Search This Blog

Showing posts with label Apple. Show all posts

Apple catches TikTok spying on million of iPhone users globally


Apple announced its latest OS iOS14 at this year's WWDC and during the beta testing for the same, the tech giant caught TikTok recording user's cut-paste data and whatever the user was typing on their keyboard.


The new alert on iOS14 lets the user know if any app is pasting from the clipboard and if they are reading from the cut-paste data. This alert leads to TikTok's reveal. This alert was added based on the research by German software engineer Tommy Mysk in February; he discovered that every app installed on an iPhone or iPad can access clipboard data. And thus Apple added this new banner alert in its latest OS.

Soon after the update, many users started complaining about the issue, “Hey @tiktok_us, why do you paste from my clipboard every time I type a LETTER in your comment box?” wrote @MaxelAmador actor and podcast host on Twitter. “Shout out to iOS 14 for shining a light on this HUGE invasion of privacy.” Though many other apps like Accu Weather, Call of Duty Mobile, and even Google News can read clipboard data it seems strange as to why TikTok would need to do so.

After finding this glitch, Apple released a patch and fixing the issue, even TikTok said in March that it would stop the practice but it seems like they are still snooping on user's data.

In response, the social media app stated, “For TikTok, this was triggered by a feature designed to identify repetitive, spammy behavior. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion”. 

The clipboard tool in iOS helps the user to copy text and images and paste them on another app, the glitch leads to apps access this data, making it quite worrisome. And all this data could be accessed without the user's consent. Apple should be appalled for this expose but another pressing question remains- should the Android community be worried about the same?

Apple Plans to Expand Cloud-Based Services, Enters Cloud Computing Space


Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS.


Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these, AWS is currently ranked top in the world of cloud hosting. Since recent times, Google Cloud and MS Azure are also trying to increase their presence in cloud-space services.

"As a matter of fact, AWS crossed the $10 billion quarterly revenue mark in Q1 2020, bringing in revenue of $10.2 billion with a growth rate of 33%. AWS accounted for about 13.5% of Amazon's total revenue for the quarter, which is on the higher end. Google Cloud, which includes Google Cloud Project (GCP) and G-Suite, generated $2.78 billion in revenue in the first quarter this year, which marked as a 52% increase over the same quarter a year ago. Microsoft does not reveal Azure revenue, but it announced that its Azure revenue grew by 59% in Q1 2020 over the same quarter a year ago," says Taarini Kaur Dang from Forbes.

As it seems, Apple knows the importance of the high-end cloud support needed for offering the best services to its customers. Similar to other tech biggies, Apple has its cloud space team called ACI (Apple Cloud Infrastructure). Noticing Apple's recent advancements, it is fair to believe that Apple might revolutionize the cloud-space world.

The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

WhatsApp's New Feature Lets You Add More People To Group Video Calls!


Finally! The days of whining about the limited number of participants you could add to WhatsApp’s group video and audio calls are OVER! Praise digital advancement, because the limit has been increased from 4 to 8 participants.

For people stuck far away from their families and in times that strictly demand social distancing, video calling applications contribute a lot in keeping us all sane by helping us feel close to our loved ones.

People have often found the number of participants in the group video/audio calls a major limitation of the otherwise significantly efficient WhatsApp.

Hence when WhatsApp, taking into account the terrific rise in the usage of Video Calling applications, at long last has decided to increase the number of contacts you can add to a group video/audio call, we can’t help but be happy.

The new feature would be exclusively available for the users of Android and iOS beta. The installation of the 2.20.50.25 update for the iOS beta users and the 2.20.133 beta update for the Android users is a prerequisite for the accessibility of the feature.

From One Billion daily active WhatsApp users and 400 Million out of them being Indians this new feature was being expected for quite a long time, researchers mention.


For the group video call with the raised number of participants to function at all, all the participants must have the same versions of the application, meaning 2.20.133 beta for Android users and 2.20.50.25 beta update for iOS users. A new header also notifies users about the end-to-end encryption of the calls.

Per sources, in the last month alone the number of people who “video-call” and the time they spend doing it has increased sufficiently on a global level. The pandemic has brought people closer “online” while being physically distant.

Other famous video calling applications including Facebook’s Messenger and Apple’s FaceTime offer a provision to add 50 and 32 people at once, respectively.

This feature will roll out gradually so all you have to do is update your WhatsApp application, sit tight, and wait for your device to embrace it with open arms!

COVID 19 Contact Tracing: Is your Privacy at Risk?


Apple and Google's latest team up together to build a technology that will help trace the spread of coronavirus is a much-appreciated move, that will surely help the society to fight coronavirus. Still, one must also be aware of the privacy concerns, as the users will be sharing their data with these companies. The announcement came last Friday that the two companies are currently working together to build an application that will help in fining the COVID-19 trace. This process is called 'contact tracing,' and it will be carried with the help of Bluetooth technology that will benefit informing people as soon as they come in contact with an infected person.


Both the technology giants have assured that user privacy and security will be their utmost concern. According to cybersecurity experts, these companies who will be using user data such as- contacts, location; wouldn't be used for any other purposes. Even the companies won't have access to this information, and that is why these companies are prioritizing user privacy.

What about government surveillance? 
South Korea, while using technology to find the traces of infected people, is using CCTV footage, user location, credit card records, and even the conversation between individuals. This type of technological surveillance raises concerns about the privacy of individuals. According to cybersecurity experts, the South Korean government is releasing alerts that tell an individual's age, his neighborhood, his workplace, and also his location. None of such details are necessary as over sharing of these personal details can create a panic among the public. Some researchers have even gone to an extent, saying that this surveillance is expected to last even after the coronavirus pandemic ends.

According to experts, the government should tell the public about the reasons for data collection, so the public doesn't panic and even gets a better understanding of the situation. In the present time, it is evident that these surveillances used for health purposes, but another concern is that this data can be used for other purposes such as law enforcement. The important fact is to know about the limits of this surveillance and to keep an eye if it becomes a tool for mass surveillance.

COVID-19: Google and Apple Team up on Contact Trace Technology


Around the world, the governments and health departments are fighting together against the Coronavirus pandemic, coming up with solutions to reduce its effect, so the society and the people can recover from it at the earliest. Keeping this in mind, various software companies and enthusiasts, too, are continually working to build technologies to aware the people to stay safe. Apple and Google together have come forward to contact trace Coronavirus patients. They are working together in developing a technology that will let people know whether they have come in contact with any Coronavirus infected person.


"To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing," says Apple and Google. The initial aim is to help third party contact tracing applications work accurately. But the primary objective is to get rid of downloading dedicated apps while supporting the work. The approach by Apple and Google will keep in mind that- the users participating are voluntary and would stay anonymous. At the same time, their privacy will remain the utmost concern for both companies.

The contact tracing method will somewhat work like this- with the help device's Bluetooth connection signals; the user will know whether he/she has been in contact with an infected person long enough to catch the virus. If either of the people is tested positive for COVID-19 in the future, an immediate warning will be issued to the original handset owner, informing him about the situation. The companies, while addressing the privacy concern, say that neither GPS nor personal information of the user will be collected.

"All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world's most pressing problems. Through close cooperation and collaboration with developers, governments, and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life," said the two companies in a joint statement.

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



Users can now Use 2 Step Verification on their Chrome and Safari Browser


Google has launched a new feature for ensuring users' security. You will now be able to enroll for 2 Factor Authentication Keys from Web browsers. Google is allowing you to enroll security keys on Android and macOS devices by making it easier to register for keys. "Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate."


When you sign in into your account it asks for a username and password, this is the first verification process. Two-factor authentication adds another security layer after this to confirm your identity. It (2FA) could be a pin, a password, a one time password, a physical device, or biometric. It should be something only you have to know. Two-factor authentication is very important as a password isn't as protective as we believe. Cyber attackers can test billions of password combinations in a second.

Two-factor authentication or two-step verification adds another layer of protection besides a password, and it is hard for cybercriminals to get this second factor and reduces their chance to succeed. Now Google is offering these 2FA authentication keys, and you can register for these on macOS devices using Safari (v. 13.0.4 and up), and Android devices running Android 7.0 “N” and up, using the Google Chrome web browser (version 70 and up). Users can register these independently or with those who have signed up for the Advanced Protection Program. It's available for all users given you're using the mentioned version of the software.

What is Security Keys? 

Security Keys are the most secure form of two-factor authentication (2FA) or two-step verification to protect against various threats like hacking and phishing. Users are provided with physical keys that they can insert into the USB port of their device, when required the user will touch the key. On Android devices, the user will have to tap the key on their NFC ( Near Field Communication) enabled device. Android users can also opt for USB and Bluetooth keys. Apple mobile users will be provided Bluetooth-enabled security keys.

Apple Becomes the First Major US Company to Say that the ‘Corona’ Epidemic Will Hit Its Finances



The iPhone maker cautions that disturbance in China from the coronavirus will result in revenues falling short of forecasts'. Underscoring the fact that production and sales were influenced, Apple says that "worldwide iPhone supply would be temporarily constrained". 

Sales of Apple products would be lower, bearing in mind that most stores in China are either closed or operating at reduced hours, the company says, "while our iPhone manufacturing partner sites are located outside the Hubei province - and while all of these facilities have reopened - they are ramping up more slowly than we had anticipated.” 

 "All of our stores in China and many of our partner stores have been closed," it added. "Additionally, stores that are open have been operating at reduced hours and with very low customer traffic. We are gradually reopening our retail stores and will continue to do so as steadily and safely as we can."

Experts have assessed that the virus may contribute towards the reduction in the demand for smartphones significantly in the first quarter in China, the world's biggest market for gadgets. 
The car industry is yet another sector that has been influenced by disturbance to its supply chain. 

A week ago, the heavy equipment manufacturer JCB said it was cutting production in the UK because of a shortage of components from China. Wedbush analyst Daniel Ives wrote in a note to customers, "While we have discussed a negative iPhone impact from the coronavirus over the past few weeks, the magnitude of this impact to miss its revenue guidance midway through February is clearly worse than feared," 

New virus cases outside the 'epicenter area’ has been declining throughout the previous 13 days. There were 115 new cases outside Hubei reported on Monday, sharply down from about 450 a week back. In any case, regardless of expectations that factories and shops are slowly easing back to normal, Apple's warning, however, will underline that China's economy will be greatly influenced by the coronavirus.

Apple Doubles Microsoft by 2:1 in Cybersecurity Threats


According to a fresh report on malware that further sinks deep into the debate of cyberattacks, research company Malwarebytes has used data from various fields to analyze the cybersecurity attacks that effected either the consumers or the business in 2019. But the most surprising thing is the platforms on which these attacks happened: Apple vs Microsoft. Surprisingly, the report tells us that the cybersecurity threats had a larger effect on Apple than that of Microsoft.


An insight into State of Malware Reports- 

The 2020 Malwarebytes research looked into the following fields for the potential cybersecurity threats: macOS and Windows, iOS and Android users, attacks based on web browsers, and attacks that happened on Windows or Mac PCs. After calculating the cybersecurity threats and analyzing the data, the 'State of Malwares' report revealed that cybersecurity threats against Apple increased by 400% in the year 2019. It also concludes that Apple outnumbers Microsoft by 2:1 in terms of cybersecurity threats.

