Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-05-07 10:39:53 |
Checklist 229: Zero-Days and WebKit with August Trometer (lien direct) |
0-days, WebKit, and Apple's intentional vagueness. We discuss this week's updates (and what they mean) with August Trometer.
|
|
|
|
|
2021-04-30 17:06:21 |
Mac 0-day bug can bypass key macOS security features (lien direct) |
A Mac 0-day bug can bypass key macOS security features - and it's being actively exploited by the bad guys. Background | Details | Staying Safe
|
|
|
|
|
2021-04-30 09:10:05 |
Checklist 228: Updates, Transparency, and Security (lien direct) |
On this week's Checklist: How to unlock an iPhone while wearing a mask; App Tracking Transparency; and a BIG security update for macOS.
|
|
|
|
|
2021-04-27 11:01:31 |
Apple releases major updates for macOS, iOS, and more (lien direct) |
macOS 11.3, iOS 14.5, and more: major security updates from Apple (including a critical patch for macOS and a major privacy change in iOS).
|
|
|
|
|
2021-04-27 04:30:32 |
Facebook Finds New iOS Spyware Phenakite (lien direct) |
The iOS spyware threat Phenakite was discovered by Facebook. In this article: What it is | How it works | What iOS users should know.
|
Threat
|
|
|
|
2021-04-23 11:19:37 |
Checklist 227: Playing AirTag (lien direct) |
AirTag is finally here. On this Checklist, we'll tell you what it is, why some competitors are crying foul, and how it protects your privacy.
|
|
|
|
|
2021-04-21 08:26:41 |
iMacs, AirTag, and More at Apple\'s Spring Loaded Event (lien direct) |
Apple's Spring Loaded event brings new iMacs, new iPad Pros, AirTag, and more. Details, Prices, Specs, and Availability.
|
|
|
|
|
2021-04-20 20:34:05 |
What is Google\'s FLoC (and does it harm privacy)? (lien direct) |
What is Google's FLoC? In this article, we'll explain what FLoC is, why it may be a privacy threat, and how to check for it in your browser.
|
|
|
|
|
2021-04-16 09:04:12 |
Checklist 226: Yet Another Facebook Data Breach (lien direct) |
A Facebook data breach has exposed 500 million + users. On this episode of the Checklist: Details, how to check if you were affected, and staying safe.
|
Data Breach
|
|
|
|
2021-04-14 17:39:11 |
FBI accessed hundreds of private computers in Microsoft Exchange remediation bid (lien direct) |
The FBI accessed hundreds of vulnerable computers using remote backdoors installed by hackers - with the goal of collecting evidence against the hackers and removing the backdoors. In a press release issued Tuesday, the U.S. Department of Justice announced the operation and explained the rationale behind it.
The 2021 Microsoft Exchange Server breach
Earlier this year, several critical zero-day vulnerabilities for Microsoft Exchange Server were discovered (Exchange is email server software common ...
|
|
|
|
|
2021-04-13 16:10:06 |
TextEdit flaw could have let hackers create malicious TXT files (lien direct) |
A flaw in macOS TextEdit could have let attackers create malicious TXT files - files that could have led to DOS attacks, IP leaks, and more.
|
|
|
|
|
2021-04-07 22:40:40 |
Facebook data breach exposes details of 500 million users (lien direct) |
A Facebook data breach has exposed the personal information of more than 500 million users. In this article: Details | Impact | Staying Safe
|
Data Breach
|
|
|
|
2021-04-01 14:48:07 |
Checklist 225: Raising Better Digital Citizens with Robert Speciale (lien direct) |
Award-winning educator Robert Speciale shares strategies for communicating security and privacy concepts to today's kids.
|
|
|
|
|
2021-03-29 19:34:00 |
STIR/SHAKEN hits milestone in fight to stop caller ID spoofing (lien direct) |
How do we stop caller ID spoofing? This article shows how spoofing works, how STIR/SHAKEN helps, and why you shouldn't let your guard down!
|
|
|
|
|
2021-03-26 02:00:00 |
XcodeSpy Mac Malware Targets Developers (lien direct) |
XcodeSpy is macOS malware that can install a persistent backdoor on a Mac. In this article, we'll explain what it is, how it works, and how you can detect it!
|
Malware
|
|
|
|
2021-03-25 16:15:00 |
Checklist 224: Cloudburst Over Hobby Lobby (lien direct) |
Reports says a misconfigured AWS cloud server left the info of hundreds of thousands of Hobby Lobby customers exposed. We'll look at that and a few takes on how best to secure the cloud. Plus - revisiting a checklist on cloud misconceptions.
|
|
|
|
|
2021-03-24 19:40:56 |
Is the Clubhouse iOS app safe to use? (lien direct) |
Is the Clubhouse iOS app safe? We'll talk about what Clubhouse is, the app's security and privacy issues, and how to use it more safely.
|
|
|
|
|
2021-03-21 07:53:51 |
Checklist 223: Visiting Clubhouse and Revisiting App Privacy Labels (lien direct) |
If you spend any time on the socials, you've heard people talk about Clubhouse. It's been around for close to a year, though it's really taken off over the past few months. We'll look at its safety, then look at Privacy Labels with Clubhouse as a sort of yardstick.
Do you have a security or privacy question you’d like to see answered on The Checklist? Write to us and let us ...
|
|
|
|
|
2021-03-18 23:09:51 |
What to do before you sell your Mac: a step-by-step guide (lien direct) |
Planning to sell your Mac? This guide shows you how to make sure you aren't exposing your private data to the new owner!
|
|
|
|
|
2021-03-18 19:18:18 |
Checklist 222: Avoiding Tax Scams (lien direct) |
Tax time is upon us in the U.S. Between changes in filing dates last year and COVID-related tumult, bad guys are out in force this year, trying to scam the unsuspecting out of personal info and money.
|
|
|
|
|
2021-03-15 15:32:06 |
Security camera hack exposes thousands of video feeds (lien direct) |
A security camera hack has exposed thousands of video feeds. This article has background, analysis, and tips for home security camera safety.
|
Hack
|
|
|
|
2021-03-12 04:23:26 |
Checklist 222: Avoiding Tax Scams with Nick Leon (lien direct) |
On this podcast, we talk about avoiding tax scams both new and old. We cover "classic" tax scams as well as 2021 tax scams.
|
|
|
|
|
2021-03-06 11:40:31 |
4 tax scams to watch out for in 2021 (lien direct) |
In 2021, U.S. taxpayers should be on the lookout for these 4 tax scams. This article explains how they work, and how to keep yourself safe!
|
|
|
|
|
2021-03-06 11:13:02 |
Crisis (lien direct) |
also known as OSX/Morcut
Type:
Trojan Horse
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
Crisis is a Trojan horse that creates a backdoor on infected systems. Also known as Morcut, Crisis was first discovered in 2012, with subsequent variants appearing in the years to follow.
Crisis comes in the form of an illegitimate Adobe Flash Player installer. If installed, Crisis takes steps to achieve persistence (the ability to survive reboots), and then performs several actions, ...
|
|
|
|
|
2021-03-06 11:08:35 |
Conduit (lien direct) |
Type:
Adware
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
Conduit is adware. Conduit was a platform that could be used to create custom toolbars - meant to be installed as browser extensions - that were ostensibly aimed helping web publishers market to their audiences more effectively. However, Conduit had a number of behaviors that are classified as malicious: It would make unauthorized changes to a user’s web browser, including changes to the home ...
|
|
|
|
|
2021-03-06 11:06:27 |
CoinThief (lien direct) |
also known as OSX/StealBit
Type:
Trojan Horse
Platform:
Mac OS X
Last updated:
02/13/16 8:48 am
Threat Level:
High
Description
CoinThief is a Trojan horse that steals Bitcoins. Early versions of the malware were distributed through GitHub, a website which hosts publicly available software source code. Subsequent versions of CoinThief were also found on popular Mac app download sites.
