Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
The privacy battle Apple isn’t fighting. For at least a decade, privacy advocates dreamed of a universal, legally enforceable “do not track” setting. So why isn’t Apple helping its customers take advantage of it? This is the question and there’s more detail in that piece. There’s no mention of Apple Private Relay, which is part of iOS15 with iCloud+ accounts, which offers only a little IP-based privacy, nothing else and I wrote more on that here: adamnet.io/privaterelay
New bank-fraud malware called Vultur infects thousands of devices. This is a really interesting use case of a local on-device VNC service that interacts with the malware to send screenshots to the attacker. It is a simple method of combining a few legitimate pieces of software together along with some scripting and lo and behold, the attacker has your Android screenshots.
Feds list the top 30 most exploited vulnerabilities. Many are years old. It’s as though patching and updating is falling on deaf ears. No wonder cybercrime continues to grow.
Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown. While this is good news for law enforcement, it is important to note that Cobalt Strike servers are, in every case I’ve ever investigated, contacted by IP rather than a fully-qualified domain name. In other words, such IP addresses are strangers, and this is yet another case where DTTS is effective even before a set of IPs are known as cobalt strike team servers.
With help from Google, impersonated Brave.com website pushes malware. This one is crazy and the security industry has warned for years that domains with punycode characters are a simple way of deploying phishing and deception schemes, and here’s an example of that.
Did you know?
Apple confirms it will begin scanning iCloud Photos for child abuse images. A little controversial, but I believe Apple is doing the right thing in this case, and doing it the right way on-device.
For a video version of TWINN#32, visit https://youtu.be/BP_yX_x9gCc