Epic judge will protect Unreal Engine — but not Fortnite

Epic Games has won a partial victory against Apple thanks to a temporary restraining order that forbids Apple from terminating Epic’s developer accounts or restricting use of Epic’s Unreal Engine by developers on Apple platforms. However, the same ruling states that Apple does not have to bring Fortnite back to the App Store. The court ruled that Epic “chose to breach its agreements with Apple,” and that a business status quo must be maintained by both sides. Both sides are preparing for a long court battle.

(The Verge)

US military researchers may have found a more productive vulnerability discovery process

Researchers from the National Security Agency, Cyber Command, Navy, Air Force, and Army are proposing automated analysis to eliminate the type of cognitive bias that comes from focusing in on a piece of software, which they call “depth first.” The military’s approach, called “breadth first” uses more fuzzing and encourages analysts at all levels to leverage their collective expertise rather than going down rabbit holes. The Pentagon believes this technique will simultaneously detect more vulnerabilities while combating attrition within their cybersecurity ranks.

(Cyberscoop)

Beijing’s electronic dragnet closes on Hong Kong

Hong Kong’s new security law is allowing police to target activists, pro-democracy politicians and media leaders by breaking into social media accounts and even using physical force to get them to unlock their face-ID phones. Hong Kong represents a dividing line between high tech innovation and Chinese domestic security policies, and major social media companies are exploring different ways to respond. In April, Yahoo changed its terms of service to allow users in Hong Kong to be protected under American law, while many users are turning to fully encrypted chat apps. 

(New York Times)

Google fixes high-severity Chrome browser code execution bug

Google has fixed a use-after-free vulnerability in the Web Graphics Library component of Chrome browser. This is a JavaScript API that renders 2D and 3D graphics within the browser. Jon Munshaw with Cisco Talos suggests that “an adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could lead to arbitrary code execution.” The flaw rated 8.3 out of 10 on the CVSS scale, making it high-severity. A fix rolled into the stable channel comes out on Monday.

(Threatpost)

Thanks to our sponsor Trend Micro

Automate security and compliance checks with Trend Micro’s Cloud One Conformity. Run reports on an endless combination of filters to exhaustively audit your entire multi-cloud infrastructure. Through hundreds of automated checks against industry compliance standards and cloud security best practice rules, you can continuously improve your security and compliance posture. Leverage detailed resolution steps to quickly rectify security vulnerabilities and reliability risks.


The four biggest GDPR fines of 2020

The EU’s General Data Protection Regulation (GDPR) legislation continues to show it has teeth, by levying fines against companies that fail to protect customers’ information. According to CISO Mag, the highest fines so far in 2020 are: Google $57 million for 2019 violations, Italian telecom company TIM, $31.5 million for activities including unsolicited promotional calls, Wind Tre, another Italian telecom, $21 million, for aggressive direct marketing, and an unnamed company, $821,600, for illegally using employees’ fingerprint scans for its attendance records.

(CISOMag)

Zoom outage raises questions about back to school

The eastern U.S. and parts of the U.K.  were affected by an outage from Zoom yesterday that affected its web client, desktop app and main website. This follows an outage that happened last week, which was blamed on peak server load, and one in April in which the web client was taken down temporarily to address a security issue. Yesterday’s outage was resolved quickly but gives businesses and returning students pause to consider just how vital videoconferencing has become to life in 2020.

(BleepingComputer)

Twitter hack trial receives pornographic Zoom bomb

The web-streamed court appearance of the 17-year old alleged mastermind of the July 15 mass hack against Twitter was interrupted last week after a pornographic video clip was inserted into the Zoom-based event. Graham Clark is accused of social engineering his way into Twitter’s internal systems and releasing Bitcoin promotion from blue check mark accounts. Information about the bond hearing had been made public allowing anyone to attend and participate. The presiding judge shut down the meeting after 15 seconds of pornographic video was shown.

(KrebsOnSecurity)

Artificial intelligence is coming to your robot vacuum

The robot vacuum manufacturer iRobot is injecting a new level of artificial intelligence into its products. Describing the upgrade as a “lobotomy and replacement,” the upgrade uses AI and machine vision to understand room layouts, and resolve or avoid difficult areas like the cables behind a TV. The upgraded vacuums will also be able to make suggestions to its human owner through an app or smart device about identifying clean zones or the optimum times to visit certain areas like under the dining room table.

(TheVerge)