| Cult of Mac

Is your smart light bulb giving passwords to hackers?

By

A research paper found TP-Link's Tapo L530E smart bulb suffers four security flaws.
A research paper found TP-Link's Tapo L530E smart bulb suffers four security flaws.
Photo: TP-Link

A popular smart light bulb from TP-Link suffers from severe security flaws that could give hackers passwords and other information, researchers said Wednesday.

A paper examined four flaws in the bestselling TP-Link Tapo L530E, which works with Apple’s HomeKit platform.

Wyze knew of its security cameras’ vulnerability for 3 years and told no one

By

A Wyze V2 security camera.
A Wyze V2 security camera.
Photo: Wyze

Media outlets are reporting that Wyze knew for three years about a security flaw that rendered its security cameras vulnerable to hackers. But in all that time, it did not tell its customers about the problem.

News of the flaw broke on Tuesday. Wyze, long know for its inexpensive but useful security cameras, has since responded to the controversy, as noted below.

Pegasus spyware won’t affect ‘overwhelming majority’ of iPhone users, Apple says

By

Fraudster steals $16k from victim posing as Apple tech support
Those misusing the Pegasus iPhone hacking tool allegedly work for governments around the world.
Photo: Donald Tong/Pexels CC

Amnesty International accuses governments around the world of using NSO Group’s Pegasus iPhone hacking tool to illegally spy on journalists and human rights defenders. Apple’s head of Security Engineering and Architecture condemns this type of hacking, but also says that such attacks “are not a threat to the overwhelming majority of our users.”

Hackers’ leak confirms big changes coming to MacBook ports

By

This 14-inch MacBook Pro concept is by Renders by Ian
Hackers leaked details that help confirm that a 2021 MacBook Pro model will look much like this.
Concept: Ian Zelbo/Renders by Ian

Hackers reportedly stole plans for two upcoming 2021 MacBook Pro models from Quanta and leaked details. These help confirm earlier reports that Apple’s next notebook will see a return of MagSafe, the HDMI port and an SD card reader. But no Touch Bar.

iOS 14.5 makes zero-click iPhone attacks even more difficult

By

If hackers dump your personal data onto the dark web, you need to know about it. Dashlane Dark Web Monitoring can sound the alarm.
“Dammit, Apple keeps breaking all my best zero-click attacks.”
Photo: sebastiaan stam/Pexels CC

The next iOS version will make it more difficult for hackers to break into iPhones. Security researchers digging around in Apple’s beta code for iOS 14.5 found that the company began encrypting pointer authentication codes, which will make zero-click attacks far tougher to pull off.

With hacks crippling small businesses, defend yours with Dashlane business plans

By

When small businesses don't prioritize online security, they may pay the ultimate price. Dashlane for Business can help.
When small businesses don't prioritize online security, they may pay the ultimate price. Dashlane for Business can help.
Photo: Artem Beliaikin/Pexels.com CC

This cybersecurity post is presented by Dashlane.

When you run a small business, you often wear a lot of hats. The strategy hat. The customer service hat. Even the “those floors aren’t going to mop themselves” hat.

Unfortunately, sometimes the network security hat is left on the hook by the door, and that’s just what hackers hope for — lax security and plenty worth stealing, from your cash reserves to customers’ credit card information.

Hackers hit Apple’s Twitter account in widespread bitcoin scam

By

Apple's Twitter account and other high-profile accounts hacked in massive Bitcoin scam.
Apple’s very first Tweet ever isn’t about Bitcoin. Twitter got hacked.
Photo: Cult of Mac

Apple is one of many companies and people who had their Twitter accounts hijacked on Wednesday. A hacker found a way to post on what seems to be any account, indicating that it’s Twitter itself that has been hacked.

All the posts pointed readers toward a bitcoin scam.

iOS vulnerability let hackers attack devices through Mail app

By

iPhone hack
Hack has reportedly been fixed in latest iOS beta.
Photo: Ste Smith/Cult of Mac

San Francisco-based cybersecurity company ZecOps says that iPhones and iPads may be vulnerable to a flaw involving the Mail app, the Wall Street Journal reported Wednesday.

Unlike most email-based phone hacks, which involve making someone click a link or visit a website, this exploit does not require victims to do anything other than download (although not necessarily open) an email. It nonetheless could let hackers install malicious software on their devices.

A ZecOps blog post on the topic says that the vulnerability has existed in Apple’s mobile software as far back as iOS 6.

Security researchers are flooding the market with iOS exploits

By

Zerodium
Here's how much you can make selling certain exploit chains.
Photo: Zerodium

One of the biggest buyers of iOS zero-day exploits says the market is flooded with new iPhone bugs due to weakened security components in Safari and iMessage.

Zerodium, which pays $2 million for iOS exploits, recently announced it’s increasing its payout for Android exploits to $2.5 million. iOS used to be the most locked-down mobile operating system, but the company says Android’s security has improved with every new OS release while iOS has been slacking, leading to a glut of new exploits.