Tag Archives: Apple ID

12th October resource updates

Updates to Anti-Social Media 

Sophos: Instagram tests sharing your location history with Facebook – “For those Facebook users who still cling to the notion that they can limit Facebook’s tracking of our lives like it’s an electronic bloodhound, you should be aware that its Instagram app has been prototyping a new privacy setting that would enable location history sharing with its parent company.”

The Register: Facebook mass hack last month was so totally overblown – only 30 million people affected – “Good news: 20m feared pwned are safe. Bad news: That’s still 30m profiles snooped…”

Me, for ESET: Facebook cloning revisited

Updates to Cryptocurrency/Crypto-mining News and Resources

Brad Duncan for Palo Alto Unit 42: Fake Flash Updaters Push Cryptocurrency Miners – “…As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

The Register: If you haven’t already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

Updates to Chain Mail Check

Facebook cloning revisited

Updates to Mac Virus

Chinese iPhone users – Apple IDs compromised

David Harley

Advertisements

Ransomware and a rumoured Apple ID breach

For CSO Online, Steve Ragan describes how Ransom demands are written in Russian via the Find my iPhone service. Here’s how he describes the attack:

It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.

Thomas Reed also described a similar attack a few months back using iCloud’s ‘Find My Mac’.

Ragan also mentions ‘a rumor concerning “rumblings of a massive (40 million) data breach at Apple.”‘ I’ve seen no confirmation of that anywhere, but it’s certainly a good time to check that your AppleID credentials are in good shape.

Commentary by Graham Cluley here. You might want to consider taking up his suggestion of  enabling two-step verification on your Apple ID account, too.

David Harley