Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Posted by on
 October 31, 2018  Mohit Kumar Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,...

Over 711 Million Email Addresses Exposed From SpamBot Server

Posted by on

Over 711 Million Email Addresses Exposed From SpamBot Server

Tuesday, August 29, 2017 Swati Khandelwal
spam-emails




A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind.

A French security researcher, who uses online handle Benkow, has spotted the database on an "open and accessible" server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world.


The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password

According to a blog post published by Benkow, the spambot server, dubbed "Onliner Spambot," has been used to send out spams and spread a banking trojan called Ursnif to users since at least 2016.

Ursnif Banking Trojan is capable of stealing banking information from target computers including credit card data, and other personal information like login details and passwords from browsers and software.
spam-emails
"Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it," Benkow said. "And it's the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign."

As the researcher explained, he found "a huge list of valid SMTP credentials"—around 80 millions—which is then used to send out spam emails to the remaining 630 million accounts via internet provider's mail servers, making them look legitimate that bypass anti-spam measures.

The list also contains many email addresses that appear to have been scraped and collected from other data breaches, such as LinkedInMySpace and Dropbox.
#ref-menu

The researcher was able to identify a list of nearly 2 million email addresses to be originated from a Facebook phishing campaign.

The exposed database has been verified by Troy Hunt, added the leaked email addresses to his breach notification site.
spam-emails
At the time of writing, it is unclear who is behind the Onliner Spambot.

Users can check for their email addresses on the site and those affected are obviously advised to change their passwords (and keep a longer and stronger one this time) for your email accounts and enable two-factor authentication if you haven't yet.

Also, do the same for other online accounts if you are using same passwords on multiple sites.

#ref-menu