Enlarge / Take one daily to keep Evil Hackerman away! (credit: Aurich Lawson | Getty Images) Information security and privacy suffer from the same phenomenon we see in fighting COVID-19: “I’ve done my own research” syndrome. Many security and privacy practices are things learned second- or third-hand, based on ancient tomes or stuff we’ve seen […]
Tag: infosec
Securing your digital life, part two: The bigger picture—and special circumstances
Enlarge (credit: ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images) In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall digital exposure. According to […]
Securing your digital life, part one: The basics
Enlarge / Artist’s impression of how to keep your digital stuff safe from all kinds of threats. (credit: Aurich Lawson | Getty Images) I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better defend against them. It’s not […]
Apple AirTags can be abused to direct finders to malicious websites
Enlarge / Apple’s AirTags—as seen clipped to a backpack, above—allow users to attempt to find their own device via location rebroadcast from other Apple users. If all else fails, the user can enable a “Lost mode” intended to display their phone number when a finder scans the missing AirTag. (credit: James D. Morgan / Getty […]
Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty
Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple’s slow response and inconsistent policy adherence when it comes to security flaws. (credit: Aurich Lawson | Getty Images) Yesterday, a security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple’s iOS mobile operating system. The […]
Security audit raises severe warnings on Chinese smartphone models
Enlarge / Be sure you know what you’re getting into before buying and using unfamiliarly branded smartphones—especially international models not originally intended for your country. (credit: Clover No. 7 Photography via Getty Images) The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei’s P40 5G, Xiaomi’s Mi 10T […]
Nation-state espionage group breaches Alaska Department of Health
Enlarge / If Alaska’s native Ursus arctos population could be enlisted for cyber defense patrols, attackers might need paws for reflection before committing a criminal breach. (credit: Jared Lloyd via Getty Images ) Last week, Alaska’s Department of Health and Social Services (DHSS) disclosed a security breach apparently made by a sophisticated nation-state level attacker. […]
Security researchers at Wiz discover another major Azure vulnerability
Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images) Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines […]
Infosec researchers say Apple’s bug-bounty program needs work
Enlarge / If you don’t maintain good relationships with bug reporters, you may not get to control the disclosure timeline. (credit: mhatzapa via Getty Images / Jim Salter) The Washington Post reported earlier today that Apple’s relationship with third-party security researchers could use some additional fine tuning. Specifically, Apple’s “bug bounty” program—a way companies encourage ethical […]
“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Enlarge / Cosmos DB is a managed database service offering—including both relational and noSQL data structures—belonging to Microsoft’s Azure cloud infrastructure. (credit: Microsoft ) Cloud security vendor Wiz announced yesterday that it found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that granted read/write access for every database on the service to any […]