security - page 3

Hackers see COVID-19 as a big opportunity for new exploits

By

hacker
We should be even more vigilant online.
Photo: Clint Patterson

A new report published on Friday by the European Union Agency for Law Enforcement Cooperation (Europol) details the many ways hackers are using the COVID-19 pandemic to exploit unsuspecting targets.

It includes new social engineering attacks that convince email users to give up sensitive data, and an increase in malware distributed via malicious links. Europol calls for law enforcement agencies to be vigilant and prepared.

How to switch off iCloud backups, and why you might not want to

By

iCloud backups locker room
Apple might keep iCloud backups locked in rooms like this one.
Photo: Liz Weddon/Unsplash

Last week’s revelation that iCloud backups can be accessed by Apple, and are regularly given to law enforcement agencies, came as a big surprise to many people. Isn’t Apple the company that claims to protect your data? While your iPhone or iPad is locked down, much of your iCloud data, including1 your iMessages, is available to Apple. The only way to prevent Apple, and government agencies, from accessing that data is to switch off iCloud backups, and make local backups instead.

Facebook Messenger could protect your messages with Face ID

By

Face ID
An extra layer of protection for your messages.
Photo: Apple

Facebook Messenger could soon add Face ID support to protect your conversations from nosy neighbors.

The feature would prevent access to Messenger until it is first unlocked with your face. It seems like a useful addition to the app for the security-conscious, but it’s still in development for now.

How to stop Safari asking permission to download everything

By

safari download
Imagine if real deliveries had to be given permission to arrive. What a second…
Photo: Kelli McClintock/Unsplash

Ever since Safari 13, the Mac browser now prompts you every time you try to download a file. In this way, it behaves much like Safari for iOS. It’s a security feature, clearly designed to stop websites sneaking files onto your computer. But perhaps you value the convenience of uncontrolled downloads more than this added security? If so, you’re in luck, because you can turn this feature off. Better still, you can still block Safari downloads from “bad” sites, even while allowing new ones automatically.

How to safely erase your iPad, iPhone or Mac before returning it

By

The hardest part of returning a MacBook is removing the stickers.
The hardest part of returning a MacBook is removing the stickers.
Photo: Charlie Sorrel/Cult of Mac

Did you get a MacBook, iPhone, or iPad this holiday season? Are you going to return it? The good news is that, even if the gift was purchased back in November, you can still return it thanks to Apple’s generous holiday return policy. But if you’ve already set things up and used the iDevice of the Mac, then you need to wipe your data off before you return it. Here’s how.

PureVPN offers good VPN for Mac at an 89% Christmas discount

By

Get a great deal on a VPN for your Mac with PureVPN.
Get a great deal on a VPN for your Mac.
Image: PureVPN

This VPN post is presented by PureVPN.

There are many good reasons to use a virtual private network (VPN). Now you can add one more to the list. PureVPN just announced its biggest deal of the year — an 89% discounted Christmas sale price on its five-year plan (now $69). That’s a good VPN for Mac at a great price.

Can’t launch your apps on macOS Catalina? Here’s the fix

By

no entry sign
Catalina makes opening non-approved apps scary.
Photo: Charlie Sorrel/Cult of Mac

macOS 10.15 Catalina is ruthless about launching unknown apps. Unless your app comes direct from the App Store, or the app’s developer got the app notarized by Apple, it won’t launch. Double click on it, and you’ll see a warning — and nothing else. There’s no option to say you trust the app and launch it despite Catalina’s warnings.

But you can still launch those apps. It’s just that Apple hides the controls in the hope that you’ll give up. It’s petty, and it shows a lack of respect for you, the user. However, it’s also dead easy to fix this problem. Let’s see how to launch any app on macOS Catalina.

