toggle

AAPL Stock: 109.13 ( -1.24 )

Subscribe to this page now.

Genieo adware features new exploit that gains access to Keychain

09/03, 11:24am

Does no harm, but could be used by others to gain access to password database

The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.

more

Asustor rolls out quartet of Broadwell-powered NAS appliances

09/02, 11:48am

Dual and quad-core models with two- and four-bays

Asustor has announced the launch of 4 high performance tower model network attached storage (NAS) devices.These new models are the first in the world to be equipped with Intel Braswell processors and feature the AS6202T and AS6204T powered by quad-core processors and the AS6102T and AS6104T powered by dual-core processors.

more

New jailbroken iOS device malware found in Weiphone Cydia repository

08/31, 10:28am

Malware responsible for 250,000 Apple account thefts

Malware for iOS requiring a jailbroken handset, and access to Chinese software repositories has been identified. Recent research has discovered 92 samples of a new family of malware called "KeyRaider," which has resulted in the theft of 225,000 valid Apple accounts login credentials, and associated device GUID.

more

Google advises developers on how to weaken iOS 9 app security

08/31, 6:57am

Temporary fix provided by Google to prevent app advertising from breaking in iOS 9

Google has advised app developers of a way to weaken the security of iOS 9, in order to serve ads to users. A post on the Google Ads Developer Blog offers code to help get around App Transport Security (ATS), a feature in iOS 9 that forces apps to use HTTPS to encrypt data sent over the Internet, with the code disabling ATS so that the apps comply with third-party advertising networks and are able to run some "custom creative code" from Google's own ad servers.

more

Pentagon works with Apple, other companies on wearable technology

08/28, 12:09pm

Sensor project will cost $171M, potentially help monitor soldiers, vehicles

Apple is working with the US government alongside a number of other major companies and institutions to develop new wearable technology. The Pentagon project, said to be using third-parties instead of its own development resources due to the rapid pace of creating new technologies, is aiming to create ways for sensors and other electronics to be embedded into the outwards-facing surfaces of vehicles, such as a jet, or part of the uniform worn by military personnel.

more

SSD data recovery, secure erase standards group formed

08/25, 2:40pm

Problem troublesome in data centers, other enterprise SSD deployments

The Storage Networking Industry Association (SNIA) and its Solid State Storage Initiative (SSSI) have announced the formation of a new Data Recovery and Erase Special Interest Group (DR/E SIG) to accelerate awareness and adoption of recovery technology in the solid state storage marketplace. The first meetings, held earlier in August, brought together manufacturers as well as data recovery specialists, to hammer out a charter and a path for the group to standardize techniques, technologies, and best practices for SSD recovery and erasure, previously unique to each manufacturer.

more

Appeals court opens door to FTC oversight of corporate cyber security

08/25, 9:05am

Wyndham hotels sued by FTC over 2008 breaches

The Third US Circuit Court of Appeals in Philadelphia has ruled in a lawsuit against Wyndham hotels, that the Federal Trade Commission (FTC) has the authority to regulate and enforce corporate IT security policies and failures. The appeal ruling opens the door to the regulatory agency to take pre-emptive measures, should it see fit, but also confirms the agency's power to protect the citizenry and file lawsuits on its behalf for companies such as Wyndham, Target, Ashley Madison, and others who have failed to secure customers' personal information.

more

New OS X vulnerability discovered by Italian teen

08/17, 2:27pm

Leverages bugs to cause memory corruption which could bypass kASLR protection

Two new zero-day vulnerabilities have been uncovered by an 18-year-old Italian man that could be exploited to gain remote access in OS X 10.9.5 through 10.10.5, though the researcher has already published a version of a fix Apple could adopt in a future update. The new discoveries come on the heels of a similar vulnerability that was fixed by Apple in the last OS X software update. Details of the exploits were published by Luca Todesco on Github, just hours after he had notified Apple of the flaws.

more

Acronis deploys cross-platform True Image 2016, True Image Cloud

08/17, 9:40am

New cross-platform backup solutions offer local, cloud backup

Data protection company Acronis, today announced the release of Acronis True Image Cloud and Acronis True Image 2016 - the newest versions of its backup solution for individuals, families and home office users. Acronis is a full image backup solution -- the new Acronis True Image Cloud provides complete protection both locally and in the cloud including pictures, videos, documents, applications, passwords, settings, contacts, events, and an entire computer. Acronis True Image Cloud features multi-device and new mobile device support -- including Android, iOS, and Windows mobile devices.

more

Apple releases iOS 8.4.1 with Apple Music fixes

08/13, 1:56pm

New version brings similar fixes to iOS as given to iTunes.

