Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple. Show all posts
User Privacy
Apple Chrome cloud storage Cyber Crime Google Safe Browsing iPhone User Privacy

Remember to Clear the Cache on Your iPhone

Websites and apps may load more quickly by taking advantage of the cache, a designated area in your iPhone that stores temporary data. As cache data use up space on your phone, it's a good idea to wipe it off frequently to improve browsing speed. When you free up space on your iPhone by clearing the browser or app cache, you may notice a speed and performance improvement. This is especially true if you're experiencing performance concerns.

Clearing cache on  iPhone

For iPhones, Safari is the default browser, which lets you clear the cache in just a few simple steps. This method has a major impact on all devices logged into your iCloud account starting with iOS 11. As a result, the caches on all of your devices will be emptied, and the next time you use them, you'll have to sign in to each one separately. Here is what to do.

1. Launch the iPhone's Settings app.
2. From the list of programs, choose Safari.
3. Choose Clear Website Data and History.
4. The pop-up box will allow you to select Clear History and Data.

Even though cleaning your browsing history in Chrome logs you out of websites, it doesn't appear to dismiss all open tabs. You will need to re-log into any websites you may have been visiting.

With Chrome, remove the iPhone cache

1. Start the Chrome application.
2. To access more options, click the three dots in the lower right corner.
3. Choose Settings by swiping up from the top.
4. On the following menu, choose Privacy and Security.
5. After that, choose Clear Browsing Data to bring up one final selection.
6. At the top-left corner of the menu, choose the desired time frame.
7. Check to see if Cached Images and Files, Cookies, and Site Data are all selected. At the very bottom of the screen, select Clear Browsing Data.


Caches and cookies 

Cookies are little files that carry passwords and personalization data and store data about your online behavior. Many cookies, including those that keep you logged in to regularly visited websites, are helpful; nevertheless, some third-party cookies track your behavior on many websites. This could contain potentially sensitive data, such as your search history and your clicked links.

Contrarily, a cache stores data files that your browser or application is likely to utilize frequently. Avoiding the need to constantly download the same data, can improve the performance of your phone.

Caches typically only need to be cleared once every two to three months. Usually, at that point, your browser will start accumulating a cache big enough to start slowing things down. One should be cautious of cleaning your cache more frequently if you visit many websites.




Read more »
Unauthorized access
Apple AssistiveTouch Face ID iPhone iPhone Features Privacy Smartphones Unauthorized access

Change the Face ID Settings to Prevent Anyone Access to Your iPhone


The innovations in iPhones keep adding enhanced and advanced privacy features. For instance, the setting in which one can hide their IP address when an email is being sent. Thus, safeguarding users from being tracked by nasty advertisers. 

One such advanced security feature that Apple has come up with is its renowned face ID. But is it really as secure as Apple claims it to be? 

Your Face ID is Vulnerable Unless You Change This Setting 

Initially, Apple’s Face ID utilizes its TrueDepth camera, capturing facial data with incredible accuracy by projecting and analyzing thousands of invisible dots. It creates a map of all your creases and wrinkles and saves that information as a code to unlock your phone. 

Additionally, Face ID automatically adjusts to the development (if any) that may have gone through the look, like when you wear makeup or grow facial hair. Face ID uses your passcode to verify your identity when there has been a more significant change to your look, such as removing your beard, before updating your face data. 

Hats, scarves, glasses, contact lenses, face masks, sunglasses, and other headwear are all compatible with Face ID. According to Apple, the odds of someone else's face unlocking your iPhone are one in a million. 

What About Your Face? 

One of the common and obvious concerns is: what if someone unlocks your phone by holding it up to your face, while you are asleep? Well, the good news is that these systems usually never work when you have your eyes closed. 

The bad news? This security feature on your phone can well be disregarded. But, to prevent this from happening, there is something that can be done as discussed below: 

Smartphones are equipped with specific security features for users with hearing, visual, or mobility impairments. You can either use your phone to dictate what appears on the screen or enlarge the words on it. If you have trouble touching the screen or pushing the buttons on your iPhone, features like 'AssistiveTouch' would make it easier for you to utilize it. 

These are some vital tools that assist them to their aid, for users who need them. Yet, there is a setting that can compromise your security. 

Face ID also offers an accessibility feature to help those who are blind or have vision impairment. With the help of this setting, you may unlock your phone without having to open your eyes. While some users may need this, one should avoid using the feature if their feature is not impaired. Here is where to find it: 

  • Go to Settings > Accessibility > Face ID & Attention. 
  • Make sure Require Attention for Face ID is enabled. 

Although this setting is enabled by default, someone who has access to your phone could lock it while you are asleep and then turn it back on. Thus, to avoid the frightening consequences that may ensue, a brief check and constant monitoring here is more than worthwhile.  

Read more »
TikTok
App Stores Apple Cyber Security Google Safety Security TikTok

Apple and Google are Under Rising Pressure to Remove TikTok From App Stores

 

In a letter to Apple and Google CEOs Tim Cook and Sundar Pichai on Thursday, Sen. Michael Bennet (D-CO) demanded that TikTok be removed "immediately" from their app stores. Bennet's push to limit app downloads is the latest in a string of congressional actions to outlaw the embattled Chinese-owned app. Republicans and Democrats have been calling on their colleagues and Biden administration officials to impose stricter data collection restrictions or a nationwide ban on the app since January, citing potential threats to US national security. 

