Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
Apple patched the vulnerability; everyone needs to update their OS immediately.
News articles on the exploit.
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
A zero-click spyware exploit made Apple scramble to protect its users but the end is nowhere in sight.
The post Zero-Click Apple Patch Addresses Vulnerability. Should You Be Worried? appeared first on Adam Levin.Read More Zero-Click Apple Patch Addresses Vulnerability. Should You Be Worried?
A Walmart press release says it’s jumping aboard the cryptocurrency bus – but is it true? Theranos’s Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?
All this and much mo…Read More Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood
Bugs! So many bugs! Latest episode – listen now…Read More S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]
Apple’s iPhone 13 Pro series, announced today, brings major improvements in connectivity, performance, camera and display. The 6.1-inch iPhone 13 Pro and the 6.7-inch Pro Max use the same design as the iPhone 12 Pro. Not that this is a problem – the phone still looks stunning with its shiny steel band and matte glass […]
The post Apple iPhone 13 Pro and iPhone 13 Pro Max are here first appeared on IT World Canada.Read More Apple iPhone 13 Pro and iPhone 13 Pro Max are here
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.Read More Microsoft Patch Tuesday, September 2021 Edition
Double trouble: two zero-days, patched in the same emergency update. So please don’t delay – patch today!Read More Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!
Apple released security updates trying to solve two zero-day vulnerabilities that were exploited in the wild to attack iPhones and Macs. The flaw in the latest Apple software release facilitates Pegasus Spyware to be installed on the above-mentioned de…Read More Apple IOS Zero-day Vulnerabilities Running Rampant in 2021
The University of Toronto’s Citizen Lab found the vulnerability it says was used to implant the Pegasus spyware of NSO Group
The post Apple patches zero-click vulnerability discovered by Canadian researchers first appeared on IT World Canada.Read More Apple patches zero-click vulnerability discovered by Canadian researchers
Hashtag Trending September 14- Apple VS Epic Games; Google employee allegations; Litecoin declines after fake newsRead More Hashtag Trending September 14- Apple VS Epic Games; Google employee allegations; Litecoin declines after fake news
Summer vacations are coming to a close and, for many, the children are finally going back to school providing some quiet time. I hope everyone is well rested because the fall is already shaping up to be a busy time. Microsoft has released Server 2022 a…Read More September 2021 Patch Tuesday forecast: It’s new operating system season
Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network.
I blogged about a previous prototype here.
OWC announces Jellyfish Manager 2.0. The Jellyfish Manager is the modern interface between the user and the Jellyfish by OWC. It gives post-production teams the tools they need to be self-reliant and frees up IT teams to stay focused on their day-to-da…Read More OWC Jellyfish Manager 2.0 offers deeper analytics and cloud backup integrations for server administration
Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government.
These are particularly scary exploits, since they don’t require to victim to do anything, li…
Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts. Today’s Coffee Briefing is delivered by IT World Canada reporter Pragya Sehgal, with files from the rest of the editorial team! Missed last week’s Coffee Briefing? We’ve got you covered. What’s new this week Global logistics platform firm announces expansion in Canada […]Read More Coffee Briefing, August 31, 2021 – Global logistics platform firm expands in Canada; Apple’s News Partner Program; a podcast roundup; and more
A 40-year-old man has agreed to plead guilty to US court charges that he broke into thousands of Apple iCloud accounts and stole hundreds of thousands of images and videos of young women.
Read more in my article on the Hot for Security blog.Read More Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts
Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.
Good op-ed from a group of Princeton researchers who developed a similar system:
Read More More on Apple’s iPhone Backdoor
Our system could be easily repurposed for surveillance and censorship. The design wasn’t restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser…
Apple announces its plan for detecting child sexual abuse images on users’ iPhones and Macs.
But it’s unlikely to be welcomed by those who hold privacy close to their hearts.Read More Scanning for Child Sexual Abuse Material (CSAM) on iPhones
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.
The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity
Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and conta…Read More How Hidden Vulnerabilities will Lead to Mobile Device Compromises
The tech giant says it has security safeguards in place. But these tracking devices can be hacked and put to other nefarious purposesApple has launched the latest version of its operating system, iOS 14.5, which features the much-anticipated app tracki…Read More How Apple’s AirTag turns us into unwitting spies in a vast surveillance network
Latest episode – listen now!Read More S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
The researchers from Sophos declared that they received a tip-off relating to a fake mobile trading app, this tip leading to the discovery of a server containing “hundreds” of malicious trading, banking, foreign exchange, and cryptocurrency…Read More Fake Android and iOS Malicious Apps Might Be Stealing Your Money
Facebook says it’s sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” pod…Read More Smashing Security podcast #227: Phishing foul-up, Twitter tip jars, and Facebook’s Apple fury
Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after…Read More How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone
All that glisters is not gold/Often have you heard that told/Gilded tombs do worms enfoldRead More Beware fake online trading apps, on iOS as well as Android
Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them. The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today (via The 8-bit) that […]
The post Researcher hacked Apple AirTag two weeks after its launch appeared first on Security Affairs.Read More Researcher hacked Apple AirTag two weeks after its launch
Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […]
The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.Read More Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015
Ooooh, look! A shiny button-like object!Read More Apple AirTag jailbroken already – hacked in rickroll attack
Latest episode – listen now! (And please share with your friends.)Read More S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]
DataStax announced that K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes, is available on any Kubernetes environment including distro-specific integrations for Amazon Elastic Kubernetes Service (Amazon EKS), Google Kubernetes En…Read More DataStax K8ssandra now available on any Kubernetes environment
Don’t delay. Get these updates today.Read More Apple products hit by fourfecta of zero-day exploits – patch now!
