New 'Dok' malware targets Macs using signed Apple developer certificate: "The code, dubbed "Dok" by security firm Check Point, is said to affect "all versions" of macOS/OS X, and be the first "major scale" malware directed at Mac owners through a "coordinated email phishing campaign." The emails are aimed mostly at Europeans, one example being a German-language message from a supposed Swiss official, claiming problems with the target's tax return."

Labels: gatekeeper, quarantine, security policy

UK.gov throws hissy fit after Twitter chokes off snoop firm's access • The Register: "Twitter has reportedly blocked a third-party firm used by the Home Office from accessing its firehose, prompting the government to complain that the social network is siding with terrorists."

Labels: security policy

Interpol unplugs nearly 9,000 Asian command and control networks • The Register: "An Interpol investigation has revealed a worrying degree of insecurity in sout-east Asian countries, with even government-operated Web servers infected to operate as command and control systems for bot-herders."

Labels: security fail, security flaw

Uber Secretly Tracked Users, Spied On Lyft Prompting Tim Cook To Threaten Apple Store Expulsion | Zero Hedge: " The idea of fooling Apple, the main distributor of Uber’s app, began in 2014. At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way."

Labels: Apple vs. Apple

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools • The Register: "Tentler reckons that when the Shadow Brokers' arsenal hit the web on Easter weekend, script kiddies around the world grabbed the cyber-arms, went out, and infected everything they could find."

Labels: security fail, security flaw

We're spying on you for your own protection, says NSA, FBI • The Register: "The document even claims that it is surveilling US citizens for their own protection while at the same time claiming that it is not doing so.

Labels: security policy

Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting majority of Windows PCs globally: "As noted in a report by Lorenzo Franceschi-Bicchierai for Motherboard, the NSA tools were leaked by hacker group known as the "Shadow Brokers.""

Labels: security exploit, security is hard

WikiLeaks just dropped the CIA’s secret how-to for infecting Windows | Ars Technica: "WikiLeaks has published what it says is another batch of secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever."

Labels: zero day exploit

Eric S. Raymond says you probably fit one of eight tech archetypes • The Register: "'Castellans' memorise manuals, 'Tinkers' can't stop hacking hardware. Keep 'Algorithmicists' out of a corner office"

Labels: social hacking

Found: Quite possibly the most sophisticated Android espionage app ever | Ars Technica: "The iOS version of Pegasus took hold of targeted devices by exploiting a trio of critical security vulnerabilities that were unknown to Apple and most other security researchers. "

Labels: ios, security is hard