While AT&T, Verizon, T-Mobile, and Sprint are often battling for an edge over each other, the major US carriers have come together to create a new approach to password management as well as a more secure 2FA solution. Named Project Verify, the new collaboration has the goal of replacing individual passwords with an approach that offers more security and a simpler user experience.
A security researcher who found a security hole in Safari says that Apple has still not fixed it, more than three months after he informed the company. The same vulnerability was present in Microsoft’s Edge browser, but the company issued a patch a month ago …
[Update 9/10 4:50 am PT: The certificate issued for the domain drcleaner.com is registered as Trend Micro, Inc. Also, the domain where the data is uploaded to is a subdomain of trendmicro.com, this means the apps are in fact distributed by Trend Micro, Inc.]
[Update 9/9 7:46 pm PT: The apps discussed in this article have been removed from the Mac App Store.]
When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice about doing it. It looks like we’re seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data – especially browsing history – and upload it to their analytics servers.
Today, we’re talking specifically about the apps distributed by a developer who claims to be “Trend Micro, Inc.”, which include Dr. Unarchiver, Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” account on the Mac App Store collect and upload the user’s browser history from Safari, Google Chrome and Firefox to their servers. The app will also collect information about other apps installed on the system. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer’s servers.
[Update 8:54 am PT: Apple has pulled Adware Doctor from the Mac App Store. See below for more.]
Adware Doctor, the number one paid utility in the Mac App Store, is secretly logging the browser history of users, and sending it to a server in China.
Security researcher Patrick Wardle says that he notified Apple of this a month ago, but the malware app still remains available in the Mac App Store today …
A ‘sophisticated’ attack on British Airways’ mobile app and website has exposed the names, email addresses and full credit card details of 380,000 customers.
Of particular concern is the fact that the attackers captured the three-digit CVV security codes on the backs of cards, something that should not normally be possible …
mSpy, a company which makes spyware used by suspicious parents and partners to spy on iPhone usage, has accidentally exposed millions of private records on the web. Data exposed includes passwords, text messages, contacts, call logs. notes and location data …
Thieves have raided the fifth Bay Area Apple Store in less than two weeks, grabbing around $50,000’s worth of display products in less than 30 seconds.
It’s also the fourth time that this particular store has been robbed …
More than a dozen tech giants are meeting today to discuss countermeasures for state-sponsored disinformation campaigns on their platforms during the run-up to the 2018 midterm elections …
T-Mobile has disclosed that hackers gained access to the personal data of some two million of its customers.
Compromised information includes names, zip codes, phone numbers, email addresses, account numbers and account types …
Facebook’s former security head, Alex Stamos, has said that it is now too late for America to prevent foreign interference in this year’s midterm elections. Stamos left Facebook earlier this month, reportedly unhappy with the limited transparency of the company in disclosing Russian abuse of the platform …
Security researchers at Versprite have identified security flaws in Airmail for Mac that can expose private data, including an entire account’s email database. The attack requires a user to open a maliciously crafted email and tap a link inside the message. With a combination of technical exploit and phishing attack, it seems like a significant problem.
Yesterday, we reported on a hacking incident by an Australian teenager, who downloaded about 90 GB of data from Apple servers.
Apple has given a statement to the press that confirms no personal customer data was exposed or compromised in this incident.
An Australian high school student repeatedly hacked into Apple servers, succeeding in downloading 90GB of what were described as ‘secure files.’ The teenage boy also reportedly accessed customer accounts …
Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer …
Hundreds of Instagram users are reporting that their accounts have been hacked, locking out their owners, with a number of the incidents pointing to a possible Russian link …
The Australian government has today proposed a new law which would require tech companies like Apple to give authorities access to encrypted data on receipt of a warrant. Failure to comply would leave the company liable to fines of up to A$10 million ($7.3 million), and potential jail time.
Apple does already comply with court orders demanding access to encrypted data where it has the means to do so and is satisfied that doing this is legal, but cannot do so for Messages and FaceTime …
Security research and former NSA staffer Patrick Wardle says that he will demonstrate on Sunday a set of automated attacks against macOS High Sierra, in which he is able to bypass security checks.
The checks are ones that ask the user to confirm that an app should be granted permission to do things like access contacts or location data …
A security researcher employed by Google has suggested that Apple should pay almost $2.5M to charity in return for reporting the iOS bugs he has discovered …
Security researchers at the Black Hat conference in Las Vegas have demonstrated a method of taking control of a brand new Mac as it makes its first Wi-Fi connection.
A vulnerability in the way Macs handle Mobile Device Management allowed them to install unlimited malware on the machine prior to its owner even seeing the desktop for the first time …
Even many tech-savvy people are failing to take advantage of the opportunity to use two-factor authentication for websites and apps, found an Indiana University study …
Security researchers have discovered that it’s possible for hackers to change both the content and the sender of a WhatsApp message after you’ve received it …
Comcast Xfinity customers are the latest to be affected by lax online security. According to a report from BuzzFeed News, more than 26.5 million customers had their partial home addresses and social security numbers exposed…
Researchers funded by the Department of Homeland Security say that they have discovered major security vulnerabilities likely to affect millions of US smartphones …
November’s midterm election will be the first time it’s ever been possible for US citizens to vote using a smartphone app.
Despite an extremely limited rollout, and tests revealing no issues, some election officials and security experts have expressed horror at the potential risks …