toggle

AAPL Stock: 102.25 ( + 0.12 )

Subscribe to this page now.

HealthKit policies updated to block data use by advertisers, brokers

08/28, 3:51pm

Should address one central fear

Apple has updated the language in its privacy policy for HealthKit to prevent apps from selling data to "advertising platforms, data brokers or information resellers," notes the Financial Times. HealthKit will allow iOS 8 apps to exchange health and fitness data tracked via various accessories, such as the iWatch. The iOS upgrade is rumored to launch next month alongside the iWatch and the iPhone 6.

more

JPMorgan Chase systems infiltrated, banking data may have been stolen

08/28, 2:39pm

Assault on JPMorgan Chase may be only one of multiple intrusions in August

JP Morgan Chase & Co plus at least four other financial institutions have reportedly come under attack by hackers. According to a quartet of people familiar with the investigation, the possibility exists that gigabytes of customer data, including banking information, may have been stolen by the assailants with a "zero-day" attack, who may to be linked to Russian state-sponsored hackers.

more

Report: Eight high-profile sites hit by browser exploits last week

08/27, 11:45pm

Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket

A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.

more

Automattic strengthens WordPress with BruteProtect acquisition

08/26, 7:02pm

BruteProtect to be rolled into Jetpack, paid service ends to make all features free

Automattic, the company responsible for the WordPress blog platform, announced today that it acquired BruteProtect. The pick up will allow the company to strengthen security of the WordPress platform through its Jetpack service, without additional cost to users. BruteProtect started its life as a plug-in for the popular blogging software, only to expand into other areas of security, server management and premium services.

more

Some iOS apps vulnerable to auto-dialing URLs, developer notes

08/25, 4:48pm

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

more

Gaming services including SOE, PlayStation Network hit by DDoS

08/24, 6:40pm

Several companies confirm attacks as service returns, hacking group claims responsibility

Some of the most popular gaming services are reportedly under attack as a series of distributed denial of service attacks (DDoS) has been underway since last week. Shacknews reports that Blizzard, Grinding Gear Games, PlayStation Network, Riot and Sony Online Entertainment have all been undergoing a series of attacks leading to connection instabilities and service failures. While the attack was initially thought to be limited to a few companies, it's been discovered that several additional gaming services and websites have been targeted as far back as August 18 by a hacking group.

more

US cybersecurity chief claims lack of experience not important to job

08/23, 1:13pm

Presidential advisor believes education, overall government experience sufficient

In an interview with the Information Security Media Group publication, White House cybersecurity coordinator Michael Daniel admits to having no practical experience with the subject matter. Daniel claims that "being too down in the weeds at the technical level could actually be a little bit of a distraction" to his job of advising the president about ongoing and emergent information security issues.

more

Secret Service expands investigation of Target, UPS PoS malware

08/23, 12:20pm

'Backoff' malware has infected 1,000 businesses across US

Target isn't the only US retailer affected by the "Backoff" point of sale malware. Following forensic analysis of the intrusion software, researchers for US government law enforcement have claimed that more than 1,000 businesses have been infected by the same strain that assaulted the big-box retailer, and now UPS storefronts.

more

Amazon wins Department of Defense cloud services contract

08/22, 10:35am

Amazon hopes contract will pave the way for cloud-based confidential data

Amazon Web Services has received the first ever U.S. Department of Defense level three through five provisional authorization for the AWS GovCloud (US) region under the Defense Information Systems Agency's (DISA) codified Cloud Security Model (CSM). This new authorization allows Department of Defense users to conduct development and integration activities for everything but classified workflows with Amazon's service.

more

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

08/21, 3:30pm

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.

more

Heartbleed suspected to be point of entry for CMS records breach

08/20, 5:15pm

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

more

Symantec condenses security line-up into one suite, Norton Security

08/20, 4:15pm

Software line drops nine different programs, new software launches September 23

Symantec announced earlier this week that it would be issuing a sweeping change to its line of antivirus software to offer consumers a single solution. Starting September 23, the company will begin offering Norton Security for around $80 per year. The change effectively ends releases of Norton Antivirus, the company's main product line that has seen annual releases since the early 90s.

more

Claim: Apple's iMessage accounts for 30 percent of all mobile spam

08/20, 1:28pm

AppleScript, multi-platform hooks make spamming easier

Over 30 percent of all mobile spam messages are now being sent through Apple's iMessage system, claims Tom Landesman, a security researcher at Cloudmark. Many of the messages are pushing fake luxury products, such as sunglasses and handbags. Landesman explains that spammers are -- or were -- taking advantage of several aspects of Apple's ecosystem. However, Apple has responded to the charge, and said that some countermeasures have been implemented.

