hackers

Just the sound of a touchscreen swipe can give away your fingerprint

By

Fingerprint biometic security
It's not like your fingerprint is being read off the screen. It's recreated from sound and friction.
Photo: Pixabay@Pexels

New research suggests attackers can use the sound of a user’s finger swiping on a touchscreen to recreate their fingerprint pattern, according to a report Tuesday. And that biometric security risk could lead to trouble, of course.

All it takes is casual swiping in popular apps while a device microphone is on.

Great. As if we didn’t have enough to worry about, biometic-security-wise.

Here’s a great way to get your personal information off the internet

By

You can use Incogni to remove your vulnerable personal information online.
You can use Incogni to remove your vulnerable personal information from the back alleys of the internet.
Image: Surfshark

With corporate data breaches and identity theft on the rise, people are justifiably worried about how to keep their sensitive personal data safe online. Fortunately, the Incogni personal information removal service can reduce your exposure in multiple ways — with little effort on your part.

SPONSORED
This post is brought to you by Surfshark.
And even better, Cult of Mac readers can get a 55% discount on subscriptions to the Incogni personal information removal service for a limited time.

Is your smart light bulb giving passwords to hackers?

By

A research paper found TP-Link's Tapo L530E smart bulb suffers four security flaws.
A research paper found TP-Link's Tapo L530E smart bulb suffers four security flaws.
Photo: TP-Link

A popular smart light bulb from TP-Link suffers from severe security flaws that could give hackers passwords and other information, researchers said Wednesday.

A paper examined four flaws in the bestselling TP-Link Tapo L530E, which works with Apple’s HomeKit platform.

Wyze knew of its security cameras’ vulnerability for 3 years and told no one

By

A Wyze V2 security camera.
A Wyze V2 security camera.
Photo: Wyze

Media outlets are reporting that Wyze knew for three years about a security flaw that rendered its security cameras vulnerable to hackers. But in all that time, it did not tell its customers about the problem.

News of the flaw broke on Tuesday. Wyze, long know for its inexpensive but useful security cameras, has since responded to the controversy, as noted below.

Pegasus spyware won’t affect ‘overwhelming majority’ of iPhone users, Apple says

By

Fraudster steals $16k from victim posing as Apple tech support
Those misusing the Pegasus iPhone hacking tool allegedly work for governments around the world.
Photo: Donald Tong/Pexels CC

Amnesty International accuses governments around the world of using NSO Group’s Pegasus iPhone hacking tool to illegally spy on journalists and human rights defenders. Apple’s head of Security Engineering and Architecture condemns this type of hacking, but also says that such attacks “are not a threat to the overwhelming majority of our users.”

Hackers’ leak confirms big changes coming to MacBook ports

By

This 14-inch MacBook Pro concept is by Renders by Ian
Hackers leaked details that help confirm that a 2021 MacBook Pro model will look much like this.
Concept: Ian Zelbo/Renders by Ian

Hackers reportedly stole plans for two upcoming 2021 MacBook Pro models from Quanta and leaked details. These help confirm earlier reports that Apple’s next notebook will see a return of MagSafe, the HDMI port and an SD card reader. But no Touch Bar.

iOS 14.5 makes zero-click iPhone attacks even more difficult

By

If hackers dump your personal data onto the dark web, you need to know about it. Dashlane Dark Web Monitoring can sound the alarm.
“Dammit, Apple keeps breaking all my best zero-click attacks.”
Photo: sebastiaan stam/Pexels CC

The next iOS version will make it more difficult for hackers to break into iPhones. Security researchers digging around in Apple’s beta code for iOS 14.5 found that the company began encrypting pointer authentication codes, which will make zero-click attacks far tougher to pull off.

With hacks crippling small businesses, defend yours with Dashlane business plans

By

When small businesses don't prioritize online security, they may pay the ultimate price. Dashlane for Business can help.
When small businesses don't prioritize online security, they may pay the ultimate price. Dashlane for Business can help.
Photo: Artem Beliaikin/Pexels.com CC

This cybersecurity post is presented by Dashlane.

When you run a small business, you often wear a lot of hats. The strategy hat. The customer service hat. Even the “those floors aren’t going to mop themselves” hat.

Unfortunately, sometimes the network security hat is left on the hook by the door, and that’s just what hackers hope for — lax security and plenty worth stealing, from your cash reserves to customers’ credit card information.

Hackers hit Apple’s Twitter account in widespread bitcoin scam

By

Apple's Twitter account and other high-profile accounts hacked in massive Bitcoin scam.
Apple’s very first Tweet ever isn’t about Bitcoin. Twitter got hacked.
Photo: Cult of Mac

Apple is one of many companies and people who had their Twitter accounts hijacked on Wednesday. A hacker found a way to post on what seems to be any account, indicating that it’s Twitter itself that has been hacked.

All the posts pointed readers toward a bitcoin scam.

iOS vulnerability let hackers attack devices through Mail app

By

iPhone hack
Hack has reportedly been fixed in latest iOS beta.
Photo: Ste Smith/Cult of Mac

San Francisco-based cybersecurity company ZecOps says that iPhones and iPads may be vulnerable to a flaw involving the Mail app, the Wall Street Journal reported Wednesday.

Unlike most email-based phone hacks, which involve making someone click a link or visit a website, this exploit does not require victims to do anything other than download (although not necessarily open) an email. It nonetheless could let hackers install malicious software on their devices.

