Kaiji malware: a new IoT threat

Security researchers have discovered a new family of malware, dubbed “Kaiji”, that targets Internet of Things (IoT) devices and Linux servers.

Why you should update Firefox right now, according to the U.S. Department of Homeland Security

The U.S. Department of Homeland Security has issued an alert about a “critical vulnerability” affecting Mozilla’s Firefox browser. The DHS has advised all Firefox users to update their browser software immediately.

In this short article, we’ll explain what the vulnerability is, help you parse the language used in the security advisory, tell you who is affected, and let you know how to get your updates and stay safe.

What is the vulnerability?

According to the Mozilla security advisory, the vulnerability was due to a flaw in the “IonMonkey JIT compiler”, which could “lead …

New fileless malware for macOS linked to Lazarus Group

The new malware sample bears similarities to the well-known AppleJeus malware, which targets cryptocurrency exchanges. AppleJeus is the product of Lazarus Group, a shadowy cybercrime organization believed by many to be linked to North Korea.

Apple AirDrop Vulnerability Broadcasts User Phone Numbers to Potential Attackers

iPhone users who frequently use the AirDrop feature to share images, videos, or other files may unwittingly be broadcasting their phone numbers to people nearby. According to a recent Ars Technica report, a hacker would need to have a laptop and a “wireless packet sniffer” dongle to exploit the vulnerability. Armed with those components, a security researcher testing the proof-of-concept software designed to exploit the vulnerability was able to see “details of more than a dozen iPhones and Apple Watches that were within radio range” and use this information to …

Flaw in Bluetooth Protocols Could Allow Tracking of iPhone, MacBook Users

Bluetooth is one of the most common wireless protocols in the world, allowing a vast range of devices to connect together for shared functionality. From playing music in your car to controlling the temperature of your flatiron, Bluetooth enables us to do many things — and as a result, Bluetooth protocols are standard on iPhones, in MacBooks, and in many other products, too. According to a new study published by researchers from Boston University, though, almost all those devices currently contain a Bluetooth flaw that can erase a user’s privacy.

Bluetooth’s …

Zoom security flaw puts you at risk (even after you uninstall)

Security researcher Jonathan Leitschuh has discovered a major vulnerability in the popular Zoom video conferencing app that could allow malicious actors to turn on your Mac’s camera without your permission.

Google Shares Details about a New macOS Vulnerability

On Friday, March 1, 2019, Google’s Project Zero announced that it had discovered a “high severity” vulnerability in Apple’s macOS operating system. The Project Zero team constantly works to find vulnerabilities in software and code from other companies and developers. When Project Zero does identify a weakness, it notifies the coder or developer behind the software. The developer then has a 90-day window to fix the issue before Project Zero announces the vulnerability to the world. In other words, Apple has known about this issue for a while and has …

Breach of Spyware Company mSpy Exposes iCloud Account Information for Millions

Apple users should consider changing their iCloud passwords after a recent breach reportedly exposed the account information of millions of people. The breach involved a company called mSpy, a spyware-as-a-service business. mSpy sells mobile and computer software that allows users to spy on their friends or family members. The software is also marketed to allow parents to see what their children are doing on their devices. However, this type of software is technically illegal and mSpy has a shady reputation.

At the end of August, security researchers Brian Krebs …

Major macOS Mail App Harbors Major Vulnerabilities

How do you manage your email? For those who receive a high volume of messages every day and depend on their email for work purposes, answering this question is essential. Most stock mail clients don’t always offer the capabilities you need from them; for that reason, many people choose to use third-party email management programs. macOS users are no exception. However, it is important to be aware that this software, like any other, can put your data at risk if the developers fail to take appropriate security measures. That appears …

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …

Apple Confirms Fixes for Major CPU Vulnerability, More on the Way

Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.

By exploiting a weakness in an advanced function within the processor, Meltdown allows …

Apple Reassures Users: Flaws in WikiLeaks/CIA Vault7 Leak Already Patched

On March 7th, WikiLeaks entered the news and made waves again by releasing almost nine thousand documents they claimed came from within the US Central Intelligence Agency. Contained in the leak was a vast range of information about the CIA’s intelligence gathering practices regarding technology. The revelations included information that the agency had undertaken spying efforts through exploiting vulnerabilities in various technologies, including some “smart” TVs and mobile operating systems. Also, contained within the documents, however, were fourteen previously undisclosed flaws in iOS. Through these flaws, an attacker could …