#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Apple ID password | Breaking Cybersecurity News | The Hacker News

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Aug 05, 2020
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade , a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins. After the issue was reported to Apple through their responsible disclosure program, the iPhone maker addressed the vulnerability in a server-side update . An Authentication Flaw The central premise of the flaw is as follows. When users try to sign in to a website that requires an Apple ID, a prompt is displayed to authenticate the login using Touch ID. Doing so skips the two-factor authentication step since it already leverages a combination of factors for identification, such as the device (something you have) and
Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

Oct 10, 2017
Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake? Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet. Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data. According to an alarming blog post published on Tuesday by Krause, an iOS app can just use " UIAlertController " to display fake dialog boxes to users, mimicking the look and feel of Apple's official system dialogue. Hence, this makes it easier for an attacker to convince users into giving away their Apple ID passwords without any degree of suspicion. " iOS asks the user for their iTunes pass
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources