Apple is introducing a new security measure for the App Store called the App Attest API and it will be used in iOS 14 and later.
IT Security Manager, NIST, Bob Gendler - BGM Interview
Bob Gendler is an IT Specialist in the Apple world and a Jamf guru. He holds a B.S. degree in Information Technology from the Rochester Institute of Technology. He is now part of the Mac Management team at NIST, the National Institute of Standards and Technology, in Washington, D.C.
From a very early age, Bob fell into the world of Apple starting with an Apple IIgs and, as a teenager, a Power Mac 6100. Quickly, as an undergraduate, his specialty became system administration, and, later, that served him well landing the job at NIST. Bob filled me in on his latest project, the “macOS Security Compliance Project,” and the security problem the community faced with macOS. Basically, the new GitHub project leverages a library of scriptable actions which are mapped to compliance requirements in existing security guides or used to develop customized guidance. Bob nicely explains this crucial tool, his team, and who would benefit.
Security Friday - Apple Security, TikTok – TMO Daily Observations 2020-07-24
Andrew Orr joins host Kelly Guimont for Security Friday to discuss Apple’s new security research, a privacy app, and other security news.
Sorry, Catnip Won’t Protect You Against the Meow Attack
Over 1,000 insecure databases have been completely erased, and the attackers leave no trace except the word “meow.”
Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string “university_cybersec_experiment.” The attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.
Better erased than breached, right?
Is TikTok Really a Security Threat? Here’s What Experts Found
TikTok has faced accusations of data collecting and spying for the Chinese government. Here’s what the experts say.
DNA Company ‘GEDmatch’ Hacked in Data Breach
First, over a million DNA profiles from GEDmatch were leaked. Then, email addresses from the breach were used in a phishing attack against users of genealogy website MyHeritage.
As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.
If GEDmatch sounds familiar, it was the DNA database used to identify the Golden State Killer.
Apple Security Research Device Program Launches Today
The Apple Security Research Device program launched today, and it aims to provide special iPhones to researchers with shell access.
Security Friday! Letter from Congress, Sharing Passwords – TMO Daily Observations 2020-07-17
Andrew Orr joins host Kelly Guimont to discuss Security Friday news tidbits, tips for security on iOS 14, and how to share passwords safely.
Big Twitter Accounts Like Apple, Elon Musk, Bill Gates, Were Hacked
Major Twitter accounts were hacked today, reports Kevin Truong. Accounts like Apple, Bill Gates, Elon Musk, Uber, and others were the victim of a hacking campaign that involved bitcoin.
Events kicked off when the Twitter accounts for major cryptocurrency platforms Coinbase, Gemini, and Binance, among others, all put out tweets minutes apart stating they had partnered up with an organization called CryptoForHealth and that they would be “giving back 5000 BTC to the community.” The tweets all included a link to a site that has been tagged by Google and Cloudflare as a phishing site […]
Most of the tweets have been removed already. Apple’s Twitter account appears to be entirely wiped of tweets.
A fascinating hack that clearly took advantage of Twitter vulnerabilities. But I’d also like to point out that Apple has never actually tweeted, so there wasn’t much to wipe.
Secret Service Warns of Hacking Increase to Managed Service Providers
The U.S. Secret Service sent out a security alert to warn of an increase in hacking to Managed Service Providers. These provide remote management software for companies, like file-sharing systems.
In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC — Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.