CoinThief comes disguised either as a cryptocurrency “wallet” app - software for sending and receiving cryptocurrency - or as a cryptocurrency price ...
|
Malware
|
|
|
|
2021-03-06 11:05:32 |
ClickAgent (lien direct) |
also known as OSX/ClickAgent.FLA
Type:
Adware
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
ClickAgent is adware. It masquerades as a Flash Player installer and may be found on various websites, especially filesharing and adult websites. When ClickAgent was discovered in August 2013, it had been signed with an actual Apple Developer ID. If a user installs it, it will be added as an extension to their web browser - Safari, Chrome, or Firefox - ...
|
|
|
|
|
2021-03-06 11:05:02 |
ChatZum (lien direct) |
Type:
Adware
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
ChatZum is adware. It most often makes its way onto a Mac during the installation of another, legitimate program such as VLC or UnRarX. Although these applications in themselves are not malicious, and are not affiliated with the malware’s authors, the installer packages that bundle them together with the ChatZum adware are. Users are given the option to opt out of installing ChatZum by ...
|
|
|
|
|
2021-03-06 11:04:28 |
CallMe (lien direct) |
Type:
Trojan Horse
Platform:
Mac OS X
Last updated:
04/02/16 10:02 am
Threat Level:
High
Description
CallMe is a Trojan horse that targets Tibetan activist organizations. The Trojan infects its target through a malicious Microsoft Word (.doc) file, exploiting an older Word vulnerability cataloged as CVE-2009-0563. Once active, CallMe is able to run commands on the infected system; however, it only takes a limited number of actions using these permissions. The Trojan attempts to connect to a command and ...
|
Vulnerability
|
|
|
|
2021-03-06 11:03:17 |
Bundlore (lien direct) |
also known as Buca
Type:
Adware
Platform:
Mac OS X
Last updated:
07/02/20 1:49 am
Threat Level:
High
Description
Bundlore is adware. It “bundles” malicious or intrusive applications together with a legitimate program that the user is attempting to install. During the installation process, the user is prompted to install these malicious add-ons alongside the application that they actually want. The option to accept the unwanted applications often comes selected by default in the installer interface. If the user installs ...
|
|
|
|
|
2021-03-06 11:02:07 |
BlackHoleRAT (lien direct) |
Type:
Trojan Horse
Platform:
Mac OS X
Last updated:
04/02/16 7:14 am
Threat Level:
High
Description
BlackHoleRAT is a Trojan horse that allows remote access by malicious third parties to an infected computer. Early versions of the Trojan were relatively unsophisticated and seemed to be intended as proof of concept, but subsequent, better-developed variants were soon discovered - and these were being offered for distribution. BlackHoleRat is able to carry out a range of malicious actions on an infected ...
|
|
|
|
|
2021-03-06 11:00:38 |
BackTrack (lien direct) |
Type:
Keylogger
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
BackTrack is a keylogger. It is marketed as a data recovery tool designed to help users in the event of an application crash, but like all keystroke logging software, it can also be used to record the activity of any user working on the computer on which it is installed. BackTrack captures all keystrokes - with the exception of passwords - and saves them ...
|
Tool
|
|
|
|
2021-03-06 10:59:56 |
BPK (lien direct) |
also known as BlazingToolsPerfectKeylogger, PerfectKeyloggerLite
Type:
Keylogger
Platform:
Mac OS X
Last updated:
03/03/20 12:30 am
Threat Level:
High
Description
BPK Keylogger, now sometimes called Perfect Keylogger, is a keylogger. It is marketed as a family or employee monitoring tool, but like all keystroke loggers, it can be used to record the activity of any computer on which it is installed. Once active, BPK Keylogger runs stealthily in the background and records the keystrokes pressed by users of all accounts ...
