dcsimg

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zero team, and patches were issued yesterday. What has Apple patched in the update? Publicly … [Read more...]

Apple’s notarization process fails to protect

In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their software is malware-free (and must go through for their software to run on macOS Catalina). This is meant to be another layer in Apple’s protection against malware. Unfortunately, it’s starting to look like notarization may be less security and more security … [Read more...]

iOS Mail bug allows remote zero-click attacks

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable. The way the attack works is that the … [Read more...]

Malwarebytes Labs releases 2020 State of Malware Report

Malwarebytes Labs today released the results of our annual study on the state of malware—the 2020 State of Malware Report—and as usual, it’s a doozy. From an increase in enterprise-focused threats to the diversification of sophisticated hacking and stealth techniques, the 2019 threat landscape was shaped by a cybercrime industry that aimed to show it’s all grown up and coming after … [Read more...]

The little-known ways mobile device sensors can be exploited by cybercriminals

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new methods of bypassing conventional mobile … [Read more...]

New iOS exploit checkm8 allows permanent compromise of iPhones

This morning, an iOS researcher with the Twitter handle @axi0mX announced the release of a new iOS exploit named checkm8 that promises to have serious consequences for iPhone and iPad hardware. According to the Tweet, this exploit is a “permanent unpatchable bootrom exploit,” capable of affecting devices from 4S up to the iPhone X. But what, exactly, does this mean? First, … [Read more...]

300 shades of gray: a look into free mobile VPN apps

The times, they are a changin’. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy and how their personal information is transmitted, processed, stored, and shared. Nearly every … [Read more...]

Unprecedented new iPhone malware discovered

A post by Ian Beer of Google Project Zero released late yesterday evening sent the security community reeling. According to Beer, a small set of websites had been hacked in February and were being used to attack iPhones, infecting them with malware. These sites, which see thousands of visitors per day, were used to distribute iOS malware over a two-year period. History of iOS … [Read more...]

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology (aka Bluetooth Classic, from 1.0 to 5.1) can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of Technology, the CISPA Helmholtz Center for Information Security, and University of Oxford released … [Read more...]

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]