more

New malware stealing advertising revenue from jailbroken iOS devices

08/20, 9:08am

Package changes developer ad ID with that of assailant with Cydia Substrate

A new piece of malware has started infecting jailbroken iOS devices earlier this year. The "AdThief" or "Spad" package hijacks advertising clicks and revenue, and redirects them to the author of the package, rather than the developer who inserted the advertising in the first place. The malware is simple and low profile -- it replaces the developer's ID with the attacker's ID. Mobile ad kits targeted by the AdThief malware are mostly from Chinese vendors, with four in the US, and a pair in India.

more

Gatekeeper changes unconnected to Dev Center hack, sources claim

08/19, 3:13pm

Re-signing mandatory for existing apps

Despite recent claims, a Dev Center security breach may not be why developers are being asked to re-sign Mac apps using OS X Mavericks, sources say. An alternative reason for the switch hasn't been mentioned, but unnamed sources are countering reports yesterday from other unnamed sources. In the earlier rumors, it was claimed that one or more hackers had managed to obtain not only Gatekeeper keys but "virtually every key Apple used for everything."

more

Apple seeds fourth beta of OS X 10.9.5 to developers, AppleSeed

08/19, 2:27pm

Gatekeeper added to testing list

Apple has posted a new beta of OS X 10.9.5 for developers and AppleSeed participants, identified as build 13F18. Testing areas remain largely the same -- including Safari, graphics, Thunderbolt, and USB/USB smart cards -- but with the addition of a significant change to Gatekeeper, Apple's app-signing security feature. "Signatures created with OS X version 10.8.5 or earlier ('v1 signatures') are obsoleted and will no longer be recognized by Gatekeeper," Apple reminds the developer audience. "To ensure your apps will run on updated versions of OS X, they must be signed using the codesign tool on OS X version 10.9 or later ('v2 signatures')."

more

Microsoft pulls four Windows 8.1 patches over instability, crashes

08/19, 12:42pm

Microsoft-provided fix involves registry modification, manual deletion

Plagued by crashes, Microsoft has retracted its Windows patches from August 12. Users that have installed patches 2982791, 2970228, 2975719 and 2975331 are at risk of system instability, or a "0x50 Stop" error on startup, which prevents the system from booting. A fix requires either a clean OS install, or registry modification to purge the afflicted updates.

more

Gameover Zeus resurrected with more robust control server connection

08/19, 10:07am

New malware not stealing info, passwords; just growing

The Gameover Zeus botnet has re-appeared in stronger form, with most of the infections taking place inside the US. The new botnet implementation doesn't rely on the peer-to-peer methodology of the parent strain, but instead relies on a more flexible, and harder to stop, domain generation algorithm (DGA) to determine how the malware botnet will connect with command-and-control servers.

more

Report: Dev Portal security breach prompted Gatekeeper change

08/18, 11:00pm

Enterprise Signing Key, Activation Lock keys could have been compromised

An unidentified Twitter user is claiming that recent changes to Gatekeeper in OS X Mavericks and OS X Yosemite which has forced developers to re-sign their app credentials is actually the result of a security breach that successfully pilfered the Gatekeeper keys and possibly "many other keys for many other things," according to the user. A corraborating source was located by TUAW that has allegedly confirmed the breach and tied it to the recent alleged Activation Lock hack.

more

Community Health Systems admits breach, 4.5 million patients affected

08/18, 6:34pm

Personal information including social security numbers stolen, no medical information

Today, in a filing with the United States Securities and Exchange Commission (SEC), medical services provider Community Health Systems (CHS) revealed that it was the victim of a cyber attack that spanned a three-month period. According to the filing information, personal information from around 4.5 million patients was stolen, including Social Security numbers.

more

Google reportedly implementing child-friendly services, protection

08/18, 5:05pm

Child-focused version of YouTube allegedly in development

Google is adapting its services to cater for a younger audience, as the company attempts to make a play for a new generation of user, a report claims. The search company is allegedly working on various child-friendly services which children under the age of 13 will be able to use, provided it receives permission from the child's parent or guardian beforehand.

more

Supermarket chains Supervalu, AB Acquisition LLC announce breaches

08/17, 2:21pm

Breaches target 209 Supervalu stores, AB Acquisition stores in 21 states

Last week, supermarket chain Supervalu announced that it discovered an intrusion into part of its computer network, specifically for the portion that processes payments with debit and credit cards. The company believes that card data may have been stolen from 209 of its standard and franchise stores. A day prior, AB Acquisition LLC announced that its systems were breached, but was said it had yet to determine if any cardholder data had been stolen.

