Security

The CrowdStrike aftermath is seeing IT teams around the world struggle to restore the 8.5 million Windows PCs taken out by the bug. The mess included thousands of flights cancelled, health centers unable to make appointments, retailer payment terminals down, and even some 911 services unavailable.

Macs weren’t affected thanks to protections put in place by Apple, but Microsoft has reportedly claimed that antitrust law means it’s unable to take the same approach …

The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.

Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …

A huge mistake by cybersecurity company CrowdStrike has caused a global IT outage on a massive scale, with airlines, banks, health services, and more affected – including some 911 centers.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there …

Leaked documents reveal that Cellebrite can’t unlock iPhones running iOS 17.4 and later, at least as of the date of publication (April 2024). The company has confirmed that the documents are genuine.

Cellebrite devices, which are widely used by law enforcement agencies, can crack most Android phones, though there are exceptions …

A statement reveals that the FBI accessed the locked phone of Thomas Matthew Crooks, the shooter at the Trump rally. There were unconfirmed reports that the device was an iPhone, but it was subsequently revealed to be a Samsung device.

The FBI said on Sunday that attempts to access the phone had not been successful, but just one day later stated that it has now succeeded …

More details are coming to light about the AT&T hack, which saw the personal data of around 110M customers compromised – including records of who they called and texted.

It’s reported that the carrier made a Bitcoin ransom payment in return for the hacker deleting the data, and that public disclosure of the security breach was delayed for two months in response to a request from the FBI …

A massive AT&T data breach has seen hackers able to steal the personal data of almost every customer the company has – a total of some 110 million Americans.

In an incredible security fail, the stolen data includes not only customer phone numbers, but also records of who contacted whom – a potential privacy minefield …

Apple has warned a significant number of iPhone users across 98 countries that they appear to have been targeted by “mercenary spyware attacks” which could compromise almost all the personal data on their devices.

The company says it can never be 100% certain in its conclusions, but has a high degree of confidence that it is correct, and urges message recipients to take the security warning seriously …

Scams like phishing and social engineering are continuing to grow with some specifically targeting Apple users. With that in mind, Apple has shared a new support document with official tips on how to protect your Apple ID and other online accounts, how to spot and report scam emails, calls, and more.

Apple users are being warned to be alert to smishing texts – the name given to phishing attacks carried out by sending SMS messages – trying to capture login credentials for Apple IDs.

The links direct to a fake iCloud page, and for 9to5Mac readers this is really one to warn your friends about …

Microsoft staff in China have been told that they must use an iPhone for authentication when logging in to company systems. From September, the use of Android smartphones as multi-factor authentication devices will be banned.

This will create a situation where an Apple device will be required despite the fact that staff are using Windows PCs …

It is a long-standing misconception that Macs are impervious to malware. This has never been the case. And while Apple might secretly hope people continue the preconceived notion, Mac users continue to be caught off guard by cybercriminals whose attack methods are becoming increasingly sophisticated. Below, you’ll find the most common macOS malware strains in 2024…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Apple Intelligence privacy is stronger than that of any other AI company, but even its security protections aren’t perfect once ChatGPT gets involved.

That’s the argument made by the security chief at Inrupt, the privacy-focused company co-founded by the inventor of the world wide web, Tim Berners-Lee …

An attacker has obtained the phone numbers of 33 million users of the popular 2FA security app Authy, exposing them to an increased risk of phishing attacks.

Developer Twilio has confirmed the claim, and asked customers to take two precautions …

Millions of iOS and macOS apps have been exposed to a security breach that could be used for potential supply-chain attacks, says an ArsTechnica report based on research by EVA Information Security. The exploit was found in CocoaPods, an open-source repository used by many popular apps developed for Apple platforms.

Some Wise customer data was likely to have been obtained by the hackers behind the Evolve data breach back in May.

Multiple additional fintech firms may also be affected by the cybersecurity attack, and it’s possible that personal data may be leaked if companies refuse to give in to ransom demands …

If there’s one type of company you definitely don’t want to see left vulnerable to hackers it’s an identity verification service with access to photo ID documents like driver’s licenses – but that’s exactly what appears to have happened with AU10TIX.

The cybersecurity company’s past or present clients include PayPal, Coinbase, X, TikTok, Uber, LinkedIn, Upwork, and Fiverr …

We’ve seen carriers and the FTC work to reduce the problem of robocalls in recent years but imposter calls remain a top scam. Want to protect yourself and your family? Incogni makes removing your personal information from the web and blocking spam calls easy.

Apple has fixed a Vision Pro bug which would have allowed a website to fill your room with an unlimited number of virtual 3D objects. Those objects – flying bats in the proof of concept – would then persist even after you quit Safari.

The bug was discovered by a cybersecurity researcher who says Apple took a lot of care to protect against this type of exploit, but it forgot one thing …

Both the EU and Australia have backed down on separate proposals to force tech companies to carry out CSAM scanning within messaging apps, which would have meant breaking end-to-end encryption.

It’s the latest development in the ongoing battle between tech companies and politicians who don’t understand how encryption works …