Apple, Google, Microsoft, and WhatsApp signed an open letter criticizing proposals to bypass encryption made by GCHQ officials.
Security
Sneak Peek of Cloudflare Warp VPN Shows Split Tunneling
Cloudflare Warp VPN is a new service the company announced back in April. Currently there is a waiting list, but Andrew got his hands on some screenshots.
Flipboard Suffers Data Breach, Emails All 145M Users
Flipboard revealed that an “unauthorized party” accessed its database between June 2, 2018 and March 23, 2019, as well as between April 21-22, 2019.
1Password 7.3 Updates the Mini Menu Bar Tool
1Password 7.3 for macOS brings a new “filling brain” as well as an updated 1Password mini that lives in the menu bar.
Inside Apple’s Secure Enclave Stress Testing Efforts
The Independent recently published an interview with Craig Federighi, talking about privacy and Apple chips.
Those chips are here to see whether they can withstand whatever assault anyone might try on them when they make their way out into the world. If they succeed here, then they should succeed anywhere; that’s important, because if they fail out in the world then so would Apple. These chips are the great line of defence in a battle that Apple never stops fighting as it tries to keep users’ data private.
I don’t think the article was written well, but to me the most interesting part was Secure Enclave stress testing, which involves temperature. I assume Apple is trying to prevent hacks like this.
In The Persistence of Chaos, Buy Six Notorious Computer Viruses For $1 Million
A computer infested with six of the word’s most infamous viruses is being sold as an art piece called ‘The Persistence of Chaos.’ The auction has topped US$1 million.
Bidding for a laptop infected with six of the world’s most famous computer viruses—WannaCry, BlackEnergy, ILOVEYOU, MyDoom, SoBig and DarkTequila—has topped more than $1.1 million at auction. The art project, titled “The Persistence of Chaos,” is a collaboration between Chinese internet artist Guo O Dong, and Deep Instinct, a cybersecurity firm based in New York. Those six viruses have caused billions of dollars in damage worldwide.
How to Use macOS Keychain Access to Beef up iCloud Keychain
Did you know that iCloud Keychain is synced with macOS’s Keychain Access utility? You can add website logins directly to Keychain Access, and have it synced to your iOS devices.
DHS Warns of Chinese Drone Spying
The U.S. Department of Homeland Security warns of Chinese drone spying, specifically Chinese-made consumer drones.
New ProtonMail Anti-Phishing Feature Makes You Confirm
For the past several days I’ve seen a new dialog box whenever I tap on a link in ProtonMail for iOS. It turns out that it’s a new ProtonMail anti-phishing feature.
Another security improvement is our new link confirmation modal, which is now enabled by default on all our apps. This anti-phishing feature helps you avoid opening a link by mistake or going to a different page than you intended.
A Fix For That Scary WhatsApp Exploit is Live
An Israeli firm called NSO Group used a WhatsApp exploit to inject spyware on target devices. A fix for the exploit is live.
Given the stealthy way the attack was attempted, it’s impressive that WhatsApp caught it as quickly as they did. Engineers at Facebook have been busy sorting this one out over the weekend…Named CVE-2019-3568…affected versions include…WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51.
Apple Releases Patch for ZombieLoad Flaw in Intel Chips
ZombieLoad is a serious flaw affecting almost every Intel chip since 2011. Apple, Amazon, Google, and Microsoft have issue patches for it.
The tech giant said in an advisory that any system running macOS Mojave 10.14.5, released Monday, is patched. This will prevent an attack from being run through Safari and other apps. Most users won’t experience any decline in performance. But some Macs could face up to a 40 percent performance hit for those who opt-in to the full set of mitigations.
Crazy that Intel chips have had this since 2011. This is the first time I’ve heard of ZombieLoad.
Major WhatsApp Spyware Vulnerability Revealed
A major WhatsApp vulnerability that allowed hackers to inject spyware via voice calls made on the popular messaging app has been revealed.
macOS 10.14.5 Brings Security Updates
Alongside iOS 12.3 and other software updates, Apple also released macOS 10.14.5, and it brings bug fixes, supports AirPlay 2, and more.
Death of Passwords, iPhone Phone Calls – TMO Daily Observations 2019-05-07
Andrew Orr and Dave Hamilton join host Kelly Guimont to discuss better security than passwords, and prioritizing phone calls on an iPhone.
Princeton IoT Inspector Tells You When Your Smart Speaker Spies on You
An app called Princeton IoT Inspector is a new app that can tell you if/when your smart speaker spies on you.
500M iOS Users Affected by Cyberattack via Chrome Bug
Roughly 500 million iOS users have been affected by a cyberattack that takes advantage of an iOS Chrome bug.
The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.
Another research firm says this attack can also affect Safari users. Be careful this weekend.
Ownership of eBooks, Security Updates – TMO Daily Observations 2019-04-19
Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss “ownership” of eBooks, Instagram’s security, and viewing your tracked data.
Cyberattack Forces The Weather Channel Off Air
This morning The Weather Channel was knocked off the air after a malicious software attack, and federal law enforcement are investigating.
Two Students Accused of Jamming School Wi-Fi to Avoid Tests
Two high school students in New Jersey successfully jammed their school’s Wi-Fi network in order to avoid taking exams.
Secaucus Schools Superintendent Jennifer Montesano says the school’s Wi-Fi network has been restored and is now fully operational. But she declined further comment. Since much of the school’s curriculum is internet-based, the lack of Wi-Fi connection disrupted the students’ daily assignments.
As Redditor u/AdvancedAdvance quipped: “Although their slowing down the network to unusable speeds will land them in a lot of trouble at school, they can now expect to get full-time, high-paying job offers from AT&T and Verizon.”
Zero Day Exploit Affects TP-Link Routers
Before you’re tempted to check out Amazon’s sale on TP-Link routers, you should know a zero day exploit was recently found in these devices.
Eva Galperin Wants to Eliminate Stalkerware
Eva Galperin is the head of the Electronic Frontier Foundation’s (EFF) Threat Lab. Her latest project? Ending stalkerware once and for all.
In a talk she is scheduled to give next week at the Kaspersky Security Analyst Summit in Singapore, Galperin will lay out a list of demands: First, she’s calling on the antivirus industry to finally take the threat of stalkerware seriously, after years of negligence and inaction. She’ll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn’t allow antivirus apps into its App Store.
An Inside Look Into a Recent Spam Operation
Millions of people were affected for 10 days in March by a spam email operation. But the spammer didn’t set a password for their server (via TechCrunch). [Apple Support Scam is a new Voice Phishing Trick] Email Spam It’s a fascinating story. Security researcher Bob Diachenko found the server after the operation. The spammer had…
Gavin de Becker Accuses Saudis of Hacking Jeff Bezos' Phone
Gavin de Becker, Jeff Bezos’ security consultant, is accusing the Saudis of hacking into Mr. Bezos’ phone in order to harm him.
Which Browser is the Most Private and Secure?
Zubair Khan put together a list of popular web browsers and tested them to figure out which was the most private and secure.
To decide which browser is the best for privacy and security, we will evaluate them using two criteria: Available security features [and ]embedded Privacy Tools. Each browser will be rated out of five and will be ranked accordingly.
The browsers he tested: Chrome, Internet Explorer (Not Edge?), Safari, Firefox, Chromium, Opera, and Tor browser.
