Germany's consumer watchdogs have made good on their legal threat against Facebook's WhatsApp, suing the messaging giant over the user data it transmits to its social-networking mothership.
The Federation of German Consumer Organisations (VZBV) asked the Berlin county court for an injunction to stop the data-sharing, and to ensure that Facebook deletes the data that WhatsApp has already given it. The VZBV accused the companies of abusing users' trust. The move follows Facebook's failure to agree to a cease-and-desist request that the VZBV issued in September last year, a month after Facebook changed WhatsApp's terms to allow the data-sharing.Read more
Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information. X.509 security certificates are widely used and integral to many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure web browsing protocol.
“For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the background there are many different steps that are taken to ensure you are safely and securely connecting to the websites that claim they are who they are.Read more
Researchers came across a malicious Word document last week that doesn’t discriminate between OS platforms. The malicious Word document is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.
Like many other strains of malware these days, the sample relies on tricking users into enabling macros. Once opened and macros are enabled, malicious VBA, or Visual Basic for Applications, code is executed, which runs the AutoOpen() macro. The macro goes on to read a base64-encoded string in the file, which depending on the operating system, executes a certain script.Read more
A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts. The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.
"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told. The hackers provided screenshots of alleged emails between the group and members of Apple's security team.Read more
A partnership between the secret-spilling group and Google, Microsoft, and Apple has already hit its first road block. Last week, WikiLeaks promised it would share the technical details and code of the hacking tools that the CIA has allegedly developed against Google, Apple, Microsoft and other tech companies.
This week, after days of waiting, the secret-spilling site finally made initial contact with the companies. But WikiLeaks founder Julian Assange's attempt to help these major tech companies find out exactly what bugs and vulnerabilities the CIA is or was allegedly taking advantage of, and then plug the holes, is not going very smoothly for now.Read more
Today, researchers at Check Point Security announced a new attack against WhatsApp and Telegram, targeting the way both chat services process images and multimedia files.
In the WhatsApp case, Check Point was able to craft a malicious image that would appear normal in preview, but direct users to a malware-laden HTML page. Once loaded, the page will retrieve all locally stored data, enabling attackers to effectively hijack the user’s account. The vulnerability was reported to both services on March 8th, and both have changed their file upload validation protocols to protect against the attack.Read more
Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more
Use three PIN-codes for different situations to protect data in SafeUM.
1. ACCESS PIN-code gives full access to the application
2. If you enter FAKE PIN-code all encrypted chats will be hidden.
3. DESTRUCTING PIN-code deactivates the account without any possibility to recover it
Enjoy truly secure messaging with SafeUM.Read more
A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems. Malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.
An Apple spokesperson denied there was a security incident. However, Supermicro's senior vice-president of technology, Tau Leng, told that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment.Read more
Apple has reportedly acquired Israeli startup RealFace, which makes facial recognition software to authenticate users by simply showing their mug, rather than having to enter a password or fingerprint.
Startup Nation Central, a database for Israeli tech companies, says Apple acquired RealFace this month. RealFace's website was offline Sunday morning and contact information was unavailable. Tel Aviv-based RealFace launched in 2014 and its first product was an app called Pickeez, which selected a user's best photos from various platforms using its RealFace recognition software.Read more