Mac-based malware has appeared on the list of the top ten most common types of malware for the first time in WatchGuard’s quarterly Internet security report. The Mac scareware appeared in sixth place in WatchGuard’s latest Q3 2018 report and is primarily delivered by email to trick victims into installing fake cleaning software. Researchers also found that 6.8 percent of the world’s top 100,000 websites still accept old, insecure versions of the SSL encryption protocol, … More
The post 6.8% of the top 100,000 websites still accept old, insecure SSL versions appeared first on Help Net Security.
Bleeping Computer: WebKit Vulnerability Affects Latest Versions of Apple Safari
“A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple’s Safari, along with other apps on macOS, iOS, and Linux.”
Another month, another set of Apple security updates: if you’re using macOS, iOS, Shortcuts for iOS, tvOS, Safari, and iCloud and iTunes for Windows, it’s time to get patching. The updates The Safari, iCloud and iTunes updates have a lot of overlap – two Safari bugs that can lead to address bar or user interface spoofing, six WebKit issues that can be triggered by the processing of maliciously crafted web content to achieve remote code … More
The post Apple releases security updates for Macs, iDevices, AppleTV appeared first on Help Net Security.
Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won’t believe who was behind a sextortion scam that targeted over 400 members of the US military.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.
Naked Security - Sophos
Apple adds India’s DND app to avoid iPhone ban in the country
Technology giant Apple’s war with the Telecom Regulatory Authority of India (TRAI) has been going on for some time now over the government-approved Do-Not-Disturb (DND) app.
In July, TRAI had threatened to ban iPhones from the country’s mobile networks, if Apple did not approve the DND app by January 2019.
For those unaware, TRAI has designed the Do-Not-Disturb (DND) app, which allows users to report spam marketing as well as promotional messages and calls. While the app has been available on Android since June 2016, Apple had refused to list it on its App Store citing that the app seeks permission to record user’s calls and messages, which is a breach of user’s data privacy.
Now, Apple has finally and quietly introduced the DND app on its iOS App Store, ending the standoff with the telecommunications regulator of India. The app has gone live in the iOS App Store from yesterday, which was confirmed by an Apple spokesperson in India (via VentureBeat).
The ‘TRAI DND – Do Not Disturb’ app allows users to flag unwanted calls and messages. According to some reports, an average person in India receives up to ten unwanted calls and messages in a day.
Once the user registers his or her mobile number, they can use the app to log complaints of unwanted calls and messages, which will be then sent to TRAI. For reported calls, the TRAI will receive information such as caller’s number and time of the call, and all the contents of the SMS for reported SMS.
The description of the TRAI DND app on the App Store reads as below:
TRAI DND App will help consumers to curb unwanted Telemarketing Calls/SMS by reporting to their respective telecom service provider (TSP). With this App, consumers will be able to:
1) Register their mobile number under DND (Do-Not-Disturb)
2) Report spam SMS/Calls, after DND registration.
Registration of mobile number under DND (Do-Not-Register) will take up to 07 days after putting the request with the respective telecom service provider (TSP).
For reporting spam Call/SMS, App will auto-create a complaint registration SMS, for sending it to respective TSP. Complaint registration SMS will be sent to toll-free number 1909.
TRAI DND App will not block any SMS/Calls from authentic businesses/entities that you have subscribed too, e.g your bank, food delivery apps, travel/taxi apps etc. However, the user will be responsible for any loss occurred if they report these Call/SMS.
If you are an iPhone user and wish to download the app, you can click here. In order to install the app, your device should be running the latest version of iOS 12.1.
Apple to make a low-cost streaming dongle, similar to Google Chromecast and Amazon Fire TV
Apple is reportedly planning to launch an affordable dongle similar to Google’s Chromecast and Amazon’s Fire TV Stick, according to a report by The Information, citing people familiar with the development.
Apparently, Apple who is expected to launch its TV streaming service sometime in 2019 will directly take on the likes of Netflix and Amazon Prime.
The service would be available for free to Apple device owners, which includes the Apple TV, iPhone, and iPad. Also, the dongle would be exclusive to Apple TV, iPhones and iPads only.
With the Apple TV costs $149 for the non-4K model and $179 for the 4K model, it does make sense for the company to come up with its own low-priced dongle and get people to subscribe to their streaming service in order to increase its consumer base.
