Security News for the Week Ending July 3, 2020
Apple Likely to Make Charger, Earphones Extra on Next iPhone
Before everyone goes crazy, first this is a rumor – a likely accurate rumor, but a rumor, and second, it is likely aligned with the EU’s directive to reduce electronic waste. Your old charger and old earphones probably still work and if, say, 50% of people agree with that, that is a lot of electronic waste avoided. People who are less Apple-friendly say that Apple reduces costs, improves its environmental image and gets many people to buy unbundled, high margin accessories. Do not expect Apple to reduce the price over this. Credit: The Register
Apple Says NO to Advertisers
And now another Apple story. Apple has decided not to implement 16 new web APIs because they might enable advertisers to track users. This only applies to Safari, the default browser on Apple devices, which represents 17% of web users and since Apple doesn’t make it’s livelihood by selling people’s data, it is a win-win. It doesn’t cost Apple anything and it helps their customers. It is OK if everyone wins. Credit: Metacurity
Hackers Selling 100 Million+ Hacked Credentials
A seller of stolen credentials is flooding the black market with stolen userids and passwords. 14 companies worth of breached databases from 2020 represent 130+ million userids. Sites affected include Homechef, Minted, Tokopedia and almost a dozen more. That is just from the first 6 months of this year. In case that is not enough, the broker is selling a number of older databases. Beware of password reuse (also called stuffing) attacks where hackers try those passwords on other sites. Credit: Bleeping Computer
Location Data Used on Specific Voters So Candidates Knew Who Voted
Money is money. A data broker sold location data on Black Lives Matters protesters so that (police) could track their movements and also sold location data on evangelicals so that the (Trump campaign) knew whether people who were favorable to them had not voted so that they could get out the vote in a very targeted manner. All legal. Expect it to be used this year, likely by many candidates. I put the names in parentheses because the broker didn’t exactly say who they sold the data to. Credit: Vice
Denial of Service Attacks up 542% in First Quarter
Distributed Denial of Service attacks jumped more than 500% between fourth quarter last year and first quarter of this year and more than 250% year to year according to NexusGuard. Likely this is due to work from home. The attacks are going after businesses and ISPs. Are you ready? Credit: Dark Reading