|
|
|
|
|
2021-03-06 10:58:08 |
Award (lien direct) |
Type:
Keylogger
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
Award is a keylogger. Like all keyloggers, it can be used to monitor the activity of any system on which it is installed. Award allows the administrator to monitor keystrokes, clipboard content, and app usage. The keylogger can also take screenshots, either at set intervals or whenever a specific event (like a mouse click) occurs. Data is collected into log files which are then ...
|
|
|
|
|
2021-03-06 10:57:09 |
AskToolbar (lien direct) |
Type:
Adware
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
AskToolbar is adware, though it is sometimes classified as a Potentially Unwanted Program as well. AskToolbar is typically bundled with other software as an add-on during the installation process (this is very common, for example, during the installation of Oracle’s Java). The installer program for the primary application gives users the option to add the Ask toolbar and make Ask their primary search engine. ...
|
|
|
|
|
2021-03-06 10:56:12 |
AppleScriptTHT (lien direct) |
also known as OSX/ARDScript.A, OSX/Hovdy.A
Type:
Trojan Horse
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
AppleScriptTHT is a trojan horse. First spotted in the wild in 2008, the malware was discovered when it was offered for distribution on a hacker website, with site forum members discussing possible delivery vectors which included the messaging app iChat and the filesharing service LimeWire. In order to become infected, a user must first download and launch AppleScriptTHT. Once ...
|
Malware
|
|
|
|
2021-03-06 10:55:14 |
(Déjà vu) Aobo (lien direct) |
also known as OSX/ABK
Type:
Keylogger
Platform:
Mac OS X
Last updated:
02/04/20 9:53 am
Threat Level:
High
Description
Aobo is a keylogger marketed as a child and employee monitoring tool, but like all keystroke logging software, it can be used to monitor the activities of any computer on which it is installed. Formerly offered by Awosoft Co., Ltd., and related to the Amac and EaseMon keyloggers, Aobo has both Standard and Professional editions. Aobo is designed to run silently ...
|
|
|
|
|
2021-03-06 10:54:11 |
AnyKL (lien direct) |
Type:
Keylogger
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
AnyKL is a keylogger. Like all forms of keystroke logging software, AnyKL can record the activity of all users of the computer on which it is installed. AnyKL records keystrokes entered on the system as well as information about which application was being used at the time. The Professional Edition of AnyKL also supports password capture. In addition to logging keystrokes, the app takes ...
|
|
|
|
|
2021-03-06 10:52:03 |
Amac (lien direct) |
also known as OSX/AMK.A, OSX/AMK.B, OSX/AMK.C
Type:
Keylogger
Platform:
Mac OS X
Last updated:
03/02/19 12:34 am
Threat Level:
High
Description
Amac is a keylogger marketed as a monitoring tool for employers, parents, and schools. However, like all keystroke logging software, it can be used to record the activity of any computer on which it is installed. Formerly offered by Amac Software Co., Ltd., and related to the Aobo and EaseMon keyloggers, Amac is designed to run undetected in the ...
|
Tool
|
|
|
|
2021-03-06 10:51:29 |
AgentBob (lien direct) |
Type:
Hybrid Threat
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
AgentBob is a hybrid keylogger and screen recorder program. It is sometimes presented as a parental monitoring tool, but like all software with keystroke logging and screen recording capabilities, it can be used to monitor the activity of any user of the computer on which it is installed. AgentBob is designed to covertly record all keystrokes and save the data in text files, ...
|
|
|
|
|
2021-03-06 10:49:59 |
AceSpy (lien direct) |
Type:
Keylogger
Platform:
Mac OS X
Last updated:
02/09/16 9:14 pm
Threat Level:
High
Description
AceSpy is a keylogger marketed as a parental monitoring tool, but like all keystroke logging software, it can be used to monitor the activities of any computer on which it is installed. Designed to run undetected on the host computer, AceSpy creates detailed records of the system’s activities and forwards them to an email address controlled by whoever installed the program. In addition to ...
