500M iOS Users Affected by Cyberattack via Chrome Bug

· · Link

Roughly 500 million iOS users have been affected by a cyberattack that takes advantage of an iOS Chrome bug.

The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.

Another research firm says this attack can also affect Safari users. Be careful this weekend.

Two Students Accused of Jamming School Wi-Fi to Avoid Tests

· · Link

Two high school students in New Jersey successfully jammed their school’s Wi-Fi network in order to avoid taking exams.

Secaucus Schools Superintendent Jennifer Montesano says the school’s Wi-Fi network has been restored and is now fully operational. But she declined further comment. Since much of the school’s curriculum is internet-based, the lack of Wi-Fi connection disrupted the students’ daily assignments.

As Redditor u/AdvancedAdvance quipped: “Although their slowing down the network to unusable speeds will land them in a lot of trouble at school, they can now expect to get full-time, high-paying job offers from AT&T and Verizon.”

Eva Galperin Wants to Eliminate Stalkerware

· · Link

Eva Galperin is the head of the Electronic Frontier Foundation’s (EFF) Threat Lab. Her latest project? Ending stalkerware once and for all.

In a talk she is scheduled to give next week at the Kaspersky Security Analyst Summit in Singapore, Galperin will lay out a list of demands: First, she’s calling on the antivirus industry to finally take the threat of stalkerware seriously, after years of negligence and inaction. She’ll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn’t allow antivirus apps into its App Store.

An Inside Look Into a Recent Spam Operation

· · News

Millions of people were affected for 10 days in March by a spam email operation. But the spammer didn’t set a password for their server (via TechCrunch). [Apple Support Scam is a new Voice Phishing Trick] Email Spam It’s a fascinating story. Security researcher Bob Diachenko found the server after the operation. The spammer had…

Which Browser is the Most Private and Secure?

· · Link

Zubair Khan put together a list of popular web browsers and tested them to figure out which was the most private and secure.

To decide which browser is the best for privacy and security, we will evaluate them using two criteria: Available security features [and ]embedded Privacy Tools. Each browser will be rated out of five and will be ranked accordingly.

The browsers he tested: Chrome, Internet Explorer (Not Edge?), Safari, Firefox, Chromium, Opera, and Tor browser.

Updated Apple Devices Display 'Not Secure' in Safari

· · Link

If you’ve updated to iOS 12.2 and/or macOS 14.4, you’ve probably seen a ‘Not Secure’ message in the Safari address bar. OSXDaily explains.

By seeing the ‘Not Secure” Safari message on an iPhone, iPad, or Mac you are simply being informed by Safari that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.

Ironically, as the article points out OSXDaily is itself not secure.

An HTTPS Site Could Have a Green Padlock and Still be Insecure

· · Link

If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.

In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.

iOS 12.2 Fixes 51 Security Vulnerabilities

· · Link

iOS 12.2 patches 51 security vulnerabilities, which is a huge incentive to update if nothing else announced yesterday was enticing.

The list of patches covers a wide variety of bugs an adversary could potentially manipulate to obtain effects like denial-of-service, privilege escalation, and information disclosure to gaining root privileges, overwriting arbitrary files, or executing code of the attacker’s choice.

Your Phone Number Shouldn't Be Your Identity

· · Link

Brian Krebs wrote a good article on how our phone numbers have become security and authentication tools, and thus closely tied to our identity. But there’s a problem with that.

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Security Expert Talks iPhones and Viruses

· · Link

Security expert Maik Morgenstern talks about iPhones and viruses and how in theory an iPhone could get one.

“In theory, yes,” Maik Morgenstern, chief technology officer for AV-Test, told Digital Trends. “However, the practical hurdles are quite high, and it is unlikely for a normal user to get affected. But vulnerabilities exist that can be exploited by attackers.”

Firefox Send Lets You Share Big Encrypted Files

· · Link

Firefox Send is a free tool that lets you send encrypted files up to 1GB in size, or 2.5GB if you sign in with a Firefox account.

What sets Send apart is its ease of use. It works in any browser; just go to send.firefox.com. Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads—up to 100—or a certain amount of time, ranging from five minutes to seven days.

Being able to use any browser is probably the best part about this tool.

Be Sure to Properly Remove Data from Devices

· · Link

David Nield implores us to make sure we properly remove data from our devices before we get rid of them.

Your personal data—be it financial spreadsheets or web searches—is not something you want to be leaving behind for other people to find, and totally wiping your activity off devices or the web takes a few more steps than you might have realized. Don’t worry though, as we’re going to walk you through the process.