Security Alerts & News
by Tymoteusz A. Góral

History
#855 SandJacking attack puts Apple iOS devices at risk to rogue apps
Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device.

Researcher Chilik Tamir of mobile security company Mi3 Security disclosed last week during his talk at the show that an iOS mitigation for a previous attack he’d developed was incomplete and with a modification, he could still infect non-jailbroken iOS devices with malicious or misbehaving apps.

Apple declined to comment about the vulnerability it has known about the issue since Jan. 27. On May 23 Apple informed Tamir that it was working on a patch.
Read more
#867 The impossible task of creating a “Best VPNs” list today
#866 Ransomware is working, and the cybercrooks know it
#865 Outlook and Hotmail flooded by spam
#864 Samsung: Don't install Windows 10. REALLY
#863 Out-of-the-box exploitation possible on PCs from top 5 OEMs
#862 Tor Browser 6.0: Ditches SHA-1 support, uses DuckDuckGo for default search results
#861 Crypto-ransomware attacks Windows 7 and later, scraps backward compatibility
#860 Millions of PCs ship with bloatware riddled with security flaws, say researchers
#859 Got $90,000? A Windows 0-Day could be yours
#858 Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
#857 SSL/TLS and PKI timeline
#856 Hackers find bugs, extort ransom and call it a public service
#855 SandJacking attack puts Apple iOS devices at risk to rogue apps
#854 PayPal to pull out of Turkey following license denial
#853 US court says no warrant needed for cellphone location data
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12