#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Apple iCloud | Breaking Cybersecurity News | The Hacker News

Category — Apple iCloud
Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

Sep 12, 2023 Endpoint Security / Data Security
A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after MacStealer , Pureland , Atomic Stealer , and  Realst . "Threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads," SentinelOne security researcher Phil Stokes  said  in a Monday analysis. In these attacks, MetaStealer is distributed in the form of rogue application bundles in the disk image format (DMG), with targets approached through threat actors posing as prospective design clients in order to share a password-protected ZIP archive containing the DMG file. Other instances have involved the malware masquerading as Adobe files or installers for Adobe Photoshop. Evidence gathered so far shows that MetaStealer artifacts began appearing in the wild in March 2023. The most recent sample was upl...
Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

Sep 04, 2023 Financial Fraud / Phishing
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. "The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in the furtherance of identity theft and credit card fraud," Resecurity  said  in an analysis published last week. The cybercrime group, dubbed  Smishing Triad , is also said to be in the business of "fraud-as-a-service," offering other actors ready-to-use smishing kits via Telegram that cost $200 a month. These kits impersonate popular postal and delivery services in the U.S, the U.K, Poland, Sweden, Italy, Indonesia, Malaysia, Japan, and other countries. A stand-out aspect of the activity is the use of breached Apple iCloud accounts as a delivery vector to send package delivery failure ...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Aug 05, 2020
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade , a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins. After the issue was reported to Apple through their responsible disclosure program, the iPhone maker addressed the vulnerability in a server-side update . An Authentication Flaw The central premise of the flaw is as follows. When users try to sign in to a website that requires an Apple ID, a prompt is displayed to authenticate the login using Touch ID. Doing so skips the two-factor authentication step since it already leverages a combination of factors for identification, such as the device (something you have) and...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

Jan 30, 2019
Late last year when an unknown group of hackers stole secret access tokens for millions of Facebook accounts by taking advantage of a flaw in its website, the company disclosed the incident and informed its affected users. Similarly, when Twitter was hit by multiple vulnerabilities ( #1 , #2 , #3 ) in the last few months, the social media company disclosed those incidents and informed its affected users. And Guess What? Google is going to shut down its social media network Google+ in April this year after admitting two security flaws in its platform that exposed private data of hundreds of thousands of users to third-party developers. It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated. Last week, Turkish security researcher Me...
Hacker Who Leaked Celebrities' Personal Photos Gets 8 Months in Prison

Hacker Who Leaked Celebrities' Personal Photos Gets 8 Months in Prison

Aug 31, 2018
George Garofano (left) The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities—has been sentenced to eight months in prison. Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims' iCloud accounts using a phishing scheme, carried out from April 2013 to October 2014, in which he posed as a member of Apple's security team and tricked victims into revealing their iCloud credentials. Using stolen credentials, Garofano then managed to steal victims' personal information, including their sensitive and intimate photographs and videos, from their iCloud accounts, and then leaked them on online forums, like 4Chan. Among the victims were Jennifer Lawrence, Kim Kardashian , Kirsten Dunst, Kate Upton, American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and...
Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers

Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers

Jul 18, 2018
There's terrible news for Apple users in China. Apple's Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy. Back in February this year, Apple moved the encryption keys and data of its Chinese iCloud users from its US servers to local servers on Chinese soil to comply with the new regulation of the Chinese government , despite concerns from human rights activists. For this Apple controversially signed a deal with Guizhou-Cloud Big Data (GCBD), a Chinese company who gained operation control over Apple's iCloud business in China earlier this year. Now, that sensitive data, which includes users' emails, text messages, pictures, and the encryption keys that protect it, has been passed on to Tianyi cloud storage service, a business venture managed by government-owned mobile operator China Telecom. In case you ar...
Expert Insights / Articles Videos
Cybersecurity Resources