A ZecOps blog post on the topic says that the vulnerability has existed in Apple’s mobile software as far back as iOS 6.

Security researchers are flooding the market with iOS exploits

By

Zerodium
Here's how much you can make selling certain exploit chains.
Photo: Zerodium

One of the biggest buyers of iOS zero-day exploits says the market is flooded with new iPhone bugs due to weakened security components in Safari and iMessage.

Zerodium, which pays $2 million for iOS exploits, recently announced it’s increasing its payout for Android exploits to $2.5 million. iOS used to be the most locked-down mobile operating system, but the company says Android’s security has improved with every new OS release while iOS has been slacking, leading to a glut of new exploits.

Modified Lightning cables let hackers remotely hack Apple devices

By

Lightning cables that plug into USB-C ports charge your iPhone more quickly.
Hacked cables were shown off at a recent hacking conference.
Photo: Apple

Everyone knows about the risks of phishing email, dodgy downloaded software, and accessing sensitive data while using public Wi-Fi. But how about third-party Lightning cables?

According to a new report, these are a risk as well — with security experts noting that it’s possible for malicious Lightning cables to grant access to your Mac to a remote attacker.

Apple expands bug program with monstrous $1 million bounty

By

The CIA has a team of more than 5,000 hackers.
Hackers can get PAID for finding bugs now.
Photo: Brian Klug/Flickr CC

Apple is ready to pay a bigger bounty than any other tech company when it comes to finding bugs on the iPhone or other Apple products.

The iPhone-maker revealed today at the Black Hat conference in Las Vegas that it will now pay up to $1 million for some discovered vulnerabilities, up from the $200,000 it offered when the bug bounty program began three years ago.

Apple might give hackers special iPhones to plug security problems

By

The CIA has a team of more than 5,000 hackers.
This is what a real hacker looks like. Dry ice is not optional.
Photo: Brian Klug/Flickr CC

Apple has historically not been a company in favor of people jailbreaking its devices. So why would Cupertino give hackers special iPhones to help them find weaknesses in iOS? To patch those problems, of course!

According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.

Athletes’ and musicians’ Apple accounts hacked in phishing scheme

By

Fraudster steals $16k from victim posing as Apple tech support
Dear sir or madam, I am from Apple tech support. What is your password? Love, totally legit guy
Photo: Donald Tong/Pexels CC

Everyone needs to watch out for hackers phishing for their account details, and that includes celebrities. A Georgia man tricked pro athletes and rappers into giving up login details for their Apple accounts, which he used to access to their credit cards, according to the FBI.

The dark web: Staying safe on the internet you don’t see

By

If hackers dump your personal data onto the dark web, you need to know about it. Dashlane Dark Web Monitoring can sound the alarm.
If hackers dump your personal data onto the dark web, you need to know about it.
Photo: sebastiaan stam/Pexels CC

This post is presented by Dashlane.

On the web you don’t see, hackers constantly upload lists of passwords, usernames, Social Security and phone numbers, addresses and other personal information every day. Do you know if your data is being bought and sold on the dark web? Using a service like Dashlane can give you the answer.

How to check if your Facebook account was hacked

By

FAcebook
Some of the alerts you might see in the Facebook app.
Photo: Facebook

30 million accounts on Facebook were recently hacked with attackers gaining access to highly sensitive personal information.

The FBI is investigating the hacking an has asked the company not to reveal who was behind it. Facebook originally disclosed the hack to the public two weeks ago saying 50 million accounts were compromised. That number has now been reduced to just 30 million, but the amount of data stolen makes it the worst attack in Facebook’s history.

Hacker sentenced for ‘Celebgate’ iCloud phishing scam

By

Hacker who tried to extort Apple for $100k is spared prison
iCloud hack took place back in 2014.
Photo: Jim Merithew/Cult of Mac

The fourth hacker responsible for leaking nude images from hundreds of iCloud accounts, belonging to Hollywood celebrities and others, has been sentenced to prison.

Connecticut-based George Garafano was sentenced to eight months, after which he must serve three years of supervised release, as well as performing 60 hours of community service. He plead guilty back in April.

You won’t believe how many e-commerce login attempts are made by hackers

By

Amazon
We bet you'll change your Amazon password after reading this article.
Photo: Mike Seyfang/Flickr CC

Go to your Amazon, Zappos, etc. account now and change the password to something stronger. That’s the takeaway from a cyber security firm’s report that says a whopping 91 percent of all attempts to log into e-commerce websites are from hackers.

Attempts by hackers to log into the sites of airlines, banks, and hotels also account for about half of their traffic.

Huge security flaw leaves macOS High Sierra open to attack

By

macOS High Sierra
Apple let a major security flaw slip through the cracks.
Photo: Apple

A serious security flaw in macOS High Sierra has been exposed that allows anyone to gain full access to affected Macs without knowing the computer’s administrative password.

The bug appears to let someone log into the admin account on a Mac by simply typing “root” as the username while leaving the password field blank. Attackers could potentially exploit the bug to access locked Macs and gain access to personal information.

Hackers claim they fooled Face ID with cheap mask

By

Face ID iPhone X
Face ID has already been hacked.
Photo: Ste Smith/Cult of Mac

Hackers may have already proven that Face ID isn’t quite as secure as secure as Apple claims.

Using a simple 3D printed mask, Vietnamese security firm Bkav, has posted a video showing an iPhone X being unlocked after unveiling a composite 3D-printed mask made of plastic, makeup, silicone and paper cutouts for some facial features.