“TikTok’s vast influence and aggressive data collection pose a specific threat to US national security because of its parent company’s obligations under Chinese law,” Bennet wrote. “Given these grave and growing concerns, I ask that you remove TikTok from your respective app stores immediately.”

Bennet, a member of the Senate Intelligence Committee, is the first lawmaker to contact app store providers such as Apple and Google and request that TikTok be removed. TikTok has been in talks with the federal government, specifically the Committee on Foreign Investment in the United States (CFIUS), for more than three years in order to continue operating its app in the United States. TikTok has come under increasing scrutiny from lawmakers who are concerned that the app may share US user data with the Chinese government. 

TikTok CEO Shou Zi Chew described "Project Texas," the company's plan to move all data from Virginia and Singapore to US-based Oracle servers overseen by a new subsidiary known as TikTok US Data Security Inc., in a rare public interview at last year's New York Times DealBook summit.

Despite these efforts, public pressure to ban the app has grown in response to revelations that ByteDance employees have repeatedly accessed the data of US users over the last few years.
Forbes reported in December that ByteDance employees improperly obtained data collected from US users. At least two reporters' data was viewed by ByteDance employees who were looking into previous leaks of internal company documents. ByteDance affirmed the reports and stated that all four employees involved in the scheme, two of whom worked in China, had been fired.

TikTok and CFIUS have yet to reach an agreement to keep the app operational in the United States. The Wall Street Journal reported last month that talks between the two parties had stalled, postponing any expected deal. With TikTok's future uncertain, lawmakers have begun to pursue their own solutions. Chew was scheduled to appear at a House Energy and Commerce Committee hearing on US user safety and security earlier this week.

“Big Tech has increasingly become a destructive force in American Society,” chair Cathy McMorris Rodgers (R-WA) said in a statement Monday. “Bytedance-owned TikTok has knowingly allowed the ability for the Chinese Communist Party to access American user data.”

TikTok spokesperson Brooke Oberwetter welcomed "the opportunity to set the record straight" in response to Monday's hearing announcement. During the March 23rd hearing, Oberwetter stated that TikTok intends to discuss its "comprehensive plans" to protect US user safety. 

Unlike Google, Apple has a lot to lose in terms of its relationships with both the United States and China. Cook's ability to maintain working relationships with the Chinese government and manufacturers has contributed significantly to Apple's success.
Read more »
Vulnerability
Apple data security Flaws Government iPhone Mobile Phones Safety User Vulnerability

Government Issues High-risk Warning for iPhone Users

 

Apple iPhones are known for their strength and security features. The Cupertino-based tech behemoth releases security updates for its devices on a regular basis. Although Apple recommends that people install the most recent builds of iOS on their iPhones in order to have a more protected and feature-rich operating system, older iPhone models are incapable to deploy the most recent updates due to hardware limitations. 

Some users prefer to run older versions of iOS for simplicity of use, but it's important to note that older iOS versions are easier to exploit. One such flaw has been discovered in Apple's iOS, and the Indian government has issued a warning to iPhone users.

According to the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, a vulnerability in iOS has been disclosed that could permit an attacker to implement arbitrary code on the targeted device. Apple iOS versions prior to 12.5.7 are vulnerable for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

This vulnerability exists in Apple IOS due to a type of confusion flaw in the WebKit component, according to CERT-In. An attacker could utilize this vulnerability by luring the victim to a maliciously crafted website. An attacker who successfully exploits this vulnerability may be able to execute arbitrary code on the targeted system. 

The security flaw is actively being exploited against iOS versions prior to iOS 15.1. To avoid being duped, install the new iOS 12.5.7 patch, which Apple released earlier this week.
Read more »
User Data
Apple ATT Privacy Contextual Data IDFA iOS iOS 14.5 Mobile Advertisements Privacy User Data

How Does Increased User Privacy Alter Mobile Advertisement Set-up?


Since Apple came up with its ATT privacy framework in order to garner users' control over their data, tech businesses are facing challenges over making tradeoffs to adapt to the new data restrictions, while still maintaining their growth objectives. 

While mobile advertisements would no longer be able to target iOS users via their personal IDs, who certainly did not consent to be tracked, there are numerous different alternative ways at their disposal - such as contextual signals and probabilistic attribution – to aid in targeting quality potential customers across the mobile ecosystem. 

Given that the Identifier for Advertisers has been deprecated, in-app advertising may appear to be less effective (IDFA). However, with adequate data, tactics, and partners, it is not only still a feasible growth strategy but also a crucial one. 

Changes Made After iOS 14.5 

Under the new privacy restrictions introduced by Apple, app advertisers can no longer rely on the IDFA to provide them with device-level user data in order to pursue iOS device users with relevant advertisements. 

Since advertisers can no longer track users’ activities across apps on iOS, such as clicks, downloads, and conversions, advertisers are less able to measure the efficacy of their ads and use that data to manage their campaigns and ad budgets. 

Performance Marketing is Different, Not Worse 

With iOS 14.5, while advertisers would not be able to access device ID data, they can still utilize contextual signals in order to show ads to a quality audience. 

Contextual signals are the privacy-induced data points that transmit significant information regarding an ad opportunity, such as location device type, and information about the environment in which an ad is shown (i.e. characteristics of an app or website). 