Alongside updates to iTunes and OS X, Apple has updated the iOS to version 8.4.1. The new version, which saw only two beta releases, provides "improvements and fixes to Apple Music" similar to those offered in the iTunes update. No data is available as to what security issues may have been addressed with this patch.

more

MacKeeper customers can file claims for refund from class action suit

08/10, 12:23pm

Requests for refunds from proposed $2M MacKeeper fund being collected

Purchasers of MacKeeper are now able to file a claim to be reimbursed for the software, it has been revealed. Lawyers representing parties in a class action lawsuit against ZeoBit over the software have launched a site allowing customers to claim their share of a proposed $2 million settlement, with respondents potentially receiving the entire $40 cost in full, depending on how many of the 513,000 eligible customers successfully apply.

more

Carphone Warehouse breach risks data of 2.4M customers

08/10, 6:45am

Sophisticated attack over last two weeks targets UK mobile phone retailer

A major mobile phone retailer in the United Kingdom has become the latest major target of hackers. Carphone Warehouse has admitted some of its servers were breached on Wednesday as part of a "sophisticated cyber-attack" over the last two weeks, with it believing the personal details of up to 2.4 million people may have been accessed, potentially including names, addresses, bank details, and other sensitive customer details.

more

Briefly: Apple website rework, CEO security costs $700k per year

08/07, 10:12am

Apple store and main website combined into single entity

Yesterday late, Apple revamped its online presence. The previous separate store is gone, replaced by direct buying links on each product page, and a unified "shopping bag" icon to replace the "store" button in the top menu bar of the site. Clicking on the purchase link no longer redirects to the store.apple.com domain, instead filling the always-available shopping bag, and streamlines the product purchase process.

more

Briefly: exploit patched in 10.10.5, Apple lists Android jobs

08/05, 4:00pm

Malicious installer requires user password, then installs junkware

A recently-published exploit that could allow attackers to gain unchecked root-level access, following the user initially installing it, has been patched in the forthcoming OS X 10.10.5 update, and in this fall's 10.11 El Capitan upgrade. The flaw, which was introduced in Yosemite's error-logging functions. Though widely reported as hair-on-fire dangerous, the exploit merely installs adware and junkware such as Genio and MacKeeper, and requires users to actively install it before it gains root privileges.

more

Apple privilege escalating bug exploited in new adware installer

08/04, 10:42am

Flaw discovered a month ago leveraged in new adware installer

A zero-day exploit revealed last month for only OS X Yosemite has been found in "the wild." The exploit is being seen in an adware installer, and modifies the "sudoers" UNIX file that determines who has root permission for the system, and during the installation process, can give root permission to an arbitrary process without needing a password.

more

Researchers claim to discover multiple ways to bypass Square security

08/04, 10:39am

Card reader accessories said to be easily turned into card skimmers

Security researchers have come up with a way to turn the Square Reader into a tool for stealing data from credit cards. A group of recent graduates of Boston University will be speaking out about how they can modify the smartphone accessory, used to facilitate card payments via Square's service, to allow any other app to intercept the data and use the card owner's payment information for other, presumably illegal, uses.

more

Hacking team creates Thunderstrike-based Mac firmware worm

08/03, 2:40pm

Exploit still requires user permission to install, downplayed by experts

A new exploit has been developed that could threaten Mac security by leveraging vulnerabilities in firmware rather than software, making the worm nearly impossible to remove. While sounding more ominous than any threat since the original firmware-based Thunderstrike (which was limited to a proof-of-concept with no reported attacks), leading security experts say this new threat is also very low-risk.