Apple could either bundle the service as a standalone app or within the existing TV app, suggests rumors. It is expected to include a good mix of original programming content, third-party video services as well as the option to subscribe to TV channel packages.
Apple has already spent more than $1 billion to produce its original content for the TV streaming service.
The streaming service will launch in the U.S. first and will later be made available in more than 100 countries after a few months.
The new TV service is expected to launch sometime in 2019 and will include a TV series by the La La Land director Damien Chazelle, a drama starring Reese Witherspoon and Jennifer Aniston, a children’s show, and a science fiction show by Ron Moore among others.
What do you think about Apple’s low-cost dongle? Do let us know your thoughts in the comments section below.
The post Apple Working On TV Streaming Dongle To Take On Chromecast, Fire TV Stick appeared first on TechWorm.
Poor iPhone XS, XS Max sales force Apple to restart production of iPhone X
Apple had halted the production of its 10th-anniversary smartphone, iPhone X to make way for its three new iPhones for 2018 – the iPhone XS, iPhone XS Max, and iPhone XR.
However, Apple has restarted the production of iPhone X in ‘certain markets’ due to poor sales of iPhone XS and XS Max, according to a report by The Wall Street Journal. Apple has also decided to cut production on all new iPhones.
According to WSJ, Apple had agreed to purchase a certain number of OLED display panels from Samsung. However, weak sales of the iPhone XS and iPhone XS Max has forced Apple to resume production of the iPhone X so that the company can fulfill the terms of its agreement with Samsung.
In other words, Apple will use iPhone X to compensate for the OLED panel demand gap caused by the decrease in sales of iPhone XS and iPhone XS Max. Also, as iPhone X’s components and manufacturing equipment are older, production costs will be lower and cheaper than the iPhone XS series.
Apple’s iPhone XS and XS Max that were launched in September this year haven’t seen a good sale due to its hefty price tag. Also, the affordable iPhone XR has not fared well, which prompted Apple to cut production orders for iPhone XR.
This could be attributed to the low price and popularity of iPhone 8 even after a year of its release. In order to boost sales of iPhone XR in Japan, the Cupertino giant has already provided sales subsidies to Japanese telecom operators, which in turn should reduce the price of the smartphone.
With Apple looking to restart production of iPhone X, it remains to be seen if this move will help the company recover from the setback caused by poor sales of iPhone XS and XS Max.
The post Apple restarts iPhone X production over poor iPhone XS, XS Max sales appeared first on TechWorm.
Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer.
Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer.
The attacker only needs to trick victims into visiting a specially crafted website.
The vulnerabilities were discovered by experts at cybersecurity firm Syndis that was hired by Dropbox to carry out a penetration test on the company’s IT infrastructure,
The experts also assessed the Apple software used by Dropbox
The flaws were reported to Apple security team in February and Apple quickly addressed it with the release of March security updates.
The vulnerabilities affected all systems running the latest version of the Safari web browser and operating system.
The CVE-2017-13890 vulnerability was affecting the CoreTypes component of macOS, by processing a maliciously crafted webpage may result in the automatic mounting of a disk image.
The CVE-2018-4176 flaw tied the way Disk Images handled .bundle files, mounting a malicious disk image may result in the launching of an application.
The last vulnerability tracked as CVE-2018-4175 could be exploited to bypass the macOS Gatekeeper security feature using a maliciously crafted application.
The issue allowed to bypass code signing enforcement and execute a modified version of Terminal app leading to arbitrary commands execution.
The experts were able to chain the vulnerabilities to take over a Mac system by tricking a victim into visiting a malicious web page with Safari.
“Syndis was able to chain these together in a two-stage exploit to achieve arbitrary code execution for a user who visits a specially crafted web page with Safari.” reads a blog post published by DropBox.
“The first stage includes a modified version of the Terminal app, which is registered as a handler for a new file extension (.workingpoc). In addition it would contain a blank folder called “test.bundle” which would be set as the default “openfolder” which automatically would open /Applications/Terminal.app without prompt. The second stage includes an unsigned shellscript with the extension “.workingpoc” which is then executed within the running Terminal application without prompt.
Below a video PoC published by DropBox:
The post Chaining 3 zero-days allowed pen testers to hack Apple macOS computers appeared first on Security Affairs.