A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that “may have been actively exp…Read More Apple fixes four zero-days under attack
Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS. The WebKit browser engine is […]
The post Apple addresses three zero-day flaws in its WebKit browser engine appeared first on Security Affairs.Read More Apple addresses three zero-day flaws in its WebKit browser engine
Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. […]Read More Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021.Think Before You LinkedIn!Business social media platform LinkedIn is being exploit…Read More Cyber Security Roundup for May 2021
Apple just patched a MacOS vulnerability that bypassed malware checks.
Read More Serious MacOS Vulnerability Patched
The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard application metadata file called “info.plist,” he could silently run the app on any Mac. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Are you sure you want to open it?”…
Listen now – latest episode – lots of fun but with a serious (and educational!) side.Read More S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]
Apple has released a brand new update for its macOS Big Sur operating system, and you really should install it.
Amongst other fixes, Big Sur 11.3 patches a zero-day vulnerability that could allow an attacker to craft malicious payloads that will not…Read More Update your Macs! Malware attacks can exploit critical flaws in Apple’s built-in defences
With the release of iOS 1.45 app developers have to give users the option of not being tracked across third-party applications and websites
The post Apple’s anti-tracking capability praised by Canadian expert first appeared on IT World Canada.Read More Apple’s anti-tracking capability praised by Canadian expert
Here’s the latest Naked Security talk – watch now!Read More Naked Security Live – Just how (un)safe is AirDrop?
Researchers say they reported what they consider to be a privacy hole to Apple in 2019, but never heard back. They worked on a fix anyway.Read More Apple AirDrop has “significant privacy leak”, say German researchers
Users of Apple products have long loved the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks.
But researchers have discovered that security weaknesses could allow an attacker to ob…Read More Apple AirDrop flaws could let hackers grab users’ phone numbers and email addresses
Apple’s all-in on its homebrew M1 chips. It’s now inside iMacs and iPad Pros.Read More New Apple iMac and iPad Pros now use the M1 chip
The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security.
Read More Details on the Unlocking of the San Bernardino Terrorist’s iPhone
Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person…
Let’s get to the point immediately: if you use an Apple Mac system, it doesn’t mean that you…
The post Cyber threats against Macs are increasing! Are you prepared? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
As an avid smartphone user, do you get frustrated at not finding the app you want on the…
The post The risks of downloading apps from unauthorized app stores appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
For public health officials, contact tracing remains critical to managing the spread of the coronavirus — particularly as it appears that variants of the virus could be more transmissible. The need for widespread contact tracing at the start of t…Read More Researchers propose more secure and private mobile contact tracing
A new macOS malware known as Silver Sparrow has silently infected almost 30,000 Mac devices with malware whose purpose is a mystery. […]Read More New Silver Sparrow malware infects 30,000 Macs for unknown purpose
Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […]
The post Silver Sparrow, a new malware infects Mac systems using Apple M1 chip appeared first on Security Affairs.Read More Silver Sparrow, a new malware infects Mac systems using Apple M1 chip
Security and privacy are a big selling point for Apple. The company has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of. Ne…Read More Apple details major security, privacy enhancements in its devices
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […]
The post Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning appeared first on Security Affairs.Read More Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning
Over the past decade, the firms that make up the so-called Big Tech have captured enough of the global economy to resemble industrial cartels from a bygone era. Amazon, Apple, Google, Facebook, and Microsoft form behemoths within their respective marke…Read More Big Tech will try to pre-empt harsh privacy laws by writing their own
Linux and Unix operating systems require regular patching like any IT system, but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected.CVE-2021-3156 sudo VulnerabilityLast we…Read More The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)
New episode – listen now!Read More S3 Ep18: Apple emergency, crypto blunder and botnet takedown [Podcast]
2020 will be remembered for a lot of sweeping changes and online classes are definitely on top of…
The post Don’t let your kids’ online classes be disrupted by cyberattacks! appeared first on Quick Heal Blog | Latest computer security news, tips, and…
Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwordsDozens of Al Jazeera journalists allegedly hacked using Israeli firm’s spyware For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a co…Read More iPhones vulnerable to hacking tool for months, researchers say