more

Dashlane offers password management for iPhone, Apple Watch

07/30, 4:12pm

First password manager to allow changing of passwords from Watch, company says

Dashlane, a password manager for OS X and iOS that MacNN recently reviewed, has announced that it has brought its Password Changer feature, which makes possible extensive password management on iOS devices, to the Apple Watch. The new 3.1 version for iOS includes the feature, and also offers notifications of a security breach on monitored websites, and improves Touch ID support.

more

Hands On: Dashlane 3.0.3 (OS X, iOS)

07/28, 10:49am

Good, strong password manager

Ask anyone who uses a password manager app, and they will evangelize about it -- but they'll also make it sound as if there's only one. We're a little guilty of this ourselves: we've regarded 1Password as synonymous with password management. Yet there are really a handful of them, and Dashlane 3.0.3 has fans who will never look at anything else. They probably don't need to.

more

Beijing police raid counterfeit Apple iPhone maker, nine arrested

07/27, 10:18am

Android-based clones sold in US, leading to Chinese government raid

Acting on a tip from US law enforcement, Beijing police raided a factory producing fake iPhones and accessories. Nine suspects have been arrested in the scheme, which produced 41,000 fake phones, and could have been worth up to $19 million in counterfeit electronics sales. A married couple, arrested by the police, allegedly hired hundreds of workers to assemble the devices.

more

Identity protection firm LifeLock accused of violating 2010 FTC order

07/22, 9:35am

Company again accused of failing to take steps to protect customer data

The US Federal Trade Commission (FTC) today alleged that security firm LifeLock has violated a 2010 settlement with the agency and 35 state attorneys general, by continuing to make deceptive claims about its identity-theft protection services, and by failing to take steps required to protect its users' data. In documents filed with the US District Court for the District of Arizona, the FTC charged that LifeLock failed to live up to its obligations under the 2010 settlement, and asked the court to impose an order requiring LifeLock to provide full redress to all consumers affected by the company's order violations.

more

Poorly-written iOS, Android apps vulnerable to password hacking

07/17, 4:00pm

Dozens of apps allow unlimited login attempts, creating minor security risk

A new report has found that a number of popular iOS and Android apps have what amounts to a minor security fault, in that they allow users to make an unlimited number of attempts to login to an associated account, thus making them vulnerable to password hacking for attackers who have physical access to the device, such as thieves or overzealous law enforcement. Security firm AppBugs says "dozens" of apps are affected, including Slack, iHeartRadio, Dictionary, SoundCloud and many others.

more

Judge rules Apple must face class-action suit over bag checks

07/16, 2:37pm

Standard retail procedure questioned, suit represents 12K retail workers

Despite a previous dismissal of an earlier version of the lawsuit, a US District Court judge has ruled that Apple must face a trial in a class-action lawsuit over the practice of "bag checks," a standard retail loss-prevention technique that is widespread among retailers. The specific dispute in the case involving Apple was that employees complained they were being detained for up to 15 minutes after their shift had ended, without compensation for the lost time.

more

Report: HomeKit manufacturers tripped up by changing standards?

07/15, 1:21pm

Tighter security, hardware authentication may be hampering products

A new report makes the claim that third-party products utilizing Apple's HomeKit technology are slow in coming to market because of the iPhone maker's changes to improve the security of the devices, including a certification requirement to use hardware-based authentication chips that makes product upgrading difficult, and products more expensive. The report also makes more questionable claims of "capricious" changes.

more

Chinese government-backed company plans $23B acquisition of Micron

07/15, 10:55am

Purchase of chip producer may face scrutiny by US government over security fears

An alleged offer by a company backed by the Chinese government to acquire US chip producer Micron Technology faces a considerable uphill battle before it can go ahead. Tsinghua Unigroup is reportedly proposing to acquire Micron, producer of NAND and DRAM and a RAM supplier to Apple, with the supposedly low reported price of $23 billion and concerns by regulators and US lawmakers likely to torpedo the potential sale to the Chinese company for the foreseeable future.

