Skip to main content

Security

See All Stories

Microsoft announces Security Copilot, leveraging GPT-4 for ‘the new era of security’

Microsoft Security Copilot GPT-4

Microsoft has announced the latest way it’s integrating OpenAI’s GPT-4 into its services and software. With a fresh app called Security Copilot, Microsoft believes leveraging GPT-4’s AI will usher in “the new era of security” by helping infosec professionals save time, simplify the complex, catch what others miss, and address the talent gap.

Expand Expanding Close
iOS 16.4 beat Rapid Security Res

Apple pushes Rapid Security Response update for iOS 16.4 beta [Version ‘b’ now available]

Following up on releasing the second iOS 16.4 developer and public betas, Apple has pushed a Rapid Security Response update to those on the latest software in testing. It’s unclear for now if this is another test of the Rapid Security Response feature like we’ve seen before or potentially fixing a notable flaw.

Expand Expanding Close

Apple should really invest in anti-theft security features for iPhone and iPad

Apple should really invest in anti-theft security features for iPhone

Apple devices have always been known for their security features, which include the Find My network that has received major updates in recent years. However, a report from The Wall Street Journal on Friday revealed that these features are not enough to prevent thieves from accessing users’ data. With iOS 17, Apple should invest even more in anti-theft security features for iPhone and iPad.

Expand Expanding Close

Recent iPhone thefts highlight the danger of using passcodes in public

iPhone theft passcode security

A new report from The Wall Street Journal looks at a recent trend of iPhone thefts that have happened across the US. Instead of just looking to snatch devices, these thieves are watching for passcodes so they can immediately get into iPhones, change Apple ID passwords, access financial accounts, and more. Here’s a look at the risks of using an iPhone passcode in public, how much power the passcode wields, and some steps to keep yourself safer.

Expand Expanding Close

Well-hidden Mac cryptomining malware found in pirate copies of Final Cut Pro; expect more [U]

Mac cryptomining malware in FCP | Final Cut Pro desktop setup

Update: Apple has now commented on the findings – see the end of the piece.

Cybersecurity company Jamf Threat Labs has found Mac cryptomining malware in pirate copies of Final Cut Pro. The firm says that the cryptojacking malware was particularly well hidden, and not detected by most Mac security apps.

Jamf also warned that the power of Apple Silicon Macs is going to make them increasingly popular targets for cryptojacking – where malware uses your machine’s considerable processing power to mine cryptocurrencies for the benefit of attackers …

Expand Expanding Close

Apple has removed scam authenticator apps from the App Store [U]

Scam authenticator app

Update: Apple has now removed the scam authenticator apps from the App Store – see end of piece.

Twitter’s latest bonehead move has led to a flurry of scam authenticator apps, with at least one of them using App Store advertising to figure prominently in search results – and then sending all scanned QR codes to the developer’s analytics service.

There’s a whole array of others that appear to be free but then require in-app purchases in order to scan QR codes …

Expand Expanding Close

Researchers who discovered new class of iOS bugs still exploring ‘huge range’ of ‘potential vulnerabilities’

new iOS security bugs

About a month after Apple released iOS 16.3 and macOS 13.2, it detailed additional security fixes that came with the updates. Now Trellix, the team that found two of those flaws for iOS and macOS has revealed more about how they discovered what they’re calling a “large new class of bugs.” While the new exploits were quickly patched by Apple, Trellix says it’s “still exploring” a “huge range” of potential vulnerabilities that could put messages, photos, location data, and more at risk on iPhone and Mac.

Expand Expanding Close

Data center logins for Apple and others obtained by hackers; could have facilitated physical access

Data center logins for Apple | Illustrative shot of a data center

A cybersecurity company has revealed that hackers obtained data center logins for Apple and other major companies. They were also able to access surveillance cameras remotely, and the privileges they had could even have allowed physical access to servers.

Hackers gained access to two third-party data center companies used by many major companies, and from there were able to obtain customer support logins for Apple, Amazon, BMW, Goldman Sachs, Microsoft, and as many as 2,000 other companies …

Expand Expanding Close

Tile follows Apple’s lead with enhanced anti-theft and stalking features, new $1M penalty

Tile is out with a new feature for its item trackers that hopes to reduce trouble with both theft and stalking. The company is calling the new feature Anti-Theft Mode and there are several components to it including an unscannable mode, a new $1 million penalty for misuse, ID verification, and more. The changes follow similar ones made by Apple last year. Here’s how the approaches compare.

Expand Expanding Close

Apple shares 5 security steps you should take ‘right away’ to protect Apple Card

Apple Card security steps

Apple Card has a number of security improvements compared to many credit cards with features like the number/expiration date not being printed on the card, control in the Wallet app on iPhone, and a focus on Apple Pay. Today Apple has shared 5 steps to take “right away” to “protect yourself from fraud and make the most of Apple Card’s security features.”

Expand Expanding Close
TikTok algorithm

TikTok algorithm could be shared with US, as company fights growing bans

The infamous TikTok algorithm, which has been accused of taking users into dangerous rabbit holes, could be shared with US officials, says the company. TikTok owner ByteDance is hoping that the offer of transparency will fend off further bans of the Chinese video sharing app.

Not everyone is convinced that the offer goes far enough, however …

Expand Expanding Close

Apple highlights 8 ways to keep kids safer online with iPhone and iPad

In honor of Safer Internet Day, Apple has shared a list of features and tips to provide a more secure and private experience for kids on devices like iPhone and iPad. Along with 8 ways to stay safer, Apple has highlighted its dedicated educational hub for parents and families plus a new free Today at Apple session called “Your Kids and Their Devices.”

Expand Expanding Close

Pegasus spyware journalists had to take extreme measures to avoid becoming victims

Pegasus spyware journalists | Abstract image

Pegasus spyware journalists Laurent Richard and Sandrine Rigaud were the first to discover an extensive list of specific people being targeted by NSO’s clients. In working on the story, they said they had to take extreme privacy precautions to avoid their own devices being compromised.

One of the major uses of Pegasus has been to silence journalists working on revealing abuses by tyrannical governments, so the risk of their own devices being hacked without their knowledge was very real …

Expand Expanding Close

iOS 16.3 – Hardware Security Keys explained [Video]

Apple rolled out hardware security key support in iOS 16.3, but what are they, and should you consider using them? Watch my hands-on video walkthrough as I explain why Apple added hardware security key support for Apple IDs, showcase how to use hardware security keys, and answer some frequently asked questions.

This written walkthrough explains a lot about security keys, but the video walkthrough embedded in this post is more in-depth, touches on additional platforms like macOS, and showcases features that I don’t touch on here. If you’re keenly interested in security keys, be sure to give it a watch, and perhaps consider subscribing to the channel for more in-depth analysis.

Expand Expanding Close

Anker admits to lying about Eufy security camera encryption; describes future plans

Eufy security camera encryption | Starlight camera shown

Anker has admitted that its statements about Eufy security camera encryption were not accurate. The smart home brand had previously stated that all video footage is end-to-end encrypted, but has now admitted there was an exception to this (which it has now fixed).

The company only finally came clean about the privacy breach after The Verge threatened to post a story about the company’s failure to answer its questions …

Expand Expanding Close