Continuing its tradition of April product announcements, today Cloudflare announced that its WARP VPN is entering beta for macOS and Windows.
For three years, router firmware OpenWRT has been vulnerable to remote code execution attacks.
The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.
This is especially concerning because OpenWRT is commonly recommend by privacy advocates as an alternative to built-in proprietary router firmware.
Hotel chain Marriott International has suffered a second data breach, exposing the personal data of up to 5.2 million guests.
The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and telephone numbers exposed. Employer name, gender, room stay preferences and loyalty account numbers were also exposed.
Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.
It sounds like login credentials of two employees were stolen, likely through a social engineering attack.
Andrew found seven Apple alternatives to use if you don’t want your data shared with the FBI, including Bitwarden, Cryptomator, and more.
There’s a bug that’s been in iOS since version 13.3.1 that prevents VPNs from encrypting network traffic and could leak some of your data.
Forensics company Cellebrite, mainly known for its iPhone hacking capabilities, released a report of top digital intelligence trends for 2020. One thing that stuck out at me:
…over 70 percent of officers are still asking witnesses and victims to surrender their devices…However, most people do not want to have their primary communication device taken away for an indefinite period. To combat this issue, 67 percent of agency management believe that mobility technology is important or very important to the agency’s long-term digital evidence strategy and 72 percent of investigators believe it is important to conduct in-the-field extractions of this data.
In other words, it sounds to me like LE wants the capability to extract data from devices on site, instead of sending it to a lab. Fast action is important for LE, but it may also be too fast for people to think about those pesky rights they have before handing their phone over.
iOS forensics company Grayshift was forced to raise its prices last year, noting that “Forensic Access to iOS continues to increase in difficulty and complexity.”
“I think it’s going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack,” Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. “I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back…”
It’s a complex issue. On one hand it’s good news for Apple customers. On the other hand, it makes the government is fight tooth and nail to take away our security.
Researchers found an insecure database thought to have belonged to Advantage Capital Funding and Argus Capital Funding. It contained over 500,000 records of personal and professional information.
- 'The Matrix Resurrections' Now Available to Rent or Buy on Apple TV
- AirGuard Lets You Detect AirTags on Android Smartphones
- Apple TV+ Makes 'The Afterparty' Premiere Episode Available on YouTube
- Apple TV+ Releases Trailer For "The Last Days of Ptolemy Grey” Starring Samuel L. Jackson
- PSA: Neil Young Still on Apple Music, Amidst Joe Rogan Spotify Row [Updated]
- 'Tweetbot' 6.9 Update Adds Widgets for Tweet Stats, More
A small nonprofit organization called Shadowserver helps keep the web safe. It scans almost the entire internet to create activity reports for network operators. It also hosts a database of 1.2 billion malware samples, freely accessible to everyone. But it needs to raise money to stay in operation.
For more than 15 years, Shadowserver has been funded by Cisco as an independent organization. But thanks to budget restructuring, the group now has to go out on its own. Rather than seek a new benefactor, founder Richard Perlotto says the goal is for Shadowserver to become a fully community-funded alliance that doesn’t rely on any one contributor to survive. The group needs to raise $400,000 in the next few weeks to survive the transition, and then it will still need $1.7 million more to make it through 2020…
I had never heard of Shadowserver but it’s clear the organization is important. You can become a sponsor to donate money here.