Security News

A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. MacStealer is being distributed as a malware-as-a-service, where the developer sells premade builds for $100, allowing purchasers to spread the malware in their campaigns.

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. First advertised on online hacking forums at the start of the month, it is still a work in progress, with the malware authors planning to add features to capture data from Apple's Safari browser and the Notes app.

Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only "Major" categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because "Of the need to interoperate with the global email, contacts, and calendar systems," according to its press release.

Responding to the increasing complexity of the global cyberthreat environment, Apple has released three new security features: iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in early 2023.

Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted data backups in its iCloud service. "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it - you'll need to use your device passcode or password, a recovery contact, or a personal recovery key," Apple explains in a support document.

Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. "iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos," the company said in a recent announcement.

"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," explained Ivan Krstić, Apple's head of security engineering and architecture, in a canned statement. Apple already offers end-to-end encryption by default for 14 iCloud services, including passwords in iCloud Keychain and Health data.

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. [...]

Winter November 22, 2022 11:13 AM. Cardinal Richelieu has been quoted as saying he only needs six lines of the most honest man to condemn him to death. You do not need even three lines to get death threats.

A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. Starting from as early as September 2014, 41-year-old Hao Kuo Chi from La Puente, California, started marketing himself as "Icloudripper4you," someone capable of breaching iCloud accounts and stealing anything contained in the linked iCloud storage.