Just days after patching the DYLD_PRINT_TO_FILE vulnerability with a new OS X point release, Apple's desktop operating system has been hit with yet another zero-day exploit that would allow an attacker to gain root access without using a password.
The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X's IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite, but seems to have been mitigated in OS X El Capitan, which is nearing release.
Many people rely on security questions like "What's your mother's maiden name?" to protect their personal information online, but hackers are getting better at finding the answers.
Case in point: the hackers who raided US Government's Internal Revenue Service data systems. Those attackers were much more successful at answering security questions than previously known, the government agency announced Monday, underscoring the dangers of using simple security to protect valuable data.
We now know one area Uber plans to invest in following the closing of its recent $1 billion funding round: security.
The ride-sharing startup plans to boost its security team from a staff of 25 to 100 by the end of 2015, Uber chief security officer Joe Sullivan told the Financial Times on Monday. Sullivan, a former assistant United States attorney who specialized in high tech crimes and hacking, joined Uber in April 2015 after a stint as Facebook’s chief security officer that lasted a little over five years.
In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company's Bebop model, fall from the sky with a keystroke.
Two-factor authentication is a great way to keep your online accounts safe. For those who are unfamiliar with two-factor authentication, basically what happens is that when you enter your regular password into the login page, you will then be prompted to enter another code. This code is generated on the spot and sent to your associated mobile device.