Security

A succession of T-Mobile data breaches saw millions of customers have their personal data exposed. The company has now been fined $15.75M, and has agreed to spend the same amount again on upgrading its security.

The Federal Communications Commission (FCC) says that the combination of fine and promised security enhancements represents a model for future handling of such incidents …

Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct interaction. They patched it promptly once being alerted to it, and the details of the vulnerability were disclosed last week.

macOS Sequoia screen recording permission reminders can now be permanently vanquished, thanks to a new pay-what-you-like app.

Apple’s new security feature was intended to make Macs safer, by reminding us that we’d granted a powerful and potentially dangerous permission to an app, but many experienced users simply found it irritating …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

On Monday, Apple released its latest iteration of Mac’s operating system, macOS Sequoia. The new update introduced tighter control over app permissions and an overhaul to Gatekeeper, among other features. However, according to TechCrunch, it now appears to be disrupting security tools made by CrowdStrike, SentinelOne, and Microsoft. Social media users are also reporting connection failures with third-party VPNs.

Update (10/2): Thursday’s release of macOS 15.0.1 fixes the underlying networking issues that plagued certain security software in the initial release of macOS 15.

Discord end-to-end encryption (E2EE) is rolling out today for both audio and video calls. You can update to the latest mobile and desktop apps to get access to the privacy protection today.

There are, however, some exceptions to strong encryption, which result from a mix of technical limitations and Discord policy …

Security researchers came up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls.

They’ve put together a YouTube video (below) to demonstrate how tracking the avatar’s eye movements accurately detects the virtual keys the Vision Pro user is looking at when typing …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In a recent web update, Apple made changes to its security releases page to better organize prior years’ security updates and Rapid Security Responses. The company also cleverly included a subtle nod to its Security Bounty Program.

If you’re an IT admin, you’ve got a lot on your plate. Managing the entire user lifecycle can feel like a complex laundry list of manual tasks: switching between systems, provisioning access, configuring and retrieving laptops, resetting passwords, and enforcing security policies. 

A security researcher has discovered a phishing attack intended to fool iPhone users into installing what is claimed to be an update to their banking app.

The attack works despite iOS protections because what is actually being ‘installed’ is a progressive web app, which involves no App Store vetting or warnings …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

You’ve heard it time and time again–cybercrime is on an unpredicted rise. This encompasses everything from malware to online scams to intellectual property theft. And if you’re anything like me, it’s increasingly hard to grasp the exponentially climbing figures (hence the title of this week’s column). If the day ends in y, there’s some sort of data leak or hack in the news.

And it is Sunday, after all…

In today’s Security Bite, I want to again shed light on a recent Statista Market Insights survey that predicts the annual cost of cybercrime globally will reach $10.29 trillion by 2025. For perspective, that’s more than one-third of the United States’ GDP, which sits at $25.44 trillion as of writing.

Security researchers have discovered new macOS malware that’s built to steal your most sensitive data. Dubbed ‘Cthulhu Stealer,’ the malware targets users by impersonating popular apps so it can harvest your system password, iCloud Keychain passwords, cryptocurrency wallets, and more.

Hard as it may be to imagine, the massive data leak – which appears to include the personal data of everyone in the US, UK, and Canada – was even worse than we thought.

In a truly epic security fail, the same data was hosted by a partner company which managed to publish its own passwords, enabling absolutely anyone to access the data …

A vulnerability found in Microsoft apps for macOS allowed hackers to spy on Mac users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the exploits.

T-Mobile has been fined $60M for failing to prevent unauthorized access to sensitive data, and for further failing to report the failure.

Unusually, the fine was levied by the Committee on Foreign Investment in the US (CFIUS), and is the largest fine it has ever issued …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Last week, Apple confirmed that users on macOS Sequoia will no longer be able to Control-click to override Gatekeeper to open software that isn’t signed or notarized by the company. This was a slight change with what I believe will have a significant impact. It also gives us a glimpse into what might happen behind the scenes at Apple as Mac malware gets more clever and the amount of it reach all-time highs.

A new regime of repeating macOS Sequoia permission prompts have been described as “a subscription you didn’t buy and can’t cancel.”

An Apple ad once made fun of the endless stream of permission requests in Windows Vista, but some are suggesting that Sequoia is now every bit as bad …

1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key.

A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited.

However, the issue would be very easy for the company to fix, so this will almost certainly be done before the public launch …

Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, but Apple has already confirmed that it will fix this with macOS Sequoia.

Apple continually updates and refines its security protections across all its software. In macOS Sequoia, there’s a small change coming that makes it harder to run certain apps. Here’s what you need to know.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A leading cybersecurity firm, Picus Security, has released its annual Blue Report study that analyzes the state of exposure management at organizations. The study uses 136 million simulated cyberattack scenarios executed by Picus customers from January to June 2024 to assess the effectiveness of security measures on Windows, Linux, and macOS systems in an organization’s environment.

In this year’s Blue Report 2024, Picus revealed a massive gap in macOS Endpoint Detection and Response (EDR) misconfigurations leading to vulnerabilities.