Security News

Quanta Computer, an ODM laptop manufacturer and prolific Apple supplier, has now confirmed that digital burglars broke into its systems. "In a statement provided to Bloomberg, Quanta said:"Quanta Computer's information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers.

An entity claiming to represent ransomware gang REvil says it has accessed "Large quantities of confidential drawings and gigabytes of personal data" from Quanta Computer Incorporated, a Taiwanese manufacturer that builds laptops and other gadgets for the likes of Apple, HPE, Lenovo, Cisco, and plenty of other top-tier tech companies. REvil said it is "Negotiating the sale" of the trove "With several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m. The post announcing the alleged crack includes technical drawings of a laptop that bear Apple's logo.

The REvil ransomware gang asked Apple to "Buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event. The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also "Negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands."

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.

An iPhone and Android app called NHS COVID-19 is the official iPhone and Android coronavirus contact tracing software for the vast majority of the population of Great Britain. Apparently, the government was keen to have an updated version of the NHS COVID-19 app ready in time, with added location tracking features that would allow users to share their location logs with the health service.

Mozilla volunteers have recently been flooded with online merchants and marketers' requests for their domains to be added to what's called a Public Suffix List. Public Suffix List is an initiative of the Mozilla community volunteers to maintain a list of top-level domains and domains that should be treated as one to prevent the mixing of cookies between distinct domains.

Mosyle announced a new approach to Apple device management and protection with the introduction of Mosyle Fuse. The product is the cloud-native solution to blend enterprise-grade mobile device management, identity management, automated applications installing and patching, and multi-layer endpoint security for Apple-focused enterprises.

A zero-click security vulnerability in Apple's macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail's sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim's Mail configuration, including mail redirects which enables takeover of victim's other accounts via password resets; and the ability to change the victim's configuration so that the attack can propagate to correspondents in a worm-like fashion.

Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data - they do anyway. The research, entitled Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, also found that Google collects up to 20 times more data from its Android Pixel users compared to the amount of data that Apple collects from iOS users.