Checklist 51: Five of the Most Notable Data Breaches in History

Today, we are looking at five of the biggest data breaches and most notable hacks in history. Who got hit? What data was stolen? How did they happen?

Apple Removes VPNs from Chinese App Store

One of Apple’s most famous marketing campaigns revolved around the catchphrase “There’s an app for that”—to the point that Apple eventually had the slogan trademarked. However, for users living in China, that statement is no longer true. According to a recent report from CNBC, Apple has removed most of the VPN apps from its Chinese App Store.

The removals weren’t random: China made unauthorized connections—including those made possible by virtual private networks—illegal in January of this year. VPNs allow users to access restricted parts of the Internet and surf …

Securing Your Data with macOS and Keychain

Every time a new version of Apple’s operating system arrives, every tech-focused publication on the Internet does a deep dive on the new key features. Occasionally, though, cool bells and whistles go overlooked. Such is the case with the macOS Keychain Access application, which, in addition to storing passwords and account information, can also be used to store and secure sensitive data.

Keychain Access gives users the option to store what it calls “Secure Notes,” alongside passwords and other valuable data. Say you need to store something like a …

Major Flaw in IoT Devices Leaves Security Cameras and More Vulnerable to Hacks

Another glaring security problem with Internet of Things devices has come to light. The details highlight the reasons why IoT security should be a front-line concern — not an afterthought. With several major attacks this year powered by botnets built on the back of compromised IoT devices, manufacturers should be looking more closely at their code. However, this latest exploit lies several layers deep in device programming. Dubbed “Devil’s Ivy” by the researchers who uncovered it, it’s a flaw within open-source software used by many devices.

Researchers uncovered the …

Google Makes Changes to Prevent Future Docs Phishing Attacks

Earlier this year, Google users encountered a unique and particularly devious phishing attack. Phishers have used Google Docs in various capacities for several years, most frequently creating phony forms to try to collect sensitive user data. During this enormous wave of phishing attempts, though, users received an email from one of their contacts with an edit invitation to a Google Doc. If clicked, you would see a screen asking to allow an app called “Google Docs” to access your Google information, including your contacts.

In reality, this app was …

Security Researchers Develop New Exploits Based on Leaked NSA Tools

While the WannaCry ransomware wave was sweeping the globe, one of the first stories that emerged alongside it was about the exploit that allowed it to exist: EternalBlue. Exposed as an NSA-discovered vulnerability during leaks by the mysterious Shadow Brokers, it allows malware authors to attack vulnerable Windows machines through a basic protocol for sharing files. Though it turns out that most of the machines WannaCry infected were Windows 7 computers, EternalBlue is just one part of a larger family of exploits. All these were leaked earlier this year, …

The Age of iPhone Jailbreaking is Drawing to a Close

Remember jailbreaking? From the first iPhone, it has been an integral part of the community around the device and even something which has pushed its development forward. Initially, just a way to unlock the phone and release it from the “jail” of an exclusive carrier contract, jailbreaking quickly grew into more. Games made their first appearance on iOS via jailbreaking, and for several years the only way to install custom wallpapers or ringtones on an iPhone was with a jailbreak. Many of the early iterations of the phone were …

Remember MySpace? Your Old Account Could Be Vulnerable

Social media has come a long way from its early days, and with the domination of major players including Facebook and Twitter, many of the early pioneers have faded into relative obscurity. Friendster abandoned plain social networking in 2011 and finally shuttered its services in 2015. MySpace, once the fastest growing and largest social network, quickly lost ground to Facebook and eventually lost many of its users. 2016 brought the revelation that 360 million accounts had been compromised all the way back in 2008 and were now for sale …

iOS 11: What to Expect from the Next Major Version Change

Among a slew of other announcements at Apple’s WWDC in June this year was the news that iPhone and iPad users would finally see the release of iOS 11 later this year. After the recent release of iOS 10.3.3 to users and the release of the latest iOS 11 beta to developers, it seems like the upgrade is not too far from its official release, currently expected sometime in September. What does Apple have in store for users, and what kinds of security improvements might we be able to …

New Round of Updates Issued for Many Apple Products

We recently shared a story concerning the release of iOS 10.3.3 and the critical Wi-Fi vulnerabilities it corrected within the Broadcom chips used in many iPhones. That update, released July 19th, also accompanied updates for many other Apple products, including macOS Sierra, tvOS, and Safari. The “Broadpwn” bug corrected in the latest version of iOS was also fixed in many of these updates as well. Users who apply these updates are no longer at risk from malicious Wi-Fi networks that can use Broadpwn to take over devices. However, these …

Apple Releases iOS 10.3.3, Patching Critical Wi-Fi Vulnerability

Apple pushed a new round of security updates to many of its products on July 19, including macOS and iOS. While both updates provide important security updates, the iOS update is especially critical.  In version 10.3.3, Apple fixed a critical vulnerability affecting the device’s operations surrounding wireless networks. How does it work and what is the threat?

