Connect with us

Tech

Exclusive: Facebook says Apple rejected its attempt to tell users about App Store fees – TheChronicleHerald.ca

Published

 on


By Katie Paul and Stephen Nellis

(Reuters) – Facebook Inc on Thursday told Reuters that Apple Inc rejected its attempt to tell users the iPhone maker would take a 30% cut of sales in a new online events feature, forcing Facebook to remove the message to get the tool to users.

Facebook said that Apple cited an App Store rule that bars developers from showing “irrelevant” information to users.

“Now more than ever, we should have the option to help people understand where money they intend for small businesses actually goes. Unfortunately Apple rejected our transparency notice around their 30% tax but we are still working to make that information available inside the app experience,” Facebook said in a statement.

Apple did not respond to a request for comment.

Facebook earlier this month said it planned to roll out a new tool that would let online influencers and other businesses host paid online events as a way to offset revenue lost during the COVID-19 pandemic.

The company said it had asked Apple to waive the 30% fee the iPhone maker charges for in-app purchases so Facebook could pass on all of the events revenue to business owners, but that Apple declined.

Facebook had aimed to provide a notice of Apple’s cut to users, according to mock-ups it released at the time, but Reuters found on Thursday that the promised message was not present on the new events feature.

The social media giant also planned to tell users on Alphabet Inc’s Google Play store it would not collect a fee for ticket sales, but that message was not displayed either, Reuters found.

In publicly criticizing Apple’s App Store commissions, Facebook joined other developers such as “Fortnite” creator Epic Games, which is suing Apple on antitrust allegations over the fees. Facebook is also wrangling with Apple over new privacy rules for iPhones that will require more notifications before tracking users across apps.

Both companies, along with fellow tech giants Alphabet and Amazon, are facing multiple probes over alleged anticompetitive behavior.

(Reporting by Katie Paul and Stephen Nellis; Additional reporting by Paresh Dave in San Francisco; Editing by Greg Mitchell and Leslie Adler)

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Microsoft: Some ransomware attacks take less than 45 minutes – ZDNet

Published

 on



Image: Microsoft

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.

While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.

Just like the previous SIR reports, Microsoft has yet again delivered.

Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers.

The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.

Cybercrime

2020 will, without a doubt, be remembered for the COVID-19 (coronavirus) pandemic. While some cybercrime groups used COVID-19 themes to lure and infect users, Microsoft says these operations were only a fraction of the general malware ecosystem, and the pandemic appears to have played a minimal role in this year’s malware attacks.

Email phishing in the enterprise sector has also continued to grow and has become a dominant vector. Most phishing lures center around Microsoft and other SaaS providers, and the Top 5 most spoofed brands include Microsoft, UPS, Amazon, Apple, and Zoom.

Microsoft said it blocked over 13 billion malicious and suspicious mails in 2019, and out of these, more than 1 billion contained URLs that have been set up for the explicit purpose of launching a credential phishing attack.

Successful phishing operations are also often used as the first step in Business Email Compromise (BEC) scams. Microsoft said that crooks gain access to an executive’s email inbox, watch email communications, and then spring in to trick the hacked users’ business partners into paying invoices into wrong bank accounts.

msft-bec.pngmsft-bec.png

Image: Microsoft

Per Microsoft, the most targeted accounts in BEC scams were the ones for C-suites and accounting and payroll employees.

But Microsoft also says that phishing isn’t the only way into these accounts. Hackers are also starting to adopt password reuse and password spray attacks against legacy email protocols such as IMAP and SMTP. These attacks have been particularly popular in recent months as it allows attackers to also bypass multi-factor authentication (MFA) solutions, as logging in via IMAP and SMTP doesn’t support this feature.

Furthermore, Microsoft says it’s also seeing cybercrime groups that are increasingly abusing public cloud-based services to store artifacts used in their attacks, rather than using their own servers. Further, groups are also changing domains and servers much faster nowadays, primarily to avoid detection and remain under the radar.

Ransomware groups

But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company’s incident response (IR) engagements from October 2019 through July 2020.

And of all ransomware gangs, it’s the groups known as “big game hunters” and “human-operated ransomware” that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments.

Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities.

msft-ransomware.pngmsft-ransomware.png

Image: Microsoft

In most cases, groups gain access to a system and maintain a foothold until they’re ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic.

“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak,” Microsoft said today.

“In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes.”

Supply-chain security

Another major trend that Microsoft chose to highlight was the increased targeting of supply chains in recent months, rather than attacking a target directly.