With this kind of data, advertisers may use contextual targeting to precisely estimate the possibility that a user would interact with an advertisement by matching an ad to an impression opportunity. They can then decide how much to bid for each impression. 

Since users are automatically opted out of IDFA tracking, advertisers will no longer be able to access device IDs in order to access data on how a user interacts with the ad, nor target audience one-on-one based on their in-app activities. Instead, machine learning models are utilizing new contextual signals to effectively predict user response. 

New Data, New Competitive Landscape 

Contextual data can further be combined with other metrics. For Example, the number of interactions with a certain ad element reveals which aspect of the creative is most effective. Of course, this is not as accurate as using the IDFA, but thanks to advancements in machine learning (ML) technology, it is now able to absorb these signals and forecast the value of each ad impression in real-time with a level of accuracy that is almost on par with device ID-powered advertising. 

Moreover, the competitive landscape of mobile advertising is more level than it has ever been. In recent times, all tech giants (such as Facebook and Google) have limited information about their users than before. This has eventually compressed the space, and niche players with specialized historical ML models and more active algorithms compete with the tech giants. 

For the given reason, the marketing platforms that continue to make investments in enhancing the effectiveness of their models by including more predictive signals have experienced the most success in the wake of the deprecation of the IDFA. 

Through more effective bidding, lower CPIs, improved user quality, and eventually higher ROAS for their advertisers, it will be possible to continuously train models to boost their prediction accuracy.  

Read more »
Privacy Policy
Apple CMO Customer Engagement Cybersecurity Data Privacy Rule Privacy Privacy Policy

Customer Engagement Rethinks After Apple's Data Privacy Rules

 


The changes to Apple's privacy policy last year were one of those events where the worried predictions turned out to be precisely the opposite of what happened – specifically, marketers will have a significant reduction in their ability to target and personalize ads based upon their online behavior, which will have a downstream impact on the social media giants' ad revenues. As a result of these factors, the money that Chief Marketing Officers (CMOs) continue to spend on marketing is becoming less and less effective. 

ROI has plunged by nearly 40% by some measures based on the data available. Marketing professionals are scrambling to keep up with the new environment. As of yet, it has not made a notable difference in the manner in which they behave. 

The marketing community still thinks that we live in an advertising world in which a vast amount of data has been made available. The majority had not yet adopted a policy that they believed would be most beneficial for them. In a post-privacy era, in which marketers are given less and less information about individuals or their digital consumption across a broad range of devices and platforms, marketers must engage with their customers as soon as they show an interest in their products. 

Value exchange

A person cannot be assumed to be an ideal demographic candidate for your product simply by reaching them, especially if your product requires a great deal of consideration. 

It is still imperative to have some exchange of value where marketers give something to customers that they need - something that is more often just more information - as a way to gain their attention and hopefully gain their loyalty in the future. 

It would be impossible to exist in mattress stores or any physical retail store if these requirements were not necessary. There is no doubt that consumers tend to stick with what they know and love, even when it comes to transactions and that is why it is now up to digital marketers to re-create the three-dimensional relationships that still exist in life instead of just online transactions. 

Several aspects of Apple's reformed privacy policy make it apparent that marketers have become far too lazy in many ways. As a result, they had become accustomed to an environment where they could observe signals that would enable them to predict future shopping behavior for every customer they encountered. 

It is crucial to understand that the absence of this world does not mean brands are doomed to fail. To put it simply, it means that they need to come up with original and creative ways of accomplishing their goals, which may even require them to re-learn some old lessons they may have forgotten over the years.   
Read more »
Vulnerabilities and Exploits
Adobe Apple Cisco Security CVE vulnerability Microsoft Vulnerabilities and Exploits

50% of KEV Catalog Were Big Corporations

According to Grey Noise, almost 50% of the upgrades to the KEV catalog in 2022 were due to actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products. The KEV catalog's earlier vulnerabilities from before 2022 made up 77% of the updates. 

In the initial year of the catalog's existence, CISA identified over 850 vulnerabilities, excluding   300 vulnerabilities reported in November and December 2021. As per CSW's Decoding of the CISA KEV study, "the fact they are a part of CISA KEV is rather significant as it suggests that many businesses are still using these outdated systems and therefore are ideal targets for attackers."

Based on a study by a team from Cyber Security Works, a handful of the vulnerabilities in the KEV catalog come from devices that have already reached End-of-Life (EOL) and End-of-Service-Life (EOSL). Despite the fact that Windows Server 2008 and Windows 7 are EOSL products, the KEV catalog identifies 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

The catalog has evolved into the official source for information on vulnerabilities by attackers, even though it was initially designed for vital infrastructure and public service firms. It is crucial since, by 2022, the National Vulnerability Database assigned Common Vulnerabilities and Exposures (CVE) identifiers to over 12,000 vulnerabilities.  Corporate teams can establish customized priority lists using the catalog's curated list of CVEs that are currently being attacked. 

In reality, CSW discovered there was a slight delay between the time a CVE Numbering Authority (CNA) like Mozilla or MITRE issued a CVE to a flaw and the time the vulnerability was posted to the NVD. For instance, the BitPaymer ransomware took advantage of a vulnerability in Apple WebKitGTK (CVE-2019-8720), which Red Hat assigned a CVE for in October 2019 but was added to the KEV catalog in March. As of the beginning of November, it has not been included in the NVD.  