more

Bluetooth SIG, FIDO alliance team for Bluetooth Smart ID verification

07/15, 9:37am

Pair focusing on identity verification on mobile, handshake across devices

The Fast IDentity Online (FIDO) Alliance, the organization focused on changing the nature of online authentication, entered into a memorandum of understanding with the Bluetooth Special Interest Group (SIG) to use Bluetooth Smart as an alternative to using a USB dongle in Universal Second Factor (U2F) authentication. The goal of the pair is to contribute to specifications for FIDO U2F over Bluetooth Smart to extend the reach of the protocol from the desktop to the mobile device.

more

MacLocks debuts Rokku iPad kiosk secure stand for Apple Pay

07/15, 9:22am

mount can be VESA mounted, or accommodate other MacLocks stands

Apple device-centric security firm Maclocks has unveiled the Rokku iPad stand, designed to turn an iPad into a kiosk for Apple Pay functionality. The Rokku includes a double lock and a recessed tamper-proof frame made of high-grade industrial strength
aluminum.

more

Mozilla blocks Flash player by default in Firefox browser

07/14, 11:52am

New vulnerabilities in Flash force Mozilla to take action

Mozilla is blocking Adobe Flash from being run in the Firefox browser following a series of serious security flaws in the software. As of the most recent update all versions of Flash identified with a vulnerability have been blocked by default in order to keep the browser secure, Firefox support head Mark Schmidt advised on Twitter, though he also clarified the block is not permanent, and will be lifted in the event Adobe releases a new, more secure version.

more

Game Replay: Satoru Iwata dies, The Talos Principle, Lizard Squad

07/12, 10:27pm

Gaming news summary for July 12, 2015

Welcome to the Game Replay, a twice-weekly look at the wider world of gaming by the staff of MacNN. In today's edition, the president of Nintendo passes away, an expansion for The Talos Principle is announced, and a game company gets attacked after its president threatens a hacker with legal action.

more

Adobe patches Flash Player to close new vulnerabilities

07/10, 12:03pm

Latest exploits flaw marketed by Hacking Team to governments, others

Adobe has updated Flash to version 18.0.0.203 for Windows and Mac in an effort to close yet another batch of security flaws. While no active use of the exploits had been discovered, the company had been notified earlier this week that some of the exploits had been discovered to be known by Hacking Team, a group of commercial security attackers that has sold such secrets and flaws to government agencies around the world.

more

MacNN Deals: Protect yourself with these backup, VPN services

07/10, 8:46am

Keep yourself, your data safe by backing up and using a VPN from MacNN Deals

Every day, alongside our regular Daily Deals post, we are showcasing some of the sales available on our own MacNN Deals store. Today's three deals are all designed to help protect you and your system, both from a loss of data by backing up online, as well as other perils associated with going on the Internet.

more

New iOS 9 beta reveals changes to two-factor authentication, more

07/09, 4:05pm

High-quality cellular music streams, automatic screenshot albums among changes

The latest beta given out to developers (and now the public) for Apple's iOS 9, expected early this fall, has revealed a handful of minor changes and features, along with a significant change in how the company is going to handle two-factor authentication in iOS and OS X going forward. When enabled, two-factor authentication allows users to add and verify new devices (such as iPhones) to be allowed to access a user's established cloud services and syncing. In addition to a previously-announced change to six-digit codes for verification, Apple will be removing the 14-digit Recovery Key option.

more

Apple launches first public betas of El Capitan, iOS 9

07/09, 3:01pm

Public beta begins despite long list of issues, problems

Apple has made available public betas for iOS 9 and OS X 10.11 El Capitan, according to reports. The new software, based on the issue-laden third developer beta released yesterday, is available to users previously registered with the company's Beta Software Program. While the company normally waits until there is a fairly stable developer beta existing before issuing the first public beta, today's releases are fraught with issues and missing functionality.

more

Lizard Squad member convicted over 50,700 computer crime charges

07/08, 9:58am

Finnish court issues two-year suspended sentence to hacker

A member of the hacking collective Lizard Squad has recently been convicted of 50,700 computer crime-related charges. Julius Kivimaki, a 17-year-old identified in the hacking group as "zeekill," will not be going to prison or facing a tough penalty, as he has been handed a two-year suspended sentence by the Finnish court, according to local media, along with an order from the court to "fight against cybercrime."

