Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge
Credit to Author: Paul Ducklin| Date: Thu, 21 Jul 2022 12:38:22 +0000
One vendor’s zero-day is another vendor’s routine patch…
Read moreCredit to Author: Paul Ducklin| Date: Thu, 21 Jul 2022 12:38:22 +0000
One vendor’s zero-day is another vendor’s routine patch…
Read moreCredit to Author: Bill Cozens| Date: Thu, 14 Jul 2022 14:35:10 +0000
In this post, we break down three endpoint security for Mac best practices to help you prevent phishing attacks, DDoS attacks, and much more.
The post Endpoint security for Mac: 3 best practices appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jonny Evans| Date: Thu, 07 Jul 2022 06:17:00 -0700
Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.
Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”
Credit to Author: Jonny Evans| Date: Wed, 29 Jun 2022 05:34:00 -0700
FCC Commissioner Brendan Carr has written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security.
Carr warns the app collects huge quantities of data and cited a recent report that claimed the company has accessed sensitive data collected from Americans. He argues that TikTok’s, “pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. data…puts it out of compliance,” with App Store security and privacy policies.
Credit to Author: Jovi Umawing| Date: Wed, 29 Jun 2022 10:03:54 +0000
A new commercial spyware for governments, called Hermit, has spotted in the wild. It affects iOS and all Android versions.
The post Hermit spyware is deployed with the help of a victim’s ISP appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jonny Evans| Date: Fri, 24 Jun 2022 09:40:00 -0700
Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there’s justification for keeping mobile platforms utterly locked down.
I don’t intend to focus too much on the news, but in brief it is as follows:
The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.
Credit to Author: Shweta Sharma| Date: Fri, 24 Jun 2022 08:51:00 -0700
Google’s Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.
According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads as initial infection vectors. The company has developed tools to spy on the private data of the targeted devices, the post said.
Credit to Author: Jonny Evans| Date: Thu, 23 Jun 2022 06:41:00 -0700
Apple will add another obstacle against successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will show a company’s official logo to help recipients recognize genuine from fake emails.
Apple’s forthcoming operating systems will support Brand Indicators for Message Identification (BIMI). This is a specification to enable the use of brand-controlled logos within emails and will be a way to tell recipients that an email genuinely comes from the company concerned. Google has supported BIMI since 2021.
Credit to Author: Ryan Faas| Date: Fri, 17 Jun 2022 03:00:00 -0700
Two sessions I attended at last week’s Worldwide Developer Conference (WWDC) — the Managed Device Attestation and Secure Endpoint sessions — highlight the company’s commitment to delivering increased capabilities for security tools. While both were naturally oriented more to developers of device management and security solutions than to end users or IT admins, some of the additional capabilities developers will be able to build into enterprise tools are noteworthy.
Credit to Author: Paul Ducklin| Date: Thu, 16 Jun 2022 16:52:55 +0000
Lastest epsiode – listen now!
Read more