Apple responds to macOS privacy concerns

Apple’s Gatekeeper security service was first released on Mac’s in 2012, and “performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked.” Last week, the online certificate status protocol service (OCSP) used by Gatekeep had an outage, resulting in some Mac users having issues opening apps, and prompting some to question what data Apple collects as part of this process. In an updated support document, Apple clarified that Gatekeeper does not collect user’s Apple ID or device identity and that the company has now stopped logging IP addresses associated with the Developer ID certificate checks. Apple maintains it has never combined app verification data with device information. 

(iPhone in Canada)

The ransomware landscape is increasingly crowded

The security landscape has no shortage of ransomware attack news, but ZDNet’s  Catalin Cimpanu recently looked at the rise of numerous ransomware-as-a-service organizations that rent out ready-made ransomware code to other criminal organizations. Code can then be customized for each client, with a small percentage of ransom going back to the RaaS operator. Intel 471 estimates there are 25 offerings currently being advertised, broken down into different tiers. Tier one includes your well known ransomware orgs like Netwalker, DopplePaymer, and Ryuk who run well oiled extortion schemes for exfiltrated data. Tier 2 are organizations growing in recognition on hacker forums with access to advanced ransomware techniques. Tier 3 includes newly formed organizations without much background info.

(ZDNet)

Microsoft pauses Windows 10 updates in December

This pause will also impact optional non-security previews that are typically released after Patch Tuesday to give users and admins a chance to test upcoming features. Microsoft cited minimal staff on hand during the holidays as the reason for the pause. This will not impact security updates. This is the second pause in Windows updates this year, with Microsoft pausing updates in March to ease stress on IT admins as COVID-19 lockdowns hit. Microsoft announced last week it was also suspending drivers updates for December. 

(ZDNet)

Bumble user data exposed

Security researchers at Independent Security Evaluators found vulnerabilities in the popular dating app’s API would let malicious actors obtain information on users, even if they were officially banned from Bumble. This includes getting the rough location of another user in the same city, getting their Liked Interests and Groups from Facebook, and information on what kind of match the user was looking for. Account IDs could also be enumerated by adding or subtracting one to reveal user information, with no limits on how often the API could be reached. These flaws were still present 200 days after the researchers alerted the company and only recently patched. The researchers initially disclosed the vulnerabilities through HackerOne in March. 

(Forbes)

Thanks to our sponsor, Dtex

Reliance on ‘person of interest’ identification and potential analyst bias have put first-generation insider threat solutions on the shelf. DTEX InTERCEPT offers IT and SecOps teams a new approach. Only DTEX InTERCEPT collects and analyzes user behavior, history, trends, and context – answering the Who, What, When and How leading up to, and following, any potential Insider Threat event. Learn more at dtexsystems.com.

Capcom KO’d by ransomware

The game publisher revealed it was hit by a “customized ransomware attack” that could have leaked personal information on 350,000 users. Earlier this month Capcom said that a third-party had obtained unauthorized access to its internal systems, but did not believe any customer information was impacted. Capcom confirmed that employee information was leaked, with data including names, addresses, phone numbers, and email addresses and photos. The Ragnar Locker ransomware gang appears to be behind the attack. 

(Ars Technica)

GitHub reinstates youtube-dl

The code repository reinstated the popular command line tool after determining that it does not violate the DMCA. A filing by the EFF argued that the app works like a browser to initiate a video stream by deriving a JavaScript signature value, therefore not violating circumvention of a technical protection that would allow for a DMCA takedown. GitHub said it will revise its DMCA takedown policy to have all claims reviewed by technical and legal experts, err on the side of developers in ambiguous cases, give developers a chance to respond before legitimate takedowns, and establish a $1M developer defense fund to help protect open source developers.

(GitHub)

Teen wins peace prize for cybercrime tool 

17-year old Sadat Rahman was awarded the 2020 International Children’s Peace Prize for developing the Cyber Teens app, which puts children in contact with a group of volunteers to report crimes confidentially, who then contact law enforcement or social workers. The app has so far resolved nearly 60 cybercrimes and resulted in eight arrests by local police, as well as supporting 300 victims of cyberbullying. Rahman plans to use the $118,000 in prize money to help roll out the app across Bangladesh and to other countries. 

(InfoSecurity Magazine)

Zoom launches At-Risk Meeting Notifier

This new backend security feature scans for Zoom meeting links on social media and other sites. Meeting organizers will receive a notification if a link is found, warning there is a risk of  Zoombombing. The feature is now enabled by default on all accounts. 

(ZDNet)