Beware of adversary-in-the-middle attacks: Hackers create fake login pages to steal credentials and manipulate MFA prompts. Protect yourself by verifying websites and being cautious with links
Developers, beware! Malicious actors are exploiting Dependabot's trust. Learn how to restrict access, implement MFA, and secure your runtime secrets to protect your CI/CD pipelines from cyber threats.
🎬 Safari in #macOS 14 #iOS/ #iPadOS 17 removes tracking added to URLs in private browsing. The feature didn't support Twitter links when we tested it earlier. Now it does (unclear if #Apple updated it remotely or Safari learned that through its #AI model).
In this demo, Safari opens a Twitter link with tracking added to it in this parameter:
t=rpDAfXAHMthyq-L5hTMOIA
Safari identifies and removes the tracking parameter before opening the link. This is shown by copying the link after the website is loaded and pasting it to see that the tracking parameter has been removed from the original link 👍👍🙏
Testing shows that if you block an iCloud account in iMessage, the account can still annoy you by sharing their location with you. Even though the account is blocked, you'll get a FindMy notification and the blocked account is immediately added to your FindMy list and you're one touch away from sharing your location with this blocked contact.
Note that the redacted text in the screenshots can be an email address tied to the sender's iCloud account. If the attacker uses an email familiar to you such as your.friendName@something, you might mistakenly share your location.
Cher Scarlett reported this issue to Apple and got the "it's not an issue" response.
Did you know that videos sent through Twitter regular DMs are public and not protracted by any sort of authentication? All you need is the link to the video. Twitter doesn't really show the links of videos sent through DMs, but you can easily grab the links with the help of your browser's developer tools.
Here's a link to a video from our Twitter DM, anyone can open it: