macOS High Sierra Logs External Volume Passwords in Plaintext
In macOS High Sierra, the passwords used for Apple File System (APFS)-encrypted external drives are logged and kept in on-disk log files, a security researcher has discovered. The APFS file system was introduced by Apple with the release of macOS High Sierra and is automatically applied to the startup volume when the platform High Sierra […] more…Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII)
Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) Seems like we always have a connected device somewhere within arm’s reach, whether it’s a smartphone, laptop, tablet, a wearable, or some combination of them all. In a way, we bring the internet along with us nearly wherever we go. Yet there’s something […] more…Sunburst backdoor – code overlaps with Kazuar
Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; […] more…Why Kids Use Secret Decoy Apps and Why Parents Should Care
Kids have been locking their diaries and hiding top secret shoe boxes since Sandy Olssen had a crush on Danny Zuko. The need for more and more privacy is a natural part of growing up. Today, however, some kids hide their private lives behind locked decoy apps catapulting those harmless secret crushes to a whole […] more…IT threat evolution Q1 2017
Overview Targeted attacks and malware campaigns More wipers The aim of most targeted attack campaigns is to steal sensitive data. However, this isn’t always the goal. Sometimes attackers erase data instead of – or as well as – trying to gain access to confidential information. We’ve seen several wiper attacks in recent years. They include […] more…Operation Blockbuster revealed
Kaspersky Lab has joined industry alliance driven by Novetta to announce Operation Blockbuster. Just like the previous Operation SMN, this alliance brings together key players in the IT security industry, working together in an effort to disrupt and neutralize multiple cyberespionage campaigns that have been active for several years. Some of the targets of these […] more…A Nightmare on Malware Street
Another ransomware has been spotted in the wild lately, branded as ‘CoinVault’. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files as a sign of good faith. Technically, the malware writers have taken a lot of measures to slow down the […] more…Timeline: Hacks Related to Apple
The hacks related to Apple involve a lot of complexities. Let’s review the time line: February 1st: Twitter’s Director of Information Security, Bob Lord, posted “Keeping our users secure” on Twitter’s blog. On a Friday. The weekend of the NFL’s Super Bowl. Lord explained that Twitter had been hacked, and that 250,000 accounts have had […] more…WordPress Security: 5 Steps To Reduce Your Risk
Often you hear the question, “What plugins should I use for WordPress Security?”. It’s a valid question, but I don’t think it’s the best approach if it’s the only question you’re asking, or the only action you’re taking. If you’re leaving the security of your blog to a plugin from a 3rd party alone, you’re […] more…More information
- U.S. urged to ban foreign firms that steal intellectual property
- iPhone ‘liberation’ kit sells out in minutes
- VMware Patches ‘Hard-to-Exploit’ DoS Vulnerability
- 8 reasons to use 1Password that don’t involve storing passwords
- You could soon have to share your genetic screen results with your boss
- The Crucial Component of Detection and Response: Intelligence Pivoting
- ISC Kea CVE-2019-6474 Denial of Service Vulnerability
- Want security, privacy? Turn off that smartphone, tablet GPS
- Leaked video of Xbox One dev kit does not please Microsoft’s Major Nelson
- US cryptocurrency coder gets 5 years for North Korea sanctions busting