When Find My iPhone is disabled, iPhone can be rolled back to factory settings and registered with another Apple ID.
While iPhone theft is commonplace, the Find My feature allows true owners to disable thieves from accessing their phone and prevent factory reset. However, it turns out to be quite easy to get around this feature.
The India Today edition told the story of a user under the pseudonym Vedant, who was hopelessly deprived of his iPhone 12.
The user lost their phone and started taking all the necessary measures, including trying to use the Find iPhone function to find out where the device is. However, it turned out that the iPhone was offline, and the system could not determine its exact location. Vedant activated Lost Mode, filed a police report and blocked the SIM card. When Lost Mode is on, iPhone is locked so that no one can access the information stored on it after it is turned on.
Several days passed and Vedant began to lose hope. Then he received an SMS message, which said that the iPhone was found, and if you click on the specified link, you can find out his location. The link was not suspicious because it contained the words “icloud” and “findmy”, but in fact it was created by the phone thieves.
After clicking on the link, an authorization window appeared on the screen, and the unsuspecting Vedant entered his password and Apple ID, which immediately went to the thieves.
A minute after the alleged authorization, the user received an email notification that access to his Apple ID was obtained on a computer running Windows. Vedant tried to change the password and remove the Windows PC from its Apple ID, but it was too late. The kidnappers have already removed the iPhone from Apple ID and disabled Find My iPhone.
The attackers obtained Vedant’s phone number by inserting its SIM card into a new device and calling themselves. However, it is not entirely clear why the number from which the link was sent was the same from which Microsoft sends verification codes for two-factor authentication. Most likely, spoofing took place here, which indicates a high professional level of the thieves.
When Find My iPhone is disabled, iPhone can be rolled back to factory settings and registered with another user’s Apple ID as if it had been legally acquired.
CronRAT: Linux malware scheduled to launch on February 31
Malware masks its malicious activity by scheduling it to occur on a non-existent calendar day.
Cybersecurity Researchers from Sansec Threat Research discovered a new remote access Trojan for Linux systems that uses a stealth method never seen before. Malware disguises its malicious activity by scheduling it to occur on February 31st, a nonexistent calendar day.
The malware, dubbed CronRAT, can steal data from e-commerce sites on the server side, bypassing browser-based security solutions. Experts found RAT samples in several online retailers, including the largest store in an unspecified country.
A standout feature of CronRAT is its ability to use the Unix cron job-scheduler utility to hide malicious payloads using the names of tasks programmed to run on February 31st. This not only allows malware to evade detection by security solutions, but also allows it to launch a number of attack commands that can compromise e-commerce servers running Linux.
Most online retailers implement browser-only protection, and attackers take advantage of an unsecured internal server. Security professionals should consider the entire attack surface, said Sansec Threat Research.
“CronRAT adds a number of tasks to the crontab with an interesting date specification: 52 23 31 2 3. These lines are syntactically correct, but will generate a runtime error when executed. However, this will never happen, since their launch is scheduled for February 31, experts explained.
Google has agreed with UK regulator on cookie changes
Google is committed to promoting competition in digital markets and protecting the interests of other businesses.
Google has promised to introduce additional restrictions on the use of data in its Google Chrome browser. The decision stems from concerns from the UK competition regulator about the tech giant’s plan to ban third-party cookies that advertisers use to track consumers.
Competition and Markets Authority (CMA) examines Google’s plan to reduce support for certain cookies in Chrome is an initiative called the Privacy Sandbox that is developing a new set of open standards. With their help, Google seeks to create a balance between the privacy of users and the desire of advertising companies to track their preferences.
The new set of standards will allow advertising companies to determine the interests of the user without individual identification. General categories of interests, such as music genre, will be taken into account, but data at the level of the history of visits to specific sites will remain unaffected.
As noted by Google, users want more privacy when browsing the web, including not being tracked across different sites. However, other companies have stated that losing browser cookies will limit their ability to collect information to personalize ads and make them more dependent on Google’s user databases.
Google previously agreed not to implement the plan without CMA approval, and the changes agreed with the UK regulator will apply globally. Google has addressed some remaining issues, including a commitment to curtail access to IP addresses and clarify internal restrictions on the data it can use, the CMA said.
Researchers Accused Microsoft of Reducing Bug Bounty Amounts
In some cases, the tech giant has reduced the remuneration tenfold or 90%.
A number of security researchers have accused Microsoft of reducing the amount of fees that the company pays for reporting vulnerabilities as part of its bug bounty program. Apparently, in some cases, the tech giant has reduced the remuneration tenfold or 90%.
As recently as last year, researcher Marcus Hutchins, also known as MalwareTech, reported on Twitter, that for the discovered vulnerability he received from the company only $ 1,000, although earlier the amount of remuneration for such vulnerabilities was $ 10,000.
Other researchers are posting similar complaints. For example, as a security researcher for Hyper-V virtualization under the alias rthhh17 recently reported, Microsoft estimated its vulnerability, which can be exploited from a guest machine, at only $ 5,000.
The most recent example of a disgruntled researcher is Abdelhamid Naseri, who posted a PoC code for an as-yet-unpatched Windows vulnerability in retaliation for Microsoft’s reduced bounty.
The current bug bounty pricing is as follows:
It is noteworthy that although rthhh received for its vulnerability of remote code execution in Hyper-V only $ 5 thousand, according to the Microsoft website, such vulnerabilities are estimated “up to $ 250 thousand.” In other words, the company has cut the remuneration amount by 80%.
FSP Group Introduces World’s First 750W SFX 12VO PSU
Recently, the FSP Group announced the release of the FSP750-27SCB power supply, which the manufacturer himself calls the world’s first...
This is what Huawei’s first smartwatch that measures blood pressure looks like. Huawei Watch D showed on the render
Earlier, Huawei has already said that it is going to introduce a smartwatch with support for blood pressure measurement by...
In this market, Samsung smartphones accounted for half of all sales. The company’s achievement in Vietnam contrasts with other brands
Samsung has been the leader in the smartphone market for many years, but its positions vary greatly from country to...
The crypto market has collapsed once again. Bitcoin fell by almost 8% per day, Ethereum – by 9%, Solana – by 6%, and Polkadot – by all 11%
Bitcoin fell to almost a two-month low. Over the course of a day, the rate of the world’s main cryptocurrency...
Security7 days ago
Iranian hackers broke into a major American publishing house
Phones7 days ago
The first smartphone with F / 1 aperture, Sony IMX899 sensor and periscope camera. OnePlus 10 Pro showed in the hands of the user
Security7 days ago
Israeli Defense Minister’s janitor “leaked” information to Iranian hackers
Software7 days ago
Windows 11, 12.6-inch OLED screen, Intel Core i7 and keyboard included. Launched sales of the flagship tablet Huawei MateBook E