byLisa Vaas“The long wait is over,” Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users.Safari 13.1 was released on Tuesday, bringing full cookie blocking and other updates to Apple’s Intelligent Tracking Prevention (ITP) privacy feature.

For many years — almost since the beginning of secure internet communications — data security professionals have had to face the challenge of using certificates, the mechanism that forms the basis of Transport Layer Security (TLS) communications. Certificates facilitate secure connections to websites (represented by the “s” in “https”

Back in 2017, Apple admitted that it purposely slowed down some iPhones as their batteries were aging. Dozens of class-action-lawsuits were immediately filed against one of the most profitable publicly-traded companies in the world. Now, more than two years later, Apple has tentatively agreed to a $500 million settlement that would resolve those pending laws

SurfingAttack is an attacking technique that allows to wake up mobile device and control them using voice commands encoded in ultrasonic waves. SurfingAttack is a hacking technique that sees voice commands encoded in ultrasonic waves silently activate a mobile phone’s digital assistant. The technique could be used to do several actions such as maki

byJohn E DunnUnsettling news for anyone who relies on smartphone voice assistants: researchers have demonstrated how these can be secretly activated to make phone calls, take photos, and even read back text messages without ever physically touching the device.Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ab

byDanny BradburyThat smart home speaker isn’t listening to everything you say, according to new research – but it is listening a lot more than it should. Researchers have found some speakers activating by mistake up to 19 times each day.Virtual assistants like Siri and Alexa are programmed not to listen to your conversation constantly. Instead, t

byJohn E DunnThe contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release.Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other compu

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes. Other cybersecurity news Cisco’s Talos Intelligence Group

byJohn E DunnFar from protecting the security and privacy of Safari users as advertised, Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave them exposed to a raft of privacy issues, including – ironically – being tracked.That’s the surprising conclusion of a group of Google researchers who this week published a short but sharp

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1 include a new setting that lets users disable the “Ultra Wideband” feature, a short-range technology that lets iPhone 11 users share files locally with o

I recently bought a set of security cameras to cover the area around my home. I live in a semi-rural area, and I’m not really that worried about burglars, but I felt that it couldn’t hurt to have some protection. One of the things that nudged me in this direction was the fact that the cameras I bought, NetGear’s Arlo Pro, support Apple’s HomeKit.HomeKit is a

byPaul DucklinStories about privacy blunders by big companies always attract a lot of attention.When that big company is Apple, you can replace ‘a lot’ with ‘a whole lot’.And Apple likes to make public pitches about the privacy its products provide, like the video here:So, when renowned investigative cybersecurity journalist Brian Kre

KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this beha

A lot of computer security is based on trust. Your devices verify that you are, indeed, an authorized user, through the use of user names and passwords. And your devices trust services and servers, through a series of certificates and "trusted third parties" who work through a cascading system of verification and authentication.If you use Apple devices, the

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got your back! Today, Trail of Bits launched i