Found 228 bookmarks
Custom sorting
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.
#techcrunch#EN#2023#state-sponsored#attacks#Pegasus#Apple#India#Amnesty#spyware#iPhone
·techcrunch.com·
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
#bloomberg#EN#2022#RecursionTeam#Lapsus$#Apple#Meta#privacy#forged#datarequest
·bloomberg.com·
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Analysis of a new macOS Trojan-Proxy
Analysis of a new macOS Trojan-Proxy
A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.
#securelist#EN#2023#MacOS#Trojan#Malware#Trojan-Proxy#Descriptions#Technologies#Piracy#Apple
·securelist.com·
Analysis of a new macOS Trojan-Proxy
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US... In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.
#macrumors#EN#2023#privacy#iOS#iPhone#iPad#Apple#push#surveillance
·macrumors.com·
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
#bloomberg#EN#2022#RecursionTeam#Lapsus$#Apple#Meta#privacy#forged#datarequest
·bloomberg.com·
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple 'Find My' network can be abused to steal keylogged passwords
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags. The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline.
#bleepingcomputer#EN#2023#Apple#Apple-Find-My#Bluetooth#Data-Exfiltration#Find-My#Keylogger#Network
·bleepingcomputer.com·
Apple 'Find My' network can be abused to steal keylogged passwords
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.
#positive.security#EN#2023#Apple#AirTags#Arbitrary#data
·positive.security·
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
0-days exploited by commercial surveillance vendor in Egypt
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device. In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
#Google#EN#2023#TAG#Apple#Android#CitizenLab#Predator#spyware#Intellexa#CVE-2023-41993#CVE-2023-41991#CVE-2023-41992#Exploit#Chain#0-days
·blog.google·
0-days exploited by commercial surveillance vendor in Egypt
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.
#thehackernews#EN#2023#0-day#0-days#Predator#Egypt#Apple#CitizenLab#CVE-2023-41991#CVE-2023-41992#CVE-2023-41993
·thehackernews.com·
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
Last Week on My Mac: How quickly can Apple release a security update?
Last Week on My Mac: How quickly can Apple release a security update?
We seldom get much insight into how long Apple takes to release an urgent update to macOS, but last week must have seen one of the quickest in recent times. By my reckoning, Apple’s engineers accomplished that in 6-10 days, across four of its operating systems, and with two distinct vulnerabilities.
#eclecticlight#EN#2023#Apple#security#update#macos#release
·eclecticlight.co·
Last Week on My Mac: How quickly can Apple release a security update?