Ransomware scammers have been exploiting a flaw in Apple's Mobile Safari browser in a campaign to extort fees from uninformed users. The scammers particularly target those who viewed porn or other controversial content. Apple patched the vulnerability on Monday with the release of iOS version 10.3.
Have you been thinking that you'd never see another update for your Mac that's stuck running OS X Yosemite and El Capitan? Well, Apple has a surprise for you.
The surprise comes in the form of Security Update 2017-001. What does it do? There's no information on the fixes it contains beyond a somewhat cryptic "Security Update 2017-001 is recommended for all users and improves the security of OS X."
Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend.
The researcher said he discovered this issue two years ago, in 2015, and agreed to a process called "limited non-disclosure," as Symantec said it would take at least two years to fix the issues, during which they asked Byrne to not disclose any details to the public.
"I agreed to limited non-disclosure of the issue, unless I felt it was critically necessary, or it would be unethical or irresponsible for me not to disclose," said Byrne, "for example, if there were a threat to national security, or I discovered a compromise of a client, or any actual criminal compromise arising from it, etc.."
Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline.
On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks over the four year period it was in business. That story named two young Israelis — Yarden Bidani and Itay Huri — as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.
Nokia no longer makes mobile devices but it's carving out a new business in mobile and Internet of Things security. Now new research from the unit is reporting a 83 percent rise in monthly smartphone infections in the second half of 2016.
Two years ago Verizon challenged assumptions about the spread of mobile malware, reporting that just 0.03 percent of smartphones on its network were infected with 'higher-grade' malware. It was much lower than the 0.68 percent infection rate estimated in Kindsight Security Labs' biannual report.
But a new report from Nokia, based on data from mobile networks that have deployed its NetGuard Endpoint Security, suggests infections are actually far higher.
On March 25, security researcher Kevin Beaumont discovered something very unfortunate on Docs.com, Microsoft's free document-sharing site tied to the company's Office 365 service: its homepage had a search bar. That in itself would not have been a problem if Office 2016 and Office 365 users were aware that the documents they were posting were being shared publicly.
Unfortunately, hundreds of them weren't. As described in a Microsoft support document, "with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing." But many users used Docs.com to either share documents within their organizations or to pass them to people outside their organizations—unaware that the data was being indexed by search engines.