iOS Adds New Restricted Mode In Latest Update 

iOS Adds New Restricted Mode In Latest Update 

Apple recently released an updated version of iOS, 11.4.1.  They did so quietly, and without much fanfare, but the update includes one very powerful and exciting security update that’s deserving of special attention. Specifically, the new version of iOS introduces what the company is calling “Restricted Mode.” It was created to protect iPhones against USB devices used by law enforcement to crack your password and get around the encryption used to keep your data secure. The new feature disables USB access after the phone has been locked for an hour instead of a week, which was the previously used convention. To access the new, more secure mode, open your Settings app and look under the section labeled “Touch ID” (note: If you have an iPhone X, this will be labeled “Face ID.”)  Here, you’ll find a new toggle switch for USB Accessories. The default mode is to disable USB Accessories, so if you want them enabled, you’ll need to go into this section of Settings to manually turn it on. This new feature, combined with the toggle switch that automatically erases all data on the phone after ten failed login attempts should serve as a powerful one-two punch that will make iPhones dramatically more secure. Law enforcement officials have not weighed in on the recent change. This new feature coupled with the recent Supreme Court ruling that requires law enforcement agencies to obtain a warrant prior to attempting to pull data from a smartphone. It is probably not going to sit well.  Even so, the change has already won high marks from privacy advocates around the world. Given how...
Adobe Releases Massive Update To Patch Its Products

Adobe Releases Massive Update To Patch Its Products

There’s a lot to like about the contents of Adobe’s most recent “Patch Tuesday” update. It’s well worth downloading and installing, even if you normally take a pass on all but the most critical updates. Included in this release are security patches for 112 vulnerabilities across four different products, including:   Flash Player Acrobat and Reader Experience Manager Adobe Connect We’ve provided more details below: Updates For Flash Player The security update includes patches for both desktops and browsers, including a patch for one critical issue (CVE-2018-5007).  This is a new, worrisome attack vector that exploits “type confusion”, allowing an attacker to execute commands on a targeted system in the context of the current user. The company also patched a second issue, rated as “Important,” that would have allowed an attacker to access sensitive system information, but Adobe did not provide technical details about the flaw, for fear that hackers would attempt to find a way around the latest patch. The flaw impacts Flash Player v. 30.0.0.113 and its earlier versions, and: Window macOS Linux Chrome OS Google Chrome Microsoft IE 11 Microsoft Edge Updates For Acrobat & Reader Acrobat and Reader were the recipients of the majority of the patches in this cycle, seeing 104 flaws dealt with, and 51 of them rated critical.  These issues run the gamut of solving for critical heap overflows, use-after-free, type confusion, untrusted pointer dereference, and buffer error vulnerabilities. Many of these would have allowed hackers to execute commands in the context of the current user. This update fixes errors in the following versions: Continuous Track - 2018.011.20040 and earlier Classic 2017...
Facebook Messenger Getting Feature To Help With Fake Accounts

Facebook Messenger Getting Feature To Help With Fake Accounts

It’s no secret that there are legions of scammers and spammers haunting the virtual halls of Facebook.  As the world’s largest and most influential social networking site, it’s a natural target, making its masses of users natural targets, too. Facebook is taking steps to counter the threat posed by these nefarious actors, after being somewhat slow to act initially. This resulted in a series of Congressional hearings that saw CEO Zuckerberg in the hot seat earlier this year. While the company has already taken many steps to help bolster the privacy and online safety of their users, their latest announcement is a much larger and more significant step in that direction.  The company is currently testing a new feature embedded in Messenger. This is a feature that would identify suspicious accounts sending unwanted messages by informing the recipient of the account’s country of origin via phone number, and listing the date that the account was created. In its simplest form, this approach has obvious advantages that will help reduce phishing and spam-oriented messages, but based on the screenshots the company published to highlight the new feature in action, it could also be used to detect and identify messages sent by agents whose intentions are to spread misinformation.  For instance, users will be notified if they receive a message from an account that is tied to a Russian phone number. The company is still reeling from the aftermath of Russia’s massive misinformation campaign, which used several social media channels, (but had a heavy presence on Facebook) in an effort to influence the outcome of the 2016 presidential election.  To this...
Open Database Exposes Info Of 340 Million People

Open Database Exposes Info Of 340 Million People

Internet security researcher Vinny Trola recently made a huge and disturbing discovery.  A marketing firm called Exactis had left a massive database unsecured, allowing anyone who stumbled across it to access it. As a marketing firm, Exactis collects simply mind-boggling amounts of data on consumers all over the globe. The database in question was a staggering two terabytes in size, and contained more than 150 data fields. Social security numbers were not included in the exposed data. A variety of personal identification was available, including: Name Political affiliation Bank account details (including balances) Information on other financial accounts, including stock holdings Political affiliation Donations to political causes The number of children living in the person’s home The ages of those children In short, it’s more than enough personally identifiable information to make it a casual exercise for a determined hacker to link it back to a person’s social security number.  Even if they didn’t want to jump through the hoops to do that, there’s still enough information in the massive data file that it could open the door to all manners of phishing and other scams. Trola informed Exactis about the exposed database, and the company immediately took steps to secure it. However, it was sitting there completely unguarded and unsecured for more than two months, and there’s no telling how many people may have accessed the data inappropriately. Exactis has no formal relationship with any of the people they collect data on,  so they’re under no obligation to and are unlikely to inform the people in the database that their personal information was exposed. Given that, your best...
Americans Want Local Governments To Spend More On Cyber Security

Americans Want Local Governments To Spend More On Cyber Security

While a significant percentage of Americans are suspicious of government spending beyond the essentials, there’s at least one notable exception, according to a recent survey conducted by SecurityFirst. A majority (74 percent) of Americans want their local governments to spend more money on cybersecurity.   Here are a few of the highlights from the survey: 64 percent believe that a ransomware attack on local government installations could have serious, long-term impacts Only 33 percent of respondents believe that their local governments are capable of keeping their data safe in the event of an attack 60 percent believe that a cyberattack could jeopardize essential services, and 77 percent fear that fallout from such an attack could hinder first responders In terms of the biggest concerns of the citizenry, the data broke out as follows: 74 percent cited potential dangers to local utilities 68 percent cited potential dangers to our court system 68 percent cited potential dangers to local schools Not long ago, the city of Atlanta suffered just such an attack, which cost them millions of dollars and erased several years’ worth of critical data.  The city is still working to recover from the incident.  It underscores the fact that the concerns brought to light by the survey are all too real, that citizens are right to worry, and they demand more from their local governments. Unfortunately, in an age where government spending of any kind almost reflexively comes under intense scrutiny and debate, it remains to be seen whether this and similar surveys will provide any traction to the idea of greater government spending on cybersecurity. If it does...