It was only a couple of weeks ago that I said jailbreaking is basically dead. But it seems no-one told Google security engineer Ian Beer. He's released detailed information that describes how to exploit a memory corruption vulnerability that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier. This can, he says, be used to create a jailbreak.
If you had any doubts that criminals were in investing in technology, then this will allay those concerns. By aggregating the data from over 250 separate breaches, cybercriminals have created an easily accessed and usable treasure trove with 1.4 billion clear text log-in credentials according to security researchers 4iQ. If you're in the habit of reusing your credentials then this aggregated, interactive database which lets criminals query and receive responses in under a second should have you worried.
For the longest time, Apple’s customers have pointed to the Cupertino company’s “better” security as a reason to ditch Windows and move into their walled garden. But the security landscape has changed and we are facing new threats. Recent events suggest Apple’s supposed security superiority is being eroded by smarter bad guys and errors coming from Apple’s development team.
Precedent, the company who was contracted to provide services to the Red Cross Blood Bank, has been liquidated. Although the company has managed to keep trading for well over a year following revelations that a staff member placed confidential data on a publicly-facing server, reports say their work pipeline dried up following the breach.
We live in an era where ideas can turn into vast sums of money, and then disappear, in the blink of an eye. Many of today's start-ups start with a way of changing business process and then commercialise that idea. But Nir Gabay, the founder of El-Sight, focussed on solving a very specific problem. And his hardware solution has massive implications that go far beyond his original vision. EL-Sight's core product is a mobile digital video recorder (DVR) that can securely store and transmit data.
The recently revealed Uber data breach, that resulted in 57 million customer and 600,000 driver data records being leaked, has seen the leadership ranks of the company's security team gutted. Chief Security Officer Joe Sullivan was fired and his Chief of Staff Pooja Ashok, senior engineer Prithvi Rai and Sullivan's most senior manager Jeff Jones have all resigned.
Apple found itself rather red-faced last week when it was discovered that the root account of macOS High Sierra was accessible without a password. Yep, that's quite the security blunder. The company responded quickly with a patch, unfortunately, it turns out that patch can be overridden by macOS' normal update process.
Stability and security are two properties you want in a browser. The Chromium team, which works on the core software that powers Google Chrome, is introducing a change in July 2018 that will improve both aspects for the browser by denying third-party programs from injecting code into the application.
The major Australian banks are following familiar public relations tactics in requesting a parliamentary commission of inquiry into banking and financial services. When the public mood is against an industry, it will try to win the public over, while getting the politicians to ignore the public mood. If that fails, the industry gradually concedes ground until attention goes elsewhere.
There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.
The current release of macOS High Sierra, version 10.13.1, has a bug that allows someone with physical access to your machine to bypass the log-in screen and access your data. The issue allows someone to authenticate as a “system administrator" with the ability to view files and change details in user accounts.
Many of the world’s top websites routinely track a user’s every keystroke, mouse movement and input into a web form – even before it’s submitted or later abandoned, according to the results of a study from researchers at Princeton University.
And there’s a nasty side-effect: personal identifiable data, such as medical information, passwords and credit card details, could be revealed when users surf the web – without them knowing that companies are monitoring their browsing behaviour.
It's taken a few years but the IT industry has finally figured out that the best way to combat cybercrime is to work cooperatively with other people. Threat actors cooperate through dark web marketplaces and forums where tools and skills are traded as commodities. This is one of the key reasons they are able to cause such havoc. Optus is committing $3.5M to the Cyber Security Cooperative Research Centre.
It has been revealed that Uber was the victim of a cyber-attack that resulted in the personal data of 57 million customers being exposed. And if that wasn't bad enough, it is also being reported that the many paid the hackers $100,000 to keep quiet and delete the data. Under European and Australian laws that will come into effect next year, that $100,000 is small fry compared to the millions of dollars it could cost them.
We're often told that one of the best protections we can have for our data is to use end-to-end encryption when data is at rest and in-flight so, in the event data is lost either accidentally or though a malicious act, the potential damage is minimised. But a recent study of 331 individuals conducted by the pinion Institute and sponsored by Thales - who has a big business in encryption - says just 32% of Australians have an enterprise-wide encryption policy.
There are lots of great benefits to using a smartwatch or fitness band. They can encourage activity, deliver data to you in a convenient and unobtrusive way and they can let you take your music with you without carrying a phone.
But they can also be used to keep spy on people - and that's getting German authorities riled up. An entire class of smartwatches are designed specifically for parents to keep track of their kids. Germany's Federal Network Agency says devices with GPS tracking capability and integrated cellular comms constitute unauthorised transmission systems and have banned the devices.