U.S. stocks booked huge losses on Monday, as plunging tech shares and wavering risk sentiment dragged the major indexes lower. The crypto bloodbath reached epic proportions Monday, as bitcoin slid below $5,000 for the first time since October 2017. Stocks Lurch Lower All of Wall Street’s major indexes headed for sharp losses, with the S&P […]
The post Tech Rollover Sinks U.S. Stocks; Bitcoin Falls Below $5,000 as Collapse Continues appeared first on Hacked: Hacking Finance.
Bleeping Computer: iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo – “iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device.”
Tomáš Foltýn for ESET: Google’s data charts path to avoiding malware on Android
“How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers”
Cyberscoop: Apple’s new security chip kills access to microphone – “In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut.”
The Register: Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let ’em have it – “And Apple fixes Watch-killing security patch of its own”
Graham Cluley for BitDefender: Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe
John E. Dunn for Sophos: Another day, another update, another iPhone lock screen bypass
Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”
Naked Security - Sophos
Recently Apple Support has responded to a report of an exploding iPhone X, where the victim is claiming that while he was installing the new iOS 12.1 update the phone went hot and exploded.
The news is from the city of Federal Way (Washington) where a guy named “Rahel Mohamad” twitted about the incident.
— Rocky Mohamadali (@rocky_mohamad) November 14, 2018
He said that “This year early January I bought the iPhone and have been using it normally.” The iPhone X was in process of getting new iOS 12.1 update and when Mohamad put it on charging at a later stage, he observed a “Dark grey smoke started coming from the phone.
The update was completed and as soon as the phone turned on it immediately started to smoke and caught fire.”
He also said that he was using the official bundled Apple Lightning cable and a wall adapter to charge his iPhone(see the image below).
However due to some reason he had to stop the charging of his iPhone which is just before the explosion.
Mohamad said, “When I held the phone it was very hot and I drop the phone immediately on the floor. Then it started to smoke.” he added.”
He reached out Apple which wishes to investigate the incident further by getting Mohamad to ship the iPhone X to them. In reply to his tweet, Apple Support also said that this is definitely not expected behavior and would wish to resolve it soon.
This is not the first incident of smartphones exploding. A few years back Samsung had to recall its Galaxy Note 7 after several of its units exploded while in use.
Just to recall, Apple’s iPhone X was launched last year and its design change marked the tenth anniversary of the company’s legendary iPhone range. Now, let’s see how soon they respond with the report of the actual reason for the incident.
Stay tuned for more.
Next Apple iPhone may have a hole in its display, patent reveals
Apple who started the “notch” design standard that saw every other Android OEM incorporating in its smartphone is looking to trend set another legacy.
The Cupertino giant who had filed a patent back in June for a camera cut-out in the display has finally been approved. The patent titled “Integrated Camera Window” was approved by the United States Patent and Trademark Office (USPTO) on November 8.
The folks at LetsGoDigital who discovered Apple’s new patent shows an iPhone with a hole for the camera in the display. In other words, Apple is looking to place the iPhone’s front camera under the device’s screen in its future phones, thereby killing the notch design.
With this patent, Apple joins the list of companies such as Samsung, Asus, and LG who have filed similar patents in the past. However, Apple’s patent is a bit different from its contemporaries.
According to the patent, Apple wants to fit the camera window with a ‘cover glass’ where cover glass refers to the display. This display technology is presently applicable only to the LCD screen.
“Apparatus, systems, and methods for camera integration with a cover glass and for processing cover glass to provide a camera window for an electronic device are disclosed. A camera window can be integrated into the cover glass. The apparatus, systems, and methods are especially suitable for cover glasses, or displays (e.g., LCD displays), assembled in small form factor electronic devices such as handheld electronic devices (e.g., mobile phones, media players, personal digital assistants, remote controls, etc.,” the patent description reads.
Besides iPhones, other electronic devices such as portable computers, tablet computers, displays, monitors, televisions as well as iPads, MacBooks, and iMacs could see in-display camera technology soon.
While patents are filed all the time, it is not necessary that every patent is converted into a finished commercial product or even a prototype. Whether or not, Apple will go ahead and implement the display technology in its future devices, only time will tell.
The post Apple’s New Patent Hints At In-Display Selfie Camera appeared first on TechWorm.
This is really just to point out that computer security is really hard:
Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode.
A bad actor would need physical access to the phone that they are targeting and has a few options for viewing the victim's contact information. They would need to either call the phone from another iPhone or have the phone call itself. Once the call connects they would need to:
- Select the Facetime icon
- Select "Add Person"
- Select the plus icon
- Scroll through the contacts and use 3D touch on a name to view all contact information that's stored.