more

MacNN Deals: Protect your passwords, data with these three deals

07/06, 8:59am

Keep your device data and your passwords safe with these three MacNN Deals

Every day, alongside our regular Daily Deals post, we are showcasing some of the sales available on our own MacNN Deals page. Today's group of offers relate to keeping your online life safe, including managing your various passwords on multiple devices, and protecting your data by backing it up online regularly.

more

Plex forums breached, user data held to ransom by hacker

07/03, 7:55am

Forums, blogs attacked in Plex breach, ransom deadline looms

Plex is under threat from a hacker, attempting to blackmail the service by holding some of its customer data up for ransom. The streaming media software developer's forums have been breached, with the hacker demanding bitcoin from the company, otherwise the attacker will release all the acquired customer data, as well as other software and files picked up in the intrusion for all to see.

more

Cisco launches bid to buy OpenDNS for $635 million

07/01, 2:04pm

Deal expected to close in 1Q 2016 after regulatory approvals are met

Today, Cisco announced its intent to acquire OpenDNS, a privately-held security company based in San Francisco. OpenDNS provides advanced threat protection through domain name system extension, adding phishing protection and content filtering to the vital service. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

more

Briefly: QuickTime Windows update, Apple Q3 call announced

06/30, 9:30pm

First QuickTime update in nearly three months focuses on security

In addition to an avalanche of updates ranging from major to security-patches-only, Apple has released QuickTime 7.7.7 for Windows, the first update to the multimedia technology since early April. The update fixes a clutch of security issues with the QT Media Foundation, which could allow a maliciously-crafted file to lead to an unexpected application termination or arbitrary code execution. The root cause of the issue, multiple memory corruption issues, were addressed through improved memory handling.

more

Apple updates Safari, releases first 9.0 beta, offers EFI security fix

06/30, 3:02pm

Next version of Safari, coming in 10.11, will offer new features

Among a storm of major updates, Apple has also issues updated versions of Safari for the three versions of OS X currently supported: Mountain Lion (10.8), Mavericks (10.9), and Yosemite (10.10). In addition to the updated Safari versions (6.2.7, 7.1.7, and 8.0.7 respectively), the company also issued the first developer beta of the forthcoming Safari 9.0, which will accompany the release of OS X 10.11 this fall, and a pair of EFI updates.

more

Daily Deals: 1TB SSD, $300 50-inch HDTV, IP surveillance camera

06/29, 2:46pm

MacNN and Electronista deals for June 29, 2015

Welcome to Daily Deals, the post where we scour online retailers for offers, bundles, sales, and discounts on hardware, software, and games for you, the discerning MacNN and Electronista reader. Today, we've wiped the slate clean of older deals, with the new collection including a $300 50-inch HDTV, a 1TB SSD for under $400, and a 720p IP surveillance camera for $60.

more

Briefly: Maps Flyover adds cities, Apple Pay UK faces limits

06/26, 9:34am

Apple Maps adds seven new cities to Flyover feature

Earlier this week, Apple expanded the Flyover feature of its Apple Maps service by adding six international and one North American city to the visual-overview feature, which combines aerial photography with computer-generated graphic enhancements to create 3D views of various locations. The new cities have been added to both the iOS and OS X version of Maps.

more

Second MacKeeper security flaw found, being actively exploited

06/25, 5:00pm

Website can mimic malware report from software, thus obtaining admin password

Users of controversial utility software MacKeeper who are not up-to-date on the latest version are vulnerable to a serious security flaw that can trick users into passing their admin passwords onto attackers, thus leaving the Mac vulnerable to a complete remote takeover. Though the problem has been fixed in version 3.4.1 of the much-maligned "cleanup" utility, the flaw is being actively exploited in the wild by attackers preying on users who have not updated.