The ratio shouldn't be ignored as Malwarebyte's Apple has a larger user base than Microsoft. Further, the report reveals that Mac files tend to have more malicious behavior (front and center) throughout the years, allowing more space for hackers to deploy evading techniques to escape iOS discovery. As the malware signs of progress keep affecting the iOS, users should rethink if they should install antivirus in their phones or not, as it opens up the space for cyber attacks.

Does it raise concern over Mac Security- 

If you look back in the past media coverage on cybersecurity, the reports would suggest that there were more attacks to Microsoft or Windows users than to Apple or iOS. But simply having fewer reports than Microsoft doesn't mean that Apple has better cybersecurity. There have been a few prominent incidents that raised suspicion over Apple's commitment to security. For instance, the iPhone specific threats, or the Siri feature that left encrypted emails encrypted, or the apps that could tell if "your iPhone was hacked," or to ensure the security of the Apple Smartwatch 5. The Malwarebytes report suggests that one shouldn't ignore this while moving into 2020, as 2019 showed it was a bad year for Apple.

Apple Deliberately Restricts Old Versioned iPhones' Performance; Gets Fined!



Apple, the technology giant famously known for its partially eaten logo among other things, was recently fined by France’s authority that regulates competition in the country, mentioned sources.

This apparently isn’t the first time that Apple has been fined by governmental authorities but it hasn’t mattered to the multi-million organization much before because of its money replenishing power.

Per reports, the reason behind this charging happens to be Apple’s voluntarily keeping the fact from its users that the software updates it released in 2017 could limit the functioning of the older versions of iPhones.

According to sources, Apple never updated its users that the time-worn batteries of the older iPhones, namely, iPhone 7, iPhone 6, iPhone SE and such wouldn’t be able to manage the increased battery usages.

The Directorate-General for Competition, Consumption and the Suppression of Fraud (DGCCSF) is the aforementioned body that in one of its reports elaborated upon how Apple’s software updates hindered the proper performing of older models of iPhones and how the company never realized their duty to enlighten the users about it.

The updates in question basically curbed the performance levels of iPhones to thwart excessive energy consumption of older versions of the phones, eventually trying to ward off a total crashing down of the devices.

The users could go back to older software versions or replace the battery and their iPhones could have a chance at working like they formerly did. The issue is a good initiative and has a solution but how are the people to know about this and act accordingly, if they aren’t duly apprised by Apple?

And what’s more, Apple restricted the users from returning to their previous software types, meaning the users couldn’t do much about the situation anyway!

Sources mentioned that Apple agreed to pay the fine of around $27.4 million for purposely limiting the performance of older iPhones and not alerting the users about it.

There was quite a hullabaloo outside of France as well regarding the same issue including lawsuits that got Apple to publicly apologize and offer free battery exchanges for affected devices.

As per sources, an Italian agency too had fined Apple and Samsung for not conspicuously informing the users on how to replace batteries.

But, $27.4 is next to nothing for a gigantic tech name like Apple. It would, with no apparent trouble, stock back the amount of money in just 2roper to 3 hours!

Apple Engineers unveils a proposal to standardize the two factor authentication process and Google backs it up!


Apple known for it's off the charts security features was recently troubled with hacks, malware and phishing attacks staining its reputation and customer trust. And to counter that, Apple has again risen to strengthen its security and user experience - the tech company is planning on standardizing two-factor authentication (2FA) to prevent security issues and phishing scams.

PhoneArena.com reported that Apple engineers have put forward a proposal to enable a standardized format for a two-factor authentication login method where users receive a one time password (OTP) via SMS during login. The suggestion was given by engineers of Apple Webkit, from the Safari browser - the default mackintosh browser. The suggestion was also backed by engineers working on Chromium, Google.

The feature would use SMSs containing the login URL. Usually, with two-factor authentication users have to see their mobile or write down the code and then try to login which makes the whole process long and frustrating but Apple always tries to give the customer the best experience and to tackle this they have come up with a standardize and automated method.

What's different with this feature than the other two factor authentications is that it will standardize the process and format for the browser and mobile applications. The incoming messages will be easily identified by the browser or mobile applications, the browser will recognize and identify the web domain in the SMS and automatically extract the One Time Password (OTP) and complete the login. This will prevent the user from being scammed as the process will be automated and the browser or the mobile app will recognize the authentic source.

 According to the report, "The proposal has two goals. The first is to introduce a way that OTP SMS messages can be associated with a URL. This is done by adding the login URL inside the SMS itself. 
The second goal is to standardize the format of 2FA/OTP SMS messages, so browsers and other mobile apps can easily detect the incoming SMS, recognize web domain inside the message, and then automatically extract the OTP code and complete the login operation without further user interaction." 
After enabling the feature, browsers and apps will be automated and complete the login through 2FA (two-factor authentication ) by obtaining the OTP. In case of a mismatch, the automatic process will fail and the user will be able to see the website URL and complete the login process.

Apple Engineers to Standardize the Format of the SMS Messages Containing OTPs


A proposal comes from Apple engineers working at WebKit, the core component of the Safari web browser, to institutionalize the format of the SMS messages containing one-time passwords (OTP) that users receive during the two-factor authentication (2FA) login process.

 With 2 basic goals, the proposal aims initially is to introduce a way that OTP SMS messages can be associated with a URL, which is essentially done by adding the login URL inside the SMS itself.

And the second being to institutionalize the format of 2FA/OTP SMS messages, so browsers and other mobile applications can undoubtedly distinguish the approaching SMS, perceive web domain inside the message, and afterward consequently extract the OTP code and complete the login operation moving forward without any further user interaction.

According to the new proposal, the new SMS format for OTP codes would look like below:

747723 is your WEBSITE authentication code. 
@website.com #747723 

The first line, intended for human users, permits them to decide from what site the SMS OTP code originated from and the second line is for both human users as well as for applications and browsers.

 Applications and browsers will consequently extricate the OTP code and complete the 2FA login operation. In the event that there's a 'mismatch' and the auto-complete operation falls flat, human readers will have the option to see the site's original URL, and contrast it with the site they're attempting to login.

On the off chance that the two are not similar, at that point, users will be alerted that they're very a phishing site and forsake their login activity.

When browsers will deliver components for reading SMS OTP codes in the new format, significant providers of SMS OTP codes are required to switch to utilizing it. Starting now, Twilio has already communicated its enthusiasm for actualizing the new arrangement for its SMS OTP administrations. 

Presently, while Apple (WebKit) and Google (Chromium) engineers are quite energetic about the proposition, Mozilla (Firefox) has not yet given an official criticism on the standard yet.

Alert! Your Mac maybe under threat - SHLAYER MALWARE attacks every 10th Mac OS


The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous security threat.


Kaspersky reports that Macs have become a hot target for a dangerous malware - SHLAYER, been active for two years this malware-infected 10 percent of MacOS, affecting more than one in ten users.

“The Shlayer Trojan is the most common threat on macOS,” Kaspersky Labs reported on Jan 23, 2020. The users from France, Germany, the United States, and the United Kingdom become the top target of Shlayer in 2019.

As for what is Shlayer, Seals said, "Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code...Its main purpose is to fetch and install various adware variants. "These second-stage samples bombard users with ads, and also intercept browser searches in order to modify the search results to promote yet more ads."

As per the report by Kaspersky, after the malware is installed on the system it displays chains of advertisement, recovering advertisement revenue and slowing your Mac. “The macOS platform is a good source of income for cybercriminals,” warns Kaspersky. However, “the most widespread threats are linked to illicit advertising,” reassures the report.

Hides behind fake updates

The malware enters your system through fake flash updates, fooling the victim into installing the update and paving the way into your Mac. Many illegal streaming websites are filled with these fake updates. You may have encountered streaming websites asking for flash updates before playing the video, this malware hides behind such adverts.

