#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Apple ID password | Breaking Cybersecurity News | The Hacker News

Category — Apple ID password
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Aug 05, 2020
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade , a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins. After the issue was reported to Apple through their responsible disclosure program, the iPhone maker addressed the vulnerability in a server-side update . An Authentication Flaw The central premise of the flaw is as follows. When users try to sign in to a website that requires an Apple ID, a prompt is displayed to authenticate the login using Touch ID. Doing so skips the two-factor authentication step since it already leverages a combination of factors for identification, such as the device (something you have) and
Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

Oct 10, 2017
Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake? Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet. Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data. According to an alarming blog post published on Tuesday by Krause, an iOS app can just use " UIAlertController " to display fake dialog boxes to users, mimicking the look and feel of Apple's official system dialogue. Hence, this makes it easier for an attacker to convince users into giving away their Apple ID passwords without any degree of suspicion. " iOS asks the user for their iTunes pass
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
Expert Insights / Articles Videos
Cybersecurity Resources