According to CSW, 22% of the vulnerabilities in the catalog are privileging execution issues while 36% of the vulnerabilities are remote code execution problems. Whenever a vulnerability is actively being exploited, has a CVE assigned to it, and is supported by clear mitigation instructions, does CISA update the KEV catalog. 


Read more »
Vulnerabilities and Exploits
Apple Gatekeeper Google macOS Microsoft Vulnerabilities and Exploits

MacOS Gatekeeper Bypass Known as Achilles: Microsoft Warns



It is possible that an Apple gatekeeper bypass vulnerability in macOS could allow cyber-attackers to install malicious programs on target Macs, regardless of the Lockdown mode the user has enabled in macOS. 

In addition to discussing the details of the bug (CVE-2022-42821), which Microsoft has dubbed "Achilles," researchers were also able to construct a working exploit by exploiting the Access Control Lists (ACLs) feature of macOS, which allows applications to be governed by finely tuned permissions. 

Apple Gatekeeper is a popular target for application vetting

Apple Gatekeeper is a security technology that was created by Apple, as a way to ensure that only "trusted apps" are allowed to run on Mac devices - that is, those that are approved by Apple and signed by a legitimate authority. A blocking pop-up is shown to the user when Gatekeeper cannot validate the software, explaining that the app cannot be run due to security concerns. 

As a result of this development, users are less likely to be vulnerable to malicious sideloaded applications from pirate sites or third-party app stores, which may have been accidentally downloaded. 

Microsoft researchers noted, however, that con men have spent quite some time attempting to find ways around the feature that could allow them to bypass it, as indicated by previously exploited vulnerabilities, such as CVE-2022-22616, CVE-2022-32910, CVE-2021-1810, CVE-2021-30657, CVE-2021-30853, CVE-2019-8656, and CVE-2014-8826. 

It is not surprising that the user base is being bothered by such kinds of problems. Gatekeeper bypasses such as these are sometimes exploited by malware and other threats to gain initial access to macOS systems. This in turn increases the success rate of malicious campaigns and attacks on the system or the success rate of these programs. In our analysis, the data shows that fake apps will remain one of the most popular entry points for attackers on macOS over the coming years. This indicates that Gatekeeper bypass techniques will be a crucial element for attackers to leverage. 

The discovery of a new gatekeeper bypass

The Microsoft team took advantage of details surrounding CVE-2021-1810 to create a security bypass - and they succeeded in doing so by adding permissioning rules (using the ACL mechanism) to malicious files as part of the process. 

A quarantine mechanism is employed by Apple for downloaded apps, according to the advisory: "When you download an app from a browser, such as Safari, the browser automatically gives it an attribute called a special extended attribute." During enforcing policies such as Gatekeeper, com.apple.quarantine is used in the context of implementing the policy." 

As an additional feature, the macOS file system provides the opportunity for you to apply a special extended attribute known as com. apple. al. text. This extended attribute can be used to set arbitrary access control lists. 

According to Microsoft researchers, each ACL has a certain number of Access Control Entries (ACEs) that govern what each principal can and cannot do, much like firewall rule sets do for addresses. Accordingly, we decided to limit the complexity of these downloaded files by adding very restrictive Access Control Lists. These ACLs prohibit Safari (and any other program) from setting any newly extended attributes, such as the com. apple.quarantine attribute in the downloaded files. 

In addition, without the quarantine attribute, the Gatekeeper is unaware that the file needs to be checked. Therefore, it is easily bypassed by bypassing the security mechanism entirely. 

The researchers at Microsoft discovered that Apple's Lockdown feature, which Microsoft debuted in July to protect at-risk targets from state-sponsored spyware, cannot prevent the Achilles attack from obtaining the necessary exploits. 

"We note that Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed at stopping zero-click remote code execution exploits, and therefore does not defend against Achilles," according to Microsoft. 

In July, Apple received an alert about the issue and was able to fix it in the latest macOS version. For maximum protection against cybercrime, Mac operating systems must be updated as soon as possible.
Read more »
User Privacy
Apple data security End-to-End Encryption FBI Mobile Security User Privacy

FBI: 'Deeply Concerning' Apple’s End-to-End Encryption

 

Apple recently unveiled several new privacy-focused features intended at better safeguarding user data stored in iCloud, but although privacy advocates and human rights organizations have praised the move, law enforcement agencies have expressed concerns. 

They seem to be worried that criminals from all backgrounds would abuse the privilege rather than being against increased privacy. 

The FBI said in an email to the Washington Times that Apple's end-to-end encryption "reduces our capacity to defend the American people from criminal activities ranging from cyber-attacks and crimes against minors to drug trafficking, organized crime, and terrorism." 

Sasha O'Connell, a former FBI agent, also commented at the time, telling the New York Times that there are some important considerations. Although it is excellent to see businesses putting security first, there are trade-offs to be aware of, one of which is the effect on law enforcement's ability to access digital evidence. 

iMessage Contact Key Verification, Advanced Data Protection for iCloud, and Security Keys for Apple ID are just a few of the new security-focused features that Apple recently unveiled. However, it was Advanced Data Protection for iCloud that really got the FBI's attention. With the new functionality, only reputable devices will be able to decrypt and view the encrypted data that is saved in iCloud. 

In other words, neither Apple nor anyone else will be able to read the information that users have stored in iCloud on Apple's servers. 