|
|
|
|
|
2021-03-04 18:54:27 |
Checklist 221: A Trio of Privacy Checklists from Apple (lien direct) |
Apple has three great checklists that we're featuring on this week's Checklist by SecureMac: If you want to see if anyone else has access to your device or accounts, If you want to stop sharing with someone whom you previously shared with, and If you want to make sure no one else can see your location.
|
|
|
|
|
2021-03-02 20:09:07 |
(Déjà vu) SilverSparrow (lien direct) |
Type:
Malware
Platform:
macOS
Last updated:
02/23/21 2:29 pm
Threat Level:
High
Description
Silver Sparrow is malware.
Silver Sparrow Threat Removal
MacScan can detect and remove Silver Sparrow malware from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.
Download MacScan
|
Malware
Threat
|
|
|
|
2021-03-01 20:07:00 |
HoverWatch (lien direct) |
Type:
Keylogger
Platform:
macOS
Last updated:
03/01/21 4:13 pm
Threat Level:
High
Description
Hoverwatch is a keylogger.
Hoverwatch Threat Removal
MacScan can detect and remove the Hoverwatch keylogger from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.
Download MacScan
|
Threat
|
|
|
|
2021-02-25 13:00:07 |
Checklist 220: Malware and the M1 with Patrick Wardle (lien direct) |
This week on the Checklist, security researcher Patrick Wardle joins us to discuss the new Silver Sparrow malware variant. We'll cover:
The speculation around Silver SparrowThe M1 and the future of Mac security
Security Note: If you're a MacScan 3 user, your software already has access to definitions for the Silver Sparrow malware discussed in this episode. MacScan will update its definitions automatically the next time you launch it. If you don't ...
|
Malware
|
|
|
|
2021-02-24 18:57:06 |
How to make encrypted iMessage backups for your iPhone (lien direct) |
If you want to learn how to make encrypted iMessage backups for your iPhone, you've come to the right place. In this how-to guide, we'll explain:
What is and isn't encrypted in iMessagesHow to set up your own encrypted backups for iMessagesHow to erase old iCloud backups of your iMessages
Why users are worried about encrypted iMessage backups
Earlier this month, journalists reported on a 2020 drug trafficking investigation in which law enforcement ...
|
|
|
|
|
2021-02-19 21:30:03 |
How to avoid scam apps in the App Store (lien direct) |
App developers are warning that there are lots of scam apps in the App Store - and they say that Apple's own ratings and review system is a big part of the problem. In this article, we'll take a look at what’s going on, and tell you how you can stay safe.
A broken ratings system
For the last couple of weeks, iOS app developer Kosta Eleftheriou has been calling out Apple ...
|
|
|
|
|
2021-02-18 20:07:39 |
Checklist 219: Teaching Tomorrow\'s Cybersecurity Pros with Robert Speciale (lien direct) |
This week on The Checklist, we talk with award-winning educator Robert Speciale, whose innovative program is teaching cybersecurity to high school students
|
|
|
|
|
2021-02-16 22:14:02 |
North Dakota law could change the iPhone in a big way (lien direct) |
State lawmakers in North Dakota will soon vote on a law that regulates the way Apple and Google do business with third-party mobile apps.
Supporters of the law argue that it will help small businesses, and that it would rein in Apple and Google's near-monopoly power in the world of mobile computing. Critics worry that it could undermine user safety, with one Apple exec saying it “threatens to destroy iPhone as ...
|
|
|
|
|
2021-02-11 15:56:15 |
Checklist 218: Reading the Privacy Nutrition Labels (lien direct) |
Privacy Labels have landed in the App Store for a number of apps. We'll cover what those are, what they cover, why some apps don't have them, and what you can do with the information on them.
|
|
|
|