Mac security hole reportedly lets attackers bypass app safeguards


This post is by Engadget RSS Feed from Engadget RSS Feed


Click here to view on the original site: Original Post




Apple may have another Gatekeeper security flaw on its hands. Researcher Filippo Cavallarin has detailed a macOS vulnerability that he said would let attackers install malware without the usual permission request. As Gatekeeper considers network shares to be ‘safe’ locations that don’t require permission checks, an intruder just has to trick the user into mounting one of those shares to run the apps they like. A maliciously crafted ZIP file with the right symbolic link could automatically steer you to an attacker-owned site, for example, and it would be easy to trick someone into launching a hostile app — say, a virus masquerading as a document folder.

Via: 9to5Mac

Source: Filippo Cavallarin

15 Mac Menu Bar Apps You Should Check Out


This post is by Tom Nelson from Other World Computing Blog


Click here to view on the original site: Original Post




Menu Bar apps sit in your Mac’s menu bar and provide access to an array of features and services, all with just a simple click or tap of the app’s menu bar icon. They can bring additional productivity, utility, or security, or add useful information to your Mac’s menu bar.

Basic Mac menu bar.

The basic menu bar with Apple-supplied menu items shown.

Our list of 15 menu bar apps is by no means all-inclusive; there are so many apps available that it would take quite a while to combine them into a single list. Instead, I’ve gathered a list of menu bar apps that I’ve either used or are popular in the Mac community, and are worth trying out.

Let’s start our list of favorite menu bar apps with ones that enhance your productivity.


Calendars

Yes, your Mac comes with its own Calendar app, which does a pretty good job of keeping track

Fantastical menu bar app.
Cardhop menu bar app
iStat Menus menu bar app
Memory Clean menu bar app.
1Password mini in Mac's menu bar
Short Cut Bar menu bar app.
Meteorologist in the Mac's menu bar

Continue reading “15 Mac Menu Bar Apps You Should Check Out”

Windows 10 May 2019 Update now rolling out to everyone… slowly


This post is by Peter Bright from Ars Technica


Click here to view on the original site: Original Post




Stylized image of glass skyscrapers under construction.

Enlarge (credit: David Holt / Flickr)

To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate and a much less aggressive rollout to Windows Update.

That rollout starts today. While you previously needed to be in the Insider Program (or have a source such as an MSDN subscription) to download and install version 1903, it’s now open to everyone through Windows Update.

However, Windows users are unlikely to see the update automatically installed for many months. Initially, only those who explicitly visit Windows Update and click “Check for Updates” will be offered version 1903, and even then, they’ll have to explicitly choose to download and install the update. This is part of Microsoft’s attempt to make Windows

Continue reading “Windows 10 May 2019 Update now rolling out to everyone… slowly”

33 Linksys router models leak full historic record of every device ever connected


This post is by Dan Goodin from Ars Technica


Click here to view on the original site: Original Post




33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy)

More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.

(credit: Troy Mursch)

Independent researcher Troy Mursch said the leak is the result of a persistent flaw in almost three dozen models of Linksys routers. It took about 25 minutes for the Binary Edge search engine of Internet-connected devices to find 21,401 vulnerable devices on Friday. A scan earlier in the week found 25,617. They were leaking a total of 756,565 unique MAC addresses. Exploiting the flaw requires only a few lines of code that harvest every MAC address, device name, and operating system that has ever connected to each of them.

The flaw allows snoops or hackers to

Continue reading “33 Linksys router models leak full historic record of every device ever connected”

Network and Security Series: Zero Trust Security, a New Way to Look At Network Security


This post is by Steve Sande from Other World Computing Blog


Click here to view on the original site: Original Post




Principles of zero trust security. Image via Centrify

Principles of zero trust security. Image via Centrify

We hope you’ve been learning a lot both about networking and securing networks from the Rocket Yard’s network and security series. So far, that series includes:

Today we’re talking about a new IT security model that is changing the way that companies look at securing their networks: Zero Trust Security. To explain how it works and how it is different from traditional network security models, we need to look at how the current models work.

