toggle

AAPL Stock: 99.18 ( -1.57 )

Subscribe to this page now.

Pro-democracy protesters targeted with malware on iOS, Android

10/02, 1:47am

Malware entry vector not yet identified; may capitalize on jailbreak compromise

In an almost unheard-of claim, Lacoon Mobile Security has said that it has discovered a new spyware attack that targets both iOS and Android devices and which appears to be aimed specifically at Hong Kong pro-democracy protesters. Lacoon says it made the discovery while investigating the Android version, but did not clarify how the malware might be installed, or overcome the security built into iOS that has, thus far, kept it largely immune to serious malware or viruses.

more

Find My iPhone web page lets users check on Activation Lock status

10/02, 12:03am

Users can enter IMEI to learn more; technology is on by default in iOS 8

Users who are unsure if their iOS device has the anti-theft feature Activation Lock turned on can now easily check through a new page based on Apple's iCloud site. While the page is currently not linked to the main menu on iCloud.com -- suggesting it may still be undergoing testing -- it offers users a chance to input the devices serial number or IMEI identifier, and returns information on whether the device is protected.

more

Google increases cash rewards for Chrome bug bounties

10/01, 5:20pm

New $15,000 award for successful submissions, up from $5,000.

Google is increasing the rewards in its bug bounties program, as it tries to make its software more secure. The search company is updating its reward pricing range to between $500 and $15,000 per bug, up from the previous maximum of $5,000 for a high-quality report, with an increased focus on discovering potential vulnerabilities within the Chrome browser.

more

Second round of POS breaches strikes Albertson's, Supervalu chain

10/01, 3:14pm

Newest range of grocery store breaches spans 20 states

Supervalu and Albertson's shoppers may be in for another round of personal information theft notifications. The companies said that a second hack took place in late August or early September, with the company finding malicious software on systems that process credit and debit card sales at some of the company's 1,081 stores. Additionally, the malware was also found at Shoppers Food and Pharmacy, plus Shop 'n Save stores -- but the company believes that the installation was not successful, and failed to capture payment data.

more

FTC head speaks out against proposed FCC Title II regulation of ISPs

09/30, 12:56pm

Dueling regulatory boards fight over future of ISP regulation

Allegedly concerned about protecting the American consumer, US Federal Trade Commission (FTC) head Maureen Ohlhausen has come out as strongly against Federal Communications Commission (FCC) Chairman Tom Wheeler's net neutrality provision -- specifically, the possibility of Title II regulation of ISPs. The comment against the possibility of regulating Internet providers as a utility is the FTC's second in September.

more

Apple releases fix for 'Shellshock' Unix flaw

09/29, 6:13pm

Updates bash for OS X Lion, Mountain Lion and Mavericks

Although nearly all Mac users are unaffected by the issue Apple has made good on its word to quickly fix a serious security flaw in bash, a Unix shell that comes as part of OS X. Apple acknowledged the problem on Friday, and today released OS X bash update 1.0 for OS X Lion (10.7), Mountain Lion (10.8) and Mavericks (10.9). The flaw, known as "Shellshock," could potentially allow users who have set up advanced Unix services that interact with the web to be vulnerable to remote intrusion.

more

CloudFlare rolls out free SSL website encryption to all users

09/29, 1:41pm

SSL added after Google's decision to rank encrypted sites higher in search rankings

CloudFlare is pushing its users toward security in a good way, as it is adding secure socket layer (SSL) encryption to all of its customer accounts starting today. Where the company says that only around two million sites supported encrypted connections previously, CloudFlare believes it will double that number by the end of the day. The SSL encryption is being adding to all accounts, even free users.

more

Russia social media law starts early; Twitter, Google, Facebook warned

09/26, 9:26am

Fines not the central means of enforcement -- violators face wide block

Russia's Internet watchdog has sent formal notices to Google, Facebook, and Twitter this week, enforcing early compliance with the country's social media law, requiring services with more than 3,000 readers in a day to register with the overseeing governmental agency and store data within the country. Deputy chief Maxim Ksenzov of Roskomnadzor, the agency in charge of enforcement of the law, has said that the trio will be "forced one way or another to obey the law" despite being international companies.

