Tag Archive for: Apple’s

Researcher highlights three security flaws in Apple’s iOS15; See what data can be leaked

/in


Apple has just released their iOS 15 and they are extremely confident that their OS is completely free of any security vulnerabilities. To back it up, Apple has recently released a Security Bounty Program to the public. With this program, Apple will be willing to offer payouts with $1 million to any researcher who shares details about security threats in their iOS, iPadOS, macOS, tvOS, or watchOS. Several programmers have been sending in some information to this program and have helped the American tech giant to solve these issues.

iOS 15 security flaws

Recently, a security researcher who goes by the title”illusionofchaos” claimed that he had reported a total of zero-day vulnerabilities to Apple between March and May. The researcher claims that only one of these vulnerabilities have been fixed till now and the rest 3 can still be accessed by hackers. According to his blog post, several other researchers are not happy with the working of the Apple Security Bounty program. Here is a list of Tweets from researchers who have shared their thoughts about the Apple Security Bounty program. 

All Data that can be accessed using such iOS 15 security flaws

Apart from this, here is also a list of information about all the data that can be accessed using the three iOS15 vulnerabilities. All of this…

Source…

New AdLoad malware variant slips through Apple’s XProtect defenses

/in


New AdLoad malware variant slips through Apple's XProtect defenses

A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by American cybersecurity firm SentinelOne.

AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), 

This malware can also harvest system information that later gets sent to remote servers controlled by its operators.

Increasingly active since July

These massive scale and ongoing attacks have started as early as November 2020, according to SentinelOne threat researcher Phil Stokes, with an increase in activity beginning with July and the beginning of August.

Once it infects a Mac, AdLoad will install a Man-in-The-Middle (MiTM) web proxy to hijack search engine results and inject advertisements into web pages for monetary gain.

It will also gain persistence on infected Macs by installing LaunchAgents and LaunchDaemons and, in some cases, user cronjobs that run every two and a half hours.

While monitoring this campaign, the researcher observed more than 220 samples, 150 of them unique and undetected by Apple’s built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.

Many of the samples detected by SentinelOne are also signed with valid Apple-issued Developer ID certificates, while others are also notarized to run under default Gatekeeper settings.

XProtect AdLoad signatures
XProtect AdLoad signatures (SentinelOne)

“At the time of writing, XProtect was last updated around June 15th. None of the samples we found are known to XProtect since they do not match any of the scanner’s current set of Adload rules,” Stokes concluded.

“The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices.”

Hard to ignore threat

To put things into perspective, Shlayer, another common macOS malware strain that has also been able to bypass XProtect…

Source…

How Google and Apple’s Free Password Managers Compare With 1Password, Dashlane and Others

/in


With ransomware attacks on the rise—and compromised passwords to blame for some of the hackings—there’s no better time to review your personal security practices.

It all starts with how you create and store passwords.

You may have read a thing or two about password managers, perhaps in my previous column on the subject.

This software can create strong randomized passwords, then remember them for you, and they can auto-fill credentials, simplifying the login process. Having unique passwords is critical to your online security: Around 25% of security breaches in 2020 involved the use of stolen usernames and passwords, according to a Verizon report published in May.

In this column, I’m comparing the two main types:

Source…

The hacker group that went after one of Apple’s suppliers found a new victim

/in


  • Sol Oriens, which consults with the federal government on security-related projects including work with the National Nuclear Safety Administration, is REvil’s latest ransomware victim.
  • Sol Oriens said it became aware of the “cybersecurity incident” in May.
  • CNBC has learned that documents posted on the dark web include invoices for NNSA contracts and descriptions of research and development projects managed by defense and energy contractors



graphical user interface, text, application

© Provided by CNBC


The hacker group REvil has become a headache for a new victim: a 50-person firm based in Albuquerque, New Mexico, that consults with the federal government on security-related projects.

Loading...

Load Error

Sol Oriens, which consults for the U.S. Department of Energy’s National Nuclear Safety Administration, confirmed to CNBC that it became aware of the “cybersecurity incident” in May, its investigation is ongoing and law enforcement has been notified.

In a statement, the company said it “recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved.”

Sol Oriens did not name the attacker or confirm that it was ransomware, but CNBC has learned that the well-known hacker group REvil was responsible for the assault, according to cybersecurity sources. 

One cybersecurity firm, which has seen documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021, and wage sheets containing full names and Social Security numbers of Sol Oriens employees. 

Video: Apple expert with key highlights from the company’s developer conference (CNBC)

Apple expert with key highlights from the company’s developer conference

UP NEXT

UP NEXT

Sol Oriens said that it has “no current indication that this incident involves client classified or critical security-related…

Source…