SecurityApple will soon release iOS 14 to the public, and it has a number of important privacy enhancements that you should know about. In this guide, we’ll walk you through iOS 14’s privacy features, and give you tips and how-tos to help you make the most of them.
Data Sharing Controls
First up, we’ll take a look at some new features that let you control how (or if) you share your data with apps.
App tracking controls
This one is a real game-changer. Apps track us in a variety of ways, mostly so …
August 31, 2020 •
10 min read
SecurityThreat researchers are reporting that low-skilled Iranian hackers carried out a number of successful attacks against enterprise targets in June. The incident highlights the growing threat of off-the-shelf malware to businesses and individuals.
In this short article, we’ll tell you what happened, give you some background to the issue, and let you know what you can do to stay safe.
The incident
According to researchers at Singapore-based Group-IB, newbie hackers in Iran managed to penetrate the networks of a number of companies across the globe and infect their systems with Dharma ransomware. The …
August 31, 2020 •
6 min read
SecuritySecurity pro Patrick Wardle is writing a book, and he may just want your help. We’ll cover some Mac malware basics, talk about the book he’s writing, and how the security and Mac communities can help on episode 196 of The Checklist, brought to you by SecureMac.
August 27, 2020 •
17 min read
SecurityThe 2020 U.S. election is under attack. Who’s doing it? Why? How? And what can we do stop it? SecureMac’s Nick Leon joins us to talk it over.
August 20, 2020 •
12 min read
SecuritySecurity researchers have discovered an interesting new variety of macOS malware that spreads by attacking Xcode projects. It’s called XCSSET, and in this article, we’ll tell you what you need to know about this unusual threat in order to stay safe.
What is XCSSET?
XCSSET is a suite of malicious components that spreads through infected Xcode projects.
Xcode is a tool used by app developers to write software for Apple platforms. An Xcode “project” simply refers to the repository of files, information, and resources that are used to build an app for deployment.
If …
August 18, 2020 •
5 min read
SecurityDEF CON, a major annual event in the world of cybersecurity, was held just last week. This year, the organizers decided to go virtual, calling the event “DEF CON Safe Mode”.
There were a number of great talks and panels at the conference, and while some of them were quite technical, many also focused on topics likely to be of interest to a wide audience.
In what follows, we’ll offer some curated highlights from DEF CON Safe Mode that you may want to check out, along with links to the full video …
August 14, 2020 •
5 min read
SecurityThis week, The Checklist takes you inside yet another high-profile Bitcoin scam, this time affecting YouTube. We’ll talk about what happened, and then discuss the technical details of the compromise.
August 14, 2020 •
15 min read
SecurityBlack Hat USA is a major event in the world of information security. This year, due to the ongoing pandemic, the conference went virtual — and the organizers offered open access to many of the most important talks and sessions.
Among these were two timely keynote addresses that deal with issues around election security, one of which was delivered by Renée DiResta. DiResta is the Research Manager at Stanford Internet Observatory, an interdisciplinary program that studies the misuse of information technologies. Her work focuses on the way in which narratives spread …
August 12, 2020 •
8 min read
SecurityBlack Hat USA is one of the biggest events in the world of cybersecurity, bringing the infosec community together once a year for several days of trainings, briefings, and demos. Due to COVID-19, Black Hat 2020 went fully remote, and offered free access to some of the conference’s most important events.
Matt Blaze gave an extremely relevant keynote entitled “Stress-Testing Democracy: Election Integrity During a Global Pandemic”. Blaze is cryptographer and professor of computer science who holds the McDevitt Chair in Computer Science and Law at Georgetown University. His work focuses …
August 11, 2020 •
8 min read
SecurityIn this piece, we’ll discuss ThiefQuest’s key capabilities, and we’ll also tell you how to protect yourself from an infection.
August 6, 2020 •
7 min read
SecurityWe’re bringing you a WWDC outtake: an off-the-cuff, practically off-mic discussion of WWDCs past — as well as the roles Apple execs play.
August 6, 2020 •
3 min read
SecurityChris Hadnagy is one of the world’s foremost authorities on social engineering. He has written four books on the topic, including Social Engineering: The Science of Human Hacking and Unmasking the Social Engineer: The Human Element of Security. Hadnagy has been a prominent figure in the security industry for many years, founding the popular Social Engineering Village (SEVillage) at DEF CON, and establishing the Innocent Lives Foundation, a non-profit organization that coordinates the resources of the infosec community to fight online child predators. Hadnagy’s company, Social-Engineer, LLC, helps …
August 3, 2020 •
27 min read
SecurityStandard 2FA has some important limitations, which is why many security experts believe that key-based 2FA is the wave of the future — especially now that Apple has made changes to make it much more accessible to iPhone and iPad users.
July 31, 2020 •
6 min read
SecurityStarting this year, Apple will begin making its own, ARM-based processors for the Mac. In this episode of The Checklist, we take a look at the background to this change, as well as what it means for Mac users:
Intel vs ARMApple Silicon Macs and performanceApple Silicon Macs and security
Goodbye Intel, Hello ARM
When Apple announced their move from the Intel to the ARM processor architecture, it was clearly big news. But it also left many folks with a pretty basic question: What’s the actual difference between the two?
At a hardware level, …
July 30, 2020 •
12 min read
SecurityThe U.S. government has issued an alert warning that there is an increased danger of cyberattacks on civilian infrastructure. The alert comes from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
July 30, 2020 •
5 min read
SecurityA week behind us, the great Twitter hack is still unfolding. We’ll look at what we think we know so far and why the hack itself matters on this edition of The Checklist, brought to you by SecureMac.
July 23, 2020 •
6 min read
SecurityApple will soon begin transitioning away from Intel CPUs and switching to ARM processors instead. In this article, we’ll try to answer frequently asked questions about the change, offering some context to Apple’s decision and explaining what it all means for Mac users — especially in terms of performance and security.
ARM vs Intel: What’s the difference?
To start with the obvious, there are two different companies involved: Arm Holdings and Intel. The two companies have significantly different business models. Intel is both a designer and manufacturer of processors, whereas Arm does …
July 17, 2020 •
10 min read
SecurityTikTok. Harmless fun? Or existential threat to the United States? The answer you get depends on who you ask. This week we have a special guest to help us discuss the question in depth — and we’ll get into the larger issues with apps, user data, and digital privacy.
TikTok, apps, and your privacy
In recent weeks, the popular video-sharing app TikTok has made headlines for its practice of monitoring iOS pasteboard data. The pasteboard — kind of a system-wide clipboard for iOS that lets apps access the information copied there — …
July 17, 2020 •
19 min read
SecurityOn Wednesday, multiple verified, high-profile Twitter accounts were compromised, including the accounts of Barack Obama, Elon Musk, and Apple. Hackers made tweets requesting charitable donations in the form of Bitcoin, promising to double any contribution made within the next 30 minutes. The tweets were, of course, fraudulent — and the Bitcoin wallet addresses set up to accept the cryptocurrency “donations” belonged to the scammers.
Twitter reacted quickly to the attack, removing the offending tweets, locking down affected accounts, and preventing users from tweeting or resetting their passwords as the company attempted …
July 16, 2020 •
2 min read
SecurityThe “EARN IT” Act is slowly making its way through the U.S. Senate. Despite strong public criticism, an amended version of the bill was unanimously approved by the Senate Judiciary Committee in early July, setting the stage for full hearings in the near future.
In this article, we’ll discuss the background to EARN IT, and let you know why some people say it’s a serious threat to free speech and digital privacy.
What is EARN IT?
EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) is the name of a bill currently …
July 15, 2020 •
4 min read
