Independent – Page 65 – Computer Security Articles

Credit to Author: Jonny Evans| Date: Fri, 02 Sep 2022 04:55:00 -0700

When Craig Federighi, Apple’s senior vice president of software engineering last year said, “We have a level of malware on the Mac that we don’t find acceptable,” he apparently really meant it. And Apple seems to be doing about something about it.

Apple is giant taking steps to secure the Mac

Federighi characterized Apple as being in an enduring battle against malware on the Mac. He also explained that between May 2020 and May 2021 the company identified 130 types of Mac malware that infected 300,000 systems.

Given the Mac’s reputation for security, that may seem counter intuitive, but maintaining a secure platform requires constant watchfulness.

To read this article in full, please click here

ComputerWorld Independent

September 1, 2022 admin

Apple pushes out emergency updates to address zero-day exploits

Credit to Author: Lucas Mearian| Date: Thu, 01 Sep 2022 16:46:00 -0700

Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates.

To read this article in full, please click here

Independent Krebs

August 31, 2022 admin

Final Thoughts on Ubiquiti

Credit to Author: BrianKrebs| Date: Wed, 31 Aug 2022 15:14:29 +0000

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false… Read More »

Independent Krebs

August 30, 2022 admin

How 1-Time Passcodes Became a Corporate Liability

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

ComputerWorld Independent

August 29, 2022 admin

Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach

Credit to Author: Varun Aggarwal| Date: Mon, 29 Aug 2022 04:19:00 -0700

The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.

ComputerWorld Independent

August 26, 2022 admin

What is Managed Device Attestation on Apple platforms?

Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700

Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.

Secure the endpoints, not the end times

This adjustment reflects a reality shift. Work doesn’t happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.

Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.

To read this article in full, please click here

ComputerWorld Independent

August 26, 2022 admin

Planned ‘fixes’ for credit-card interchange fees will actually make fraud easier

Credit to Author: Evan Schuman| Date: Fri, 26 Aug 2022 03:00:00 -0700

I love it when organizations try and do something good, but don’t think things through and end up delivering unintended negative consequences.

Today’s case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.

Let’s start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers.

To read this article in full, please click here

Independent Krebs

August 18, 2022 admin

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Credit to Author: BrianKrebs| Date: Thu, 18 Aug 2022 15:27:53 +0000

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.