that its statements about Eufy security camera encryption were not accurate. The smart home brand had previously stated that all video footage is end-to-end encrypted, but has now admitted there was an exception to this (which it has now fixed).

The company only finally came clean about the privacy breach after The Verge threatened to post a story about the company’s failure to answer its questions …

An Apple Maps privacy bug fixed in iOS 16.3 may have allowed apps to collect user location data without permission.

At least one app appears to have done so, and a security reporter has speculated that the same privacy bug could have been exploited by countless apps over an unknown time period …

Apple debuted physical security key support with iOS 16.3 and macOS 13.2. While they work across iPhone, iPad, Mac, and the web, there are some instances when they are not supported, even if successfully set up with one device. Here are 5 ways security keys don’t work with Apple ID.

The main new feature that arrived with iOS 16.3 and macOS 13.2 is support for physical security keys. For those that want to take security up a notch, you’ll need to pick up at least two hardware keys, but which ones to choose? Here are the security keys Apple recommends for iPhone, iPad, and Mac.

Pegasus spyware – a zero-click way of remotely hacking an iPhone, and gaining access to all the personal data stored on it – has been defended by the company’s CEO. NSO chief exec said that the company had made “mistakes” in selling it to repressive governments, but claimed that it now sells Pegasus only to countries to whom the US sells weapons.

A security researcher said that the comparison was bogus, stating that a more reasonable comparison would be selling long-range nuclear missiles …