MacScan 3

Checklist 50: Hacking Your Health

On today’s episode, we’re looking at the way technological change has affected modern medicine, threats the healthcare industry faces, and what we can do to protect patient safety now and in the future.

Apple Removes VPNs from Chinese App Store

One of Apple’s most famous marketing campaigns revolved around the catchphrase “There’s an app for that”—to the point that Apple eventually had the slogan trademarked. However, for users living in China, that statement is no longer true. According to a recent report from CNBC, Apple has removed most of the VPN apps from its Chinese App Store.

The removals weren’t random: China made unauthorized connections—including those made possible by virtual private networks—illegal in January of this year. VPNs allow users to access restricted parts of the Internet and surf …

Securing Your Data with macOS and Keychain

Every time a new version of Apple’s operating system arrives, every tech-focused publication on the Internet does a deep dive on the new key features. Occasionally, though, cool bells and whistles go overlooked. Such is the case with the macOS Keychain Access application, which, in addition to storing passwords and account information, can also be used to store and secure sensitive data.

Keychain Access gives users the option to store what it calls “Secure Notes,” alongside passwords and other valuable data. Say you need to store something like a …

Checklist 49: Artificial Intelligence and Security

The rise of artificial intelligence in the consumer space seems to have happened overnight. It feels like we’ve gone from Apple’s introduction of Siri to virtual assistants everywhere in the blink of an eye. On today’s episode, we’ll be covering some security concerns that accompany the rise of AI.

Major Flaw in IoT Devices Leaves Security Cameras and More Vulnerable to Hacks

Another glaring security problem with Internet of Things devices has come to light. The details highlight the reasons why IoT security should be a front-line concern — not an afterthought. With several major attacks this year powered by botnets built on the back of compromised IoT devices, manufacturers should be looking more closely at their code. However, this latest exploit lies several layers deep in device programming. Dubbed “Devil’s Ivy” by the researchers who uncovered it, it’s a flaw within open-source software used by many devices.

Researchers uncovered the …

Google Makes Changes to Prevent Future Docs Phishing Attacks

Earlier this year, Google users encountered a unique and particularly devious phishing attack. Phishers have used Google Docs in various capacities for several years, most frequently creating phony forms to try to collect sensitive user data. During this enormous wave of phishing attempts, though, users received an email from one of their contacts with an edit invitation to a Google Doc. If clicked, you would see a screen asking to allow an app called “Google Docs” to access your Google information, including your contacts.

In reality, this app was …

Security Researchers Develop New Exploits Based on Leaked NSA Tools

While the WannaCry ransomware wave was sweeping the globe, one of the first stories that emerged alongside it was about the exploit that allowed it to exist: EternalBlue. Exposed as an NSA-discovered vulnerability during leaks by the mysterious Shadow Brokers, it allows malware authors to attack vulnerable Windows machines through a basic protocol for sharing files. Though it turns out that most of the machines WannaCry infected were Windows 7 computers, EternalBlue is just one part of a larger family of exploits. All these were leaked earlier this year, …

Checklist 48: All About Spyware

On today’s episode we’ll be taking a look at spyware: what it does, where it comes from, and what you can do to defend against it.

Sometimes it’s pretty obvious when you’ve got a malware infection – ransomware lets you know that your files have been encrypted and are being held for ransom, while adware spawns endless popups in your web browser. Spyware operates a bit differently, and unlike other types of malware it prefers to remain hidden on an infected system. It might come as a surprise, but some spyware …

The Age of iPhone Jailbreaking is Drawing to a Close

Remember jailbreaking? From the first iPhone, it has been an integral part of the community around the device and even something which has pushed its development forward. Initially, just a way to unlock the phone and release it from the “jail” of an exclusive carrier contract, jailbreaking quickly grew into more. Games made their first appearance on iOS via jailbreaking, and for several years the only way to install custom wallpapers or ringtones on an iPhone was with a jailbreak. Many of the early iterations of the phone were …