"Our statistics show that the majority of Shlayer attacks are against users in the U.S. (31%), followed by Germany (14%), France (10%), and the UK (10%). This is wholly consistent with the terms and conditions of partner programs that deliver the malware, and with the fact that almost all sites with fake Flash Player download pages had English-language content", Kaspersky reports.

These fake updates could also be present on some legitimate websites, so be careful while downloading any updates.

Hacker Jailed on Charges of Blackmailing Apple


A twenty-two-year-old hacker has agreed that he tried to threaten Apple company by alleging that he had data of accounts of millions of iPhone users and that he would destroy these accounts if not given the ransom. The hacker is known to be Kerem Albayrak, living in North London, who scared to clear more than 300 million Apple users' iCloud accounts, demanding that the company gave him iTunes reward vouchers amounting to £76,000 ($1,00,000), as a ransom. However, while enquiring about the issue, Apple discovered that Kerem's claims were false, and he didn't jeopardize the company's safety system.


Kerem has been charged with the crime of data breach and blackmailing and has been sentenced 2 years of jail imprisonment, and 300 hours of community service (unpaid). Two years back, in March 2017, Kerem e-mailed Apple company's safety unit, declaring to have hacked more than 300 Million iCloud accounts of Apple users. To strengthen his claim, Kerem showed him hacking two iCloud accounts in a video that he uploaded on Youtube. The hacker blackmailed to trade the iCloud accounts' data, drop his data on the internet and restore the iCloud accounts if he was denied by Apple to give his iTunes bonus voucher-request. Kerem also agreed to accept cryptocurrency as a payoff, saying he would accept a return of $75,000, but later raised it to $1,00,000. 2 weeks after the threat was sent, Kerem was caught in his house in north London, by the London police.

The attack is called Credential Stuffing-
Apple examined his allegations but was unable to obtain any solid proof that the users' iCloud accounts were hacked. "The hacker collected passwords and e-mail addresses from different aids, that were exposed recently on charges of the data breach," says UK's National Crime Agency in its inquiry. It further says that the hacker sought his chance, checking whether the user had similar iCloud accounts and passwords. The attack is known as 'Credential Stuffing,' which allows the process to complete faster.

While the investigation was in process, Kerem told the investigators, "You have fame and everyone starts to respect you, once you have power on the internet." Along with the 300 hours of unpaid community service, Kerem has also received an electronic curfew of 6 months. "Kerem thought that he could avoid prosecution when he hacked 2 iCloud accounts and blackmailed Apple, an MNC giant," says Anna Smith, senior investigative officer, NCA.

Malware creators producing more dangers to mac-OS


Illegal affair in Mac operating system proceeds to increase, with malware makers producing out bugs that aim users of the popular operating system Apple. Discovered by Trend Micro as 'backdoor.macOS.nukespeed,' a new modification of a Mac backdoor is associated with the cyber-criminal club Lazarus, which was recently infamous for targeting Korean organizations with a crafted MS Excel spreadsheet.


Connections to a first Lazarus routine- 

A malicious sample that was discovered by a twitter user named cyberwar_15 was analyzed, and the experts found that the virus used an embedded excel sheet to target the user. This kind of attack is similar to the one which was conducted by the Lazarus group. But, contrary to the earlier hack which includes many routines based on the Operating system the Excel sheet is running on, the embedded macro in this catalog will simply work a PowerShell text that joins to 3 C&C servers, established by the group Lazarus.

The Mac package also holds fake and genuine Flash Players- 

Aside from the examined specimen, Qianxin Technology and @cyberwar_15 also found an inhospitable Mac application package doubted to be connected to the crime as it yields alike C&C servers with crafted spreadsheets. But, this is merely a bait as the original flash player file is carried as a concealed Mac OS catalog. The package holds 2 adobe flash player files, one being a genuine version while the other a fake version named as 'trojan.macOS.nukesped.b.' The application will operate on the micro-size flash player file as its primary actor, which is the fake variant that simply acts as an 'adobe flash player'. To hide the malicious hacking activity, the virus runs the genuine flash player to do the trick.