more

Follow-up: most Mac users 'not at risk' from Bash vulnerability

09/26, 12:06am

Only those running advanced UNIX services should be concerned, fix is on the way

An Apple spokesperson has reassured Mac users that the "vast majority" of users are not at risk from a serious bug discovered in the UNIX shell Bash that some researchers have called "potentially bigger than the Heartbleed vulnerability." Apple says that only those who have configured "advanced UNIX services" using the Terminal in OS X could be a risk of the flaw -- which would mean that nearly all OS X users would be unaffected. Nevertheless, the company is said to be working on a fix.

more

FBI Director Comey worried Apple, Google encryption 'above the law'

09/25, 6:35pm

Agency thinks Android L, iOS 8 security put consumer security ahead of law enforcement

Addressing reporters in Washington today, Federal Bureau of Investigation (FBI) Director James Comey voiced his concerns over the recent shifts in security policy for Android and iOS 8. Specifically, Comey believes that the new security encryption measures that cannot be bypassed for law enforcement puts consumers before possible emergency situations.

more

Apple allegedly informed of iCloud flaw six months before pic thefts

09/25, 9:10am

Vulnerability in Apple iCloud patched a week after celeb photo leak

According to emails between Apple and a security researcher, the brute-force method of attack on iCloud passwords was clear to the Cupertino manufacturer since March 26 of this year, well before the attack on celebrity accounts. A lengthy email chain, made public in recent days documents communications between the researcher and Apple, as well as Apple's continued requests to Ibrahim Balic for more information on the exploit.

more

Bash vulnerability 'Shellshock' affects Linux, OS X systems

09/25, 6:58am

Major security risk could be bigger issue than Heartbleed

A new bug may have a greater potential for harm than April's Heartbleed vulnerability, according to reports. The "Shellshock" vulnerability in Bash, a Unix shell typically used in Linux systems as well as in OS X, apparently allows for code held in environment variables to be executed within the shell as soon as it is invoked, potentially allowing for the control of affected systems to be taken over by another user.

more

Jimmy John's discovers malware-laden POS in July, all-clear given

09/24, 5:56pm

Assault detected July 30, all stores purged by September 5.

Sandwich chain Jimmy John's has reported a security breach, exposing information from customers of 216 locations. According to the chain, the company discovered at the end of July that an unknown assailant stole credentials from a vendor, and accessed the point-of-sale system. This action installed data-collecting malware at some locations between June 16 and September 5 of this year, with most infestations cleared out before the middle of August. The company reports that the security problem has been addressed, and it is once again safe to use credit cards at all stores.

more

Piper home automation now available in US through Amazon

09/24, 1:56pm

Android, iOS security product featured on Amazon Home Automation

Home technology company Icontrol today announced that the Piper all-in-one home security, video monitoring and automation device is now available on Amazon's new Home Automation store. The CTIA award-winning Piper suite allows users to monitor and interact with home automation through the Internet, without service contracts or fees.

more

Bitcoin hardware firm Butterfly Labs sued by FTC over fraud

09/23, 1:40pm

Suit alleges deceptive practices, money dispersion, misuse of company funds

More controversy is further tarnishing virtual currency Bitcoin's reputation. Last week, the US Federal Trade Commission (FTC) filed a civil suit against Butterfly Labs, creator and manufacturer of Bitcoin mining rigs. The suit alleges that the three members of the board of directors have engaged in fraudulent and deceptive practices, plus misappropriation of company funding.

more

Bipartisan bill seeks to clarify overseas data warrant requirements

09/23, 12:38pm

New bill gives information same protection as material goods under law

In the shadow of Microsoft's dispute with the US Department of Justice, Senators Orrin Hatch (R-UT), Dean Heller (R-NV), and Senate Judiciary Committee member Chris Coons (D-DE) have proposed legislation to codify law enforcement access to citizen's data stored internationally. The bill, titled the Law Enforcement Access to Data Stored Abroad Act, seeks to authorize the use of extraterritorial search warrants, but vacate said warrants if it requires parties involved to break the laws of a country to do so.

more

Home Depot transaction security reportedly ramshackle since 2008

09/20, 3:08pm

Refrain from managers asked for more training: 'we sell hammers'