Making the phone call itself without entering a passcode can be accomplished by either telling Siri the phone number or, if they don't know the number, they can say "call my phone." We tested this with both the owners' voice and a strangers voice, in both cases, Siri initiated the call.
One travel blogger finds you don’t have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA are throwing around hacking accusations.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security’s Mark Stockley.
Dan Coats, the US director of national intelligence, said there's "no evidence" that Chinese spies tampered with servers bought by up to 30 companies, including the likes of Apple and a telecom provider, as Bloomberg reported earlier this month. However, he told Cyberscoop that "we're not taking anything for granted. We haven't seen anything, but we're always watching."
Via: The Verge
Earlier this month, Bloomberg reported that San Jose-based server company Super Micro installed surveillance micro-chips in the Chinese data center hardware of up to 30 companies, including Amazon and Apple. These chips were supposedly used to steal intellectual property. However, all companies that were named in the initial report have denied Bloomberg's claims. Now, Apple CEO Tim Cook is calling on the well-reputed publication to retract its story altogether, according to BuzzFeed News.
Source: BuzzFeed News
The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.
While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.
This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:
- Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
- Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
- Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
- Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.
The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.
Users of two major mobile payment services in China -- Alipay and WeChat Pay -- have reported unauthorized Apple App Store spending in recent days, with some losing nearly $300 through fraudulent transactions. The companies say that stolen Apple IDs are to blame, the Wall Street Journal reports, and Alipay has asked Apple to investigate. In the meantime, Alipay is telling its customers to minimize potential losses by reducing how much money can be used from their accounts without a password.
Data center hardware used by Apple and Amazon may have been fitted with surveillance micro-chips by Chinese server company Super Micro, claims Bloomberg in a new report. Almost 30 US companies reportedly fell prey to the "attack," with the chips used to snatch intellectual property and trade secrets, according to Bloomberg's anonymous government and corporate sources. The report notes that no "consumer data is known to have been stolen."
Source: Bloomberg Businessweek
Hackers stole up to 34,000 Butlin guest records, reportedly breaching the UK holiday camp firm through a phishing email. Dixons Carphone upped the estimated number of customer records breached in a hack last year from 1.2 million to 10 million, which includes 5.9 million payment cards. There was no explanation offered by Dixons to why it had taken so long to get a grip on the scale of the data breach, which was reported as occurring in July 2017.
Huawei continues to face scrutiny over the security of their products after the UK National Cyber Security Centre (NCSC) issued a warning about using the Chinese tech manufacturing giant's devices in a security report. Huawei recently took over from Apple as the world's second largest provider of smartphones. A 16 year old Australian 'Apple fanboy' found himself in court after hacking into Apple's network.
On the international scene, Microsoft announced it had thwarted Russian data-stealing attacks against US anti-Trump conservative groups, by taking down six domains which hosted mimicked websites, which were likely to be used in future phishing campaigns. The Bank of Spain's website was taken out by a DDoS attack, and a Chinese Hotel Group's 140Gb customer database was found for sale on the dark web. The PGA golf championship was hit by a ransomware, and the FBI arrested three key members of the notorious FIN7 hacking group, the group is said to be responsible for stealing millions of credit card and customer details from businesses across the world.
On the personal front, the EC-Council confirmed my Computer Hacking Forensic Investigation (CHFI) certification had been renewed until 2021. I dropped into B-Sides Manchester this month, the highlight was a demonstration of a vulnerability found by Secarma researches, namely a PHP flaw which places CMS sites at risk of remote code execution.
There was plenty of critical security patches released by the usual suspects, such as Microsoft, Cisco, and Adobe, the latter firm released several out-of-band patches during August. A critical update was released for Apache Struts (popular web server) and a reminder that Fax machines and all-in-one devices network devices could be used as a way into corporate networks by hackers.
