Trusted Advisor now available for Mac, iOS, and Android
Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security.
Read moreOur Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security.
Read moreYour enterprise security does not live in isolation — the threat environment extends across all your colleagues, partners, and friends.
That’s why it’s very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf.
Data is gold, which attackers recognize — even many in business don’t. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.
Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what’s happening: Apple is now updating fundamental protection at a faster clip than it’s ever done before.
That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.
It’s been another bad week in security.
Not only do we learn that so-called “friendly” governments are quietly requesting surveillance data concerning push notifications, but Apple tells us more than 2.6 billion personal records have already been compromised by data breaches in the past two years.
If nothing else, Apple’s most recent emergency security update should be considered proof of an increasingly tense security environment.
Enterprises must understand that while Apple maintains a pretty solid ecosystem — certainly at present the most secure, even according to Cisco — that doesn’t mean it’s entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.
With more and more business users turning to the company’s solutions, it’s important to get ahead of the threat.
Many business professionals require highly secure messaging solutions, particularly when they travel. Apple’s iMessage will soon offer a new secure identity verification system enterprise professionals might find useful. It’s called Contact Key Verification.
Apple actually announced the system in 2022. It is now expected to go live across the Apple ecosystem with the release of iOS 17.2 and updates for Macs and iPads.
While it’s not universally the case, many businesses actively using Macs for work may not be paying enough attention to ensuring those devices are secured, according to cloud security provider Qualys, which estimates that just over half of Macs remain unprotected by recent security patches.
Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.
Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”
Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today’s threat environment.
In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.
This is by no means a straightforward attack and hasn’t been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims.