Security Affairs

FEBRUARY 7, 2024

In September 2023, Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) were used to install Cytrox Predator spyware. TAG observed these exploits delivered in two different ways: the MITM injection and via one-time links sent directly to the target.

Spyware 111

Spyware Hacking Cybersecurity Risk 111

Malwarebytes

MAY 10, 2023

Last week we reported that Google and Apple were looking for input on a draft specification to alert users in the event of suspected unwanted tracking. Apple and Google said other tracker makers like Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed interest in their draft. Get a free trial below.

Ransomware 98

Ransomware 98

Naked Security

MAY 3, 2023

To bleat, or not to bleat, that is the question.

119

119

Malwarebytes

DECEMBER 12, 2023

Apple has issued emergency updates that include patches for older iOS devices concerning the two actively used zero-day vulnerabilities that were patched last week in newer devices. Apple TV HD and Apple TV 4K (all models) watchOS 10.2 Apple TV HD and Apple TV 4K (all models) watchOS 10.2 and iPadOS 17.2

Spyware 79

Spyware Risk Cybersecurity 79

Security Affairs

OCTOBER 4, 2023

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices.

Hacking 119

Hacking Mobile Information Security 119

Security Affairs

NOVEMBER 30, 2023

Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. Apple addressed the flaws with the release of iOS 17.1.2,

Surveillance 126

Surveillance Engineering Hacking Information Security 126

Malwarebytes

MAY 6, 2023

Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Examples of these accessories are the Apple AirTag, Tile Mate and Pro, Samsung SmartTag, and Google’s expected Grogu.

Manufacturing 93

Manufacturing Technology Ransomware 93

Malwarebytes

MAY 17, 2022

Most recently, it’s reported that Ohio has proposed a new bill in relation to electronic tagging devices. There are many types of tracking device, but AirTags are unfortunately for Apple the one most closely associated with this form of stalking. Smart stalkers will place tags on items or in places victims won’t suspect.

Mobile 117

Mobile Technology 117

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. CVE-2021-30983 internally referred to as Clicked3, fixed by Apple in December 2021.

Surveillance 119

Surveillance Mobile Spyware Telecommunications 119

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. “To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. ” reads the analysis published by Google.

Malware 139

Malware Media Surveillance Encryption 139

Krebs on Security

DECEMBER 4, 2019

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. A review of Apple’s support forum indicates other users are experiencing the same issue.

Engineering 195

Engineering Encryption 195

Security Affairs

APRIL 7, 2023

Apple released emergency security updates to address two actively exploited zero-day vulnerabilities impacting iPhones, Macs, and iPads. Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads.

Education 94

Education Media Hacking Accountability 94

Security Affairs

MAY 11, 2021

Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them. . The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. ” reported the 9to5Mac website. Pierluigi Paganini.

Hacking 123

Hacking Software Information Security Cybersecurity 123

CyberSecurity Insiders

MARCH 15, 2022

All these days, Apple iPhone users faced the unique trouble of removing their masks to unlock their phones. update along with some new set of emojis and technically blocks illegal tracking of Air Tag users. The post Apple ups its mobile security by unlocking phones with masked faces appeared first on Cybersecurity Insiders.

Mobile 109

Mobile Authentication Cybersecurity 109

CyberSecurity Insiders

SEPTEMBER 13, 2021

Apple Inc has proudly announced that it has issued a fix to the famous Pegasus Spyware vulnerability existing on iPhones that could lead remote hackers to take control of the device to conduct espionage. The post Apple Inc issues fix to Pegasus Spyware vulnerability in iPhones appeared first on Cybersecurity Insiders.

Spyware 139

Spyware Manufacturing Engineering Malware 139

CyberSecurity Insiders

APRIL 24, 2022

Apple’s Audio Codec that was developed in 2004 and made as open source software since 2011 is reportedly filled with severe security vulnerabilities that could trigger panic among Android users. Reports are in that Apple has been improving the proprietary version of Codec from time to time and so no worries to its users.

Manufacturing 92

Manufacturing Software Cyber Attacks Media 92

Security Affairs

AUGUST 28, 2022

this information is important because Apple released iOS 15.4.1 At this time it is not possible to determine if the vulnerabilities in the offered exploits have been addressed by Apple. The exploits should work against the Android 12 update and iOS 15.4.1, in March, which means that the offer is recent.

Surveillance 130

Surveillance Spyware Mobile Hacking 130

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware 104

Spyware Cyber Insurance Hacking Advertising 104

Security Boulevard

NOVEMBER 13, 2023

I wanted to implement "tags" from Omnifocus over to the "tags" feature in Reminders, however Apple doesn't have "tags" as a Reminders dictionary item in AppleScript.

Accountability 62

Accountability 62

SecureWorld News

FEBRUARY 10, 2023

BVS President and CEO Scott Schober spoke with SecureWorld News about the need for a product like this: "Stalking and illegal tracking of individuals, packages, and vehicles has never been easier due to tiny, high-tech BLE tags, including Apple's AirTag, Tile Tracker, and Samsung Smart Tags.