Inside each iPhone, from the iPhone 5 to the current iPhone 7, a dedicated chip by Broadcom powers the device’s Wi-Fi functionality. These chips handle important tasks to provide users with quick …

Widely Reported WhatsApp Vulnerability Not as Serious as Initially Thought

Back in January, prominent British publication, The Guardian, printed a story in which they claimed the popular messaging app, WhatsApp, had a critical flaw. They claimed it had a “backdoor” that could allow a malicious third-party to defeat the app’s end-to-end encryption and thus read your messages at will. With millions of users depending on WhatsApp as a safe way to privately message others, including people in war-torn countries and under oppressive governments, the report caused much alarm. At the same time, it also triggered a vocal outcry from …

Google Ends Controversial Practice of Scanning Emails to Target Ads

It’s no secret that advertisers want to know more about us, and that “targeted ads” have become the bread and butter of the Internet economy. As advertisers go, Google might be one of the biggest ones out there, and the company has always put forward “personalization” as an admirable goal for everyone’s web browsing experience. So, did you know that Google algorithms have been scanning your email to pick up on better ways to advertise to you?

It’s true. Though Google’s commercial email offerings are exempt from this practice, …

Growth of Dishonest iOS Apps Highlight Need for Strong Mobile Threat Defense

How much should you be concerned about malware infections on your iOS devices? For most people, the answer will be “not at all” — but as we know, there is a danger in thinking this way. The lack of a clear and present threat from mobile malware also creates two problems of its own.

First, it can foster an environment of complacency for users towards actual exploits, which can and do occur. Apple’s regular security patches for iOS in which they close many loopholes highlights this fact. Second, …

Members of UK Parliament Have Their Emails Hacked in Brute Force Attack

Email isn’t just one of the most convenient ways to communicate — it’s also the easiest way for a hacker to uncover information about you. In the final week of June, the Parliament of the United Kingdom experienced its very own cyber attack. The attack focused solely on Parliament email addresses and was not sophisticated in nature: it was a regular brute force attempt. However, the attack brought the network to a standstill.

By trying common passwords and as many other combinations as possible, the hackers eventually compromised roughly …

Another Ransomware Attack Spreads Around the Globe

At the end of June, the world awoke to another widespread ransomware attack locking down machines across the globe. This time, the bulk of the attack centered on Ukraine, although countries such as Germany, the UK, and the USA also saw infections. Initially, the media reported that this was an attack executed by ransomware known as “Petya.” Petya was originally discovered and detailed back in 2016, spreading through infected emails and employing the typical demand of a ransom paid in Bitcoin.

The attacks of June 27, however, were very …

WannaCry Locked Down Australian Traffic Cameras, Caused Voided Citations

Do you think that ransomware attacks only affect personal computers and business systems? Think again — the recent widespread infections caused by the WannaCry ransomware touched more than just hospitals in the UK and unpatched Windows PCs. In the Australian state of Victoria, hundreds of traffic cameras, meant to enforce speed limits, were knocked offline after the malware infected the system. Instead of encrypting data for ransom, the system instead became locked in a continuous cycle of rebooting.

Because of the infection, police in Victoria announced that they would …

Ransomware on the Rise: What Should You Know?

After the massive outbreak of the WannaCry malware that took down hospitals in the UK and spread around the world, we knew it was only a matter of time before similar attacks took place. With the recent outbreak of new ransomware, dubbed Petya, affecting computers in Ukraine and spreading to other countries, it’s a good time to take a step back and look at some hard facts about ransomware. What do Mac users need to know about this rising threat?

Who does ransomware affect?

Windows users are the ones who …

Apple Announces Transition to New File System at WWDC

Last year, Apple announced that it was in the final stages of development for a new file system to replace the current architecture, which has begun showing its age. At this year’s WWDC, one of Apple’s major announcements was that this new “Apple File System” (or APFS) is finally ready. It’s coming to users soon with the release of macOS High Sierra, and it brings with it a host of improvements in both performance and security.

On the performance side, we can expect to see much faster disk …

Malware from Compromised Handbrake Servers Leads to Stolen Source Code

Back at the end of May, we reported on a story about a malware threat to Mac users delivered via the popular DVD ripping software Handbrake. In that incident, hackers broke in to one of the download servers Handbrake used to serve installers to users. They replaced the genuine Mac installer with one that would drop a backdoor onto your machine, allowing the authors free reign to crawl through your data. The infected server was serving up this malware for four days, and now we know that it actually …