How to unlock your Mac with Apple Watch

By

Apple Watch Unlock in action.
Apple Watch Unlock in action.
Photo: Apple

Maybe my favorite Continuity feature is Apple Watch Unlock for the Mac. Once you set it up, you’ll never need to enter your password to unlock your Mac ever again — not until you restart it, anyway. It’s one of the best examples of Apple’s It Just Works™ philosophy, and it will change the way you use your Mac.

Protect yourself from online scammers the easy way

By

To avoid online scams, try common sense and useful technology like Dashlane.
To avoid online scams, try common sense (and useful technology like Dashlane).
Photo: Richard Patterson/Comparitech CC

This online security post is presented by Dashlane.

Remember the “Nigerian prince” who famously emailed financial requests far and wide more than a decade ago? It was a variant of the advance-fee scam, aka The Spanish Prisoner scam. Even just last year, Americans lost $700,000 to such schemes, according to security firm ADT. And it all comes to mind again with recent news of outlandish online scams originating from the same country. But how do these people manage to keep getting away with people’s money, information and identities? It makes you wonder how to protect yourself from online scammers.

iPhone 11 uses your location even after you block access

By

Analyst complains iPhone’s average selling price is slipping
iPhone 11 keeps tabs on your whereabouts.
Photo: Killian Bell/Cult of Mac

iPhone 11 units are using location services even after access has been blocked by the user, a new report reveals.

Security researchers have discovered that Apple’s latest handsets intermittently seek location information regardless of the user’s privacy settings. Apple says it is “expected behavior.”

How to set a strong passcode on Apple Watch

By

Keep your Apple Watch safe with a proper, long, strong passcode.
Keep your Apple Watch safe with a proper, long, strong passcode.
Photo: Chuttersnap/Unsplash

The default passcode length on the Apple Watch is just four digits. And while it’s true that you don’t keep as much sensitive data on the smartwatch as you do on an iPhone, and that your Apple Watch is arguably safer from bad actors because it is always strapped to your wrist, it’s still worth making this passcode more secure. After all, it’s not like you have to enter your strong passcode very often, right?

Today we’ll see how to change your Apple Watch passcode to a longer one. And we’ll also check out a neat feature that lets you skip entering the passcode altogether.

Jamf Now helps keep your organization’s devices secure through macOS Catalina and iOS 13 updates

By

Jamf Now devices
Jamf Now helps keep employees' devices secure and up to date.
Photo: Jamf Now

This OS updates and security post is presented by Jamf Now.

Apple’s new operating systems, macOS Catalina and iOS 13, bring innovative capabilities to organizations using them. A streamlined approach to Apple upgrades ensures security measures are met, an accurate systems inventory is maintained and downtime is eliminated. Mobile device management products like Jamf Now help simplify the upgrade process and maintain security of employees’ devices by keeping them up to date.

How to disable iOS 13’s link previews

By

Link previews
The iPad version has a toggle directly over the preview image.
Photo: Cult of Mac

In iPadOS and iOS 13, long-pressing a link does two things simultaneously. It brings up a contextual menu with options for sharing and so on, and it loads a preview of the linked web page. Apple calls this a link preview.

But what if you don’t want a link preview? Maybe you’re on a cellular connection and you don’t want to waste data by loading pages you won’t read. Or maybe you only need the link, and never want to see the page. What if it’s a link to a huge image, or an MP3? Or perhaps it’s a link in an email, and you want to use the contextual menu to check the URL for scams. In this last case, there’s no way you want that link to load. It could prove disastrous.

The good news is that you can disable link previews in iOS 13 with a single tap.

How to enter Mac passwords with your Apple Watch

By

Apple Watch password
Is there anything the Apple Watch can’t do?
Photo: Jens Kreuter/Unsplash

You know how you can double-press the side button on your Apple Watch, and then wave it over a contactless terminal to pay with your credit card? Wouldn’t it be great if you could do the same with your Mac login password? Instead of having to type your password to authenticate yourself, you’d be able to double-tap the Apple Watch’s side button to do it instantly.

Well, now you can do exactly this — if you’re running macOS Catalina.