Conclusion- 

In contrast to Lazarus’ previous method that used macros to install a backdoor Mac file for the backdoor entry, the examples examined by TrendMicro show that hacks like these use a fake application as a decoy to run along with the malicious macOS attacks. The criminal groups like Lazarus have become a threat to cybersecurity, Lazarus has been expanding its reach of intervention by various programs.

NSO's Spyware Pegasus Taking Control of Mobile Devices through Apps


NSO's spyware Pegasus has been revealed to assume control for mobile devices through various apps; this is a matter of grave concern as cybersecurity firms have in the past also discovered the Pegasus software to exist in both the Apple and Android operating systems.

While WhatsApp said the number of infected users may go up from the present gauge of 1,400, as more users come forward with this issue, Newswire Reuters even reported citing to sources familiar with WhatsApp's internal investigation that the snooping may also include prominent government and military authorities in about 20 nations, aside from activists and journalists.

Raman Jit Singh Chima, Asia Policy Director, and Senior International Counsel at open internet advocacy group Access Now says that “Surveillance tech firms such as NSO and others market these capabilities with the intent of allowing their clients to hack and surveil all of the everyday smartphone activity of the targeted victim.”

He further included this may also include services, like Gmail, iMessage, Facebook, and Viber.

NSO's utilization of malware to control Apple devices is said to have been first discovered in 2016, and Apple along these lines had even released software upgrades in September 2016 after it found that hackers could have accessed its devices by making a victim click on a link and it was then speculated that Pegasus spyware could have been installed by misusing vulnerabilities in its software.

University of Toronto-based Citizen Lab, which aided WhatsApp in its investigation for the aforementioned issue, said in a 2018 report that Pegasus seems, by all accounts, to be being used by nations with 'dubious' human rights records and histories of harsh conduct by state security administrations.

This includes India too, as one NSO administrator named the Ganges is said to have been operated in India and was discovered by Citizen Lab. Most recently WhatsApp stresses the fact that the number of users affected may go up later on particularly in India because of the total absence of any surveillance reform or data protection laws.

Libreoffice Users Receiving Security Warnings While Installing Macos 10.15 Catalina


Users of the open-source office productivity software LibreOffice have reported keeping running into numerous security warnings when installing the app on the newly released macOS 10.15 Catalina.

It was during the public beta for macOS Catalina that some LibreOffice users observed that Apple's GateKeeper warnings were competent enough to scare off many users.

Despite the fact that Apple had cautioned macOS designers in June that all Mac applications that are marked with a Developer ID would likewise be 'notarized' by Apple and furthermore guaranteed this would empower a "more streamlined Gatekeeper interface" when users download macOS applications from the web.

While LibreOffice version 6.2 was not authorized, the most recent 6.3 version evidently has been. Be that as it may, as per LibreOffice, users are as yet getting the GateKeeper alert with the extra notice that "macOS cannot verify that is app is free from malware”.

"Although we have duly followed the instructions when users launch LibreOffice 6.3.x – which has been notarized by Apple – the system shows the following scary message: 'LibreOffice.the app cannot be opened because the developer cannot be verified', and provides only two options: Move to Bin (delete) and Cancel (revert the operation, i.e., do not run LibreOffice)," writes LibreOffice's Italo Vignoli.

LibreOffice anyway suggested a couple of ways through which the users can without much of a stretch 'bypass' the message. With respect to Apple's notarization, app developer Jeff Johnson has clarified that the key security benefit originates from the necessity that developers utilize their Apple ID and password for their developer account to submit the application to Apple for legal approbation.

Along these lines, the attacker would need to 'compromise' both a signing certificate and the developer's Apple ID in order to distribute the malware.

