Apple’s Box security scare shows the risk of shadow IT

Credit to Author: Jonny Evans| Date: Tue, 12 Mar 2019 10:25:00 -0700

Until enterprise IT truly gets to understand that its own internal systems need to be as easy to use as any iOS app and as easy to learn as an iPhone, potentially damaging data breaches will take place, threatening business confidentiality. Apple is not immune.

Apple and the human interface

The news is that information from some of the world’s biggest names in business – including Apple, Edelman and Discovery Channel – could have been accessed through Box Enterprise, which offers companies bespoke company name-based file archiving and sharing services using this URL construction:

https://<companyname>.app.box.com/v/<filename>

To read this article in full, please click here

Read more

Now you can buy police-grade iPhone hacking tools on eBay

Credit to Author: Jonny Evans| Date: Thu, 28 Feb 2019 06:25:00 -0800

If you want to hack your way into an old iPhone you can get hold of a law enforcement-grade system to do just that for a bargain price on eBay.

I think that’s a crime

I can’t stress this enough.

The very existence of tools like these is a threat to every smartphone user. This is because no matter how many times people argue that these solutions will only see use by law enforcement, these things always proliferate.

The fact that Celebrate systems law enforcement was until recently spending heavily on acquiring are now available on the open market for as little as $100 is a perfect illustration of this.

To read this article in full, please click here

Read more

Automated Android attacks deliver “UFO” cryptominer Trojan

Credit to Author: Andrew Brandt| Date: Tue, 26 Feb 2019 16:00:23 +0000

A persistent attack against Android devices is on the rise and gaining traction with the criminals who do this sort of thing<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zu19kgWwZIw” height=”1″ width=”1″ alt=””/>

Read more

Microsoft CEO supports Apple on privacy

Credit to Author: Jonny Evans| Date: Tue, 26 Feb 2019 06:00:00 -0800

Microsoft CEO Satya Nadella seems to agree with Apple CEO Tim Cook when it comes to privacy, calling this a “fundamental human right”.

Microsoft CEO: Privacy a ‘human right’

Despite the lack of a successful smartphone franchise, Microsoft is still very much part of today’s industry with a range of services across the mobile ecosystem. That’s probably why Nadella is such an active attendee at Mobile World Congress 2019.

What’s really interesting about what he said during a speech at the show is the extent to which his thinking aligns with what Apple is doing around privacy, for example:

To read this article in full, please click here

Read more

Get ready for the age of sensor panic

Credit to Author: Mike Elgan| Date: Sat, 23 Feb 2019 03:00:00 -0800

A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras “have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras.”

To read this article in full, please click here

Read more

Apple is losing value and that’s a good thing

Credit to Author: Jonny Evans| Date: Fri, 22 Feb 2019 08:50:00 -0800

Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.

Apple is losing value

Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, “the most appealing targets” for scammers.

That’s changed.

The latest edition of Top10VPN’s ​Dark Web Market Price Index​ claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.

To read this article in full, please click here

Read more

Apple is learning why shortcut security is a bad idea

Credit to Author: Evan Schuman| Date: Wed, 20 Feb 2019 11:00:00 -0800

When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through to get their internal apps posted. It chose convenience and, well, you can guess what happened.

Media reports say pirate developers used the enterprise program to improperly distribute tweaked versions of popular apps — including Spotify, Angry Birds, Pokemon Go and Minecraft — while others used the platform to distribute porn apps along with real-money gambling apps. And all the bad guys had to do was lie to Apple reps about being associated with legitimate businesses. Apple didn’t bother to investigate or otherwise verify the answers.

To read this article in full, please click here

Read more

With latest mobile security hole, could we at least focus on the right things?

Credit to Author: Evan Schuman| Date: Wed, 13 Feb 2019 03:00:00 -0800

A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn’t be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user’s interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

To read this article in full, please click here

Read more

How to stay as private as possible on Apple's iPad and iPhone

Credit to Author: Jonny Evans| Date: Fri, 08 Feb 2019 09:39:00 -0800

Apple believes in your right to privacy. Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device.

Use a better passcode

You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code.

You change this in Settings>Touch ID/Face ID & Passcode, select Change Passcode and then tap the small Passcode Options dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code.

To read this article in full, please click here

Read more

Apple pulls Facebook enterprise certificate

Credit to Author: Christopher Boyd| Date: Thu, 31 Jan 2019 16:44:03 +0000

After an app using an internal-only certificate from Facebook made its way into the outside world, Apple has responded by pulling Facebook’s developer certificate with immediate consequences for the social media giant.

Categories:

Tags:

(Read more…)

The post Apple pulls Facebook enterprise certificate appeared first on Malwarebytes Labs.

Read more