more

Chinese iCloud data now being housed on China Telecom servers

08/15, 10:57am

Apple tries to assuage privacy concerns

Apple is now hosting Chinese iCloud content on a mainland datacenter operated by China Telecom, the company has confirmed to Reuters. Questions were raised when the city of Fuzhou posted a notice on its website confirming the transfer of content to the datacenter, but then retracted the statement. The message indicated that Apple actually began the project 15 months ago, but only finished it on August 8th.

more

Anonymous attacking St. Louis police, shooter's name released [u]

08/14, 11:03am

Collective has already released information on Ferguson police chief

[Updated with release of police respondent's name, which may be incorrect] Hacker collective Anonymous has allegedly penetrated the St. Louis County police dispatch computer system, and has released audio excerpts from the day that an unarmed African-American man was shot by police. The "OpFerguson" event underway by Anonymous has crippled Ferguson City's website, and already leaked some details about local police -- a very recent tweet by Anonymous has given the city very little time to respond, and has now released the officer's name involved in the shooting. However, the St. Louis police department claims the collective is wrong, and the person named is an "innocent citizen."

more

Safari updated for Lion and higher with security patches

08/13, 7:01pm

WebKit vulnerability, memory corruption, other issues addressed

Seven potential security and stability flaws in the WebKit engine that drives Safari have been identified and fixed in a new update for the default Mac web browser, which was released on Wednesday. The patch updates the version numbers to 6.1.6 for older OS versions going back to Lion (OS X 10.7.5), and to 7.0.6 for Mavericks (10.9.4). Problems with a WebKit vulnerability that could cause crashes, alongside some memory corruption issues, prompted the update.

more

Snowden, declassified documents reveal more of NSA's activities

08/13, 2:50pm

Two-day Syrian Internet blackout blamed on failed NSA hack

The National Security Agency (NSA) was behind the two-day Internet blackout of Syria in 2012, claims whistleblower Edward Snowden. The accusation, alongside claims that the NSA is working on an automated malware killer, from Snowden comes at the same time as a separate report appearing to show the NSA collected far more information than was legally allowed.

more

Android BlackPhone hacked at DefCon, BlackBerry 10 next?

08/12, 11:24am

Device hacked enabling root access, SecureCircle apps unaffected

The "super-secure" Android Blackphone has been hacked by an attendee at the DefCon conference. In less than five minutes, the Google-backed device surrendered root access without unlocking the Android bootloader. Initially contested by the manufacturer, the company, Geeksphone, later thanked "Justin Case" for pointing out the flaw.

more

California passes mandatory 'kill switch' legislation for smartphones

08/12, 1:57am

Brown likely to sign into law; iOS devices are already compliant

The California state Senate has passed a bill requiring cellphone manufacturers to implement, and providers to activate, a "kill switch" that can be triggered remotely in the case of theft that renders the phone inoperable and unable to be reactivated. Owners of the iPhone are long familiar with these abilities, as Apple has offered them as opt-in features for some time, but the requirement that it be activated when users sign up for service will be new to many.

more

Microsoft dumping support for old Internet Explorer versions in 2016

08/11, 1:43pm

Most recent version of Internet Explorer required for updates, support for IE8 dropped

Microsoft announced last week that it would be changing its support policy in regard to Internet Explorer. Outlined in the change is migration guidance for versions of Windows past XP, which excludes any further support for Internet Explorer 8. The software giant is urging users to enable Windows Updates to keep up with the most recent updates to Internet Explorer.

more

Xiaomi pushing out update over privacy, data reporting concerns

08/10, 5:07pm

Executive outlines technology tied to server reporting, changes including ability to opt-in

Since last month, Chinese phone and tablet manufacturer Xiaomi has been under suspicion of data practices that could be considered harmful to its user base, including the discovery of spyware installed in the Star N9500. Recent reports, and testing by a security firm, indicates that Xiaomi's smart phones, including the RedMi 1S, are reporting information back to servers in China.

more

Google, Microsoft, others throw in with Facebook in NY privacy appeal

08/09, 9:55am

Amicus briefs filed with NY Supreme Court decry overly broad warrants

Facebook is battling the New York courts over what it says are overly-broad warrants to examine user profiles and data. Supporting the social media giant, Dropbox, Foursquare, Google, Kickstarter, LinkedIn, Meetup, Microsoft, Pinterest, Twitter, Tumblr, and Yelp have all filed amicus curae ("friend of the court") briefs with courts in support of the Facebook effort, complaining that services like Facebook are multi-faceted and require more granular warrants, rather than a sweeping motion to collect all data about a targeted user.

