Meitu selfie app apparently collecting, transmitting user data back to Chinese source

Posted by:
Date: Monday, January 23rd, 2017, 05:11
Category: Android, iOS, iPhone, News, privacy, security, Software

The good news is that the Meitu app adds some cool selfie editing tools, allowing you to pretty much transform your selfie pictures into nifty anime characters.

The bad news is that the app is apparently sending back as much private information as it can to a Chinese source.

The MeituPic app, launched in 2013, soared to the top of the Chinese app charts. It was rebranded as “Meitu” in 2016 and works by taking a selfie, smoothing a person’s skin, adding virtual makeup and a number of other effects.

(more…)

Apple patches “Fruitfly” malware, which relied on pre-OS X system calls

Posted by:
Date: Thursday, January 19th, 2017, 05:30
Category: Developer, News, security, Software

Apple appears to have nixed the “Fruitfly” malware strain.

The malware, which has been patched over, relied on antiquated code predating OS X. Although older, the Fruitfly malware had been used in real-world attacks on biomedical research groups according to security software maker Malwarebytes.

Fruitfly operated by communicating with two command-and-control servers, and can perform actions like typing, webcam and screen captures, and moving and clicking a mouse cursor, Malwarebytes said in a blog post on Wednesday. It also maps other devices on a network and tries to connect to them.

(more…)

Safari-get.com URL leads to new malware strain for macOS-based machines

Posted by:
Date: Monday, January 9th, 2017, 05:00
Category: macOS, News, security, Software

You’re going to need to be a little more careful when surfing the Web on your Mac.

For the past few weeks, people have been tricked into visiting a phony website embedded with malware that can freeze Macs, according to a report this week by the cybersecurity firm Malwarebytes.

The new malware, which can be activated by visiting safari-get.com, can trigger two sets of actions depending on the version of the computers’ operating systems.

In one case, the malware causes the computer’s Apple email client to create a deluge of draft emails that contain the words “Warning! Virus Detected!” in the email subject line. Although the emails don’t get actually get delivered to anyone, the sudden flood of draft emails hogs the computer’s resources, thus causing the computer to freeze.

(more…)

Yahoo discloses details of August 2013 hack, says more than one billion accounts compromised in effort

Posted by:
Date: Thursday, December 15th, 2016, 05:32
Category: Hack, Hacks, News, security

yahoomail

It doesn’t look good when half a billion of your company’s email accounts are hacked.

And it looks a bit worse when a cool billion of them in total were hacked.

Yahoo on Wednesday announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.

The company disclosed that information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.

(more…)

iPhones secretly storing call data in iCloud, allows later access for law enforcement (Updated)

Posted by:
Date: Friday, November 18th, 2016, 05:43
Category: iOS, iPhone, privacy, security, Software

applelogo1

This definitely qualifies as a mess between privacy, security and law enforcement.

While Apple emerged as a guardian of privacy earlier this year, fighting the FBI’s demands to help crack San Bernadino shooter Syed Farouk’s iPhone, implementing improved encryption for all its handsets and refusing to undermine that encryption, it appears that private data is being sent to the iCloud without user consent.

Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.

“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.

(more…)

Some newer MacBook Pro units arriving with System Integrity Protection feature disabled

Posted by:
Date: Friday, November 18th, 2016, 05:06
Category: MacBook Pro, macOS, News, OS X, security, Software

macbook_pro_sip_off

This is kind of strange.

Since the days of OS X El Capitan, Apple has activated a protection feature called System Integrity Protection, which is designed to keep your Mac safe from malware by restricting the permissions of the root user account and preventing unauthorized access to protected files and folders.

The program runs behind the scenes and is generally enabled by default in Mac running OS X El Capitan. Developer Jonathan Wight noticed that the System Integrity Protection feature has been disabled on newer Macs, prompting developer Steven Troughton-Smith to do an informal Twitter survey asking users about the status of their new machines.

(more…)

1Password updated to 6.5, adds Touch Bar, Touch ID support among other changes

Posted by:
Date: Monday, November 14th, 2016, 05:38
Category: MacBook Pro, News, security, Software, Touch Bar, Touch ID

1passwordicon

One of our favorite applications just got Touch Bar and Touch ID support.

AgileBits has released version 6.5 of its 1Password password storage utility. The new version now features support for the Touch ID and Touch Bar features on 2016 MacBook Pros.

Touch ID must be enabled from 1Password’s Security Preferences menu, but will then let people unlock the app with a quick fingerprint scan. Touch Bar support should make it easier to run searches, add new items, and switch between vaults as well as lock them down.

(more…)

Apple releases iOS 10.1 update

Posted by:
Date: Tuesday, October 25th, 2016, 05:10
Category: iOS, iPad, iPod Touch, News, security, Software

ios10logo

If you were waiting for a hefty update to Apple’s recently-released iOS 10 operating system, it’s here.

On Monday, Apple released iOS 10.1, a new update which weighs in as a 300 megabyte download and incorporates the following extensive set of fixes and changes:

Camera and Photos:
Introduces Portrait Camera for iPhone 7 Plus that creates a depth effect that keeps your subject sharp while creating a beautifully blurred background (beta)

People names in the Photos app are saved in iCloud backups

Improved the display of wide color gamut photos in the grid views of the Photos app

Fixes an issue where opening the Camera app would show a blurred or flashing screen for some users

Fixes an issue that caused Photos to quit for some users when turning on iCloud Photo Library

(more…)

Apple releases macOS 10.12.1 Sierra update

Posted by:
Date: Tuesday, October 25th, 2016, 05:37
Category: macOS, News, security, Sierra, Software

macossierra

On Monday, Apple released macOS 10.12.1, the first major update to its recently-released macOS 10.12 Sierra operating system.

The update, which weighs in around 584 megabytes, includes the following fixes and changes:

Fixes:
Adds an automatic smart album in Photos for Depth Effect images taken on iPhone 7 Plus.

Improves the compatibility of Microsoft Office when using iCloud Desktop and Documents.

Fixes an issue that may prevent Mail from updating when using a Microsoft Exchange account.

Fixes an issue that caused text to sometimes paste incorrectly when using Universal Clipboard.

Improves reliability of Auto Unlock with Apple Watch.

Improves security and stability in Safari.

(more…)

Officials look into Friday’s Mirai-based DDoS, cite Apple’s HomeKit security protocol

Posted by:
Date: Monday, October 24th, 2016, 05:02
Category: Hack, Hardware, HomeKit, News, security

ddos-attack-on-dns-major-websites-including-github-twitter-suffering-outage

Following up on the large-scale distributed denial of service (DDoS) attack on Friday that temporarily took down large chunks of the Internet, it looks like Apple’s controversial “walled garden” approach to its HomeKit devices may have worked out.

As detailed in recent reports, the attack, which also targeted unprotected “Internet of Things” (IoT) devices, focused on Dyn, an internet management company that provides DNS services to many major web entities.

A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others.

(more…)