Security News > 2020 > September

Apple said on Thursday it would give developers until next year to comply with a software change expected to stymie targeted advertising in iPhone and iPad apps. An update coming to Apple's iOS mobile software includes a requirement for apps to ask users' permission to collect and share device-identifying data used to make ads more relevant.

Dell's Chief Security Officer John Scimone runs a converged security organization, which creates an unusually broad view of security risks. The security team at Dell also holds regular joint strategy and operational planning meetings that include physical and digital security professionals, resilience professionals and business unit security leaders.

Researchers are warning of a critical remote code-execution flaw in the Windows version of Cisco Jabber, the networking company's video-conferencing and instant-messaging application. The flaw has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory.

"The nature of product abuse is constantly changing," wrote Google's Marc Henson, lead and program manager for Trust & Safety, and Anna Hupa, senior strategist, in a blog this week. "The final reward amount for a given abuse risk report also remains at the discretion of the reward panel. When evaluating the impact of an abuse risk, the panels look at both the severity of the issue as well as the number of impacted users."

Advanced building controls can help keep air clean to reduce the risk of the spreading coronavirus indoors while sensors can send an alert if a room goes over capacity.

The V in vishing stands for voice, and it's a way of referring to scams that arrive by telephone in the form of voice calls, rather than as electronic messages. We can't tell whether this is just one group of crooks who are focusing on both vishing and the UK at the moment, or if it's a broader global trend, but we are experiencing unwanted vishing calls at a much greater rate than any time in the past few years.

A Colorado man was sentenced this week to eleven years in prison for his role as a moderator on the AlphaBay cybercrime marketplace. When taken down in 2017, AlphaBay was the most popular Dark Web marketplace for illegal products, and had over 400,000 users.

On August 20, 2020 the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint security advisory, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.

The malware's emergence dovetails with a change in the chain of infection and an expansion of infrastructure for the APT. According to researchers at Cybereason, PyVil RAT enables the attackers to exfiltrate data, perform keylogging and take screenshots, and can roll out secondary credential-harvesting tools such as LaZagne. The latest series of campaigns observed by Cybereason that use PyVil RAT are widespread yet targeted, taking aim at FinTech companies across the U.K. and E.U. The attack vector is spear-phishing emails, which use the Know Your Customer regulations as a lure.

It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.