Bodiam Castle, East Sussex, England.

Bodiam Castle, East Sussex, England.

The Castle-and-Moat Security Concept

For most companies, network security is currently based on what is called the “castle-and-moat concept“. In the physical analogy, think of a castle that is surrounded by a deep moat, preferably filled with alligators. There’s only one way in and

A title screen from the TV show "The X-Files"

Continue reading “Network and Security Series: Zero Trust Security, a New Way to Look At Network Security”

The radio-navigation planes use to land safely is insecure and can be hacked


This post is by Dan Goodin from Ars Technica


Click here to view on the original site: Original Post




A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway.

Enlarge / A plane in the researchers’ demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.)

Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—relies on radios to safely land at airports. These instrument landing systems are considered precision approach systems, because unlike GPS and other navigation systems, they provide crucial real-time guidance about both the plane’s horizontal alignment with a runway and its vertical rate of descent. In many settings—particularly during foggy or rainy nighttime landings—this radio-based navigation is the primary means for ensuring planes touch down at the start of a runway and on its centerline.

Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply

Continue reading “The radio-navigation planes use to land safely is insecure and can be hacked”

Apple Pay can be used for iTunes, App Store and Apple Book purchases


This post is by Engadget RSS Feed from Engadget RSS Feed


Click here to view on the original site: Original Post




You can now use Apple Pay to make purchases from iTunes, the App Store and Apple Books. You can also use it for Apple Music and iCloud storage subscriptions. MacRumors spotted the change in a recently updated support document. The added Apple Pay options are coming to users in the US, Canada, Australia, Singapore, Hong Kong, Taiwan, Russia, Ukraine and the United Arab Emirates, but they might not be available in all of those locations just yet.

Via: MacRumors

Source: Apple

Apple Pay can be used for iTunes, App Store and Apple Book purchases


This post is by Engadget RSS Feed from Engadget RSS Feed


Click here to view on the original site: Original Post




You can now use Apple Pay to make purchases from iTunes, the App Store and Apple Books. MacRumors spotted the change in a recently updated support document. The added Apple Pay options are coming to users in the US, Canada, Australia, Singapore, Hong Kong, Taiwan, Russia, Ukraine and the United Arab Emirates, but they might not be available in all of those locations just yet.

Via: MacRumors

Source: Apple

New speculative execution bug leaks data from Intel chips’ internal buffers


This post is by Peter Bright from Ars Technica


Click here to view on the original site: Original Post




First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months since.

Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” From a team spanning Graz University of Technology, the University of Michigan, Worcester Polytechnic Institute, and KU Leuven, we have “Fallout.” From Graz University of Technology, Worcester Polytechnic Institute, and KU Leuven, we have “ZombieLoad,” and from Graz University of Technology, we have “Store-to-Leak Forwarding.”

Intel is using the name

Continue reading “New speculative execution bug leaks data from Intel chips’ internal buffers”

Amazon’s Ring could finally get HomeKit support


This post is by Engadget RSS Feed from Engadget RSS Feed


Click here to view on the original site: Original Post




The wait for Amazon’s Ring video doorbell to integrate with Apple’s HomeKit could soon be over. Ring has long promised HomeKit support, but it’s faced repeated delays. Now, it looks like Ring’s Video Doorbell Pro and Spotlight Cam have earned HomeKit certification. A Twitter user spotted the change on Apple’s MFi licensing page.

Source: 9to5mac

7 Mac Mail Tips


This post is by Tom Nelson from Other World Computing Blog


Click here to view on the original site: Original Post




For many of us, the Mac’s Mail app is the most often used app in our collection. It has so many features that for most of us, we only touch the surface of what it can do. In this Rocket Yard guide we’ll check out seven features that are often overlooked, most likely left in the default setting, or simply not used.