more

Researchers discover cryptocurrency hack costing mining pools $83,000

08/08, 12:52pm

Network compromise redirected mining pool traffic to alternate server

Security researchers have discovered a vulnerability in the way cryptocurrencies, such as Bitcoin, are stored in mining pools, allowing for funds to be stolen. Discovered by the Dell SecureWorks Counter Threat Unit, the exploit has allegedly already been used at least once, with one attacker said to have acquired approximately $83,000 using the technique.

more

Chinese government officially denies banning Apple procurements

08/08, 9:27am

Apple never applied to be on energy-saving list, all parties say

The Chinese Central Government Procurement Center -- as well as the Finance Ministry, and Apple itself -- have all denied a recent Bloomberg report claiming that Apple had been deliberately excluded from procurement lists for security reasons, according to Reuters. It had been said that Chinese government agencies were newly banned from buying devices like iPads and MacBooks. All three parties involved now say, however, that Apple never applied to be on the list in question to begin with.

more

Skype confirms abrupt drop of older OS X systems support

08/08, 2:44am

Minimum Intel processor, 10.6 requirement follows eight years of updates

As a confirmation of earlier reports that Skype was locking out users of very old Macs with OS versions below 10.6 Snow Leopard, Microsoft on Thursday issued a memo that confirmed and clarified that it no longer supported the nearly seven-year-old OS X 10.5.8 or any lower releases on the Mac, and that Skype's service now requires a minimum of an Intel processor and 10.6 or later in order to work. How long Snow Leopard will be supported is unclear.

more

Russian hackers collect more than 1.2 billion unique credentials

08/08, 12:00am

Nearly 4.5 billion records in total collected, 542 million unique emails addresses

The New York Times reported earlier this week that a hacker group has collected 1.2 billion unique username and password credentials from 420,000 websites. The records, which were verified by a security firm, is thought to be one of the largest collections of Internet identity information reported. The publication had the data analyzed by another expert, who verified the authenticity of the collection but has not commented on the validity of the data.

more

AgileBits announces sale, free update on 1Password for iOS

08/07, 9:07pm

Forthcoming iOS 8 upgrade with Touch ID support will be free for current owners

According to a new announcement from AgileBits, makers of the iOS and Mac password management app 1Password, the forthcoming version for iOS 8 will be a free update to existing users. In conjunction with that, and a new report that Russian hackers may -- or may not -- have collected over a billion unique email account credentials, the company has opted to put its iOS version on sale for $10, a cut of $15 from its normal $25 price. The iOS 8 update for 1Password, expected this fall, will add extensions and Touch ID support to the password manager.

more

Google warns lack of HTTPS use by sites will impact search rankings

08/07, 10:54am

HTTPS use by sites will give slight improvement to Google search results in future

A website's usage of HTTPS to secure a connection with its visitors will soon play a role in search rankings, Google has announced. Websites actively adopting HTTPS by default for all traffic could rank higher in results listings to sites which do not use it, as the company continues to push other services online into adding more security to their sites.

more

Mozilla warns of accidental disclosure of developer network database

08/06, 7:33pm

About 76,000 email addresses, 4,000 encrypted passwords were publicly accessible

At the beginning of the month, Mozilla issued a release on its security blog that there had been an investigation into accidental disclosure of its database for the Mozilla Developer Network (MDN). The company discovered a problem after a web developer found out that the data sanitization process it runs on the MDN database had been failing. The result was that 76,000 email addresses of account holders, as well as the "passwords of about 4,000 users" were able to be accessed publicly.

more

Synology unable to aid decryption of SynoLocker afflicted devices

08/06, 1:40pm

Malware strikes un-updated Synology NAS units

Synology product users affected by the SynoLocker attack may have lost their files to the cryptoware. Representatives from Synology have informed Electronista that at this time, they are unable to provide assistance recovering data that has been forcibly encrypted by the malware.

more

Security firms provide free decryption keys to CryptoLocker victims

08/06, 11:59am

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

more

China excludes Apple products from government procurements [u]

08/06, 9:31am

Cites security concerns

[Updated with Chinese government denial] The Chinese government has excluded 10 Apple products from its latest procurement list dictating which products can be bought using public funds, according to officials cited by Bloomberg. Among the banned products are all variations of the MacBook and the iPad, but not the iPhone or other Mac models. The products were on a June version of the list, but are said to have been left out as of July due to security worries, though another report quotes government officials as denying this.

