Facebook Finds New iOS Spyware Phenakite

The iOS spyware threat Phenakite was discovered by Facebook. In this article: What it is | How it works | What iOS users should know.

Checklist 227: Playing AirTag

AirTag is finally here. On this Checklist, we’ll tell you what it is, why some competitors are crying foul, and how it protects your privacy.

iMacs, AirTag, and More at Apple’s Spring Loaded Event

Apple’s Spring Loaded event brings new iMacs, new iPad Pros, AirTag, and more. Details, Prices, Specs, and Availability.

What is Google’s FLoC (and does it harm privacy)?

What is Google’s FLoC? In this article, we’ll explain what FLoC is, why it may be a privacy threat, and how to check for it in your browser.

Checklist 226: Yet Another Facebook Data Breach

A Facebook data breach has exposed 500 million + users. On this episode of the Checklist: Details, how to check if you were affected, and staying safe.

FBI accessed hundreds of private computers in Microsoft Exchange remediation bid

The FBI accessed hundreds of vulnerable computers using remote backdoors installed by hackers — with the goal of collecting evidence against the hackers and removing the backdoors. In a press release issued Tuesday, the U.S. Department of Justice announced the operation and explained the rationale behind it. 

The 2021 Microsoft Exchange Server breach

Earlier this year, several critical zero-day vulnerabilities for Microsoft Exchange Server were discovered (Exchange is email server software common in enterprise environments).

The zero-days resulted in the hacks of thousands of organizations worldwide, with malicious actors accessing users’ email accounts …

TextEdit flaw could have let hackers create malicious TXT files

A flaw in macOS TextEdit could have let attackers create malicious TXT files — files that could have led to DOS attacks, IP leaks, and more.

Facebook data breach exposes details of 500 million users

A Facebook data breach has exposed the personal information of more than 500 million users. In this article: Details | Impact | Staying Safe

Checklist 225: Raising Better Digital Citizens with Robert Speciale

Award-winning educator Robert Speciale shares strategies for communicating security and privacy concepts to today’s kids.

STIR/SHAKEN hits milestone in fight to stop caller ID spoofing

How do we stop caller ID spoofing? This article shows how spoofing works, how STIR/SHAKEN helps, and why you shouldn’t let your guard down!

XcodeSpy Mac Malware Targets Developers

XcodeSpy is macOS malware that can install a persistent backdoor on a Mac. In this article, we’ll explain what it is, how it works, and how you can detect it!

Checklist 224: Cloudburst Over Hobby Lobby

A closer look at the recent Hobby Lobby data breach; talking about common misconceptions about “the cloud” with a cloud security expert.

Is the Clubhouse iOS app safe to use?

Is the Clubhouse iOS app safe? We’ll talk about what Clubhouse is, the app’s security and privacy issues, and how to use it more safely.

Checklist 223: Visiting Clubhouse and Revisiting App Privacy Labels

If you spend any time on the socials, you’ve heard people talk about Clubhouse. It’s been around for close to a year, though it’s really taken off over the past few months. We’ll look at its safety, then look at Privacy Labels with Clubhouse as a sort of yardstick.

Trouble in the Clubhouse?

Clubhouse is a new social media platform that’s drawing all kinds of attention. At the moment, it’s still in beta testing, and is only available as an iOS app.

So what does Clubhouse do? It’s actually pretty simple. The app …

What to do before you sell your Mac: a step-by-step guide

Planning to sell your Mac? This guide shows you how to make sure you aren’t exposing your private data to the new owner!

Security camera hack exposes thousands of video feeds

A security camera hack has exposed thousands of video feeds. This article has background, analysis, and tips for home security camera safety.

Checklist 222: Avoiding Tax Scams with Nick Leon

On this podcast, we talk about avoiding tax scams both new and old. We cover “classic” tax scams as well as 2021 tax scams.

4 tax scams to watch out for in 2021

In 2021, U.S. taxpayers should be on the lookout for these 4 tax scams. This article explains how they work, and how to keep yourself safe!

Crisis

also known as OSX/Morcut

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/09/16 9:14 pm

Threat Level:
High

Description

Crisis is a Trojan horse that creates a backdoor on infected systems. Also known as Morcut, Crisis was first discovered in 2012, with subsequent variants appearing in the years to follow.

Crisis comes in the form of an illegitimate Adobe Flash Player installer. If installed, Crisis takes steps to achieve persistence (the ability to survive reboots), and then performs several actions, the nature of which depends on whether or not the Trojan was launched with administrative permissions. On a system which …

Conduit

Type:
Adware

Platform:
Mac OS X

Last updated:
02/09/16 9:14 pm

Threat Level:
High

Description

Conduit is adware. Conduit was a platform that could be used to create custom toolbars — meant to be installed as browser extensions — that were ostensibly aimed helping web publishers market to their audiences more effectively. However, Conduit had a number of behaviors that are classified as malicious: It would make unauthorized changes to a user’s web browser, including changes to the home page, new tab page, and search engine.

Conduit’s illegitimate search engine, search.conduit.com, posed a clear privacy threat, since it collected highly …