17 Trojan infested apps you need to delete from your iPhone right now!


Just like the ancient Greek story, where soldiers sneak into the gates of troy by hiding inside a wooden horse similarly Trojans sneak in your phone in the face of harmless apps that you voluntarily install. Apple users are being warned about such apps, to check their devices against a list of malware apps and delete them according to a report by Wandera.

Research team at Wandera, a software-as-a-service firm, has identified 17 apps that install malicious Trojan module on iOS devices. Apple says that the infected apps have been removed from the app store but after examination they found that the apps did not contain the claimed Trojan malware. Instead, the apps were removed because of being adware specifically called the "clicker Trojan malware" and included code that enabled artificial click-through of add and made it seem like you viewed an advertisement which is against App Store's guidelines. Apple further said that the protective tools of App Store have been updated to detect such apps.

 Below is the list of infected apps:

RTO Vehicle Information
EMI Calculator & Loan Planner
File Manager - Documents
Smart GPS Speedometer
CrickOne - Live Cricket Scores
Daily Fitness - Yoga Poses
FM Radio PRO - Internet Radio
My Train Info - IRCTC & PNR​ (not listed under developer profile)
Around Me Place Finder
Easy Contacts Backup Manager
Ramadan Times 2019
Pro Restaurant Finder - Find Food
BMI Calculator PRO - BMR Calc
Dual Accounts Pro
Video Editor - Mute Video
Islamic World PRO - Qibla
Smart Video Compressor

The developer of these is AppAspect Technologies, from India with apps for iOS as well as Android. Wandera said that on examining these apps, they didn't contain the clicker Trojan malware but they used too. Covington thinks it's a possibility that they used to contain Trojan but were pulled from the store, and republished after removing the Trojan module, perhaps the bust on Play store made them retreat and focus their attention on iOS.

According to Wandera, the Trojan not only performed adware but also steal information and data to send to external command or controller, create back-doors, performance degradation, battery drain and heavy bandwidth use. The fact that they published on App Store and remained undetected is alone a matter of concern. “We were amazed with this one,” Wandera VP Michael Covington said in a statement to Forbes. “We've seen a couple of issues creep into the Apple App Store over the last few months—and it always seems to be the network element.”

Apple stands it's ground that any such Trojan malware existed, saying there was no danger beyond ad click-through fraud. But the good news is, the problem is solved on deleting the apps and no remains are left behind. “There is no access to special frameworks that might have left something behind,” Covington explained.

Apple Apologises To Siri Users for “Not Fully Living Up To Their High Ideals”




Apple apologizes to Siri users for not 'fully living up to their ideals' as well as enabling temporary workers to tune in to voice recordings of Siri users so as to review them.

The announcement was made after a review of the grading programme was finished, which had been triggered to reveal its existence with the help of a Guardian report.

 “As a result of our review, we realise we have not been fully living up to our high ideals, and for that we apologise, as we previously announced, we halted the Siri grading program. We plan to resume later this fall when software updates are released to our users.” Apple said in an unsigned statement posted to its website.

The company committed to three changes to the way Siri is run after it resumes the grading programme:
  • It will no longer keep audio recordings of Siri users by default, though it will retain automatically generated transcripts of the requests.                                                                                
  • Users will be able to opt in to sharing their recordings with Apple. “We hope that many people will choose to help Siri get better,” the company said.                                                                        
  • Only Apple employees will be allowed to listen to those audio samples. The company had previously outsourced the work to contracting firms. Over the past two weeks, it has ended those contracts, resulting in hundreds of job losses around the world.


In the past six months, almost every significant producer of voice-assistance technology has been 'revealed' to have been operating human-oversight programs, having run them in discreetly for a considerable length of time. Many out of them have sworn in to change their frameworks.

Amazon was the first to have been identified, then came along Google and Microsoft, with the former pledging to review its safeguards and the latter updating its privacy policy.