A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2. After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the audit), and iTerm2’s developer George Nachman worked closely together to develop and release a patch to ensure users were no longer subject to this security threat. All users of iTerm2 should update immediately to the latest version (3.3.6) which has been published concurrent with this blog post.

Founded in 2015, MOSS broadens access, increases security, and empowers users by providing catalytic support to open source technologists. Track III of MOSS — created in the wake of the 2014 Heartbleed vulnerability — supports security audits for widely used open source technologies like iTerm2. Mozilla is an open source company, and the funding MOSS provides is one of the key ways that we continue to ensure the open source ecosystem is healthy and secure.

iTerm2 is one of the most popular terminal emulators in the world, and frequently used by developers. MOSS selected iTerm2 for a security audit because it processes untrusted data and it is widely used, including by high-risk targets (like developers and system administrators).

• BuyDRM launches Linux support for DRM

  BuyDRM has announced Linux support for its MultiKey Server, a multi-DRM software platform specifically designed for deployments in remote or limited connectivity environments.

• Some airlines are banning Apple’s MacBook Pros even if they weren’t recalled

  In June, Apple recalled the 2015 MacBook Pro with Retina Display, sold between September 2015 and February 2017, because the battery “may pose a fire safety risk,” and the FAA soon reminded airlines not to carry those laptops with defective batteries on board. But some airlines are now banning Apple laptops whether they’ve got a bad battery or not, as reported by Bloomberg.

• More Airlines Ban MacBook Pros in Checked Luggage

  All 15-inch versions of Apple Inc.’s MacBook Pro must be carried in the cabin and switched off, Qantas said in a statement Wednesday. The rule went into effect Tuesday morning. Rival Virgin Australia Holdings Ltd. went further on Aug. 26, banning all Apple laptops from checked-in luggage.

• Popular PDF app was quietly plonking malware onto Android phones

  The security smart folks note that the app itself doesn't appear to be a malicious one, but rather it contains a trojan that gathers spyware and other malware from a malicious server and then runs in on a victim's phone. This trojan, dubbed Necro.n appears to have been sneaked into the app through the use of a legit-looking advertising library package.

  As such, the developers of the app, which has received some 100 million downloads, might not even realise their software is causing their users a malware headache.

• [Cracker] Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button

  Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it's possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer - the U.K.-made SmarTrack tool from Global Telemetrics - an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.

  To prove it was possible, the researchers from British cybersecurity company Pen Test Partners hacked the vehicle of one of their own employees, disabling his car whilst they were in the U.K. and he was in Greece, not long before he was due to head to a wedding.

• French cyberpolice, Avast and FBI neutralise global 'botnet' [iophk: Windows TCO]

  French police have neutralised a [cracking] operation that had taken control of more than 850,000 computers, mainly in Latin America, while also managing to remove the malware from the infected devices.

  The agents went into action last spring after the Czech antivirus firm Avast alerted them to the software worm, called Retadup, that was being controlled by a server in the Paris region.

• Putting an end to Retadup: A malicious worm that infected hundreds of thousands [iophk: Windows TCO]

  Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer.

• Authorities free 850,000 machines from grasp of Retadup worm [iophk: Windows TCO]

  After gaining persistence, Retadup goes on to distribute secondary malware on infected machines. It most commonly delivers a Monero cryptomining program, but also has been observed spreading over malware programs including Stop ransomware and the Arkei password stealer, Avast reports.

  The vast majority of Retadup victims whose infections were neutralized in last month’s crackdown are based in Latin American countries. However, the law enforcement operation itself specifically targeted C2 infrastructure based in France and the U.S.

• Report finds majority of 2019 ransomware attacks have targeted state and local governments [iophk: Windows TCO]

  The majority of ransomware attacks in the U.S. in 2019 have targeted state and local governments, a report published Wednesday by cybersecurity group Barracuda Networks found.

  The report counted a total of 55 ransomware attacks on U.S. state and local government entities between January and July of 2019. These attacks involve a malicious actor or group encrypting a network and asking for money, often in the form of bitcoin, to allow the user access.

• Threat Spotlight: Government Ransomware Attacks [iophk: this is disinformation which fails to steer potential victims away from Windows and towards GNU/Linux or one of the BSDs]

  Barracuda researchers have identified more than 50 cities and towns attacked so far this year. The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks. Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.

  Here’s a closer look at state and local government ransomware attacks and solutions to help detect, block, and recover from them.

• Netherlands warns government employees not to use Microsoft's online Office apps

  In one example, it was found that some 300,000 top tier Office users, with the ‘365 Pro Plus' package were being sent back to the US for storage - exactly the sort of behaviour that got Dutch backs up.

  In a wider sense, this is a small but public battle in a much larger war, with the EU still leaning heavily on Microsoft to put its post-GDPR house in order.

• The iPhone now makes up less than half of Apple’s business

  Apple today reported its fiscal third quarter 2019 earnings, earning $53.8 billion in revenue and earnings per share of $2.18. That revenue is a 1 percent jump year over year. iPhone revenue was $25.99 billion compared to $29.47 billion a year ago. That means the iPhone represented under half of Apple’s revenue for the first time since 2012.

  The all-important services unit took in $11.46 billion in revenue. Wearables saw a big boost, likely thanks to Apple’s second-generation AirPods. CEO Tim Cook said that when the services and wearables / home / accessories divisions are combined, they approach the size of a Fortune 50 company. Revenue from Mac sales was $5.82 billion, and iPads were $5.023 billion, up from $4.634 billion last year at this time.

