Apple’s iPhones, iPads and Mac computers are all vulnerable to the major processor flaws revealed on Wednesday, the company has warned, but it says updates are already available.
The flaws known as Meltdown and Spectre affect almost every modern computing device from all manufacturers using chip designs from Intel, AMD and ARM. Apple uses Intel processors in its Mac computers and ARM-based designs for its A-series processors used in the iPhone, iPad, Apple TV and Apple Watch lines. Apple said: “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”
Read moreAncestry.com has confirmed that a leaky server on RootsWeb, its free community-driven genealogical website, inadvertently exposed a file containing 300,000 usernames, email addresses and passwords online.
In a statement issued over the weekend, Ancestry's chief information security officer Tony Blackham said a security researcher notified the company of the unsecured file on 20 December. Troy Hunt, security expert and creator of the data breach repository "HaveIBeenPwned.com" reported the existence of the file to Ancestry and said the data was compromised in 2015.
Read moreFor the second year in a row, "123456" remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers. While having "123456" as your password is quite bad, the other terms found on a list of Top 100 Worst Passwords of 2017 are just as distressing and regretful.
Some of these include an extensive collection of sports terms (football, baseball, soccer, hockey, Lakers, jordan23, golfer, Rangers, Yankees), car brands (Mercedes, Corvette, Ferrari, Harley), and various expressions (iloveyou, letmein, whatever, blahblah).
Read moreFacial recognition systems appear to be the next big thing on our devices, be they smartphones or laptops, and naturally, security researchers and users alike tried to determine whether these are more secure than the typical password or the fingerprint sensors they often replace.
In the case of the iPhone X, Apple’s new smartphone that comes with a facial recognition system called Face ID, researchers have managed to unlock the device with a specially-crafted mask. A number of users have demonstrated that lookalike people or siblings could also bypass Face ID to get access to the home screen, raising questions as to how secure the iPhone X facial recognition system really is.
Read moreAn Amazon AWS server believed to contain files on all of California’s registered voters was left exposed this year due to a misconfigured database, according to researchers at the Kromtech Security Center. The database was later stolen by cybercriminals demanding a ransom only payable in bitcoin.
Kromtech told that it collected samples from the database earlier this year while examining thousands of servers left publicly exposed. Each of the servers had installed a database platform known as MongoDB, which was widely misconfigured and vulnerable to attack. Kromtech discovered what appeared to be 4 GB of voter files linked to the State of California.
Read moreGoogle's Project Zero iOS bug hunter Ian Beer has released details about an iOS 11 exploit that could offer up a jailbreak for iOS 11.1.2. Beer last week teased that he had an exploit called 'tfp0', which is short for the kernel task port in iOS, and has today followed with an exploit using two recently patched flaws that may offer the rare prospect of a possible jailbreak on iOS.
It appears what he has released isn't a full jailbreak but enough to allow security researchers to bypass software restrictions imposed by Apple and test a newish version of iOS. It may also help create a jailbreak for those interested in testing iOS 11.1.2 or below.
Read moreWhen Stensul CEO Noah Dinkin visited a Starbucks in Buenos Aires recently, he probably didn’t expect to be served some sneaky cryptocurrency miner code along with his coffee. But thanks to the store’s internet provider, that’s exactly what he got.
“Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop?” Dinkin tweeted on December 2. “Feels a little off-brand.” Dinkin wrote that Bitcoin was the digital currency being mined, but CoinHive, the company that provided the code for the miner, only works with Monero, a competing coin.
Read moreAmong the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate.
The technique allows an attacker to circumvent device anti-malware protection and escalate privileges on targeted device with a signed app that appears to be from a trusted publisher, according to researchers. The vulnerability, dubbed Janus, was discovered earlier this summer by Eric Lafortune, CTO of GuardSquare. He reported the bug to Google in July.
Read morePrinceton researchers have developed a proof-of-concept app that can be used to reliably track users even if an app does not access a phone's GPS data, and the user has purposely turned off GPS services.
Researchers say this is possible because modern phones come with a large number of accurate sensors that track a wealth of data that could be corroborated with external sources —such as elevation maps and weather data— and reconstruct a user's movements. To prove such an attack was possible, the Princeton research team created an app called PinMe that they installed on the phones of three test subjects, using phones such as Galaxy S4 i9500, iPhone 6, and iPhone 6S.
Read moreCheckpoint researchers discovered several vulnerabilities in Android application developer tools that put any organization that does Java/Android development at risk of an outsider gaining access to their system.
The vulnerability affects cross-platform users that use Android Studio, IntelliJ, Eclipse and APKTool and the most common Android Integrated Development Environment (IDES), according to the ParseDroid – Targeting The Android Development & Research Community report. Researchers said the attacks could be used to target any Android developer in any organization and that there are a lot of open source tools that are using APKTool.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland