Tag - Malware
Pointers Special: Security best practices, part three
You didn't buy your Mac or your iPhone in order to while away the hours avoiding phishing scams and malware. Unfortunately, other people did buy theirs in order to con money or data out of you, so we have to be vigilant. That's the purpose of our three-part Pointers Special. This is how to protect your Apple device, your work, and your money -- and in this concluding edition, how to keep people from seeing what you're doing.
Over 32M Twitter account credentials believed to be leaked by hackers
The login details of over 32 million Twitter accounts may be at risk, according to a search engine that specializes in leaked account credentials. The leak, which is believed to have been caused through malware infestations rather than a breach of Twitter's own servers, are said to include the usernames, passwords, and email addresses, notably with the passwords supplied to the search engine in plain text instead of being encrypted.
Millions of new PCs shipping with factory-installed malware
Researchers at Duo Security have released a scathing analysis of the PC industry and its lax security measures. In particular, the researchers found that every major Windows-based OEM, including Dell, Lenovo, Asus, Acer, and HP, ship brand-new PCs that are vulnerable to hackers from the moment that they are booted up out of the box, a phenomenon the report dubs "Out-of-Box Exploitation" (OOBE). The issues stem from the bloatware routinely pre-installed on new PCs, which include third-party software update tools -- even supposed "bloat-free" PCs carrying the Microsoft Signature Edition label are shipping with vulnerabilities.
Password-stealing Instagram client returns to Apple, Google stores
After an app called InstaAgent was discovered in the Google Play and iOS App Stores last November to be credential-stealing malware, the program was removed. The developer of the software, Turker Bayram, has returned with two new apps -- "Who Cares With Me -- InstaDetector" and "InstaCare -- Who Cares With Me" for both iOS and Android that appear to again steal login credentials by claiming the app will show users who is tracking their Instagram account, when in fact it obtains user passwords and then uses that information to insert ads into the user's feed.
Rare non-jailbroken iOS malware spotted in China
A rare example of iOS malware that does not rely on either the inherent security flaw of jailbreaking or an abused enterprise certificate has been spotted by Palo Alto Networks in China, and leverages a flaw in Apple's own digital rights management software FairPlay combined with a "man in the middle" attack to potentially install malicious or spyware apps following the initial install of the affected app the user thought was legitimate. The malware has been dubbed "AceDeceiver," but at present its malice is limited to users in China.
HackingTeam may have resurfaced with new Mac malware
A re-use of an old malware core of code formerly made by disgraced Mac malware authors HackingTeam may or may not signal a re-emergence of the group, who had specialized in largely-unsuccessful attempts to create Mac-based malware for profit, before being counter-attacked by "white hat" hackers and having the group's private email and source codes revealed. The new malware, however, does have one notable element; it uses Apple's own encryption scheme to protect the contents of the binary file.
Living with: Kaspersky Internet Security
Listen, the Living With articles have become a staple of MacNN, and in every single case they are articles about what we've learned using hardware and software over an extended period, instead of solely in the initial testing. In some cases, they are apps or products that we loved, and that instantly became part of our working life, and sometimes we didn't really appreciate them until many months down the line, when they've somehow become indispensable. This is the first and hopefully last Living With where it isn't our choice: we have been trying to get rid of Kaspersky Internet Security from the day we finished testing it.
Report: XcodeGhost still haunting some US enterprise
Although Apple "quickly reacted" to a threat emanating from China last month where altered, pirated versions of Xcode found to contain non-threatening spyware were in use that could have been used to launch a greater attack, variant versions of the XcodeGhost malware are still present, and have been found on servers in the US in the enterprise sector. The actual danger is greatly reduced, as the command-and-control networks have mostly been disabled, but there is still some potential risk.
Security researcher uncovers method to bypass Gatekeeper security
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Apple responds to XcodeGhost scare with data for devs, public
Apple has now responded publicly to the XcodeGhost malware scare, explaining in a page on its Chinese website addressed to customers that even if they used apps affected by the issue, no personally-identifiable information was gathered. The company removed any affected apps, and explained the cause (iOS programs were built using compromised Chinese versions of Xcode downloaded from other sources), while offering developers a method of ensuring that their own installations of Xcode were valid.