• Apple Finds Life After the iPhone While Still Banking on the iPhone

  Combined, Apple’s two major independent product lines not attached to the iPhone -- Mac computers and iPads -- made up only 20% of revenue in the fiscal third quarter, despite gains from the period a year ago, the Cupertino, California-based company reported Tuesday. Apple’s also working on a mixed augmented and virtual reality headset for the coming years, but that, too, is likely to be iPhone-reliant.

• Chrome 76 for Mac, Windows rolling out: Flash blocked by default, Incognito loophole closed, Settings tweak

  As a big HTML5 proponent for the past decade, Google encouraged sites to switch away from Flash for faster, safer, and more battery-efficient browsing. In late 2016 and early 2017, Chrome blocked background Flash elements and defaulted to HTML5, with users having to manually enable the Adobe plug-in on a site-by-site basis.

• Google Chrome 76 Released for Linux, Windows, and Mac with 43 Security Fixes

  Google promoted today the Chrome 76 web browser to the stable channel for all supported platforms, including GNU/Linux, Windows, and macOS.

  Google Chrome 76.0.3809.87 is now available as the latest stable version of the popular and cross-platform web browser from Google, based on the open source Chromium project. It contains various bug fixes and improvements, as well as no less than 43 security fixes for the latest vulnerabilities.

• You Don't Own What You've Bought: Microsoft's Books 'Will Stop Working'

  The latest in our forever ongoing series, recognizing in the digital age how you often no longer own what you've bought, thanks to DRM and copyright: this week, people with Microsoft ebooks will discover they're dead.

• Security updates for Tuesday

  Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), and Ubuntu (python-django).

• Kali Linux in the DigitalOcean Cloud

  DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called “droplets”, with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.

  However, one feature in particular sets them apart them from their competitors. A little while ago, they added support for custom images, which allows users to import virtual machine disks and use them as droplets. This is perfect for us as we can use our own version of Kali Linux in their cloud.

  While it might be possible to load the official Kali Linux virtual images, it wouldn’t be very efficient. Instead, we’ll build a lightweight Kali installation with the bare minimum to get it working.

• Cybersecurity Experts Blocked 5 Million Attempted Hacks of IoT Cameras

  Trend Micro cybersecurity experts report that they blocked an astounding five-million hack attempts on IoT cameras. It’s quite frightening to think what may have happened if these experts weren’t hard at work.

• Public Certificate Poisoning Can Break Some OpenPGP Implementations

  OpenPGP installations can grind to a halt and fail to verify the authenticity of downloaded packages as the keyserver network has been flooded with bogus extra signatures attesting ownership of a certificate.

  Vulnerabilities that allow this type of certificate spamming attack have been known for years and a timely fix or mitigation is nowhere in sight, neither from the keyserver network community nor the OpenPGP Working Group.

• Report: Apple Discovers MacBook Air Logic Board Issue

                 
  

                   

  Not all 13-inch MacBook Air with Retina Display units from 2018 are believed to be affected by the logic board issue. The memo reportedly said that only units with certain serial numbers were affected; Apple plans to inform the owners of those devices via email. Affected units can be taken to Apple's retail stores or authorized repair shops until four years after their original purchase date, 9to5Mac said. 
   

                   

  It's not clear why Apple didn't publicly announce the replacement program.  

             

• Apple finds issue w/ logic board in some 2018 MacBook Airs, offers free repair

                 
  

                   

  Apple has confirmed in an internal document to repair staff that it’s identified an issue with the main logic board in what it says is a “very small number” of MacBook Air models. Apple Stores and authorized repair staff have been informed to replace the main logic board in affected machines at no cost to customers, according to the document obtained by 9to5Mac.  

             

• Apple Recalls 15-Inch MacBook Pro Laptop Computers Due to Fire Hazard

                 
  

                   

  The batteries in the recalled laptop computers can overheat, posing a fire hazard.  

             

• Apple recalls 432,000 MacBook Pro laptops for fire and burn risks

                 
  

                   

  Manufactured in China, the recalled computers had a retail price of $2,000 and more, and were sold at Apple and electronics stores nationwide, as well as online, from September 2015 through February 2017.  

             

• 2015 15" MacBook Pro Recall Applies to About 432,000 Units, Apple Received 26 Reports of Batteries Overheating

                 
  

                   

  Last week, Apple launched a worldwide recall and replacement program for select 2015 15-inch MacBook Pro units, sold primarily between September 2015 and February 2017, due to batteries that "may overheat and pose a fire safety risk." Apple will replace affected batteries free of charge.  

                 

• 'Dangerous' Muslim Brotherhood fatwa app in Apple Store's top 100 downloads

                     
  

                       

  The Euro Fatwa app, which was launched in April, was created by the European Council for Fatwa and Research, a Dublin private foundation set up by Yusuf Al Qaradawi, spiritual leader of the Muslim Brotherhood.
   

                       

  Touted as a guide to help Muslims adhere to Islam, critics including Germany’s security service, say the app is a radicalisation tool.  

                 

• Jony Ive found Tim Cook's disinterest in design 'dispiriting'

                     
  

                       

  But more damagingly, the WSJ highlights that Ive was left "dispirited" by Tim Cook, in stark contrast to his close relationship with Steve Jobs. Cook, apparently "showed little interest in the product development process" according to the paper's sources. Ive was also left frustrated by the makeup of Apple's board of directors, which was filled with people with backgrounds outside of Apple's core business (the pun is ours, and very much intended). 
   

                       

  As well as these reports, Ive's own words have come back to haunt the company. Back in 2014, he told The Times he'd leave Apple if it stopped innovating. Awkward.