Security News

The REvil ransomware gang asked Apple to "Buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event. The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also "Negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands."

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.

An iPhone and Android app called NHS COVID-19 is the official iPhone and Android coronavirus contact tracing software for the vast majority of the population of Great Britain. Apparently, the government was keen to have an updated version of the NHS COVID-19 app ready in time, with added location tracking features that would allow users to share their location logs with the health service.

Mozilla volunteers have recently been flooded with online merchants and marketers' requests for their domains to be added to what's called a Public Suffix List. Public Suffix List is an initiative of the Mozilla community volunteers to maintain a list of top-level domains and domains that should be treated as one to prevent the mixing of cookies between distinct domains.

Mosyle announced a new approach to Apple device management and protection with the introduction of Mosyle Fuse. The product is the cloud-native solution to blend enterprise-grade mobile device management, identity management, automated applications installing and patching, and multi-layer endpoint security for Apple-focused enterprises.

A zero-click security vulnerability in Apple's macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail's sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim's Mail configuration, including mail redirects which enables takeover of victim's other accounts via password resets; and the ability to change the victim's configuration so that the attack can propagate to correspondents in a worm-like fashion.

Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data - they do anyway. The research, entitled Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, also found that Google collects up to 20 times more data from its Android Pixel users compared to the amount of data that Apple collects from iOS users.

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."

Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches. Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.