FBI versus Apple 

The FBI and Apple have previously run into each other. Approximately six years ago, the FBI seized an iPhone from Syed Farook, one of the two terrorists who attacked the Inland Regional Center in San Bernardino, California. Farook was one of the two attackers. The two murdered 14 people and injured 22 others on December 2, 2015.  

When the iPhone became locked, there was a big conflict between the FBI and Apple over whether or not the latter had the ability or inclination to unlock the endpoint. Even the US Congress took up the issue, with practically all of the nation's tech firms supporting Apple. When the FBI, with the aid of a third party, was able to unlock the iPhone, everything calmed down. Later, the media revealed that the in question third party is Cellebrite, an Israeli mobile forensics company.
Read more »
User Privacy
Apple Data protection Encryption FBI iCloud malware User Privacy

Apple Improves iCloud Data End-to-End Encryption

Apple took a step further in its continuous effort to offer people even better ways to safeguard private data when it unveiled new cutting-edge security capabilities aimed at defending against attacks on user data in the cloud. 

Advanced Data Protection allows trusted devices of iCloud users sole access to the data encryption for the majority of their data. It is already available in the U.S. for participants in the Apple Beta Software Program and will be available to all U.S. customers by the end of the year.

According to a press release from Apple, the only essential categories excluded from Advanced-Data Protection are iCloud Mail, Contacts, and Calendar due to the necessity to interoperate with the worldwide email, contacts, and calendar systems.

Apple apparently abandoned plans to provide end-to-end encryption to iCloud backups after the FBI objected. Privacy organizations like the Electronic Frontier Foundation have long urged Apple to do this.

These new features join a number of other safeguards that make Apple products the most secure on the market, including the setups directly into our specially made chips with efficient system encryption and data protections and features like Lockdown Mode, which provides an extremely high level of optional security for users like journalists, human rights activists, and diplomats. Apple is committed to enhancing device and cloud security or continuously introducing additional safeguards.

Despite the fact that the great majority of users will never be the target of extremely sophisticated assaults, the functionality adds an essential degree of security for users. If a highly skilled opponent, such as a state-sponsored attacker, were ever to be successful in accessing cloud servers and inserting its personal device to spy on these encrypted communications, conversations between users who have activated iMessage Contact Key Verification receive immediate alerts.

According to an Apple official, the company has been trying to add hardware keys for some time, but most recent version of FIDO standards, it was cautious about implementation and usability. A recent increase in the availability of the keys, the spokesman added, as well as evolving and intensifying threats, were further driving factors for the business.

Read more »
Twitter
App Store Apple Elon Musk Technology Tim Cook Twitter

Twitter Feud with Apple Boss Resolved, Says Elon Musk


Twitter CEO Elon Musk has recently said that he and Apple boss Tim Cook have “resolved the misunderstanding” over Twitter being possibly removed from the App Store. 

The feud began when earlier this week, Musk, in a series of tweets accused Apple of halting most of the advertisements and threatening to remove the platform from its App Store. He added that this situation had become “a battle for the future of civilization.” 

However, Apple’s chief executive tweeted on Wednesday that “Tim was clear that Apple never consider doing so.” While he did not say whether Apple’s advertising was discussed in the meeting. 

The meeting between the two CEOs as numerous companies have halted spending on advertisements on Twitter, due to concerns over Elon Musk’s content moderation plan. 

This would apparently be a major setback for Twitter since Twitter relies on advertisements for the majority of its aggregate revenue. 

On Monday, the Twitter CEO accused apple of “censorship,” while also criticizing its policies, particularly the levies it imposes on purchases made through its App Store. “Apple has mostly stopped advertising on Twitter. Do they hate free speech in America?” said Musk. 

Later, Musk updated his Twitter followers that he was meeting with Mr. Cook at Apple’s headquarters, adding in his tweet: “Good conversation. Among other things, we resolved the misunderstanding about Twitter potentially being removed from the App Store. Tim was clear that Apple never considered doing so.” Meanwhile, Apple has not made any official comment on the said meeting. 

Weeks after Mr. Musk became the chief executive, Twitter lost at least half of its major advertisers. This estimates a loss of nearly $750 million to the social media giant, as reported by Media Matters, a non-profit watchdog. 

Some of the major advertisers lost included General Mills and Pfizer. Musk as well acknowledged that this defection has resulted in a “massive drop” in revenue, with the company losing $4 million per day. 

Apple, on the other hand, is consistently one of the major advertisers on the social network company, spending over $100 million annually, as reported by Bloomberg.  

Read more »
Twitter
Apple Cyber Security Elon Musk iPhone Smartphone Twitter

Elon Musk is Planning to Develop an Alternate Smartphone

If Apple decides to remove Twitter from the App Store, Elon Musk has an easy strategy,  to build his own smartphone. 

Musk has changed a lot about Twitter since he joined at the end of October, including major staff cuts and firings that prompted managers in charge of data privacy and content moderation to resign.

In terms of content filtering, Musk fundamentally supports the right to free expression. Additionally, he apparently intends to attempt and make money for Twitter through explicit content. When Jack Dorsey was in charge, content filtering was more deliberate and concentrated on user 'safety,' outlawing obscenity, hate speech, and violence. 