Apple patches iCloud, iTunes for Windows to plug malware hole

By

Apple iCloud for Windows app
Update today!
Photo: Microsoft/Cult ofMac

Apple’s latest patches for iTunes and iCloud for Windows are out to block potential ransomware attacks.

The software previously contained a vulnerability that allowed malware to piggyback on Apple’s digital signatures and go undetected by antivirus software.

And don’t assume you’re safe if you’ve already uninstalled Apple’s apps.

New York City uses Israeli tools to crack into locked iPhones

By

GrayKey can bypass iPhone security
iPhone security is no match for Cellebrite.
Photo: Ed Hardy/Cult of Mac

Law enforcement agents in New York City have been cracking into locked iPhones since January 2018, according to a new report.

Agencies are using a tool called Universal Forensic Extraction Device (UFED) that’s developed by Israeli firm Cellebrite. It is said to have cost at least $200,000 and allows a full file system extraction.

How to check (and block) apps that track you on iPhone and iPad

By

Protect iOS your privacy and data with a firewall app.
Protect iOS your privacy and data with a firewall app.
Photo: Capturing the Human Heart/Unsplash

Safari’s content blockers effectively block trackers and other Bad Stuff on the web, but that only works in Apple’s browser. Any other app you install on your iPhone or iPad can send all kinds of personal information to anyone, without you ever knowing. Your location, the details of your menstrual cycle, how long you spend asleep — pretty much anything.

So how do you stop this? Well, iOS 13 itself can help limit some abuses. But what you really need is an iOS firewall app that can detect and shut down any unauthorized connections.

iOS 13 flaw exposes all your contacts data

By

Find My Friends
Keep your iPhone close by.
Photo: Ed Hardy/Cult of Mac

A newly-discovered flaw in iOS 13 lets anyone access your contacts without your passcode.

It takes just a few simple steps to bypass your iPhone’s lockscreen and see every phone number, email address, and physical address you have saved. But a fix is already on the way.

Security researchers are flooding the market with iOS exploits

By

Zerodium
Here's how much you can make selling certain exploit chains.
Photo: Zerodium

One of the biggest buyers of iOS zero-day exploits says the market is flooded with new iPhone bugs due to weakened security components in Safari and iMessage.

Zerodium, which pays $2 million for iOS exploits, recently announced it’s increasing its payout for Android exploits to $2.5 million. iOS used to be the most locked-down mobile operating system, but the company says Android’s security has improved with every new OS release while iOS has been slacking, leading to a glut of new exploits.

iPhone security exploit allegedly used to target Uyghur Muslims

By

Apple Security Jacket
Security flaw made it possible to infect iPhones using malicious code.
Photo: Jim Merithew/Cult of Mac

An iPhone exploit which used malicious websites to hack iPhones was used to target Uyghur Muslims in China.

The security exploit was recently disclosed by Google researchers. It involved infecting users with malicious code, allowing an attacker to gain access to their phone. Apple fixed the vulnerability earlier this year, before the news was publicly shared.

Secure-erasing your Mac’s disks is no longer secure, Apple says

By

secure erase
Encrypting your disk is way safer than trying to 'secure' erase it.
Photo: Charlie Sorrel/Cult of Mac

In the olden days, when you wanted to replace your hard drive with a bigger one, you’d run a “secure erase” on it to completely remove any personal data. This would write zeros to the entire disk, overwriting anything already there.

But now, thanks to advances in storage tech, this no longer does the trick. (Not that you can change your own Mac SSDs now anyway.) The new secure-erase, says Apple, is to just encrypt your disk.

Apple might give hackers special iPhones to plug security problems

By

The CIA has a team of more than 5,000 hackers.
This is what a real hacker looks like. Dry ice is not optional.
Photo: Brian Klug/Flickr CC

Apple has historically not been a company in favor of people jailbreaking its devices. So why would Cupertino give hackers special iPhones to help them find weaknesses in iOS? To patch those problems, of course!

According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.