This allows a threat actor to hack one target and then use the target’s own infrastructure to attack all of its customers, either one by one, or all at the same time.

“Through its engagements in assisting customers who have been victims of cybersecurity intrusions, the Microsoft Detection and Response Team has observed an uptick in supply chain attacks between July 2019 and March 2020,” Microsoft said.

But Microsoft noted that while “there was an increase, supply chain attacks represented a relatively small percentage of DART engagements overall.”

Nonetheless, this doesn’t diminish the importance of protecting the supply chain against possible compromises. Here, Microsoft highlights dangers coming from the networks of Managed Service Providers (MSPs, third-parties that provide a very specific service and are allowed to access a company’s network), IoT devices (often installed and forgotten on a company’s network), and open-source software libraries (which make up most of a company’s software these days).

Nation-state groups

As for nation-state hacking groups (also known as APTs, or advanced persistent threats), Microsoft said this year has been quite busy.

Microsoft said that between July 2019 and June 2020, it sent out more than 13,000 nation-state notification (NSN) to its customers via email.

According to Microsoft, most were sent for hacking operations linked back to Russian state-sponsored groups, while most of the victims were located in the US.

msft-apt-nsn.pngmsft-apt-nsn.png

Image: Microsoft

These email notifications were sent for email phishing attacks against its customers. Microsoft said it tried to counter some of these attacks by using court orders to seize domains used in these attacks.

Over the past year, Microsoft seized domains previously operated by nation-state groups like Strontium (Russia), Barium (China), Phosphorus (Iran), and Thallium (North Korea).

Another interesting finding of the Microsoft Digital Defense Report is that the primary targets of APT attacks have been non-governmental organizations and the services industry.

This particular finding goes against the grain. Most industry experts often warn that APT groups prefer to target critical infrastructure, but Microsoft says its findings tell a different story.

“Nation state activity is more likely to target organizations outside of the critical infrastructure sectors by a significant measure, with over 90% of notifications served outside of these sectors,” Microsoft said.

As for the techniques that have been preferred this past year (July 2019 to June 2020) by nation-state groups, Microsoft noted several interesting developments, with the rise of:

  • Password spraying (Phosphorus, Holmium, and Strontium)
  • Use of penetration testing tools (Holmium)
  • The use of ever-more-complex spear-phishing (Thallium)
  • The use of web shells to backdoor servers (Zinc, Krypton, Gallium)
  • The use of exploits targeting VPN servers (Manganese)
msft-apt.jpgmsft-apt.jpg

Image: Microsoft

All in all, Microsoft concludes that criminal groups have evolved their techniques over the past year to increase the success rates of their campaigns, as defenses have gotten better at blocking their past attacks.

Just like in years prior, the entire cybersecurity landscape appears to be sitting on a giant merry-go-round, and constant learning and monitoring is required from defenders to keep up with the ever-evolving attackers, may them be financially-motivated or nation-sponsored groups.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

OnePlus CEO confirms we're not getting an 8T Pro this year – MobileSyrup

Published

 on


As we inch closer to OnePlus’ October 14th event, the company’s CEO has clarified that fans should only get excited about the OnePlus 8T because there won’t be an 8T Pro.

This isn’t a huge surprise since there have been no leaks regarding a higher-level phone.

That said, if you’ve seen the battery and screen specs that the company has shared plus some of the leaks, you’ll know that the 8T is stacking up to be a flagship-level device in its own right.

Last year in Canada, OnePlus only released the 7T in Canada with no 7T pro, so the fact that there’s no pro version this year shouldn’t rattle Canadians too much.

The 8 Pro is still a good option as well since it also has a 120Hz display and a fairly modern chipset. If the 8T leaks are correct, the 8 Pro will be a bit of a larger phone, so people who like giant phones will likely be happier with the 8 Pro.

Beyond the lack of an 8T Pro, OnePlus also mentioned recently that the 8T is going to come with OxygenOS 11 right out of the box. In the OxygenOS 11 beta for the OnePlus 8 and 8 Pro, there are still a lot of bugs, so hopefully, OnePlus can address these before the 8T ships.

Source: 9to5Google

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

US judge says Epic was dishonest when it added direct payments to Fortnite – MobileSyrup

Published

 on


A U.S. judge criticized Epic Games for being dishonest during the first court hearing in the ongoing antitrust lawsuit between the Fortnite maker and Apple.

Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California heard arguments from both companies during a three-hour Zoom hearing Monday. Gonzalez Rogers expressed skepticism about Epic’s arguments, especially its claim that it didn’t pose a security threat to Apple.

