Issue 19

Apple patches drive-by Wi-Fi flaw with emergency iOS patch

iOS version 10.3.1 fixes a vulnerability where an attacker can run arbitrary code on your iPhone or iPad when he/she is in WiFi range. Many Android phones are also vulnerable, but no fix is available yet. More on the Android side can be found here.

helpnetsecurity.com

 

Chrysaor: highly targeted Android malware

Google and Lookout found a highly targeted malware package, which affected around 3 dozen individuals. It shows great similarity to the previously found Pegasus iOS malware.

helpnetsecurity.com

 

Github repository owners targeted by data-stealing malware

Several owners of popular Github repositories were targeted with Dimnie malware, used to extract data from their machines. A deep dive in the malware can be found here.

threatpost.com

 

With iOS 10.3, iDevices get new Apple file system with native encryption support

A short look at the new filesystem that iOS 10.3 introduces, called APFS (Apple File System), which includes native encryption.

helpnetsecurity.com

 

The scam that knows your name and home address

A large number of UK residents were targeted by what must have been a scary attack that knew their name and home address.

sophos.com

 

McAfee's back as an independent security firm

McAfee, who has been part of Intel for a while, now reverted back to being a stand-alone company. The merge wasn't working out great, with the two companies needing a very different level of agility.

darkreading.com

 

Why I always tug on the ATM — Krebs on Security

Brian Krebs gives some recent examples of very hard to spot ATM hacks that try to hijack your card.

krebsonsecurity.com

 

Chrome security team tackles 'friendly fire' to keep browser safe

A brief look into the daily headaches that the Google Chrome security team need to digest, from OS bloatware to dodgy certificate authorities.

threatpost.com

 

Stack Overflow unveils the next steps in computer security

I'm not a man who enjoys April fool's jokes, but Stack Overflow's "Dance Dance Authentication" made me laugh out loud :-)

stackoverflow.blog