Now AAPL Stock: 156.25 ( + 0.27 )
Cirrus creates Lightning-headphone dev kit
Apple supplier Cirrus Logic has introduced a MFi-compliant new development kit for companies interested in using Cirrus' chips to create Lightning-based headphones, which -- regardless of whether rumors about Apple dropping the analog headphone jack in its iPhone this fall -- can offer advantages to music-loving iOS device users. The kit mentions some of the advantages of an all-digital headset or headphone connector, including higher-bitrate support, a more customizable experience, and support for power and data transfer into headphone hardware. Several companies already make Lightning headphones, and Apple has supported the concept since June 2014. http://bit.ly/29giiZj
Apple Store app offers Procreate Pocket
The Apple Store app for iPhone, which periodically rewards users with free app gifts, is now offering the iPhone "Pocket" version of drawing app Procreate for those who have the free Apple Store app until July 28. Users who have redeemed the offer by navigating to the "Stores" tab of the app and swiping past the "iPhone Upgrade Program" banner to the "Procreate" banner have noted that only the limited Pocket (iPhone) version of the app is available free, even if the Apple Store app is installed and the offer redeemed on an iPad. The Pocket version currently sells for $3 on the iOS App Store. [32.4MB]
Porsche adds CarPlay to 2017 Panamera
Porsche has added a fifth model of vehicle to its CarPlay-supported lineup, announcing that the 2017 Panamera -- which will arrive in the US in January -- will include Apple's infotainment technology, and be seen on a giant 12.3-inch touchscreen as part of an all-new Porsche Communication Management system. The luxury sedan starts at $99,900 for the 4S model, and scales up to the Panamera Turbo, which sells for $146,900. Other vehicles that currently support CarPlay include the 2016 911 and the 2017 models of Macan, 718 Boxster, and 718 Cayman. The company did not mention support for Google's corresponding Android Auto in its announcement. http://bit.ly/295ZQ94
Apple employees testing wheelchair features
New features included in the forthcoming watchOS 3 are being tested by Apple retail store employees, including a new activity-tracking feature that has been designed with wheelchair users in mind. The move is slightly unusual in that, while retail employees have previously been used to test pre-release versions of OS X and iOS, this marks the first time they've been included in the otherwise developer-only watchOS betas. The company is said to have gone to great lengths to modify the activity tracker for wheelchair users, including changing the "time to stand" notification to "time to roll" and including two wheelchair-centric workout apps. http://bit.ly/2955JDa
SanDisk reveals two 256GB microSDXC cards
SanDisk has introduced two 256GB microSDXC cards. Arriving in August for $150, the Ultra microSDXC UHS-I Premium Edition card offers transfer speeds of up to 95MB/s for reading data. The Extreme microSDXC UHS-I card can read at a fast 100MB/s and write at up to 90MB/s, and will be shipping sometime in the fourth quarter for $200. http://bit.ly/294Q1If
Apple's third-quarter results due July 26
Apple has advised it will be issuing its third-quarter results on July 26, with a conference call to answer investor and analyst queries about the earnings set to take place later that day. The stream of the call will go live at 2pm PT (5pm ET) via Apple's investor site, with the results themselves expected to be released roughly 30 minutes before the call commences. Apple's guidance for the quarter put revenue at between $41 billion and $43 billion. http://apple.co/1oi1Pbm
Twitter stickers slowly roll out to users
Twitter has introduced "stickers," allowing users to add extra graphical elements to their photos before uploading them to the micro-blogging service. A library of hundreds of accessories, props, and emoji will be available to use as stickers, which can be resized, rotated, and placed anywhere on the photograph. Images with stickers will also become searchable with viewers able to select a sticker to see how others use the same graphic in their own posts. Twitter advises stickers will be rolling out to users over the next few weeks, and will work on both the mobile apps and through the browser. http://bit.ly/29bbwUE