Musk tweeted on Friday night, "If Apple & Google expel Twitter from their app stores, @elonmusk should manufacture his own smartphone," in response to the conservative commentator Liz Wheeler. The prejudiced, snooping iPhone & Android would be cheerfully abandoned by half of the country. A foolish little smartphone ought to be simple for the man who makes rockets to Mars, right? ”

"I sincerely hope it never comes to that, but indeed, If there is no other option, I will develop an alternate phone," Musk said.

Phil Schiller, a senior Apple marketing executive that oversees the company's App Store, deactivated his Twitter account last week, which could be a terrible sign for Twitter. After Musk criticized Apple's fees on Twitter, calling them a hidden 30% tax on the internet, Schiller made the change.











Read more »
Web browser
Apple Competition Watchdogs Cyber Security Gaming Community Google iOS UK User Privacy Web browser

Apple and Google's Accused for Mobile Browser Monopoly Activities

The domination of Apple and Google in web devices and cloud gaming will be examined, according to the UK's authorities.

The Competition and Markets Authority announced on Tuesday that it is shifting forward on a market investigation it first suggested in June of how the companies regulate internet browsers for mobile devices and concerns that Apple restricts cloud gaming on its devices after receiving help in a public consultation.

The Competition and Markets Authority (CMA) found from market research conducted last year that they controlled the majority of mobile operating systems, app marketplaces, and web browsers.

If the 18-month study indicates an adverse impact on competition, the CMA may enforce modifications. However, the allegations are rejected by both businesses.

The authority announced on Tuesday that it is starting the investigation in part since the U.K. has put off giving its competition regulator new authority over digital markets, which is similar to what was recently passed in the European Union and which it claimed could help resolve those problems.

According to remarks released on Tuesday as part of the CMA's public consultation on its inquiry, some major IT rivals backed the investigation against Apple and Google. If nothing is done, Microsoft Corp. warned that Apple and Google's grip over its mobile ecosystems might pose growing challenges to the competition.






Read more »
User Privacy
Apple Data tracking Developers iOS Privacy Twitter User Privacy

Apple Accused Over Monitoring Users' Behavior Without Consent


According to a lawsuit, despite the fact that settings on Apple's iPhones and other devices are designed to prevent any tracking or sharing of app data, the corporation nonetheless collects, tracks, and monetizes user details even after users have turned off sharing.

When using the App Store app on iOS 14.6, each click users make is recorded and given to Apple, according to the thread posted last week by the Twitter account Mysk, which is maintained by two developers in Canada and Germany. 

The developers assert that this occurs regardless of users’ preferences and settings. The developers claim that "opting out or switching the personalization options off did not decrease the amount of detailed data that the app was transmitting." Apple provides a number of toggles designed to limit tracking.

In a follow-up report by Gizmodo, the developers discovered that although the privacy toggles, a number of additional apps, including Music, TV, Books, the iTunes Store, and Stocks, all transferred data to Apple. The site claims that the majority of the apps that transmitted analytics data shared constant ID numbers, which would allow Apple to follow user behavior across its services like the Health and Wallet apps.

Elliot Libman, the plaintiff, alleged  Apple's assurances that users have control over the data they provide when using iPhone apps are factually false and in violation of the California Invasion of Privacy Act.

The thread also notes how ironic Apple's alleged surveillance appears given that strong controls were introduced in iOS 14.5 to stop third-party developers from tracking users against their own will. Although the iOS 14.6 operating system has been around for more than a year, the researchers said they observed identical apps sending comparable data packets when using iOS 16.

Read more »
Technologies
Apple Consumer Information Cyber Attacks Data Theft Facebook iOS iPhone Malicious Apps Passwords Social Media Technologies

Warning to iPhone and Android Users: 400 Apps Could Leak Data to Hackers

 


Android and iPhone users are being told to delete specific apps from their mobile phones because they could potentially steal their data. 

According to reports, Facebook has issued a warning after discovering an apparent data hack. This appears to have infected more than 400 apps and appears to have been stealing sensitive login information from smartphones. Because these apps offer popular services such as photo editors, games, and VPNs, they can easily remain unnoticed. This is because they tend to advertise themselves as popular services.

The scam apps are designed to obtain sensitive consumer information by asking users to sign in via their Facebook account once the apps have been installed. Hull Live reported that this is being done for them to be able to access their features.

It has been reported that Facebook published a post on its newsroom about a malicious app that asks users to sign in with their Facebook account. This is before they can use its advertised features. If they enter their credentials, the malware steals their usernames and passwords, which is a serious security risk.

In this case, there are official Google Play Store and Apple App Store marketplaces where these applications are available for download. This means that thousands of devices could potentially have been installed on them.

Apple and Google have already removed these apps from their application stores, however, they can still be found on third-party marketplaces, so anyone who had already downloaded the apps could still be targeted if they had done so previously.

According to Facebook, this year, they have identified more than 400 malicious Android and iOS apps that target people across the internet to steal their login information. This is in a bid to gain access to their Facebook accounts.

Apple and Google have been informed of the findings. It is working to assist those who might be affected by these results in learning more about how to remain safe and secure with their online accounts.

According to Facebook, users should take the following steps to fix the problem:

• Reset and create new, stronger passwords. Keep your passwords unique across multiple websites so that you, do not have to reuse them.

• To further protect your account, you should be able to use two-factor authentication. Preferably by using the Authenticator app as a secondary security measure.

