Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Posted by on
 October 31, 2018  Mohit Kumar Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,...

Posted by on

 Thursday, October 26, 2017  Swati Khandelwal
jquery-server-hacked
The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x."

jQuery's blog website (blog.jquery.com) runs on WordPress—the world's most popular content management system (CMS) used by millions of websites.

While there is no evidence yet if the server (code.jquery.com) that host jQuery file was also compromised, The Hacker News took a screenshot (as shown above) and can confirm that the hackers merely published a simple blog post to deface the website.

The defaced blog post URL — http://blog.jquery.com/2017/10/26/hacked/ (now removed).

Since the above-mentioned blog post was published under the name of Leah Silber, a core member of jQuery team, it seems hackers were able to make their post live by compromising Silber's account—probably by reusing her password leaked in a previous data breach.

If not, the hackers might have gained unauthorized access to the website either by exploiting a (known or zero-day) vulnerability in Wordpress script or the server.

jQuery team has immediately removed the post created by the hackers as soon as they realized there was a compromise, but so far the organisation has not released any official statement about the incident.

This is not the first time when jQuery's website has been compromised. In 2014, the main domain (jQuery.com) was reportedly compromised, redirecting the site's visitors to a page hosting an exploit kit.

Since millions of websites directly use jQuery script hosted by jQuery server, today's attack could be worse if the hackers would have been able to compromised code.jquery.com in an attempt to replace the official jQuery file with the malicious one, putting billions of visitors of millions of websites at risk of malware attacks.

A similar incident took place yesterday, when a hacker managed to replace official JavaScript file hosted by Coinhive—a popular browser-based cryptocurrency miner—with a modified version that eventually tricked CPUs of millions of visitors of thousands of websites to mine cryptocurrencies for the hacker unknowingly.

Interestingly, Coinhive was also hacked via password reuse attack, allowing the attacker to gain its CloudFlare account and change DNS settings unauthorizedly.