Security Bits Logo no alpha channel

Security Bits — 22 March 2020

Feedback & Followups

  • Following on from the iOS clipboard security weakness discussed in the previous instalment, security researchers have now observed many popular iOS apps periodically polling the clipboard for no apparent reason, and it’s not known what the apps do with the data they find there. Apps observed polling the clipboard include TikTok and a whole raft of news apps including ABC News, CBS News, CNBC, Fox News, New York Times, Reuters and the WSJ — www.imore.com/…
  • The bug in Zyxel products we discussed in the previous instalment is now being actively exploited to build a botnet. If you have a Zyxel router, VPN, or Firewall, you really do need to make sure it’s patched! — krebsonsecurity.com/…
  • Grey-hat security company Grayshift has been forced to raise it’s prices because iPhones & iPads are getting ever more secure, or, as they put it “Forensic Access to iOS continues to increase in difficulty and complexity” — www.macobserver.com/…
  • Last time we warned that malefactors would abuse the COVID-19 crisis to extort people, sadly, that is indeed coming to pass: Android malware uses coronavirus for sextortion and ransomware combo — nakedsecurity.sophos.com/…

❗ Action Alerts

Worthy Warnings

Notable News

  • 🇺🇸 Senator Lindsay Graham tries to sneak the anti-encryption EARN IT act through by not mentioning encryption and moving the bill forward during the COVID-19 crisis — nakedsecurity.sophos.com/… (Frivolous Editorial by Bart: a great example of the art of the backronym, standing for Eliminating Abusive and Rampant Neglect of Interactive Technologies)
  • 🇺🇸 Uber is filing a lawsuit against Los Angeles to protect its users from what the company and privacy advocates consider a privacy-invading demand by the city for real-time user location data access — nakedsecurity.sophos.com/…

Top Tips

Excellent Explainers

Palate Cleansers

Legend

When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
🎧 A link to audio content, probably a podcast.
A call to action.
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊 A link to graphical content, probably a chart, graph, or diagram.
🧯 A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵 A link to an article behind a pay-wall.
📌 A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩 A tip of the hat to thank a member of the community for bringing the story to our attention.

Leave a Reply

Your email address will not be published.

Scroll to top