Security

Using iCloud Keychain, Apple's Safari browser stores and syncs all the passwords you use for different websites and apps through iCloud. And in iOS 14 and later, Apple provides security recommendations that warn you if a password you're using is putting your accounts at risk. Safari securely monitors your saved passwords using strong cryptographic techniques, and regularly checks derivations ...

Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away. Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers. In that...

In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac. Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to...

Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password. Depending on how notifications are set up on your iPhone, receiving a code via text...

Apple introduced two-factor authentication (2FA) in 2015 to provide an enhanced level of security when accessing Apple ID accounts. With 2FA enabled, you'll be the only person who can access your account, regardless of whether someone learns your password – as the result of a hack or a phishing scam, for example – so it's well worth taking the time to enable the feature. In this article,...

An investigation into App Store developer pay-outs has uncovered a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. In a Medium article titled How to Make $80,000 Per Month on the Apple App Store, Johnny Lin describes how he discovered the practice, which works by manipulating search ads to promote dubious apps in the App...

Nest unveiled a new smart security camera today called the Nest Cam IQ, an indoor 4K device capable of increasing footage resolution when it detects unusual or suspicious activity in the home. Using built-in smart capabilities powered by Google's AI for facial recognition, the Nest Cam IQ is able to identify a person in its visual range, which automatically triggers a notification alert that...

German hackers have successfully broken the iris recognition authentication in the Samsung Galaxy S8 using equipment that costs less than the price of the smartphone, according to Ars Technica. Hackers with the Chaos Computer Club used a digital camera, a Samsung laser printer, and a contact lens to achieve the feat. The hack involved taking a picture of the phone owner's face, printing it out ...

The U.S. Senate has approved popular encrypted messaging app Signal for official use by staffers in the chamber, it was revealed yesterday (via ZDNet). The news came in a letter sent on Tuesday by Senator Ron Wyden (D-OR), known to be a staunch privacy advocate, in which he underlined his belief that "backdoor-free" encryption should be embraced by the state at all levels rather than something ...

WhatsApp has bolstered the security of the iCloud backup feature in its messaging platform, in an attempt to protect archived chat logs from being accessed in a readable form (via TechCrunch). WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys...

The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked. The alert was issued on Saturday after it was discovered that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file. The affected server has been shut...

A malware research team has discovered a new piece of Mac malware that reportedly affects all versions of MacOS and is signed with a valid developer certificate authenticated by Apple (via The Hacker News). The malware has been dubbed "DOK" and is being disseminated through an email phishing campaign which researchers at CheckPoint say is specifically targeting macOS users, making it the first ...

Cyber security company F-Secure has acquired Little Flocker, the behavioral analysis-based monitoring app for Macs, developed by iPhone forensics expert and security researcher Jonathan Zdziarski, who joined Apple last month. The Helsinki-based firm announced the news in a press release posted to its site, where it revealed that Little Flocker would be built into a new security product it's...

LastPass has advised all users of the password manager to launch sites directly from the LastPass vault and enable two-factor authentication wherever possible, until it addresses a vulnerability discovered in LastPass browser extensions. The client-side vulnerability, discovered by Google security researcher Tavis Ormandy, allows for an attack that is "unique and highly sophisticated", said...

A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard. The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or...

The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes. Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of...

iPhone forensics expert, security researcher, and former jailbreak community developer Jonathan Zdziarski today announced he has accepted a position with Apple's Security Engineering and Architecture team. He did not reveal his official starting date or responsibilities at the company. I’m pleased to announce that I’ve accepted a position with Apple’s Security Engineering and...

Adobe this week released Flash Player version 24.0.0.221 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS. Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also...

At least 76 popular iOS apps have been found to be vulnerable to data inception, according to a report from a security expert. The discovery was made by app binary code scanning service verify.ly and published in a Medium post by Sudo Security Group CEO Will Strafach, who revealed that the apps failed to make use of the Transport Layer Security protocol. The TLS protocol secures...

The U.K.'s Ministry of Defense has chosen Apple's iPhone 7 over Samsung as the "device of choice" for its military personnel, according to a report by TechRepublic this week. Telecoms company BT is said to be working with the country's MoD to harden the security of the phone so that military officers can discuss and store sensitive information on the device. Steve Bunn, technical business...

Earlier today, reports surfaced on The Intercept and Forbes claiming Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, complete with phone numbers, dates and times, and duration. The info comes from Russian software firm Elcomsoft, which said the call history logs are stored for up to four months. Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made...

Adobe for the second time this month has released Flash Player security updates to address critical vulnerabilities that could potentially allow an attacker to take control of Mac, Windows, Linux, and Chrome OS systems. Adobe gave the security fixes its highest severity rating, meaning users should immediately update to the latest Flash Player version through the built-in update mechanism, or ...

Adobe has released security updates for Flash Player that address critical vulnerabilities that could put Mac users at risk. Flash Player version 23.0.0.162 and earlier, Flash Player Extended Support Release version 18.0.0.375 and earlier, and Flash Player for Google Chrome version 23.0.0.162 and earlier are affected on macOS Sierra and OS X. Mac users should update to the latest Flash...

Following Dropbox-related security concerns that surfaced earlier this month, developer Phil Stokes has confirmed that macOS Sierra now explicitly requires apps to ask for user permission to access Accessibility (via Daring Fireball). Users can give access to an app, or click "not now" to deny the request. Concerns were raised after it was demonstrated that Dropbox appears in System...

A few years ago, a number of users in Australia were victimized by attackers remotely locking iPhones, iPads, and Macs using Find My iPhone on iCloud. Compromised devices typically displayed Russian ransom messages demanding payments of around $50 to $100 for the device to be unlocked. A ransom message targeting a Mac in 2014 with the common pseudonym "Oleg Pliss" At the time, IT security...