more

Samsung installing software to disable automatic Windows Updates

06/25, 7:32am

New Samsung notebooks have Windows Update-disabling software installed

Samsung is preventing some of its customers from performing Windows Updates automatically, it has been discovered. A small app going by the name of Disable_Windowsupdate.exe has been found to be installed on some new Samsung notebooks, with the app's sole purpose being denying the computer from downloading any important security updates or drivers from Microsoft's service, so that Samsung's own driver-updating software can work instead.

more

Google attacked by privacy advocates over Chromium voice prompt code

06/24, 2:14pm

Addition of voice search trigger command to Chromium causes outcry

Google has come under fire from privacy campaigners, for automatically installing an audio monitoring tool as part of Chromium, the core of Chrome. Developers discovered the browser was automatically downloading and installing code that listens to the user's voice for the voice search trigger "OK Google," something that is allowed within the main Chrome browser, but not within the open source Chromium browser.

more

Adobe updates Flash Player to fix 'actively exploited' flaw

06/24, 1:55pm

Exploit targets professional-industry users through phishing emails

Adobe on Wednesday has released an emergency patch for its Flash Player browser plug-in due to a critical flaw that is being actively exploited in the wild. Flash Player 18.0.0.161 and earlier for Windows and Macintosh systems are affected by the issue, as is version 11.2.202.466 for Linux 11.x versions. The attack, called APT3 for the China-based organization from which it originates, uses spam "phishing" emails targeted at industry professionals to gain credentials used to steal intellectual property data.

more

Pointers: Syncing Google and Apple Calendars

06/22, 3:10pm

How and why to get them working together

Stop us if you've heard this one: we want to share our calendar with someone, but we don't want them to know precisely what we're doing. We need them to know we're a bit busy on Tuesday morning but, on balance, we'd rather they not be able to tell that it's our DUI court case. To be fair, they don't want to know either.

more

Apple institutes partial fix for 'XARA' exploits; patch in progress

06/20, 8:14pm

Range of discovered vulnerabilities made it possible to intercept data between apps

Apple announced on Friday that it had implemented a server-side partial security update earlier this week to help protect Mac and iOS users against a "series of high-impact security weaknesses" discovered by researchers now collectively known as XARA vulnerabilities, that could potentially be used to obtain data being passed between sandboxed applications, such as passwords. No known cases of the exploits have been seen "in the wild," and Apple says it is working with researchers on a longer-term fix.

more

Major apps fail to protect user passwords with HTTPS encryption

06/19, 5:11pm

Apps collectively downloaded over 200M times insecurely transmit account credentials

A number of popular Android apps have been discovered to leak the passwords of users, due to the use of insecure authentication systems. Researchers have found the issue in Google Play Store apps run by many major companies, where a flawed implementation of HTTPS or a complete lack of HTTPS encryption at all during the login process leaves the user's credentials exposed and viewable by anyone monitoring network traffic.

more

Samsung issues fix for keyboard update vulnerability in Galaxy devices

06/19, 6:56am

Samsung Knox being used to force the update to affected smartphones

Samsung is issuing a patch to close a vulnerability in its smartphones caused through an insecure updating system for its software keyboard. The manufacturer is pushing the fix to affected smartphones over the next few days via a security policy update via Samsung Knox, its own security platform meant for enterprise use, though it is also working on a more standard firmware update for non-Knox devices that will pass through carriers.

more

EFF again awards Apple perfect score on digital privacy

06/18, 2:00pm

Adobe, Wikimedia, WordPress, Yahoo among top-rated tech firms

For the second year running, the Electronic Frontier Foundation has given Apple and a handful of other tech firms a perfect "five out of five" star rating for efforts related to securing consumer data against both theft and government intrusion. The high score reflects a top initiative of Apple CEO Tim Cook, and the company generally, in believing that the business model that requires collecting and monetizing customer data is fundamentally flawed.

more

Advertisement

Connect with Us

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook

    toggle

    Most Popular

    Advertisement

    Recent Reviews

    Blue Yeti Studio

    Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

    ZTE Spro 2 Smart Projector

    Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

    MSI Geforce GTX 970 100ME

    When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

    toggle

    Most Commented