#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

iOS hacking | Breaking Cybersecurity News | The Hacker News

Russian Government Asks Apple to Hand Over iOS and Mac Source Code

Russian Government Asks Apple to Hand Over iOS and Mac Source Code
Jul 31, 2014
Just few days after the announcement that Russian government will pay almost 4 million ruble (approximately equal to $111,000) to the one who can devise a reliable technology to decrypt data sent over the Tor , now the government wants something which is really tough. APPLE & SAP, HAND OVER YOUR SOURCE CODES Russian government has asked Apple to provide the access to the company's source code in an effort to assure its iOS devices and Macintoshes aren't vulnerable to spying. Not just this, the government has demanded the same from SAP as well, which is an enterprise software that manages business operations and customer relationships. Russia proposed this idea last Tuesday when Communications Minister Nikolai Nikiforov met SAP's Russian managing director Vyacheslav Orekhov , and Apple's Russian general manager Peter Engrob Nielsen, and suggested that both the companies give Russian government access to their source code. APPLE iOS BACKDOOR CONTROVERSIES The idea

Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices

Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices
Jul 22, 2014
A well known iPhone hacker and forensic scientist has unearthed a range of undocumented and hidden functions in Apple iOS mobile operating system that make it possible for a hacker to completely bypass the backup encryption on iOS devices and can steal large amounts of users' personal data without entering passwords or personal identification numbers. Data forensics expert named Jonathan Zdziarski has posted the slides ( PDF ) titled " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. Jonathan Zdziarski, better identified as the hacker " NerveGas " in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is also the author of five iOS-related O'Reilly books including " Hacking and Securing iOS Applications ." The results of his overall research on the iOS

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Gmail App for iOS leaves Users vulnerable to Man-in-the-Middle Attacks

Gmail App for iOS leaves Users vulnerable to Man-in-the-Middle Attacks
Jul 12, 2014
Google has failed to provide a very important security measure in its Gmail application for iOS that left millions of its Apple device users to Man-in-the-Middle (MitM) attacks capable of monitoring encrypted email communications. Researcher at mobile security firm Lacoon has discovered that Google's Gmail iOS application, run on Macintosh mobile devices, does not perform what's known as "certificate pinning" when establishing a trusted connection between the mobile applications and back-end web services, which means an attacker can view plaintext emails and steal credentials in MitM attack. WHAT IS CERTIFICATE PINNING Certificate Pinning is a process designed to prevent user of the application from being a victim of an attack made by spoofing the SSL certificate . Certificate pinning automatically rejects the whole connection from sites that offer bogus SSL certificates and allow only SSL connections to hosts signed with certificates stored inside the application, whic

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager
Jul 05, 2014
Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher. I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere. But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Pri

Researchers Uncover Spying Tool Used by Governments to Hijack all Types of Smartphones

Researchers Uncover Spying Tool Used by Governments to Hijack all Types of Smartphones
Jun 25, 2014
Purchasing malware to victimize people is illegal by laws but if the same thing any government official do, then its not!! Yes, the police forces around the World are following the footsteps of U.S. National Security Agency ( NSA ) and FBI. Researchers from the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and computer security firm Kaspersky Lab have unearthed a broad network of controversial spyware which is specially designed to give law enforcement agencies complete access to a suspect's phone for the purpose of surveillance. MALWARE FOR DESKTOPS AND ALL MOBILE DEVICES The malware , dubbed as Remote Control System (RCS) , also known as Da Vinci and Galileo, is developed by an Italian company known as Hacking Team, available for desktop computers, laptops, and mobile devices. The latest version of the malware works for all phone including Android, iOS, Windows Mobile, Symbian and BlackBerry devices, but best on Android devices , and can also b
Cybersecurity Resources