• Apple will enforce app notarization for macOS Catalina in February

  The new policies require developers to submit their apps to Apple to go through a notarizing security process, or they won't run in macOS Catalina. An extension to the existing Gatekeeper process that previously allowed notarization as an option, the requirement is designed to ensure downloaded software is from the source users believe it is from.

• Apple to Enforce macOS App Verification Requirements Starting February

  "If you have not yet done so, upload your software to the notary service and review the developer log for warnings. These warnings will become errors starting February 3 and must be fixed in order to have your software notarized. Software notarized before February 3 will continue to run by default on macOS Catalina," the company said in a statement.

• Apple will enforce macOS app notarization requirements starting in February

  Developers received word of the impending changes this summer. Apple temporarily adjusted the notarization prerequisites in order to make the transition to macOS Catalina easier for developers and users. The new changes go into effect on February 3, 2020.

• Apple’s App Notarization Requirements For macOS Catalina To Be Enforced In February

  Cupertino tech giant Apple announced earlier in June that all apps distributed outside the Mac App Store must be notarized so they can continue functioning on Macs and MacBooks running on the latest macOS version, macOS Catalina.

So, can Linux be my workhorse?

Yes. But this is not a sales pitch. If you walk away thinking/knowing Linux is still too much trouble, that's a fair takeway. There are sacrifices and struggles and whether those are worth it to you depends on, well, you. I don't intend to win anybody over to either side.

Ok let's dive in, I'll try to describe the things I ran into, the things I can't fix, and straight up howto's for the things I could.

A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2. After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the audit), and iTerm2’s developer George Nachman worked closely together to develop and release a patch to ensure users were no longer subject to this security threat. All users of iTerm2 should update immediately to the latest version (3.3.6) which has been published concurrent with this blog post.

Founded in 2015, MOSS broadens access, increases security, and empowers users by providing catalytic support to open source technologists. Track III of MOSS — created in the wake of the 2014 Heartbleed vulnerability — supports security audits for widely used open source technologies like iTerm2. Mozilla is an open source company, and the funding MOSS provides is one of the key ways that we continue to ensure the open source ecosystem is healthy and secure.

iTerm2 is one of the most popular terminal emulators in the world, and frequently used by developers. MOSS selected iTerm2 for a security audit because it processes untrusted data and it is widely used, including by high-risk targets (like developers and system administrators).

• BuyDRM launches Linux support for DRM

  BuyDRM has announced Linux support for its MultiKey Server, a multi-DRM software platform specifically designed for deployments in remote or limited connectivity environments.

• Some airlines are banning Apple’s MacBook Pros even if they weren’t recalled

  In June, Apple recalled the 2015 MacBook Pro with Retina Display, sold between September 2015 and February 2017, because the battery “may pose a fire safety risk,” and the FAA soon reminded airlines not to carry those laptops with defective batteries on board. But some airlines are now banning Apple laptops whether they’ve got a bad battery or not, as reported by Bloomberg.

• More Airlines Ban MacBook Pros in Checked Luggage

  All 15-inch versions of Apple Inc.’s MacBook Pro must be carried in the cabin and switched off, Qantas said in a statement Wednesday. The rule went into effect Tuesday morning. Rival Virgin Australia Holdings Ltd. went further on Aug. 26, banning all Apple laptops from checked-in luggage.

• Popular PDF app was quietly plonking malware onto Android phones

  The security smart folks note that the app itself doesn't appear to be a malicious one, but rather it contains a trojan that gathers spyware and other malware from a malicious server and then runs in on a victim's phone. This trojan, dubbed Necro.n appears to have been sneaked into the app through the use of a legit-looking advertising library package.

  As such, the developers of the app, which has received some 100 million downloads, might not even realise their software is causing their users a malware headache.

• [Cracker] Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button

  Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it's possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer - the U.K.-made SmarTrack tool from Global Telemetrics - an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.

  To prove it was possible, the researchers from British cybersecurity company Pen Test Partners hacked the vehicle of one of their own employees, disabling his car whilst they were in the U.K. and he was in Greece, not long before he was due to head to a wedding.

• French cyberpolice, Avast and FBI neutralise global 'botnet' [iophk: Windows TCO]

  French police have neutralised a [cracking] operation that had taken control of more than 850,000 computers, mainly in Latin America, while also managing to remove the malware from the infected devices.

  The agents went into action last spring after the Czech antivirus firm Avast alerted them to the software worm, called Retadup, that was being controlled by a server in the Paris region.

• Putting an end to Retadup: A malicious worm that infected hundreds of thousands [iophk: Windows TCO]

  Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer.

• Authorities free 850,000 machines from grasp of Retadup worm [iophk: Windows TCO]

  After gaining persistence, Retadup goes on to distribute secondary malware on infected machines. It most commonly delivers a Monero cryptomining program, but also has been observed spreading over malware programs including Stop ransomware and the Arkei password stealer, Avast reports.

  The vast majority of Retadup victims whose infections were neutralized in last month’s crackdown are based in Latin American countries. However, the law enforcement operation itself specifically targeted C2 infrastructure based in France and the U.S.

• Report finds majority of 2019 ransomware attacks have targeted state and local governments [iophk: Windows TCO]

  The majority of ransomware attacks in the U.S. in 2019 have targeted state and local governments, a report published Wednesday by cybersecurity group Barracuda Networks found.

  The report counted a total of 55 ransomware attacks on U.S. state and local government entities between January and July of 2019. These attacks involve a malicious actor or group encrypting a network and asking for money, often in the form of bitcoin, to allow the user access.

• Threat Spotlight: Government Ransomware Attacks [iophk: this is disinformation which fails to steer potential victims away from Windows and towards GNU/Linux or one of the BSDs]

  Barracuda researchers have identified more than 50 cities and towns attacked so far this year. The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks. Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.

  Here’s a closer look at state and local government ransomware attacks and solutions to help detect, block, and recover from them.