Category: Security

Phishing campaign alerts DocuSign to customer data breach

shutterstock A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn't what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company's branding. Being in the business of secure document management, it's not uncommon for DocuSign's name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It'd been hacked. As it turns out, "a malicious third party" had managed to break into a "non-core system" that DocuSign uses to send out service announcement emails. This is why the phishing campaign has been so accurately targeting customers, though the red flag here is that emails ask recipients to download Read the full article →

New Mac malware detected this week, based on primitive Windows techniques using Word macros

Benjamin Mayo  - Feb. 9th 2017 4:31 am PT Mac security researchers have found two separate instances of new macOS malware making the rounds this week, although the Mac exploit scene still remains far behind the sophisticated worms and trojan horses seen on Windows as noted by ArsTechnica. One of the new malware exploits relies on an old Windows technique, exploiting code execution inside Word documents using macros. It is believed to be the first of its kind targeted at the Mac platform. Luckily, it’s easy to avoid in large part because it relies on such an old attack vector …   The exploit works by having unsuspecting users open a specially-crafted Word document that includes macros that run when the file is opened. Macros were a prevalent attack vector in the Windows world many years ago and it now seems at least one organization is attempting to use the primitive methods on Mac users. A suspicious Word document is easily Read the full article →

Disable calendar invite spam

How to disable calendar invite spam on your iPhone, iPad, and Mac Did an invitation to buy products appear repeatedly in your calendar in the last few days? You can fix it. By Glenn Fleishman Senior Contributor, Macworld | Nov 28, 2016 12:12 PM PT An apparently huge number of iOS and macOS users received calendar invite spam starting late last week. If you began seeing an invitation to an event in your calendar listings for Ugg Boots, Ray-Ban sunglasses, and other products, it’s because spammers took advantage of a long-available feature in iCloud that extracts invites from email and presents them as notifications in calendar apps. The ones I received were set as a repeating event, making the invitation show up on every day of my calendar. Some users started receiving this spam weeks ago, but the distribution accelerated only around November 23 or 24. I’ve found scattered references as far back as August. The standard iCalendar Read the full article →

DDoS attack highlights benefits of Apple’s secure HomeKit platform

  Mirai-based DDoS attack highlights benefits of Apple's secure HomeKit platform By Mikey Campbell Friday, October 21, 2016, 10:25 pm PT (01:25 am ET) A distributed denial of service (DDoS) attack that on Friday severely impacted internet access for many U.S. web denizens was found to be in part enabled by a botnet targeting unprotected "Internet of Things" devices. For Apple, the revelation vindicates a controversial walled garden approach to IoT borne out through the HomeKit protocol. As detailed yesterday, unknown hackers set their sights on Dyn, an internet management company that provides DNS services to many major web entities. A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others. Though Dyn was initially unable to Read the full article →

‘Pegasus’ iOS malware package also found to impact OS X, Apple issues patch

By Mikey Campbell Thursday, September 01, 2016, 05:06 pm PT (08:06 pm ET) Apple in a patch last week blocked a particularly nasty malware package called "Pegasus" from infiltrating iOS devices, and the company is now doing the same for its OS X desktop operating system. Apple on Thursday issued security updates for OS X 10.10 Yosemite, OS X 10.11 El Capitan and Safari to address a vulnerability that potentially allows nefarious agents to take over a target device with a single click. Dubbed "Pegasus," the assault package leverages three zero-day vulnerabilities to remotely jailbreak and install a suite of monitoring software onto a victim's device. One of the key tools in the process is an exploit that takes advantage of a memory corruption flaw in Safari WebKit. The vulnerability allows attackers to deliver the malware payload when a target clicks on a link leading to a malicious webpage. Once installed, Pegasus exploits kernel flaws to upgrade privileges, allowing Read the full article →

Malwarebytes reports new OS X malware that could easily fool less technical users

by Ben Lovejoy No MacDaddy reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users. Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website … It does rely on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. Reed said that it wasn’t initially obvious how the app could force users to launch it. Even more intriguing, this app didn’t have any apparent mechanism for being launched. It hadn’t been added to my login items. There wasn’t a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing. But some digging found that the Info.plist file within the app defined Read the full article →

New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones & iPads

Martyn Williams@martyn_williams Feb 4, 2015 2:02 PM The spyware, called XAgent, is delivered via a phishing attack using a technique called island hopping. In that, the phones of friends and associates of the true target are first infected and then used to pass on the spyware link. It’s based on the assumption that the target is more likely to click on links from people they know than from strangers. Once installed, XAgent will collect text messages, contact lists, pictures, geo-location data, a list of installed apps, a list of any software processes that are running and the WiFi status of the device. That information is packaged and sent to a server operated by the hackers. XAgent is also capable of switching on the phone’s microphone and recording everything it hears. XAgent runs on both iOS 7 and iOS 8 phones, whether they’ve been jailbroken or not. It is most dangerous on iOS 7 since it hides its icon to evade detection. On iOS 8 it isn’t hidden and Read the full article →

MacDaddy SCAM ALERT: Don’t Click on That ‘Child Predator’ Email Link!

SCAM ALERT: Don't Click on That 'Child Predator' Email Link! San Mateo police say they've received reports of a new phishing email that's targeted local residents. By Renee Schiavone (Patch Staff)Updated November 12, 2014 at 12:42 pm By Bay City News Service:  San Mateo police are advising Internet users to be on the lookout for a dangerous email in their inbox that is not only fraudulently reporting a child predator in the neighborhood, but also attempting to acquire the email recipients’ sensitive information. Police are instructing individuals who receive the scam email to not open the Web link embedded in the body of the email because it is a phishing email, meaning that it will install software, or malware, onto the recipient’s computer. The malware will attempt to search the recipients’ computer for stored information such as usernames, passwords and credit card numbers. According to police, the email claims to be announcing “Neighborhood Safety Info,” Read the full article →

MacDaddy Security News: Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)

The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners. An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.     Because the hackers used Find My iPhone Read the full article →

MacDaddy Security: 5 rules for using the Internet after ‘Heartbleed’

FYI: Apple servers do not use OpenSSL, and are not affected by this attack!  By Priya Anand  You know the lock icon that pops up next to URLs to tell you a website will keep your information safe? It turns out it has actually left your private data unsecured for more than two years. Enlarge Image Websites encrypt your information, like emails, passwords and credit card numbers, so if anyone tries to snoop, they get a gibberish code and your data stays between you and the people you want to send it to. At least that’s the way it’s supposed to work. This week, researchers found a hole in OpenSSL, the lock that an estimated two-thirds of websites use. They’re calling the bug “Heartbleed.” What’s more, any attacks let in due to the bug can’t be traced, experts say. This is a gaping security hole with “epic repercussions,” director of security firm AlienVault Labs Jaime Blasco says, even if you’re starting to become numb to all the data breaches Read the full article →