Following the revelation that 56 million credit card transactions were stolen by miscreants, more information is coming out about the hack and The Home Depot's reportedly long-term lackadaisical security. According to employees familiar with the situation, the company was warned as early as 2008 that security would be a problem, and that the company was excruciatingly slow to respond to threats, and often took no action agains perceived attacks or dangers.

more

Former NBA star arrested for $14,000 theft through Apple EasyPay

09/20, 2:41pm

Rex Chapman accused of faking payment, facing 14 felony charges

Former Phoenix Suns professional basketball player Rex Chapman was arrested on Friday, and accused of shoplifting $14,000 in Apple merchandise using Apple's EasyPay self-checkout system. Apple store employees reported the player, after recognizing him "based on his previous celebrity status as an NBA basketball player," according to Scottsdale, AZ police.

more

Monkey Parking fires up service in southern CA, meets resistance

09/20, 11:14am

Service shut down in San Francisco, attempts rebirth in other locales

Parking spot resale service Monkey Parking has quietly relaunched in Santa Monica and Beverly Hills, California. While not currently illegal in the cities, city attorneys have taken note of the launch, met with representatives from the service, and are claiming that they will take steps rapidly to stop the service from operating.

more

China denies hacking involvement uncovered in US committee report

09/18, 10:26pm

Official states charges are 'groundless,' believes US should focus on upholding security

In a press conference today, Chinese Foreign Ministry Spokesperson Hong Lei responded to the government sponsored hacking allegations from the United States. In an unclassified report from the Senate Committee on Armed Services, the body accused the Chinese military of being responsible for at least 20 successful attacks on US Transportation Command (Transcom) contractors.

more

Home Depot reveals more details on breach, 56M credit cards at risk

09/18, 8:19pm

Security steps, including terminal removal, outlined, malware evaded detection

More information on the breach of home improvement retailer Home Depot was announced today. While the company still says that only stores in North America are affected by the breach, it now adds that the information from 56 million unique payment cards was at risk. The company provided further insight into the steps taken since the breach, including adding stronger encryption, after the malware from terminals was completely removed.

more

Apple 'warrant canary' gone from transparency report

09/18, 3:10pm

Missing language suggests Apple has received Patriot Act request

Apple's transparency report on governmental information requests has made a minor but significant change. Language saying that "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us" has been completely removed from the latest version of the document, suggesting that Apple has now received a Patriot Act request, and is subject to a secret Foreign Intelligence Surveillance Court warrant and subsequent gag order.

more

Safari 7.1 adds support for DuckDuckGo, improved Yahoo security

09/18, 12:59pm

Follows a day after 7.0.6

Despite v7.0.6 being released just yesterday alongside OS X 10.9.5, Apple has released another version of Safari for Mavericks, 7.1. The release mainly follows in the steps of its iOS 8 sibling, introducing secure search site DuckDuckGo as an alternative to the likes of Google or Yahoo. Security for Yahoo searches has been improved, as entries into the search field are now encrypted.

more

Apple document: iOS 8 no longer stores encryption keys

09/18, 10:50am

Should make it harder for government agencies to access user data

Part of Apple's strengthened approach to privacy involves stricter encryption in iOS 8, according to the Washington Post, as well as an Apple PDF document. The latter notes that Apple no longer stores encryption keys for devices as of iOS 8, meaning that even if a government agency has a search warrant, the company is unable to break past the security on a passcoded device. That should protect locally-stored content.

more

Apple updates security policies in Cook open letter, stresses privacy

09/18, 3:10am

Security, user data respect seen as differentiators from rival companies

Late on Wednesday, Apple updated its privacy policy web page to feature a letter from CEO Tim Cook outlining new security initiatives, and reiterating the company's recent message that the iPhone maker is in the business of selling products, rather than harvesting data about users in order to target and sell advertising -- and consequently, takes pains to avoid collecting any unnecessary data. In the letter, Cook says that security and privacy are "fundamental to the design of all our hardware, software, and services."

more

GAO finds government health care site isn't secure

09/18, 12:20am

Weaknesses from launch still exist a year later, says 'unnecessary risks remain'

