Apple responds to macOS privacy concerns
Apple’s Gatekeeper security service was first released on Mac’s in 2012, and “performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked.” Last week, the online certificate status protocol service (OCSP) used by Gatekeep had an outage, resulting in some Mac users having issues opening apps, and prompting some to question what data Apple collects as part of this process. In an updated support document, Apple clarified that Gatekeeper does not collect user’s Apple ID or device identity and that the company has now stopped logging IP addresses associated with the Developer ID certificate checks. Apple maintains it has never combined app verification data with device information.
The ransomware landscape is increasingly crowded
The security landscape has no shortage of ransomware attack news, but ZDNet’s Catalin Cimpanu recently looked at the rise of numerous ransomware-as-a-service organizations that rent out ready-made ransomware code to other criminal organizations. Code can then be customized for each client, with a small percentage of ransom going back to the RaaS operator. Intel 471 estimates there are 25 offerings currently being advertised, broken down into different tiers. Tier one includes your well known ransomware orgs like Netwalker, DopplePaymer, and Ryuk who run well oiled extortion schemes for exfiltrated data. Tier 2 are organizations growing in recognition on hacker forums with access to advanced ransomware techniques. Tier 3 includes newly formed organizations without much background info.
Microsoft pauses Windows 10 updates in December
This pause will also impact optional non-security previews that are typically released after Patch Tuesday to give users and admins a chance to test upcoming features. Microsoft cited minimal staff on hand during the holidays as the reason for the pause. This will not impact security updates. This is the second pause in Windows updates this year, with Microsoft pausing updates in March to ease stress on IT admins as COVID-19 lockdowns hit. Microsoft announced last week it was also suspending drivers updates for December.
Bumble user data exposed
Security researchers at Independent Security Evaluators found vulnerabilities in the popular dating app’s API would let malicious actors obtain information on users, even if they were officially banned from Bumble. This includes getting the rough location of another user in the same city, getting their Liked Interests and Groups from Facebook, and information on what kind of match the user was looking for. Account IDs could also be enumerated by adding or subtracting one to reveal user information, with no limits on how often the API could be reached. These flaws were still present 200 days after the researchers alerted the company and only recently patched. The researchers initially disclosed the vulnerabilities through HackerOne in March.
Thanks to our sponsor, Dtex
Capcom KO’d by ransomware
The game publisher revealed it was hit by a “customized ransomware attack” that could have leaked personal information on 350,000 users. Earlier this month Capcom said that a third-party had obtained unauthorized access to its internal systems, but did not believe any customer information was impacted. Capcom confirmed that employee information was leaked, with data including names, addresses, phone numbers, and email addresses and photos. The Ragnar Locker ransomware gang appears to be behind the attack.
GitHub reinstates youtube-dl
Teen wins peace prize for cybercrime tool
17-year old Sadat Rahman was awarded the 2020 International Children’s Peace Prize for developing the Cyber Teens app, which puts children in contact with a group of volunteers to report crimes confidentially, who then contact law enforcement or social workers. The app has so far resolved nearly 60 cybercrimes and resulted in eight arrests by local police, as well as supporting 300 victims of cyberbullying. Rahman plans to use the $118,000 in prize money to help roll out the app across Bangladesh and to other countries.
Zoom launches At-Risk Meeting Notifier
This new backend security feature scans for Zoom meeting links on social media and other sites. Meeting organizers will receive a notification if a link is found, warning there is a risk of Zoombombing. The feature is now enabled by default on all accounts.