Finally, there were a couple of interesting cybercrime articles posted on the BBC's news website this month, Cyber-Attack! Would your firm handle it better than this? and Unpicking the Cyber-Crime Economy
- T-Mobile Breach Affects Two Million Customers
- Air Canada Mobile App Breach Affects 20,000 People
- Microsoft takes down 'Russian political Hackers
- Dixons admits Data Breach now Affects 10 million
- Butlin's says Guest Records may have been Hacked
- Huawei set to face even more scrutiny from UK Security Forces
- Reddit user data compromised after 'serious’ Hack
- Instagram Hack sees accounts replaced with film stills
- UK Universities among 76 targeted by Hackers
- Bank of Spain hit with DDoS Attack
- Chinese Hotel Group leak of Millions of Guests’ Data
- Reported Data Breaches up 160% since GDPR
- US warns of Supply Chain Cyber-Attacks
- PGA Championship hit by Ransomware Attack
- Teenage fan Hacks into Apple network
- NIST issues Guidance for Protecting Medical IoT devices
- FBI arrests key members of 'prolific’ FIN7 Cyber Crime Group
- Microsoft Patches 60 Vulnerabilities for Windows, IE\Edge, Office, .NET, Exchange, SQL, Chakra and Adobe
- PHP flaw places CMS sites at risk of remote code execution
- Adobe Releases Important Fixes for Flash Player
- Adobe Releases Critical Fixes for Acrobat and Acrobat Reader
- Adobe pushes out ‘out-of-band’ Critical Updates for Photoshop CC
- Adobe issues ‘out of band’ Patch for Creative Cloud Desktop Application
- Cisco Patches DoS-related flaws in AsyncOS, Unified Comms Manager (CUCM, IM, and P) and ASA
- 'Foreshadow' attack affects Intel chips
- Fax machines and all-in-one devices could be used by Hackers to Infiltrate Networks
- Security update issued after Critical RCE vulnerability found in the core of Apache Struts
- Cyber fall-out of nation-state conflicts extends beyond politics
- Experts warn of increase in Phishing Attacks targeting Cryptocurrency
- Latest Mirai variant leverages open source project for cross-platform infections
- AdvisorBot Downloader in Malware Campaign targeting Hotels, Restaurants, and Telecoms
- Researchers find new POS malware with no data exfiltration capabilities
- CrowdStrike: Global Supply Chain Survey, two-thirds of organisations attacked
- Mimecast ESRA Report: Email attacks on the rise, say 80% of Businesses
- Data Leakage Prevention (DLP) – ISF Briefing Paper
- Cyber-Attack! Would your firm handle it better than this?
- Unpicking the Cyber-Crime Economy
- Cyber fall-out of nation-state conflicts extends beyond politics
I’ve never used Apple Airplay before. I have an AppleTV that was free for paying for a 3 month subscription with DirecTV Now. But I hadn’t intentionally fired it up since cancelling that subscription.
This week I bought a new TV. While watching The Dark Knight on Netflix, suddenly the TV changes inputs to the AppleTV and Katherines Ipad is requesting to perform remote control, and a PIN is displayed to be typed into the iPad.
Generally, I like to think I have a tight reign on my computer devices, but Apple has snuck this one up on me.
Apparently by default, via Bluetooth, my neighbors can connect to my AppleTV. I’m guessing that with my old TV this would occur, and I just wouldn’t notice the AppleTV turn on, but the new TV is smart enough to switch to the new input. So essentially Apple and Samsung have conspired to have my neighbor denial of service my movie watching.
- Make sure the apple TV is on my wifi. Pretty sure the neighbor hasn’t guessed my 100+ character pre-shared key.
- Disable Bluetooth. Of course my generation of AppleTV cant do that.
- change the name of the AppleTV. If everyone in the neighborhood is named the default “AppleTV”, no wonder people are accidentally clicking on the wrong device. On my AppleTV, this was under Settings -> General -> About. On newer models it is found under Settings -> Airplay.
- Under Settings -> Airplay -> Airplay, set Allow Access to “Anyone on the same network”. The default is “everyone”. I guess “it just works” trumps security. Unfortunately I cant find good documentation if bluetooth users are considered on the same network.
Set “Also Allow Nearby to Airplay” to off. Again, having trouble finding description of this setting. But it seems safe.
Enable requiring a password for airplay.
I then turned off wifi on my phone, and verified that no airplay devices were visible over Bluetooth
And now that I”m looking further it seems my new Samsung is in perpetual discovery mode. So any rando nearby can request to pair, and on the TV, I’ll be prompted to allow, deny or close. Haven’t found a way to disable that yet. Lovely.
The GDPR's potential hefty financial penalties for breaching its requirements is firmly on the radar of directors at large enterprises and small businesses alike, hence the massive barrage of emails we have all have received in recent weeks, on changes to company privacy statements and requesting consent, many of which I noted as not being GDPR compliant as obtaining "explicit consent" from the data subject. So there is a long way to go for many organisations before they become truly GDPR compliant state based on what I've seen so far in my mailbox.
Cybercriminals have been quick to take advantage of the GDPR privacy emails deluge, using the subject matter in their phishing attacks to cheat access to accounts and con victims.
- NatWest Customers targeted by Scammers
- Phishing campaign targeting Airbnb customers
- Phishing campaign targeting Apple.
- GDPR Fraudster con people with wave of Phishing Emails
Developing GDPR Compliant Applications Guidance
- Part 1: A Developer's Guide to the GDPR
- Part 2: Application Privacy by Design
- Part 3: Minimizing Application Privacy Risk
Always make sure your Broadband Router\Hub does not permit remote administrative access (over the internet) and is always kept up-to-date with the latest security patches, otherwise, it will be at serious risk of being hacked and remotely controlled by cyber-criminals. As evidenced with month, after a DNS flaw in over 800,000 Draytek Routers has allowed hackers to take them over, malware called VPNFilter has infected 500,000 routers, and serious vulnerabilities has been reported in TP-Link EAP controllers.
IBM made headlines after banning its workers from using USB sticks, which I think is a good and reasonable policy. As quite frankly any modern enterprise, whether large or small, with a decent IT infrastructure and cloud services, staff shouldn't need to use USB devices to move data either internally or externally with third parties, so I see this as a rather smart business and security move to ban all USB devices, as it forces staff to use the more secure and more efficient technology made available.
As my @securityexpert twitter account crossed the 10,000 follower threshold Twitter advised 300 million users to reset their passwords after internal error. Apparently, the passwords for the Twitter accounts were accidentally stored in a database in their "plain text" value instead of using a hashed value for the password, as per best practice. I always strongly recommend Twitter users to take advantage and use the multi-factor authentication system Twitter provides, which reduces the risk of account hacking.
Breaches of note in May included a T-Mobile website bug which exposed personal customer data, Coca-Cola said an insider breached 8,000 accounts, and BMW cars were found to have over a dozen security vulnerabilities.
As always a busy month of new security patch releases, with Microsoft, Adobe, PHP, PGP, Google, Git, and Dell all releasing critical security updates to fix significant security flaws. Click the links for the full details.
Analysis of DDoS Attacks at Cloudflare, has revealed that while organisations in the UK have certainly upped their spending on DDoS mitigation, cyber-criminals are now responding by switching to Layer 7 based DDoS attacksSome interesting articles about the Welsh Cyber Security Revolution and a review of the NHS a year on from the WannaCry outbreak.
Reports of interest this month include the Thales Data Threat Report, which found UK businesses to be the most breached in Europe. The LastPass Psychology of Passwords Report which found 59% of people surveyed used the same passwords across multiple accounts, despite 91% of them knowing that using the same password for multiple accounts is a security risk. The 2017 Cylance Report stated the number of cyber-attacks on industries such as healthcare, manufacturing, professional services, and education rose by about 13.4% between 2016 and 2017.
- IBM Release Application Developers Guidance to the GDPR (written by me)
- NHS gets new Data Security and Protection Toolkit
- European Directive NIS Comes into Force
- Twitter Advises 330 Million Users to Change Passwords after Internal Leak
- IBM Workers Banned from using USB Sticks
- T-Mobile Website bug Exposed Personal Customer Data
- UK Colleges Hit by 12 Cyber Attacks A Week
- Coca-Cola Hit with Insider Breach, 8,000 Affected
- London Cyber Crime pair Jailed for £1m Phishing Scam
- A Year after WannaCry, is NHS better prepared?