In a report set to be delivered to Congress this week, the US Government Accountability Office (GAO) found that the Healthcare.gov website has a number of security issues yet to be addressed. While a number of steps have been taken to secure the health care portal since its troubled release, the complexity of the system and lack of security protocols in some instances still continue to plague the system.

more

Chinese hackers hit government contractors 20 times in past year

09/17, 9:53pm

Lack of communication between divisions, contractors left agency aware of two attacks

A US Senate committee discovered that Chinese hackers were able to gain access to computer systems for US Transportation Command (Transcom) contractors at least 20 times in a single year. In an unclassified report released today, the investigation focused on the security of Transcom due of the central role it plays in mobilizing troops and equipment.

more

BitTorrent Chat exits private test; emerges as Bleep for OS X, Android

09/17, 4:42pm

Encrypted chat used BitTorrent backbone to provide secure communications

Peer-to-peer protocol pioneer BitTorrent has released an alpha version of its chat client. BitTorrent has revealed Bleep -- what used to be called BitTorrent Chat -- for Android and OS X. Bleep offers fully-encrypted, end-to-end communications between users only stored locally on devices, and not retained by servers any step of the way.

more

Brief held for politicians in DC over Apple privacy, data security

09/17, 1:35pm

CTO, Heath Project Manager at briefing; Apple security defended

Apple sent two high-ranking executives to Capitol Hill earlier this week to brief lawmakers on what it is doing to keep users' data secure and private in the wake of new devices tapping into users' health information and financial data. Apple Chief Technology Officer Bud Tribble and Health Project Manager Afshad Mistri briefed the House Energy and Commerce Committee behind closed doors on Tuesday, according to sources within Congress.

more

Apple to extend iCloud security, add passwords for third-party apps

09/17, 12:14am

New system avoids compromise of Apple ID, limited to 25 active passwords

Starting next month, Apple will add another layer of security to its iCloud service for third-party apps that utilize iCloud storage or other access. The company will allow users to assign up to 25 app-specific passwords for those users who don't want a third-party app to have the user's Apple ID credentials to utilize services such as syncing. The app-specific password approach not only protects the iCloud and Apple ID account, but enhances security for apps that don't support two-step authentication.

more

Apple publishes guide for Android data transfer to iOS devices

09/16, 7:05pm

Company confident that new larger iPhones will attract switchers

With its combination of more and better apps, better security and now large-screen mobile devices, Apple is expecting the new iPhone and iOS 8 to help persuade more Android users to move up to iOS, and to that end has published a document on its website guiding switchers on how to move content from their Android device to the iPhone. The expectation isn't based on hubris: surveys have shown that at least a third of Android users would consider switching to the iPhone 6 family.

more

Two-factor authentication re-instituted at iCloud.com

09/16, 3:53pm

Apple takes another step towards securing iCloud

Apple has once again enabled a two-factor authentication option for iCloud.com. It was briefly introduced in June, but then vanished for reasons unknown. Much like its equivalent for Apple IDs, the iCloud.com two-factor system requires verifying identity through SMS or Find My iPhone. Only once this is done can users load the site's apps.

more

Chinese police arrest Foxconn worker for stealing iPhone 6 shells

09/16, 12:32pm

Police largely silent during pre-announcement era

Chinese police have arrested a 40-year-old Foxconn worker, identified only by the surname Qiao, for stealing iPhone 6 shells from a factory in Jincheng, according to the state-run Taihang Daily. The person was detained on September 4, and is specifically accused of selling six of the shells for 6,000 yuan (about $960) to a gadget market in Shenzhen, where a number of electronics makers are located.

more

Amazon Kindles susceptible to malicious ePubs, account info at risk

09/16, 10:12am

Stored cross-site scripting attack can steal stored cookies on tablet

Security researchers have noted the resurrection of an old bug, which allowed a specially-crafted ePub e-book file to seize cookies stored on Amazon's Kindle series of tablets. When a malicious file hits the storage of the Kindle, either by USB loading or the Amazon "Send to Kindle" feature, a Javascript embedded in a fie will execute as soon as the device's browser is launched, which could result in the user's Amazon account being compromised.