• Make sure that you enable log-in alerts in your account settings so you are notified if anyone attempts to gain access to your account.

• Facebook also outlined some red flags that Android and iPhone users should be aware of when choosing an app that is likely to be, fraudulent.

• Users must log in with social media to use the app and, it will only function once they have completed this step.

A Facebook spokesperson added that looking at the number of downloads, ratings, and reviews may help determine whether a particular app is trustworthy.
Read more »
User Privacy
Apple Cyber Security iMessage iOS Patch Fix SIM User Privacy

Apple Claims "SIM not Supported" Bug Hits iPhone 14 Series

Apple's 14th-generation iPhone launch has not gone all too well as anticipated. In its most recent announcement, Apple acknowledged that iPhone 14 users are affected by the SIM problem in iOS 16.

Apple has confirmed a new iOS 16 bug that is causing owners of the iPhone 14 inconvenience. A  message is displayed on their device that reads 'SIM not supported.' The business acknowledged the flaw and declared it is looking into the matter.

Apple strongly advises against restoring the device if the notice remains. The tech giant prefers that customers seek technical support from authorized Apple service providers or visit the nearest Apple Store. According to reports, Apple is developing a patch for this flaw and may deliver it by the end of the month.

Apple confirms in the memo that it is looking into the issue and that it is not a hardware-related one even if a fix is still pending. Since a software repair is possible, the affected iPhone 14 units would not need to be recalled. Apple advises iPhone 14 customers to wait until a fix is available because, occasionally, the error message will go away and the phones will start working normally again.

The business advised customers to 'upgrade to the current version of iOS to address the issue' if they experienced problems with Messages or FaceTime after configuring their new iPhone.

Apple stated that updating to the most recent version of iOS would fix any issues with iMessage and FaceTime not fully activating on the iPhone 14 and iPhone 14 Pro. 

Therefore, experts recommend holding off on upgrading to an iPhone 14 model until Apple has fixed more of these problems. The iOS 16.1 update is currently being developed by Apple and is anticipated to go live by the end of the month. The upcoming version will most likely include numerous new features, adjustments, and changes. A recent iOS 16.0.3 update from Apple is expected to fix a number of problems.

Read more »
Zero-day exploits
Apple Cyber Threats CyberCrime Cybersecurity MIT Technology Tech Giant Vulnerabilities and Exploits Zero-day exploits

A Constant Battle Between Apple and Zero-Day Security Vulnerabilities

 


Recently, there has been a noticeable increase in the number of attackers targeting Apple, especially by using zero-day exploits. Among the main reasons why hackers like zero-day exploits so much are because they might just become the most valuable asset in a hacker's portfolio. As of 2022, Apple has discovered seven zero-day vulnerabilities in its products and has followed up on these discoveries with relevant updates to address these issues. Even so, it seems as though there will not be an end to this classic cat-and-mouse game anytime soon.

During 2021, there were more than double the amount of zero-days recorded, compared to the same year in 2020. This is the highest level since tracking began in 2014, with the number of zero-days increasing every year since then – the trend has been demonstrated by the repository maintained by Project Zero. 

As described by the MIT Technology Review, the increase in hacking over the past few years has been attributed to the rapid proliferation of hacking tools globally and the willingness of powerful state and non-state groups to invest handsomely in discovering and infiltrating these operating systems. Threat actors actively search for vulnerabilities and then sell the information about those vulnerabilities to the highest bidder.

Apple has repeatedly been compromised by these attackers. In 2022, Apple, one of the four most dominating IT companies in the world, is advancing into a year where it is welcoming a new year with two zero-day bugs in its operating systems, a WebKit flaw that could have left users' browsing data vulnerable and after recovering from 12 recorded exploits and remediations in 2021, they have been hit by two zero-day bugs in their operating systems. 

The company released 23 security patches less than one month after it discovered these issues. A new flaw was discovered that could be exploited by attackers to exploit a user's device if certain malicious websites are loaded onto a user's device, leading to an infection of their device.

Keeping this in mind, if we fast forward to August 17 of this year, we learn Apple has discovered two new vulnerabilities in its operating system  CVE-2022-32893 and CVE-2022-32894. The first vulnerability is a remote code execution (RCE) vulnerability in Apple's Safari Web browser kit, which is used by all browsers that are iOS-enabled and macOS-enabled. As for the second vulnerability, another RCE vulnerability, it gives attackers complete access to the user's software and hardware without any limitations. 

In the past couple of weeks, two major vulnerabilities have been found that affect a wide variety of Apple devices  especially the iPhone 6 and later models, the iPad Pro, iPad Air 2 onwards, iPad 5th generation and newer models, iPad mini 4 and newer versions, iPod touch (7th generation), and macOS Monterey. The officials updated the security systems to create a protected environment against “actively exploited” vulnerabilities.

The research team at Digital Shadows prepared a report which included that the Zero-day exploits sell for up to $10 million, which is the most expensive commodity in a rather wide array of cybercrime. The report further added that these exploits in the market are bound to expand and provoke more cyber threats.
Read more »
Meta
Android Apple Cyber Security Google iOS iOS and Android Users Meta

Meta: Users Warned Against Android, iOS Apps That Are Stealing Facebook Passwords

As per the report published by Facebook parent Meta on Thursday, as many as a million Facebook users have been warned of the seemingly malicious application, they may have been exposed to. The Android and iOS malware is designed to steal passwords from social networking sites. 
 
