Mobile device security is not where is should be. There is just no way around this fact. The vas majority of people simple download and install an app on their phone or tablet thinking that they are not going to get something nasty. They never review the permissions that new app is asking for or what those permissions might allow it to do. Now it seems that clever threat actors have slipped a malware into a Multi-Factor Authentication (MFA) App.

We have all opened our emails and seen the message “you have annual security awareness training assigned”. This message is one that usually elicits eye-rolls and groans of frustration. Who wouldn’t be annoyed? After all, these trainings are simplistic, boring and they take time out of your day to get done. They also tend to have little to no effect on user security practices. Running phishing and social engineering tests in an environment will almost certainly yield the same groups of people.

Yesterday Apple released several patches for their different operating systems. One that we have talked about before is a core bug in Apple’s WebKit based Safari. This bug could potentially leak personal information regardless of the privacy settings you had enabled. In macOS you could always change to another browser that was not WebKit based. On iOS, iPadOS, watchOS and other app store locked devices there was no option as Apple requires every browser to use WebKit for its render engine.

Metabook has announced some new security features in their messenger app and platform. Many of these are items that competing SMS/MMS applications and services already have, but Meta knows that they need are now facing some solid competition, so they are finally getting around to these. Of course, this does not mean that people are going to flow back to Meta Messenger. None the less, it is good to see these show up.