Security

If you’ve ever wondered whether security cameras and alarms are effective at deterring burglars, the answer is yes – and that comes from a very reliable source: burglars.

KGW-TV asked 86 inmates convicted of burglary what would make them more likely to rob a home, and which things would deter them …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Last week, I received an interesting report from the security research arm of the popular Apple device management software firm Jamf that detailed a serious but now-patched iOS and macOS vulnerability. The finding was under embargo, but today, I can finally talk about it.

Jamf Threat Labs uncovered a significant vulnerability in Apple’s iOS Transparency, Consent, and Control (TCC) subsystem on iOS and macOS that could allow malicious apps to access sensitive user data completely unnoticed without triggering any notifications or user consent prompts.

A newly-released app lets you regularly scan your iPhone for Pegasus spyware – which can access almost all the data on a phone – for a one-off cost of just one dollar.

A mobile security firm created the app, which allows you to scan your iPhone or Android phone and send the results to them for analysis – and they’ve so far detected seven phones infected by the spyware …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.

Popular video conferencing platform Zoom agreed to pay $85M in compensation back in 2021 after it was revealed that the company lied to users about the type of encryption it offered. It has now offered to pay an $18M fine to the Securities & Exchange Commission (SEC) in order to settle an investigation into the same security and privacy issue.

Zoom disclosed the offer in a regulatory filing …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Corvus, one of the leading cyber insurance providers, has published its quarterly Cyber Threat Report for Q3 2024, focused on the shifting ransomware landscape. While the rising number of ransomware attacks should be no surprise to anyone, the report outlines how cybercriminals are becoming more competitive and adopting more aggressive strategies rather than waiting for the next mass-exploit event.

If your iPhone or iPad is too old to run iOS 18, or if you’ve simply held off updating by choice, Apple is still providing key security fixes for you. The latest arrive in today’s iOS 17.7.2 and iPadOS 17.7.2, which are available now.

Apple has released a variety of new software updates today, including iOS 18.1.1 for iPhone users. Here’s what to expect from this latest update.

It’s a little-known fact that before emails reach your inbox, they pass through a buffer designed to scan and block malicious content. However, over time, email providers—especially Gmail—have shifted their focus to just adding “warning labels” to those with suspicious links or attachments. This approach, best described as “beating around the bush” hasn’t reduced threats much at all. Shockingly, 91% of all cyberattacks still originate from emails. So, what gives?

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A recent report by 404 Media revealed that law enforcement agents have been concerned about iPhones automatically rebooting themselves, which makes it very difficult to hack these devices. Security researcher Jiska Classen later discovered that this behavior is caused by a new feature called “Inactivity Reboot,” which has now been reverse-engineered by Classen.

Some six years after virtual private network company NordVPN started searching data breaches for the most-used passwords, things are every bit as bad as when the company started.

Each year, the company searches the dark web for passwords stolen by malware or exposed in security breaches to determine the most commonly-used passwords, and this year’s crop is as depressing as ever …

Apple released a ton of software updates today, including iOS 18.1, macOS Sequoia 15.1, and more. But there was another key software release you may be unaware of. If you’re not yet running iOS 18, Apple’s new iOS 17.7.1 update includes important security fixes for your iPhone.

Today Apple released big new software updates for all its platforms, including iOS 18.1, macOS Sequoia 15.1, and more. Now, the company has released full details on all of the security updates added in those releases. Here’s what you should know.

A UnitedHealth hack exposed the personal information and health data of more than 100M Americans – the first time the company has put a specific number on the security breach.

A ransomware attack was made on Change Healthcare back in February, but it was only yesterday that the company revealed its “unprecedented magnitude” …

Whenever an Apple device generates a strong password for you, the structure of those secure passwords isn’t entirely random.

Instead, Apple created rules specifically designed to make them easier to type if you ever have to do that manually, and to make them briefly memorable …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In possibly a first since the release of macOS Sequoia, cybersecurity researchers have identified a new attack vector that sidesteps the usual “right-click, open” in favor of something rather unusual. In a recent finding shared on social media, this new method involves tricking users into dragging and dropping malicious code (via a .txt file) directly into the Terminal.

It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US.

What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement …

A MoneyGram hack has seen an attacker obtain the personal data of an unknown number of the company’s 50 million money transfer users.

A separate hack of a debt collection company has seen personal data obtained for more than 200,000 Comcast customers, despite previous assurances that this was not the case …

A succession of T-Mobile data breaches saw millions of customers have their personal data exposed. The company has now been fined $15.75M, and has agreed to spend the same amount again on upgrading its security.

The Federal Communications Commission (FCC) says that the combination of fine and promised security enhancements represents a model for future handling of such incidents …

Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct interaction. They patched it promptly once being alerted to it, and the details of the vulnerability were disclosed last week.