Tech

Securing your digital life, the finale: Debunking worthless “security” practices

Enlarge / Take one daily to keep Evil Hackerman away! (credit: Aurich Lawson | Getty Images) Information security and privacy suffer from the same phenomenon we see in fighting COVID-19: “I’ve done my own research” syndrome. Many security and privacy practices are things learned second- or third-hand, based on ancient tomes or stuff we’ve seen […]

Tech

Securing your digital life, part two: The bigger picture—and special circumstances

Enlarge (credit: ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images) In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall digital exposure. According to […]

Tech

Securing your digital life, part one: The basics

Enlarge / Artist’s impression of how to keep your digital stuff safe from all kinds of threats. (credit: Aurich Lawson | Getty Images) I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better defend against them. It’s not […]

Tech

Apple AirTags can be abused to direct finders to malicious websites

Enlarge / Apple’s AirTags—as seen clipped to a backpack, above—allow users to attempt to find their own device via location rebroadcast from other Apple users. If all else fails, the user can enable a “Lost mode” intended to display their phone number when a finder scans the missing AirTag. (credit: James D. Morgan / Getty […]

Tech

Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty

Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple’s slow response and inconsistent policy adherence when it comes to security flaws. (credit: Aurich Lawson | Getty Images) Yesterday, a security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple’s iOS mobile operating system. The […]

Tech

Security audit raises severe warnings on Chinese smartphone models

Enlarge / Be sure you know what you’re getting into before buying and using unfamiliarly branded smartphones—especially international models not originally intended for your country. (credit: Clover No. 7 Photography via Getty Images) The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei’s P40 5G, Xiaomi’s Mi 10T […]

Tech

Nation-state espionage group breaches Alaska Department of Health

Enlarge / If Alaska’s native Ursus arctos population could be enlisted for cyber defense patrols, attackers might need paws for reflection before committing a criminal breach. (credit: Jared Lloyd via Getty Images ) Last week, Alaska’s Department of Health and Social Services (DHSS) disclosed a security breach apparently made by a sophisticated nation-state level attacker. […]

Tech

Security researchers at Wiz discover another major Azure vulnerability

Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images) Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines […]

Tech

Infosec researchers say Apple’s bug-bounty program needs work

Enlarge / If you don’t maintain good relationships with bug reporters, you may not get to control the disclosure timeline. (credit: mhatzapa via Getty Images / Jim Salter) The Washington Post reported earlier today that Apple’s relationship with third-party security researchers could use some additional fine tuning. Specifically, Apple’s “bug bounty” program—a way companies encourage ethical […]

Tech

“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure

Enlarge / Cosmos DB is a managed database service offering—including both relational and noSQL data structures—belonging to Microsoft’s Azure cloud infrastructure. (credit: Microsoft ) Cloud security vendor Wiz announced yesterday that it found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that granted read/write access for every database on the service to any […]