Researchers at Perception Point write about CVE-2022-22583, a successor to Shrootless that could let attackers bypass Mac SIP.
Security
MultiChain Hack Still Affecting Customers a Week Later
The Multichain hack is still affecting crypto users a week later, despite promises from the company that it had been contained.
China Hacking Group 'APT27' Attack German Companies
A China-based hacking group known as APT27 has been targeting German companies in areas such as technology and pharmaceuticals.
Apple Safety Guide: What You Need to Know About Device Access
An Apple safety guide has appeared to give customers information on how to protect themselves if their personal safety is at risk.
A Crypto Wallet Crack Recovered $2 Million in Tokens
The Verge had a fascinating story out yesterday about a crypto wallet crack that helped two friends get their tokens back. It’s a long-ish read but not overly technical.
Reich gave up and wrote off the money in his mind. He was willing to take the loss — until the price started to rise again. From a low of around $12,000, the value of their tokens started to skyrocket. By the end of 2020, it would be worth more than $400,000, rising briefly to over $3 million. It would be hard to get into the wallet without the PIN — but it wasn’t impossible. And with potentially millions on the line, Reich and his friend vowed to find a way inside.
'AccessPress' Themes and Plugins for WordPress Contains Backdoor
JetPack discovered a backdoor found within AccessPress themes and plugins. Every theme and most plugins contain this malware.
Merck Wins Court Dispute Over 'NotPetya' Attack
Merck wins a court dispute with insurance companies for US$1.4 billion in losses due to the NotPetya attack. This was a cyberattack in 2017.
Security Friday: This Week in (Sad) Data Breaches – TMO Daily Observations 2022-01-21
Andrew Orr joins host Kelly Guimont to discuss a Safari data leak, encrypted messaging, and as always, a new data breach.
Red Cross Data Breach Affects 515,000 Vulnerable People
A contractor for The International Committee of the Red Cross (ICRC) suffered a data breach, as revealed on Wednesday.
IRS and ID.me Makes Video Selfies a Requirement in 2022
The IRS is requiring people create an account with ID.me to access and submit taxes. One of the verification methods is a video selfie
NSO Targets: A List of People Infected With Pegasus Spyware
Omer Benjakob has put together a helpful list of NSO targets that includes every individual believed to have been infected with the group’s Pegasus spyware.
So far, targets have been found across the world: from India and Uganda to Mexico and the West Bank, with high-profile victims including U.S. officials and a New York Times journalist. Now, for the first time, Haaretz has assembled a list of confirmed cases involving Pegasus spyware.
'Canopy' Security Project Aims to Reduce Automobile Thefts
Canopy, a new security project from Ford and ADT, seeks to reduce automobile-related thefts and vandalism
Safari 15 IndexedDB Bug Leaks Your Browsing Activity to Third Parties
On Friday, a report from FingerprintJS revealed a Safari 15 IndexedDB bug that can leak your internet activity to any website.
Cloud Platform 'Cryptee' Now Warns You of Insecure URLs
The team behind Cryptee, an end-to-end encrypted platform for documents and photos, announced new features for 2022. One in particular caught my eye.
We’ve improved our URL boxes on mobile. Cryptee can now intelligently detect and warn you if your links are insecure. (i.e. using “http” instead of “https”) All insecure links are automatically highlighted yellow, and all secure links are highlighted green.
Information Superhighway...to Hell – TMO Daily Observations 2022-01-14
Andrew Orr and Kelly Guimont discuss the latest security news including a happy headline, a practical tip, and an uplifting sendoff to the weekend.
Hackers Scam Blockchain City Group 'CityDAO' and Stole Funds
CityDAO, a group that bought 40 acres of land in Wyoming to build a blockchain-based city, has gotten hacked this week.
Russian Authorities Arrest Members of REvil Ransomware Group
The Russian Federal Security Service (FSB) announced on Friday that it has arrested 14 members of the REvil ransomware group.
White House Meets With Software Companies Over 'Log4j' Cybersecurity Concerns
Officials at the White House are meeting with companies such as Apple, Apache, and others to talk about cybersecurity in the wake of Log4j.
Apple Releases iOS 15.2.1 Update That Fixes HomeKit Bug
On Wednesday Apple released iOS 15.2.1 and iPadOS 15.2.1 to its customers. It’s a minor update that contains a few bug fixes.
New 'SysJoker' Backdoor is a Multi-Platform Threat for macOS, Windows, Linux
There is a new piece of malware floating around. This SysJoker backdoor was discovered in December 2021 by the Intezer team.
TransCredit Data Leak Over 800,000 Records of Credit Reports
Jeremiah Fowler together with the Website Planet research team found an unsecured Transcredit data leak of 822,789 records.
Update Immediately: Bug in 'Cryptomator' Leaks Encrypted File Paths to Apple
A bug in Cryptomator was recently found and reported on for the iOS app. The team wrote about the vulnerability on Tuesday.
Mac Security Tools Company 'Objective-See' Goes Non-Profit
Instead of antivirus or antimalware software, I use several tools from Objective-See. They’re free and open source. Company founder Patrick Wardle is making the business a non-profit.
I see a lot of people who take VC money and almost always your business model has to change or you have to put profits first and can’t do the community focus and public service activities you want. Going the nonprofit route is a really good approach and illustrates that you can support your company on donations without having to change that business model.
macOS Bug 'Powerdir' Could Let Attacker Access User Data
Microsoft’s security team has published an analysis of “powerdir” a vulnerability in macOS that could let an attacker access a person’s data.