more

Cook: Consumers 'are not our product,' pushes privacy policies

09/15, 11:50pm

Apple's product-centric business model differentiates it from others, CEO says

During more of the interview for PBS' "Charlie Rose" show, Apple CEO Tim Cook addressed the thorny issue of user privacy, with Cook coming out strongly differentiating Apple from other companies, noting that Apple "tries not to collect data." Cook said he believes users "have a right to privacy," and used the issue to reiterate that Apple was not cooperating with US government spying programs.

more

Apple joins data-security industry group ahead of Apple Pay debut

09/15, 7:34pm

Association's aim is to improve cryptographic and data keys, thwart physical and online attacks

Apple is now a member of a non-profit trade association made up of mostly financial institutions, cellular carriers and software and hardware developers devoted to improving security in applications, transactions, data and cryptography. The group, GlobalPlatform says its objective is to "create a standardized infrastructure that accelerates the deployment" of secure software and data, "protecting them from physical or software attacks." Most of Apple's carrier and financial partners in Apple Pay are also members.

more

Connnecticut AG asks Apple CEO Tim Cook to address Watch security

09/15, 5:30pm

Concerns more directly related to HealthKit

Connecticut's Attorney General, George Jepsen, has issued a letter to Apple CEO Tim Cook, asking the company to explain how the Apple Watch will collect and store data. Jepsen asks, for instance, "whether Apple will allow consumers to store personal and health information on Apple Watch itself and/or on its servers, and if so, how information will be safeguarded," and "if and how Apple will review application privacy policies to ensure that users' health information is safeguarded." Other concerns include consent, the specific types of data the watch and its apps will collect, and guideline enforcement.

more

Stanford, Duke to start medical trials using Apple's HealthKit

09/15, 1:29pm

Institutions aim to improve speed, accuracy

In the next few weeks, two major US hospitals -- linked with Stanford University and Duke University, respectively -- are embarking on medical trials using Apple's HealthKit platform, according to Reuters. Doctors at Stanford say they're working with Apple on tracking blood sugar for children with diabetes. Duke, meanwhile, is planning a pilot to track blood pressure, weight, and other statistics for patients with cancer or heart diseases.

more

Malware spreading over Twitch chat empties Steam account items

09/14, 3:08pm

Malware injected by raffle link sells items in Steam inventory, trades to specific account

Security firm F-Secure was recently alerted to a wave of malware targeting the Twitch game streaming audience as a way to turn a quick buck. The target of the Windows-based malware infection isn't aimed at stealing credit card information or joining into an click-through advertising botnet, but rather selling items of value that are associated with a Steam account.

more

Automattic reacts to leak of Gmail logins, resets 100,000 passwords

09/14, 2:23pm

Passwords reset based on database comparison to leaked Gmail credentials

Fallout could still be on the way as a result of the collection of nearly five million Gmail username and password credentials leaked on a Russian Bitcoin forum, but for now at least one company is taking action. Automattic, the company responsible for the blogging platform WordPress, announced it has reset user passwords for more than 100,000 accounts based on the information contained in the list.

more

Briefly: PrivacyScan update for OS X, EditReady 1.1 launches

09/14, 2:02pm

SecureMac releases PrivacyScan 1.6, improves OS X compatibility

SecureMac has released an update for its privacy software for OS X, featuring a new digital footprint security wipe functionality. PrivacyScan allows users to erase sensitive information to securely prevent recovery, as such cache files, browsing history, cookies, temporary files and more. The latest version (v1.6) improves compatibility with future versions of OS X, and also adds greater Firefox web browser support and fixes. PrivacyScan is priced at $15 on the App Store, with a free demo version available directly through SecureMac.

more

Full extent of J.P.Morgan hack not known, two months after attack

09/13, 11:14am

Names, addresses, phone numbers taken; banking info probably safe

Information security professionals are still apparently sorting out the depth of an intrusion at J.P.Morgan Chase from earlier this summer. Three people with information regarding the digital break-in have spoken to press, claiming that the hackers had -- and in some cases may still have -- high-level access to bank servers, as well as gleaning information from around a million customer accounts.

