Found 53 bookmarks
Custom sorting
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.
#techcrunch#EN#2023#state-sponsored#attacks#Pegasus#Apple#India#Amnesty#spyware#iPhone
·techcrunch.com·
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Analysis of a new macOS Trojan-Proxy
Analysis of a new macOS Trojan-Proxy
A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.
#securelist#EN#2023#MacOS#Trojan#Malware#Trojan-Proxy#Descriptions#Technologies#Piracy#Apple
·securelist.com·
Analysis of a new macOS Trojan-Proxy
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US... In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.
#macrumors#EN#2023#privacy#iOS#iPhone#iPad#Apple#push#surveillance
·macrumors.com·
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Apple 'Find My' network can be abused to steal keylogged passwords
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags. The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline.
#bleepingcomputer#EN#2023#Apple#Apple-Find-My#Bluetooth#Data-Exfiltration#Find-My#Keylogger#Network
·bleepingcomputer.com·
Apple 'Find My' network can be abused to steal keylogged passwords
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.
#positive.security#EN#2023#Apple#AirTags#Arbitrary#data
·positive.security·
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
0-days exploited by commercial surveillance vendor in Egypt
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device. In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
#Google#EN#2023#TAG#Apple#Android#CitizenLab#Predator#spyware#Intellexa#CVE-2023-41993#CVE-2023-41991#CVE-2023-41992#Exploit#Chain#0-days
·blog.google·
0-days exploited by commercial surveillance vendor in Egypt
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.
#thehackernews#EN#2023#0-day#0-days#Predator#Egypt#Apple#CitizenLab#CVE-2023-41991#CVE-2023-41992#CVE-2023-41993
·thehackernews.com·
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
Last Week on My Mac: How quickly can Apple release a security update?
Last Week on My Mac: How quickly can Apple release a security update?
We seldom get much insight into how long Apple takes to release an urgent update to macOS, but last week must have seen one of the quickest in recent times. By my reckoning, Apple’s engineers accomplished that in 6-10 days, across four of its operating systems, and with two distinct vulnerabilities.
#eclecticlight#EN#2023#Apple#security#update#macos#release
·eclecticlight.co·
Last Week on My Mac: How quickly can Apple release a security update?
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.
#thehackernews#EN#2023#iOS#apple#airplanemode#exploit
·thehackernews.com·
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
This $70 device can spoof an Apple device and trick you into sharing your password
This $70 device can spoof an Apple device and trick you into sharing your password
Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veterans were confused and concerned when their iPhones started showing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.
#techcrunch#EN#2023#defcon#Apple#iPhone#pop-up#messages#AppleTV
·techcrunch.com·
This $70 device can spoof an Apple device and trick you into sharing your password