Author: wouter

Phishing campaign alerts DocuSign to customer data breach

shutterstock A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn't what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company's branding. Being in the business of secure document management, it's not uncommon for DocuSign's name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It'd been hacked. As it turns out, "a malicious third party" had managed to break into a "non-core system" that DocuSign uses to send out service announcement emails. This is why the phishing campaign has been so accurately targeting customers, though the red flag here is that emails ask recipients to download Read the full article →

Comment: The WannaCry attack should be a wake-up call for consumers, businesses and governments

Ben Lovejoy The WannaCry ransomware attack may have been exploiting a vulnerability in Windows, but the lesson it provides – the importance of keeping both computers and mobile devices updated – is one applicable to all of us, Apple users included. WannaCry itself targeted a vulnerability that had existed in Windows all the way through from XP to the latest Windows 10. Microsoft issued a patch to fix the issue for Windows Vista onwards back in March, but many organizations failed to update. The scale of the attack – which caused widespread disruption around the world – should be a wake-up call to consumers, businesses and governments alike … For consumers and businesses, it needs to be a reminder of the importance of keeping operating systems updated – and all data backed-up more than once. Windows may be the primary target, but Mac malware is growing – which includes ransomware. McAfee said recently that Mac malware grew 744% last year. Most of it Read the full article →

How to avoid the Google Docs phishing attack and what to do if you’re a victim

The sophisticated Google Docs scam asked for extensive access to users' accounts Cara McGoogan 4 MAY 2017 • 11:00AM Google customers have been targeted with a scam that gave hackers access to the contents of emails, contact lists and online documents of victims. The scam asked users to click on a link to a Google Doc that appeared to come from someone they knew. On opening the link, Google's login and permissions page asked users to grant the fake Docs app the ability to "read, send, delete and manage your email", as well as "manage your contacts". The sophisticated scam, unlike more common attacks, worked through Google's system. Most phishing scams seek to glean personal information from victims such as usernames, passwords, addresses and financial details by leading them to fake versions of real websites from an email. Google has now shut down the attack. "We have taken action to protect Read the full article →

New Mac malware detected this week, based on primitive Windows techniques using Word macros

Benjamin Mayo  - Feb. 9th 2017 4:31 am PT Mac security researchers have found two separate instances of new macOS malware making the rounds this week, although the Mac exploit scene still remains far behind the sophisticated worms and trojan horses seen on Windows as noted by ArsTechnica. One of the new malware exploits relies on an old Windows technique, exploiting code execution inside Word documents using macros. It is believed to be the first of its kind targeted at the Mac platform. Luckily, it’s easy to avoid in large part because it relies on such an old attack vector …   The exploit works by having unsuspecting users open a specially-crafted Word document that includes macros that run when the file is opened. Macros were a prevalent attack vector in the Windows world many years ago and it now seems at least one organization is attempting to use the primitive methods on Mac users. A suspicious Word document is easily Read the full article →

Disable calendar invite spam

How to disable calendar invite spam on your iPhone, iPad, and Mac Did an invitation to buy products appear repeatedly in your calendar in the last few days? You can fix it. By Glenn Fleishman Senior Contributor, Macworld | Nov 28, 2016 12:12 PM PT An apparently huge number of iOS and macOS users received calendar invite spam starting late last week. If you began seeing an invitation to an event in your calendar listings for Ugg Boots, Ray-Ban sunglasses, and other products, it’s because spammers took advantage of a long-available feature in iCloud that extracts invites from email and presents them as notifications in calendar apps. The ones I received were set as a repeating event, making the invitation show up on every day of my calendar. Some users started receiving this spam weeks ago, but the distribution accelerated only around November 23 or 24. I’ve found scattered references as far back as August. The standard iCalendar Read the full article →

DDoS attack highlights benefits of Apple’s secure HomeKit platform

  Mirai-based DDoS attack highlights benefits of Apple's secure HomeKit platform By Mikey Campbell Friday, October 21, 2016, 10:25 pm PT (01:25 am ET) A distributed denial of service (DDoS) attack that on Friday severely impacted internet access for many U.S. web denizens was found to be in part enabled by a botnet targeting unprotected "Internet of Things" devices. For Apple, the revelation vindicates a controversial walled garden approach to IoT borne out through the HomeKit protocol. As detailed yesterday, unknown hackers set their sights on Dyn, an internet management company that provides DNS services to many major web entities. A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others. Though Dyn was initially unable to Read the full article →

‘Pegasus’ iOS malware package also found to impact OS X, Apple issues patch

By Mikey Campbell Thursday, September 01, 2016, 05:06 pm PT (08:06 pm ET) Apple in a patch last week blocked a particularly nasty malware package called "Pegasus" from infiltrating iOS devices, and the company is now doing the same for its OS X desktop operating system. Apple on Thursday issued security updates for OS X 10.10 Yosemite, OS X 10.11 El Capitan and Safari to address a vulnerability that potentially allows nefarious agents to take over a target device with a single click. Dubbed "Pegasus," the assault package leverages three zero-day vulnerabilities to remotely jailbreak and install a suite of monitoring software onto a victim's device. One of the key tools in the process is an exploit that takes advantage of a memory corruption flaw in Safari WebKit. The vulnerability allows attackers to deliver the malware payload when a target clicks on a link leading to a malicious webpage. Once installed, Pegasus exploits kernel flaws to upgrade privileges, allowing Read the full article →

Malwarebytes reports new OS X malware that could easily fool less technical users

by Ben Lovejoy No MacDaddy reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users. Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website … It does rely on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. Reed said that it wasn’t initially obvious how the app could force users to launch it. Even more intriguing, this app didn’t have any apparent mechanism for being launched. It hadn’t been added to my login items. There wasn’t a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing. But some digging found that the Info.plist file within the app defined Read the full article →