more

Apple Watch relies on PIN, constant skin contact to secure Apple Pay

09/11, 9:57am

Works around lack of Touch ID

The Apple Watch will use a unique system to authorize NFC mobile payments, reports say. Normally, Apple Pay is authorized via Touch ID, but there's no such sensor on the Watch. Instead, when someone puts on the device for the day, they'll have to enter a PIN to authorize transactions. The sensors on the bottom of the watch can detect skin contact, and once that's lost, a person will have to re-enter their PIN.

more

Gmail addresses, passwords of nearly 5M users show up online

09/10, 3:25pm

Google says there is no evidence of a breach, many logins are said to be outdated

Another credential scare has turned up online, this time for one of the world's largest free email services. The emails and passwords of around 4.66 million Gmail users have turned up on a Russian Bitcoin forum, traced backed to English, Russian and Spanish users of the service. It's not clear where or how the list was collected, but it is said that many of the logins are outdated.

more

Cook on Tuesday announcements: Steve would be 'incredibly proud'

09/10, 12:20am

Apple Watch may be first new product never seen by Jobs, Apple Pay 'incredibly safe'

In interviews with the Wall Street Journal and ABC News' David Muir, Apple CEO Tim Cook reiterated many of the sentiments expressed during the Tuesday press even that introduced the two new iPhone 6 models, the Apple Watch wearable and the Apple Pay mobile payments system. He also, however, had a few words in response to questions, ranging from his thoughts on Steve Jobs in the three years since his passing, and how the iPhone 6 will trigger "the mother of all upgrades."

more

Home Depot confirms data breach for United States, Canada stores

09/08, 7:18pm

Breach confirmed for April forward as investigation continues, no evidence of PIN theft

An initial investigation by Home Depot into an intrusion of its payment data systems has revealed that its systems were indeed breached. The home improvement retailer began looking into the breach of its systems after it noticed irregular activity and subsequent sale of its customer data last week. Home Depot was apparently hit by the same malware responsible for the breach of Target's systems.

more

Comcast serving injected JavaScript ads through public Wi-Fi hotspots

09/08, 4:48pm

Provider stating that ads placed as a courtesy, reminiscent of BitTorrent throttling issue

It appears that Comcast has decided to serve advertisements to people that connect their devices to the more than 3.5 million public Wi-Fi hotspots spread throughout the United States. Ars Technica discovered that the Internet service provider (ISP) has been injecting JavaScript advertisements into websites using the Xfinity Wi-Fi services by altering the data stream when webpages are called.

more

Notification emails sent to iCloud users about sign-ins at iCloud.com

09/08, 12:29pm

Part of planned security upgrades

Users of Apple's iCloud are now getting email notifications whenever an Apple ID signs into iCloud.com for the first time from a new device. Each message includes a date and time stamp, and is meant to warn someone in case the login is actually by an unauthorized attacker. The update is part of a series of planned security upgrades announced by Apple CEO Tim Cook.

more

Report: Walgreens, CVS also sign on to Apple's mobile payment plan

09/05, 10:36pm

Joins with rumored merchant Norstrom, banks and credit card companies on deals

A report from anonymous sources suggests that Apple's rumored mobile payment system may have gained further merchant support in the form of drugstore chains CVS and Walgreens. The move would make it easy for customers to use their iPhone to pay for purchases at some 15,000 combined locations in the US, reports AppleInsider via Re/Code. They will be among other known and unknown retail partners to help launch the mobile payment system, which could be announced at the September 9 Apple press event.

more

Cook addresses celebrity images scandal, promises improvements

09/04, 11:59pm

Photos not obtained by iCloud breach, but by password hacking

Apple CEO Tim Cook has formally addressed the recent celebrity selfies scandal, where some of the images obtained by hackers came from the victims' iCloud accounts (alongside other services, those responsible for the collection of the images have recently admitted). In an interview with the Wall Street Journal, Cook not only acknowledged that some celebrities' accounts were specifically targeted using conventional data-stealing techniques, but promised both educational and engineering improvements.

more

MacNN Sponsor

MacNN Newsletter

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    MacNN Sponsor

    Recent Reviews

    Tylt Energi 2K Travel Charger

    Backup batteries and device chargers are objects that many users take for granted. They often only one-dimensional in functionality, r ...

    ActvContent Sync Smartband

    Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

    RocketStor 6324L Thunderbolt 2 eSATA bridge

    Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

    toggle

    Most Commented