McAffee June 2017 Threat Report shows uptick in adware for Macs

Posted by:
Date: Monday, June 26th, 2017, 05:48
Category: News, security, Software

The new McAffee June 2017 Threat Report is in and it indicates that the trend in Mac malware isn’t slowing down. There were nearly 250,000 new instances of macOS malware in the first quarter of 2017, bringing the total for the quarter to just over 700,000.

While Macs have never been fully immune to viruses and exploits, they generally weren’t as susceptible to the viruses that plagued Windows PC in the first decade of the 2000s. Since then, Apple has backed off from its “Macs don’t get viruses” marketing claim.

At present, traditional PC-like viruses are still relatively rare on the Mac, but according to McAfee, there’s been a “glut of adware”, which tricks users into downloading, running, and authorizing malware with admin privileges. Depending on the malware and its attack vector, the users of infected Macs encounter everything from browser takeovers, to pop-up ads, to unwanted toolbars and browser plugins, to even things like keyloggers and botnet hijacks in the worst cases.

(more…)

1Password receives update, now offers “Travel Mode” feature

Posted by:
Date: Wednesday, May 24th, 2017, 05:34
Category: iOS, News, security, Software

This could come in handy.

Following an update pushed out last week, 1Password now includes a new feature that lets users selectively erase local data for maximum protection while traveling.

The new “Travel Mode” feature erases all vaults/user profiles with the exception of those marked “safe for travel” from devices connected to a 1Password account. Users can later restore their full list of vaults with another click once they arrive.

(more…)

Tablet, notebook ban reportedly off the table for flights between US and Europe

Posted by:
Date: Friday, May 19th, 2017, 05:33
Category: Hardware, News, security

The proposed ban on tablets and notebooks from cabin baggage on flights between Europe and the USA have reportedly been shelved …

The ban, which proposed preventing electronic devices larger than a smartphone on inbound flights to the USA from 10 airports located mostly in the Middle East and Northern Africa was offered in response to intelligence from terrorist threats.

It was later suggested that the ban might be extended to flights from the UK and other European countries, with a further report earlier this month suggesting that the idea was ‘under active consideration.’

(more…)

Apple releases iOS 10.3.2, watchOS 3.2.2 and tvOS 10.2.1

Posted by:
Date: Wednesday, May 17th, 2017, 05:52
Category: iOS, News, security, Software, TvOS, watchOS

If you’re in the mood for updates, this is your lucky week.

Apple has released iOS 10.3.2, an update that contains bug fixes and security enhancements.

The update weighs in around 196.4 megabytes and can be installed either through iOS’s Software Update feature or iTunes.

(more…)

Feinstein: FBI spent roughly $900,000 to decrypt San Bernadino shooter’s iPhone 5c data

Posted by:
Date: Tuesday, May 9th, 2017, 05:06
Category: iOS, iPhone, Legal, News, privacy, security, Software, Uncategorized

The data recovery effort to copy the iPhone 5c data of San Bernardino shooter Syed Rizwan Farook erred on the pricey side.

Namely, in the neighborhood of $900,000 according to California senator Dianne Feinstein, who mentioned the amount spent recently when questioning FBI director James Comey at a Senate Judiciary Committee oversight hearing.

“I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open,” Feinstein commented. “And as I subsequently learned of some of the reason for it, there were good reasons to get into that device.”

(more…)

FBI director James Comey’s testimony states that agency has been unable to access less than half of mobile devices this fiscal year

Posted by:
Date: Friday, May 5th, 2017, 05:51
Category: iPhone, News, privacy, security, Software

Per FBI director James Comey’s testimony to a Senate oversight committee, the Bureau has been unable to access almost half of the mobile devices it tried to examine in the first half of the fiscal year.

Comey said the FBI had been unable to access the contents of more than 3,000 mobile devices in the first half of the fiscal year, using what he described as “appropriate and available technical tools, even though there was the legal authority to do so.” He said that represented “nearly half” of all the mobile devices it had attempted to access in that time frame.