According to a report from CNN, the judge said that Epic lied and “that’s the security issue.” Gonzalez Rogers went on to say that “there are a lot of people in the public who consider [Epic] heroes for what [they] did, but it’s still not honest.”

Epic has long argued that it was standing up to Apple’s “monopoly.” The game maker says that Apple’s control over iOS and the App Store allows it to force developers into using its payment method and thus hold up monopolistic control over apps.

It all started with a payment system

Back in August, Epic introduced a direct payment method in its popular Fortnite game, which allowed it to bypass Apple’s 30 percent App Store fee. Apple charges the fee for any payments that use its in-app payment method, and also restricts developers from using other payment methods with its App Store guidelines.

Because Fortnite‘s new direct payment directly violated Apple’s rules, it kicked the game off the App Store. Epic responded in turn with a lawsuit. It’s worth noting similar events took place with Google’s Play Store on Android devices. However, a significant difference between the two is that Google allows third-party app stores and the installation of apps from sources outside of the Play Store. As such, Fortnite fans could still get the game on Android by downloading it from other places. Players on iOS can only get the game through the App Store.

After Epic sued Apple, both companies engaged in back-and-forth attacks on each other, ranging from petty to serious. For example, Epic said Apple threatened to terminate its Unreal Engine developer account, which isn’t associated with Fortnite. Gonzalez Rogers previously ruled that Apple can’t terminate that account, but was free to terminate the developer account Epic used for Fortnite. At the same time, the judge ruled Apple didn’t have to return Fortnite to the App Store.

Likewise, Epic also engaged in a public relations campaign positioning itself as the good guy with an ad mimicking Apple’s famous ‘1984’ commercial. Epic added a playable character called ‘Tart Tycoon’ to Fortnite as well. Apple sued Epic seeking damages for harm to its reputation over the campaign. These are just a few examples of the fight between the two companies.

Throughout the lawsuit, Epic petitioned the courts to force Apple to allow Fortnite back on the App Store. That included arguing that the game’s removal caused it irreparable harm. Apple responded in turn, saying Epic used the lawsuit to draw attention to the game as interest waned.

Judge feels the antitrust questions deserve a jury

The hearing didn’t answer any of the looming questions about the antitrust allegations or whether Apple would have to return Fortnite to the App Store. For the latter, the New York Times reports a decision will arrive in the coming days. I don’t expect it to be in Epic’s favour, considering Gonzalez Rogers previously ruled Apple didn’t have to reinstate Fortnite and seems unconvinced by Epic’s arguments.

As for the bigger questions about antitrust, Gonzalez Rogers believes the they are important enough that the case be taken to a jury trial in July 2021.

However, CNN reports that Gonzalez Rogers wasn’t persuaded by Epic’s argument that Apple’s bundled App Store and payment method violate antitrust law. The judge also didn’t completely agree that Apple harmed Epic’s ability to distribute Fortnite through control of the App Store.

“Walled gardens have existed for decades. Nintendo has had a walled garden. Sony has had a walled garden. Microsoft has had a walled garden. What Apple’s doing is not much different… It’s hard to ignore the economics of the industry, which is what you’re asking me to do,” Gonzalez Rogers said.

Epic isn’t the only company taking issue with Apple’s policies

However, Epic’s lawsuit has become something of a rallying cry for many developers who feel they’ve been wronged by Apple’s App Store guidelines. Last week, several companies formed the Coalition for App Fairness, which aims to “defend the fundamental rights of creators to build apps and to do business directly with their customers,” according to Epic CEO Tim Sweeney. Along with Epic, the coalition includes Spotify, Tile and Match Group, which owns several dating services including Tinder and Hinge.

Many developers have accused Apple of applying its App Store rules unfairly, especially in the last few months. For example, a group of news publishers sent a letter to Apple seeking a deal that reduces the 30 percent cut the company takes from subscription services. The letter cited a similar deal Apple gave to Amazon, which CEO Tim Cook testified in a congressional hearing was available to any developer that met the criteria. Apple has not shared what those criteria are.

Epic has also pointed out that Apple’s in-app payment rules differ from app to app, and listed several other services that aren’t forced to use Apple’s system. Finally, there was an instance where Apple blocked updates to the WordPress iOS app until the developer added in-app payments. The company later back-pedalled on the move.

Source: CNN, New York Times Via: The Verge

Let’s block ads! (Why?)



Source link

Continue Reading

Trending