Wireless 97

Wireless Spyware Technology Personal Security 97

Anton on Security

JANUARY 10, 2024

Much better website with content tags Finally, an obvious call to action! Subscribe at Apple Podcasts. More fun guests, Googlers and not Fun Q1 2024 episodes include cloud detection and response (CDR), cloud forensics, some geopolitics (yes, really, we promise it will be cloudy!) and some classics like cloud migration security woes.

Cloud Migration 130

Cloud Migration Government Network Security Risk 130

SecureWorld News

NOVEMBER 27, 2023

These radios are being tracked and tagged by marketers, telecom companies and individuals in an effort to resell that data to parties willing to pay. Ever since Apple’s AirTags were introduced, users have been finding new ways to protect their belongings while sometimes simultaneously violating the privacy of others.

Wireless 83

Wireless Energy and Utilities Technology Data privacy 83

Security Affairs

JANUARY 18, 2021

A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company’s servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. SecurityAffairs – hacking, Apple).

Hacking 103

Hacking Authentication Firewall Information Security 103

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware 90

Spyware Surveillance Mobile Education 90

Security Affairs

DECEMBER 12, 2021

Log4j is an open-source library widely used by both enterprise apps and cloud services, including Apple iCloud and Steam. IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue. Tags available to all users and customers now.

Digital transformation 113

Digital transformation Education Government Hacking 113

Security Affairs

DECEMBER 10, 2021

The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam. IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue. Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs.

Data breaches 144

Data breaches Marketing Hacking Information Security 144

Malwarebytes

JUNE 29, 2022

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. CVE-2021-30883 internally referred to as Clicked2, marked as being exploited in-the-wild by Apple in October 2021.

Spyware 103

Spyware Government Social Engineering Mobile 103

Malwarebytes

NOVEMBER 16, 2021

Apple’s reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apple’s security patching strategy. Did Apple know that the bug affected Catalina, but chose not to patch it? Only Apple could say.

Malware 95

Malware Software Antivirus Government 95

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Surveillance 144

Surveillance Government Internet Internet 144

Malwarebytes

MARCH 15, 2021

The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. The feature detects AirTags, Apple’s answer to trackable fobs made by Tile, and serves to block the potential abuse of the much-rumored product. New “Item Safety Alerts”.

Surveillance 102

Surveillance Accountability Cybersecurity Technology 102

Malwarebytes

FEBRUARY 19, 2023

Apple patches vulnerabilities in MacOS and iOS Update now! Android 14 developer preview highlights multiple security improvements One in nine online stores are leaking your data, says study New ESXiArgs encryption routine outmaneuvers recovery methods TrickBot gang members sanctioned after pandemic ransomware attacks Update now!

Adware 63

Adware Ransomware Scams Passwords 63

Security Affairs

SEPTEMBER 7, 2019

Apple replied to Google about the recent report suggesting iPhones may have been hacked as part of a long-running hacking campaign. Apple criticized the report recently published by Google that claims that iPhones may have been hacked by threat actors as part of a long-running hacking campaign. SecurityAffairs – Apple, iPhone).

Hacking 84

Hacking Spyware Advertising Mobile 84

SecureList

DECEMBER 27, 2023

We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen. The prompted me to try something.

Firmware 145

Firmware Engineering Spyware Retail 145

CyberSecurity Insiders

DECEMBER 22, 2021

Amazon stood first with the best trustworthiness tag on the list, as over 53% of Americans believe that technology and retailing giant can be trusted in all spheres, with Google, Microsoft and Apple following in the list. Note- Washington Post is now owned by Jeff Bezos and so the revealed results might seem biased.

Retail 101

Retail Advertising Media Internet 101

CyberSecurity Insiders

NOVEMBER 8, 2021

And Douyin, a successor to the above stated Chinese short video app is also tagged as a global hit, as it has found a second place in the list with over 55.8 TikTok, that was developed by Chinese firm ByteDance has topped the list of most popular and downloaded apps worldwide in this year with over 57 million installs.

Data privacy 117

Data privacy Internet Internet Cybersecurity 117

Malwarebytes

FEBRUARY 21, 2022

The suit contains arguments that Facebook’s now-defunct photo-tagging feature illegally collected data about Texan people’s faces, including those who are non-Facebook users but were tagged by someone who is, without asking for consent. Paxton filed the lawsuit on Monday in the state’s Harrison County District Court.

Artificial Intelligence 98

Artificial Intelligence Consumer Protection Technology Media 98

Security Affairs

JULY 15, 2023

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise The source code of the BlackLotus UEFI Bootkit was leaked on GitHub US CISA warns of Rockwell Automation ControlLogix flaws Indexing Over 15 Million WordPress Websites with PWNPress New AVrecon botnet remained under the radar for two (..)

Spyware 97

Spyware Hacking Data breaches Mobile 97