- The Welsh Cyber Security Revolution
- UK begins to Formalise its Legal approach to Cyber War
- BMW Cars found to contain more than a Dozen Flaws
- Scammers are using GDPR email alerts to Conduct Phishing Attacks
- Microsoft Patches 70 Vulnerabilities for Windows IE/Edge, Exchange, Hyper-V & Chakra
- Adobe Releases Critical Fixes for Flash Player
- PHP Programming Languages updated to Fix Multiple Bugs
- Critical Vulnerabilities found in PGP/GPG, S/MIME
- DNS Flaw allows Hackers to change DNS settings in 800,000 Draytek Routers
- Multiple Flaws in TP-Link EAP Controller
- Google Fixes 24 bugs in Chrome OS, Security Pass Flaw in reCAPTCHA Feature
- Six Security Flaws discovered in Dell EMC RecoverPoint Devices
- Flaw in Git could result in Remote Code Execution
- ‘Roaming Mantis’ Malware is now 'Spreading across the Globe'
- VPNFilter Malware Infects 500,000 Routers
- Cyber-Criminals Switching to Layer 7 based DDoS Attacks
- SilverTerrier uses Malware to drive BEC Attacks
- BackSwap Banking Malware bypasses Browser Protections with Clever Technique
- Uber paid off Hackers to delete the Stolen Data of 57 Million People
- OWASP Top Ten 2017 Released: App Development Best Practice & Top Vulnerabilities
- Equifax's Net Income down £20m and £67m Costs Post Data Breach
- Jewson tells Customers their Data may have been Stolen
- Cash Converters hit by Security Breach
- Web Analytics may Jeopardise User Information and GDPR Compliance
- US charges members of elite Chinese Hacking Unit APT3
- Imgur Discloses years-old Data Breach that Compromised 1.7 Million Users
- Hackers 'fool' iPhone X Face ID with a Simple Mask
- Tether Crypto-Currency Operator Reports $31m Raid
- Microsoft releases 20 Critical Security Updates for IE/Edge, Office, & Windows
- Adobe releases fixes for 83 Security Vulnerabilities in Acrobat and Flash
- Apple Addresses KRACK exploits in iOS and macOS Updates, and an Emergency Patch
- Cisco: Critical Vulnerability in 12 types of Voice OS-based Products
- Oracle issues emergency patch for JoltandBleed bug in Tuxedo Middleware
- Windows, Mac and Linux all at Risk from Flaws in Excel File Reader Library
- US CERT issues warning on ASLR vulnerability in Windows 8 & 10
- Intel Management engine Vulnerabilities Expose Millions of PCs to Attack
- APT28's latest Word doc Attack Eliminates needing to Enable Macros
- DDoS attacks have doubled in the six months, up 91% in the First Quarter of 2017
- New Mirai variant back on the Radar after New Exploit Code Published
- Cobalt Malware leverages recently Patched 17-year-old Microsoft Flaw
UPDATE 2 (Oct. 24, 2018): Monitor.app now supports macOS 10.14.
UPDATE (April 4, 2018): Monitor.app now supports macOS 10.13.
As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the legendary Sysinternals Suite from Microsoft. Those tools only work on Windows though and we love macOS.
macOS has some fantastic dynamic instrumentation software included with the operating system and Xcode. In the past, we have used dynamic instrumentation tools such as Dtrace, a very powerful tracing subsystem built into the core of macOS. While it is very powerful and efficient, it commonly required us to write D scripts to get the interesting bits. We wanted something simpler.
Today, the Innovation and Custom Engineering (ICE) Applied Research team presents the public release of Monitor.app for macOS, a simple GUI application for monitoring common system events on a macOS host. Monitor.app captures the following event types:
- Process execution with command line arguments
- File creates (if data is written)
- File renames
- Network activity
- DNS requests and replies
- Dynamic library loads
- TTY Events
Monitor.app identifies system activities using a kernel extension (kext). Its focus is on capturing data that matters, with context. These events are presented in the UI with a rich search capability allowing users to hunt through event data for areas of interest.
The goal of Monitor is simplicity. When launching Monitor, the user is prompted for root credentials to launch a process and load our kext (don’t worry, the main UI process doesn’t run as root). From there, the user can click on the start button and watch the events roll in!
The UI is sparse with a few key features. There is the start/stop button, filter buttons, and a search bar. The search bar allows us to set simple filters on types of data we may want to filter or search for over all events. The event table is a listing of all the events Monitor is capable of presenting to the user. The filter buttons allow the user to turn off some classes of events. For example, if a TimeMachine backup were to kick off when the user was trying to analyze a piece of malware, the user can click the file system filter button and the file write events won’t clutter the display.
As an example, perhaps we were interested in seeing any processes that communicated with xkcd.com. We can simply use an “Any” filter and enter xkcd into the search bar, as seen in Figure 1.
Figure 1: Monitor.app User Interface
We think you will be surprised how useful Monitor can be when trying to figure out how components of macOS or even malware work under the hood, all without firing up a debugger or D script.
Apple, Mac and MacOS are registered trademarks or trademarks of Apple Inc.