Comey’s statements seem to be leading towards support of forcing phone manufacturers to provide backdoor access to the authorities.

(more…)

DOK malware surfaces for macOS platform, sneaks past Gatekeeper protection with valid Apple developer account

Posted by:
Date: Monday, May 1st, 2017, 05:06
Category: macOS, News, security, Software

In the age of Macs becoming more popular again, the amount of malware available for the macOS is on the rise.

According to the McAfee Labs, malware attacks on Apple’s Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild.

The Malware Research team at CheckPoint has located a new piece of fully-undetectable Mac malware which apparently affects all versions of Mac OS X, has zero detections on VirusTotal and is “signed with a valid developer certificate (authenticated by Apple).”

(more…)

Apple releases iOS 10.3.1 update, offers bug fixes, security fixes

Posted by:
Date: Tuesday, April 4th, 2017, 05:36
Category: Hack, iOS, iPad, iPhone, iPod Touch, News, security, Software

After a major OS update come the fixes.

Apple on Monday released iOS 10.3.1, an update available for its iOS devices available as an over-the-air update or when connected to iTunes via a Mac or Windows PC.

The update, which weighs in at just under 30 megabytes as an OTA download, resolves issues such as a hardware-specific problem wherein iPhone 5 and iPhone 5c handsets had trouble updating over the air.

(more…)

LastPass exploit discovered, company scrambles to repair the vulnerability

Posted by:
Date: Monday, April 3rd, 2017, 05:04
Category: Hack, News, security, Software

A serious vulnerability was recently discovered in the popular LassPass password manager and developers are scrambling to fix the issue which makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.

The flaw, which affects the most recent version of the browser extension, was briefly described on Saturday, March 25th, by Tavis Ormandy, a researcher with Google’s Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn’t present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.

Ormandy offered the following statement:

“It will take a long time to fix this properly, It’s a major architectural problem. They have 90 days, no need to scramble!”

The blog post describing the issue had LastPass company officials thanking Ormandy for the alert and stating that a fix was on the way. In the meantime, it was suggested that LastPass users protect themselves by by entering stored passwords into websites using the LastPass vault as a launch pad for opening websites and entering passwords and enabling two-factor authentication on sites that offer it.

The attack was described as both unique and highly sophisticated. LastPass, in turn, stated that the company didn’t want to disclose details regarding the vulnerability or the fix to outside parties. Users, in turn, could expect a more detailed post mortem once the work was complete.

The string of vulnerabilities underscores the tradeoff that comes from use of any password manager. Storing dozens, hundreds, or even thousands of passwords in a single place poses catastrophic risks should that resource be breached. Exploits become easier by convenience features that, for example, store encrypted password vaults in Internet-accessible locations or automatically paste passwords into websites. Ultimately, password managers likely make the average user safer because they make it possible to use long, complex, and unique passwords. And that protects people in the event that their password is exposed in website breaches, which are much more common than real-world password manager exploits.

If you use LastPass, please take care and stay tuned for additional details as they become available.

Via Ars Technica, Twitter and blog.lastpass.com

Apple repairs iOS 10.3 vulnerability that caused iOS devices to repeatedly dial 911

Posted by:
Date: Friday, March 31st, 2017, 05:28
Category: iOS, iPad, iPhone, News, security, Software

Following the release of iOS 10.3 earlier this week, a number of users reported that their iOS devices were repeatedly attempting to call 911.

The flaw was discovered by an 18-year old who found a way to use Javascript to remotely cause iOS devices to open popup alerts, open apps, and make phone calls. In an effort to show the severity of the problem, he created a code that caused iPhones to dial 911 repeatedly. All in all, he ended up being arrested and charged with four counts of computer tampering after causing thousands of accidental 911 calls.

It appears that Apple has worked with app developers to examine the issue and close the loophole.

(more…)