Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help

A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory. Researcher Björn Ruytenberg detailed the Read More …

North Korean hackers infect real 2FA app to compromise Macs

Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT Read More …

Apple opens public bug bounty program, publishes official rules

Apple has formally opened its bug bounty program today to all security researchers, after announcing the move earlier this year in August at the Black Hat security conference in Las Vegas. Until today, Apple ran an invitation-based bug bounty program for selected Read More …

New vulnerability lets attackers sniff or hijack VPN connections

Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections. The vulnerability — tracked as CVE-2019-14899 — resides in the networking Read More …