Cloud Platform 'Cryptee' Now Warns You of Insecure URLs

The team behind Cryptee, an end-to-end encrypted platform for documents and photos, announced new features for 2022. One in particular caught my eye.

We’ve improved our URL boxes on mobile. Cryptee can now intelligently detect and warn you if your links are insecure. (i.e. using “http” instead of “https”) All insecure links are automatically highlighted yellow, and all secure links are highlighted green.

Mac Security Tools Company 'Objective-See' Goes Non-Profit

Instead of antivirus or antimalware software, I use several tools from Objective-See. They’re free and open source. Company founder Patrick Wardle is making the business a non-profit.

I see a lot of people who take VC money and almost always your business model has to change or you have to put profits first and can’t do the community focus and public service activities you want. Going the nonprofit route is a really good approach and illustrates that you can support your company on donations without having to change that business model.

Recap: Here is the Mac Malware List for 2021

Security researcher Patrick Wardle made a list of the Mac malware we saw in 2021. It’s a timeline with information on each.

While the specimens may have been reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2021 – in one place …yes, with samples of each malware available for download!

After reading this blog post, you should have a thorough understanding of recent threats targeting macOS. This is especially important as Apple continues to make significant inroads into the enterprise.

Everything You Wanted to Know About How Encrypted Email Works

ProtonMail published a nice blog post explaining how encrypted email works, and the various protocols that companies use.

End-to-end encryption for messages sent between ProtonMail users is automatic, and our integrated OpenPGP support makes it easy to send and receive PGP-encrypted E2EE messages to people that use PGP with other email providers. Proton also informs you when your messages are protected by E2EE with a small blue padlock (for other ProtonMail users) or green padlock (for OpenPGP users).

Saudi Activist With EFF Sues DarkMatter Group for Hacking iPhone

Saudi human rights activist Loujain AlHathloul, along with the Electronic Frontier Foundation, is suing DarkMatter for hacking her iPhone. DarkMatter Group was created and run by former U.S. intelligence operatives.

Reuters broke the news about the hacking program called Project Raven in 2019, reporting that when UAE transferred the surveillance work to Emirati firm DarkMatter, the U.S. operatives, who learned spycraft working for the National Security Agency and other U.S. intelligence agencies, went along and ran DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissenters, and even Americans residing in the U.S.

President Biden Signs 'National Defense Authorization Act' Into Law for Cybersecurity

The National Defense Authorization Act of 2022 lays out voluntary cybersecurity practices for private companies that handle critical infrastructure in the U.S.

But provisions all rely on the voluntary participation by industry, which owns and operates the vast majority of the nation’s critical infrastructure. Despite bipartisan calls after massive breaches at SolarWinds, Microsoft Exchange, Colonial Pipeline and other hacks, the NDAA made it through the House without mandatory incident reporting requirements for the private sector.

I disagree on the “voluntary” part. Make it mandatory, otherwise we end up with T-Mobile’s half-dozen breaches in the span of four years.

T-Mobile Data Breach Leaves Customers Vulnerable to SIM Swapping

T-Mobile has had another data breach, although a report suggests this one is less severe than the one in August. Only a small set of customers have been affected, but they could be vulnerable to a SIM swapping attack.

This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

Security Flaw in Fisher-Price 'Chatter' Phone Could Let People Eavesdrop

A Bluetooth bug found with Fisher-Price’s Chatter phone could let others eavesdrop on your conversation.

With just the online instruction manual to go on, the researchers feared that a design flaw could allow someone to use the Chatter to eavesdrop.

Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it.