This year so far, Meta has detected more than 400 fraudulent applications, and structures for Apple or Android-powered smartphones. The malicious apps are apparently made available at the Play Store and App Store, says director of threat disruption, David Agranovich during a briefing. 
 
"These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," states Meta in a Blog post.  
 
Reportedly, the fraudulent apps ask Facebook users to log in with their account information, enticing them with certain promising features. Ultimately, stealing user passwords and other credentials, if entered.  
 
"They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts [..] We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised," mentions Agranovich. 
 
With regard to these activities, Meta stated that it has shared information about the malicious apps with both Apple and Google, which controls the activities of their respective app shops.  
 
Considering this, Google said that most of the malicious apps mentioned by Meta have already been identified and removed from its Play Store by its vetting systems.  
 
"All of the apps identified in the report are no longer available on Google Play," a spokesperson told AFP. "Users are also protected by Google Play Protect, which blocks these apps on Android." 
 
On the other hand, Apple has yet not responded to questions about whether it took any action against the aforementioned apps. In the blog post, Meta also alerts internet users about certain activities they may unknowingly perform, that could leverage the threat actor.  
 
"We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts," the blog post notes.
Read more »
WordPress
API Apple CMS Data Breach Hacker Password Hacking Twitter User Privacy WordPress

Data Breach Targets Fast Company News

Fast Company's Apple News website currently displays a statement from the business confirming that it was hacked on Sunday afternoon, followed by another intrusion on Tuesday night that let threat actors to send bigoted notifications to smartphones via Apple News.

In a press release issued last night, the company claimed that "the statements are repulsive and are not by the contents and culture of Fast Company.  We have suspended FastCompany.com while we look into the matter and will not reopen it until it is resolved."

As soon as individuals on Twitter noticed the offensive Apple News notifications, the company disabled the Fast Company channel on the news network.

Data breach tactics

The website's webpage started to load up with articles headlined "Hacked by Vinny  Troia. [redacted] tongue my [redacted]. Thrax was here. " on Sunday afternoon, which was the first indication that Fast Company had been compromised.

In their ongoing dispute with security analyst Vinny Troia, members of the breached hacking group and the now-defunct RaidForums regularly deface websites and carry out attacks that they attribute to the researcher. Fast Company took the website offline for a while to address the defacement, but on Tuesday at around 8 PM EST, another attack occurred.

Hackers claim that after discovering that Fast Company was using WordPress for their website, they were able to compromise the company. The HTTP basic authentication which was supposed to have protected this WordPress installation was disregarded. The threat actor goes on to claim that they were able to enter the WordPress content management system by utilizing a relatively simple default password used on dozens of users.

Fast Company, according to the post, had a 'ridiculously easy' default password that was used on numerous accounts, including an admin account. The compromised account would have then been utilized by the threat actors to gain access to, among other things, authentication tokens and Apple News API credentials.

They assert that by using these tokens, they were able to set up administrator accounts on the CMS platforms, which were then used to send notifications to Apple News.

Threat actors gained access to an undefined number of customer names, birthdates, contact numbers, email, physical addresses, and personal documents, including license and passport numbers, through this same forum, which was at the center of the previous Optus breach. The hacker in question claims to have made 10,200 records available thus far. It's uncertain whether or when Apple News would reactivate the Fast Company channel.



Read more »
User Privacy
Apple Botnets Cyber Crime Endpoint Gamers iOS Kaspersky Microsoft User Privacy

Microsoft Alert a Major Click Fraud Scheme Targeting Gamers

Microsoft is keeping tabs on a widespread click fraud scheme that targets gamers and uses covertly installed browser extensions on hacked devices.

The act of exaggerating the number of clicks on pay-per-click advertisements that constitutes a fraudulent click. According to experts, botnets are responsible for approximately a third of the traffic created by advertising on ad networks. To safeguard their image and keep their clients happy, advertising platforms frequently use click fraud prevention techniques, such as the Google search engine. 

In a series of tweets over the weekend, Microsoft Security Intelligence stated that "attackers monetize clicks generated by a web node WebKit or malicious browser extension stealthily installed on devices."

The internet company clarified in a tweet that the initiative targets unaware people who click rogue advertising or comments on YouTube. 

By doing this, a fake game cheats ISO file will be downloaded, and when opened, it will install the threat actors' necessary browser node-webkit (NW.js) or browser extension. Microsoft also mentioned that they saw the actors using Apple Disk Image files, or DMG files, indicating that the campaign is a cross-platform endeavor. 

It's important to note that the ISO file contains hacks and cheats for the first-person shooter game Krunker. Cheats are software tools that provide users of a game with a distinct advantage over other players.

DMG files, which are Apple Disk Image files usually used to distribute software on macOS, are also employed in the attacks in place of ISO images, demonstrating that the threat actors are aiming their attacks at several operating systems.

The discovery is no longer shocking because threat actors frequently use gamers as fine targets in their efforts, especially those who are scrambling to locate free cheats online.

The prevalence of virus spreading through well-known game franchises was demonstrated earlier in September by a report from endpoint security provider and customer IT security software company Kaspersky. The most popular file was distributed via Minecraft, which had 131,005 users infected between July 2021 and June 2022. 



Read more »
Subscribe to: Posts (Atom)