Remember MySpace? Your Old Account Could Be Vulnerable

Social media has come a long way from its early days, and with the domination of major players including Facebook and Twitter, many of the early pioneers have faded into relative obscurity. Friendster abandoned plain social networking in 2011 and finally shuttered its services in 2015. MySpace, once the fastest growing and largest social network, quickly lost ground to Facebook and eventually lost many of its users. 2016 brought the revelation that 360 million accounts had been compromised all the way back in 2008 and were now for sale …

iOS 11: What to Expect from the Next Major Version Change

Among a slew of other announcements at Apple’s WWDC in June this year was the news that iPhone and iPad users would finally see the release of iOS 11 later this year. After the recent release of iOS 10.3.3 to users and the release of the latest iOS 11 beta to developers, it seems like the upgrade is not too far from its official release, currently expected sometime in September. What does Apple have in store for users, and what kinds of security improvements might we be able to …

New Round of Updates Issued for Many Apple Products

We recently shared a story concerning the release of iOS 10.3.3 and the critical Wi-Fi vulnerabilities it corrected within the Broadcom chips used in many iPhones. That update, released July 19th, also accompanied updates for many other Apple products, including macOS Sierra, tvOS, and Safari. The “Broadpwn” bug corrected in the latest version of iOS was also fixed in many of these updates as well. Users who apply these updates are no longer at risk from malicious Wi-Fi networks that can use Broadpwn to take over devices. However, these …

Checklist 47: 5 Things To Know About Identity Theft

Today’s episode of The Checklist is all about identity theft. With the right information, the wrong people can steal your identity – basically pretend to be you – and do a lot of damage in your name, and to your name.

Apple Releases iOS 10.3.3, Patching Critical Wi-Fi Vulnerability

Apple pushed a new round of security updates to many of its products on July 19, including macOS and iOS. While both updates provide important security updates, the iOS update is especially critical.  In version 10.3.3, Apple fixed a critical vulnerability affecting the device’s operations surrounding wireless networks. How does it work and what is the threat?

Inside each iPhone, from the iPhone 5 to the current iPhone 7, a dedicated chip by Broadcom powers the device’s Wi-Fi functionality. These chips handle important tasks to provide users with quick …

Checklist 46: A Brief History of Malware

On today’s Checklist, we’re cracking open the history books! We’ll be looking at the evolution of malware: from the early days of “joke” viruses to the serious threat it poses today.

Widely Reported WhatsApp Vulnerability Not as Serious as Initially Thought

Back in January, prominent British publication, The Guardian, printed a story in which they claimed the popular messaging app, WhatsApp, had a critical flaw. They claimed it had a “backdoor” that could allow a malicious third-party to defeat the app’s end-to-end encryption and thus read your messages at will. With millions of users depending on WhatsApp as a safe way to privately message others, including people in war-torn countries and under oppressive governments, the report caused much alarm. At the same time, it also triggered a vocal outcry from …

Google Ends Controversial Practice of Scanning Emails to Target Ads

It’s no secret that advertisers want to know more about us, and that “targeted ads” have become the bread and butter of the Internet economy. As advertisers go, Google might be one of the biggest ones out there, and the company has always put forward “personalization” as an admirable goal for everyone’s web browsing experience. So, did you know that Google algorithms have been scanning your email to pick up on better ways to advertise to you?

It’s true. Though Google’s commercial email offerings are exempt from this practice, …

Growth of Dishonest iOS Apps Highlight Need for Strong Mobile Threat Defense

How much should you be concerned about malware infections on your iOS devices? For most people, the answer will be “not at all” — but as we know, there is a danger in thinking this way. The lack of a clear and present threat from mobile malware also creates two problems of its own.

First, it can foster an environment of complacency for users towards actual exploits, which can and do occur. Apple’s regular security patches for iOS in which they close many loopholes highlights this fact. Second, …

Members of UK Parliament Have Their Emails Hacked in Brute Force Attack

Email isn’t just one of the most convenient ways to communicate — it’s also the easiest way for a hacker to uncover information about you. In the final week of June, the Parliament of the United Kingdom experienced its very own cyber attack. The attack focused solely on Parliament email addresses and was not sophisticated in nature: it was a regular brute force attempt. However, the attack brought the network to a standstill.

By trying common passwords and as many other combinations as possible, the hackers eventually compromised roughly …