more

Briefly: Parallels' service alert, Keeper Secure File Storage for iOS

08/05, 2:50pm

Parallels notifies Desktop 8 for Mac users that software will not run on Yosemite public beta

Parallels has released a service notification for users of Parallels Desktop 8 for Mac. Users considering installing the OS X Yosemite public beta 10.10 will not be able to launch Windows applications, or directly use files through Parallels Desktop 8. Parallels Desktop allows for Windows applications to run on OS X without rebooting in systems up to and including 10.9 Mavericks. In order to avoid service disruption, Parallels encourages users to upgrade to version 9 of its software. Upgrading is available for $50, with Parallels Desktop 9 for new users priced at $80.

more

Synology users plagued by SynoLocker encryption malware [u]

08/05, 2:30pm

SynoLocker demanding 0.6 bitcoin to release encrypted data

[Updated with additional info] Network attached storage device manufacturer Synology is reporting that a new form of malware is spreading to some of its customers. Dubbed the SynoLocker cryptoware, the malware encrypts data on the network peripheral, and the perpetrators are demanding 0.6 bitcoin ($350) to get the key to retrieve the files.

more

Apple to require developers to re-sign, update older apps

08/04, 9:42pm

Essentially requires all apps be recompiled for Mavericks to avoid Gatekeeper trap

A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.

more

China increases domestic security suppliers, removes foreign software

08/04, 1:38pm

Kaspersky, Symantec said to be excluded from procurement lists, could be due to security concerns

One of China's state-sponsored media channels is indicating that the government has removed all foreign-made software from its list of approved security software purchases. Newspaper The People's Daily posted on Twitter yesterday, indicating that Kaspersky and Symantec are now excluded from the country's government procurement channels.

more

NetShade 6 adds KeyShade password manager, UI improvements

08/01, 9:57am

Adds AppleScript, TCP-over-HTTPS support

Rayner Software has released Netshade 6, an update of its proxy/VPN client for the Mac. The main addition is actually KeyShade, a tool for storing passwords, notes, and bank and credit card info. Data is encrypted using AES-256, and synced across devices. Rayner says that a standalone version of KeyShade will be "coming soon" to Mac and iOS, but that for now it's tied to NetShade.

more

Square announces expansion into EMV chip card readers for business

07/31, 8:05pm

Payment service jumps ahead of Visa, Master Card dates to shift to chip cards

Square, a company that helped open mobile payments up to the masses, released news today that it would be expanding its device offerings with a reader for chip-based credit cards, now frequently used outside the US. While the company states that typical Europay, Master Card and Visa (EMV) solutions are costly, it will release an affordable model to enable sellers to accept the secure payments.

more

BitTorrent announces Bleep, pre-alpha decentralized chat application

07/31, 7:30pm

Company releases first chat application Bleep, currently only available for Windows

BitTorrent is making an attempt to diversify its offerings even more. While the company has said it was adding pay options to its Bundles early in the month, it has now launched a server-less chat client called Bleep. BitTorrent says that the app is created in a way that the experience is decentralized, only exposing messages and phone calls to people users choose to trust.

more

Judge upholds warrant, orders Microsoft to produce overseas emails

07/31, 6:43pm

Department of Justice warrant to obtain emails valid, judge gives Microsoft chance to appeal

A United States District Court judge ruled today that a warrant issued to Microsoft requesting emails stored in Dublin, Ireland is valid. The judge stated that the company must follow the order to produce emails involved in a criminal investigation, in spite of foreign law. The order was temporarily stayed to give Microsoft the opportunity to appeal through the Second United States Circuit Court of Appeals.

more

CIA blames employees, apologizes to Senate for searching computers

07/31, 3:37pm

Senate Intelligence Committee's computers were accessed states internal investigation

It turns out that the Central Intelligence Agency (CIA) did in fact access Senate computers in an improper fashion, as they have been accused of earlier this year. Back in March, Senator Diane Feinstein (D-CA) claimed that the intelligence agency had accessed the computers of the Senate Select Committee on Intelligence, searching for a document relating to research into the agency's detention and interrogation program.

more

MacNN Sponsor

MacNN Newsletter

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    MacNN Sponsor

    Recent Reviews

    Epson PowerLite Home Cinema 2030 projector

    With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

    Life n Soul 8 Driver Bluetooth headphones

    When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

    Pure Jongo T2 wireless speaker

    Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

    toggle

    Most Commented