Category: Security

Apple releases iOS 11.2.2 security update for iPhone and iPad

Apple has released iOS 11.2.2 for iPhone and iPad. The software update highlights security improvements and Apple “recommends for all users.” Apple hasn’t disclosed exactly what security issues are addressed by iOS 11.2.2, but we can expect to see details on Apple’s security page shortly. We’ll update when we learn more about the new version. For now, non-beta users can find iOS 11.2.2 for iPhone and iPad as a software update over-the-air through the Software Update section of the Settings app. The update could relate to the recently disclosed Spectre and Meltdown flaws discovered in most computer processors including ones used in iPhones and iPads. Apple acknowledged both issues last week and said it already addressed issues that could affect iOS and macOS while risks to Safari would be addressed soon. Update: Apple says the update is for Safari to address the Spectre vulnerability. Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Description: Read the full article →

“Invitation to the Great Illuminati” Spam Mail

For a moment, I thought I’d woken up in a Dan Brown novel, but it turns out that spam can be mysterious too: INVITATION TO THE GREAT ILLUMINATI Your email was selected among the ten lucky people giving the opportunity of becoming rich and popular by joining the great Illuminati network for more details please contact email ([email] ) for more details. In keeping with subject matter, the email doesn’t really go into further details. A quick Google of the subject matter confirms this is dropping into a lot of mailboxes right now. But to find out the real deal we have to go back to March on the 419 Eater forum, where spam and scam emails are met with intentionally time-wasting responses to prevent them cheating regular web users out of their cash. Things the scammers ask for in the 419 thread: 1) A photograph and information about where you live, for the eventual “initiation ceremony in Long Beach, California”. 2) They have to contact a second Read the full article →

Phishing campaign alerts DocuSign to customer data breach

shutterstock A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn't what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company's branding. Being in the business of secure document management, it's not uncommon for DocuSign's name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It'd been hacked. As it turns out, "a malicious third party" had managed to break into a "non-core system" that DocuSign uses to send out service announcement emails. This is why the phishing campaign has been so accurately targeting customers, though the red flag here is that emails ask recipients to download Read the full article →

New Mac malware detected this week, based on primitive Windows techniques using Word macros

Benjamin Mayo  - Feb. 9th 2017 4:31 am PT Mac security researchers have found two separate instances of new macOS malware making the rounds this week, although the Mac exploit scene still remains far behind the sophisticated worms and trojan horses seen on Windows as noted by ArsTechnica. One of the new malware exploits relies on an old Windows technique, exploiting code execution inside Word documents using macros. It is believed to be the first of its kind targeted at the Mac platform. Luckily, it’s easy to avoid in large part because it relies on such an old attack vector …   The exploit works by having unsuspecting users open a specially-crafted Word document that includes macros that run when the file is opened. Macros were a prevalent attack vector in the Windows world many years ago and it now seems at least one organization is attempting to use the primitive methods on Mac users. A suspicious Word document is easily Read the full article →

Disable calendar invite spam

How to disable calendar invite spam on your iPhone, iPad, and Mac Did an invitation to buy products appear repeatedly in your calendar in the last few days? You can fix it. By Glenn Fleishman Senior Contributor, Macworld | Nov 28, 2016 12:12 PM PT An apparently huge number of iOS and macOS users received calendar invite spam starting late last week. If you began seeing an invitation to an event in your calendar listings for Ugg Boots, Ray-Ban sunglasses, and other products, it’s because spammers took advantage of a long-available feature in iCloud that extracts invites from email and presents them as notifications in calendar apps. The ones I received were set as a repeating event, making the invitation show up on every day of my calendar. Some users started receiving this spam weeks ago, but the distribution accelerated only around November 23 or 24. I’ve found scattered references as far back as August. The standard iCalendar Read the full article →

DDoS attack highlights benefits of Apple’s secure HomeKit platform

  Mirai-based DDoS attack highlights benefits of Apple's secure HomeKit platform By Mikey Campbell Friday, October 21, 2016, 10:25 pm PT (01:25 am ET) A distributed denial of service (DDoS) attack that on Friday severely impacted internet access for many U.S. web denizens was found to be in part enabled by a botnet targeting unprotected "Internet of Things" devices. For Apple, the revelation vindicates a controversial walled garden approach to IoT borne out through the HomeKit protocol. As detailed yesterday, unknown hackers set their sights on Dyn, an internet management company that provides DNS services to many major web entities. A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others. Though Dyn was initially unable to Read the full article →

‘Pegasus’ iOS malware package also found to impact OS X, Apple issues patch

By Mikey Campbell Thursday, September 01, 2016, 05:06 pm PT (08:06 pm ET) Apple in a patch last week blocked a particularly nasty malware package called "Pegasus" from infiltrating iOS devices, and the company is now doing the same for its OS X desktop operating system. Apple on Thursday issued security updates for OS X 10.10 Yosemite, OS X 10.11 El Capitan and Safari to address a vulnerability that potentially allows nefarious agents to take over a target device with a single click. Dubbed "Pegasus," the assault package leverages three zero-day vulnerabilities to remotely jailbreak and install a suite of monitoring software onto a victim's device. One of the key tools in the process is an exploit that takes advantage of a memory corruption flaw in Safari WebKit. The vulnerability allows attackers to deliver the malware payload when a target clicks on a link leading to a malicious webpage. Once installed, Pegasus exploits kernel flaws to upgrade privileges, allowing Read the full article →

Malwarebytes reports new OS X malware that could easily fool less technical users

by Ben Lovejoy No MacDaddy reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users. Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website … It does rely on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. Reed said that it wasn’t initially obvious how the app could force users to launch it. Even more intriguing, this app didn’t have any apparent mechanism for being launched. It hadn’t been added to my login items. There wasn’t a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing. But some digging found that the Info.plist file within the app defined Read the full article →

New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones & iPads

Martyn Williams@martyn_williams Feb 4, 2015 2:02 PM The spyware, called XAgent, is delivered via a phishing attack using a technique called island hopping. In that, the phones of friends and associates of the true target are first infected and then used to pass on the spyware link. It’s based on the assumption that the target is more likely to click on links from people they know than from strangers. Once installed, XAgent will collect text messages, contact lists, pictures, geo-location data, a list of installed apps, a list of any software processes that are running and the WiFi status of the device. That information is packaged and sent to a server operated by the hackers. XAgent is also capable of switching on the phone’s microphone and recording everything it hears. XAgent runs on both iOS 7 and iOS 8 phones, whether they’ve been jailbroken or not. It is most dangerous on iOS 7 since it hides its icon to evade detection. On iOS 8 it isn’t hidden and Read the full article →

MacDaddy SCAM ALERT: Don’t Click on That ‘Child Predator’ Email Link!

SCAM ALERT: Don't Click on That 'Child Predator' Email Link! San Mateo police say they've received reports of a new phishing email that's targeted local residents. By Renee Schiavone (Patch Staff)Updated November 12, 2014 at 12:42 pm By Bay City News Service:  San Mateo police are advising Internet users to be on the lookout for a dangerous email in their inbox that is not only fraudulently reporting a child predator in the neighborhood, but also attempting to acquire the email recipients’ sensitive information. Police are instructing individuals who receive the scam email to not open the Web link embedded in the body of the email because it is a phishing email, meaning that it will install software, or malware, onto the recipient’s computer. The malware will attempt to search the recipients’ computer for stored information such as usernames, passwords and credit card numbers. According to police, the email claims to be announcing “Neighborhood Safety Info,” Read the full article →