According to Kaspersky, the message triggers a vulnerability that leads to code execution, and the code within the exploit downloads several subsequent stages from the command-and-control server that include additional exploits for privilege escalation.

After successful exploitation, a final payload is downloaded from the C&C server, which Kaspersky calls a “fully featured APT platform.” The initial message and the exploit in the attachment is then deleted.

How Kaspersky discovered the exploit

Researchers for Kaspersky, which is the subject of a federal government ban and potential enforcement actions due to its alleged ties to the Russian government, say the company was monitoring network traffic of its own corporate WiFi network dedicated for mobile devices when they noticed suspicious activity coming from iOS devices.

“Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise,” researchers say.

The company says its mobile device backups provided a partial copy of the filesystem, including some user data and service databases. Timestamps of files, folders and the database records helped the company reconstruct the events leading to compromise.

According to Kaspersky, the malicious toolset does not support persistence, likely due to the limitations of the operating system.

Based on timelines of infected devices, devices may be reinfected after being rebooted.

The oldest traces of infection discovered by researchers happened in 2019, and the attack is ongoing, as the most recent version of devices successfully targeted is iOS15.7, which was released in September 2022.

While analysis of the final payload is not finished yet, Kaspersky researchers say the code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

Disabling iMessage would prevent iOS devices from compromise, the company says.

The vulnerabilities used, while not disclosed in the Kaspersky blog, were apparently zero days before they were patched in February.

Who is behind these attacks?

Kaspersky (neither the company nor the CEO of the same name) did not attribute the attacks to any specific group, but Russia’s Federal Security Service (FSB) in a separate statement (which didn’t specifically mention the Kaspersky report) accused the U.S. National Security Agency and Apple of having a “close cooperation” to spy on Russian diplomats.

In a statement provided to Reuters and other media outlets, Apple denied the claims, saying the company has “never worked with any government to insert a backdoor into any Apple product and never will.”

In a series of Tweets, CEO Eugene Kaspersky says successful exploitation can result in transmitting private information, including microphone recordings, photos from instant messages, geolocation and data about a number of other activities.

We’ve discovered a new cyberattack against iOS called Triangulation.

The attack starts with iMessage with a malicious attachment, which, using a number of vulnerabilities in iOS installs spyware. No user action is required.#IOSTriangulation pic.twitter.com/daxEYZwXwD

— Eugene Kaspersky (@e_kaspersky) June 1, 2023

The spyware infected “several dozen iPhones” of Kaspersky employees, but the CEO says the threat has been neutralized and the company is now operating normally.

In other Tweets, Kaspersky says the campaign is not related to other iOS attacks, such as Pegasus, Predator, or Reign. In addition, the Russia-based cybersecurity firm was not the main target of the attacks, the CEO says.

The company calls this campaign “Operation Triangulation” and has set up a webpage containing all related information. The company is asking anyone with additional details to contact the company at triangulation[at]kaspersky.com.

How to find out if you’ve been affected by Operation Triangulation

Kaspersky on Friday released a tool designed to automate the process of checking iOS device backups for possible indicators of compromise.

This article has been updated on June 2, 2023 to reflect a statement from Apple. 

The post Kaspersky Discovers New 0-Click iOS Exploit appeared first on My TechDecisions.

Apple released the update Monday through its Rapid Security Response update program, urging all users of iOS devices to apply the iOS Security Response 16.4.1 (a) update.

“This Rapid Security Response provides important security fixes and is recommended for all users,” Apple says of the update.

Apple has been silent on what vulnerabilities this update fixes, but it must be important, as the Rapid Security Response program is designed to fix vulnerabilities without having to issue a full software update.

However, no new CVE has appeared on its security update page, and a notice along with the update doesn’t detail anything about the issues it is fixing.

According to Apple, these kind of updates could provide security improvements in Safari, the WebKit framework, or other critical system libraries. They could also be used to mitigate zero day vulnerabilities or in-the-wild bugs.

The company says Rapid Security Responses are delivered only for latest versions of iOS, iPadOS and macOS. Devices should allow these updates to be applied automatically and should prompt users to restart their devices.

However, some users on Twitter reported on Monday getting an error message when trying to apply the updates. I tested it out myself Tuesday morning and the update was successful, but had to do so manually even though I had automatic updates enabled. Since this is a new deployment model, there might be some kinks Apple has to work out.

Like other software updates, users can navigate to Settings>General>Software Update to apply the Rapid Security Response. Doing so can also allow users to make sure that automatic updates for Rapid Security Response updates are turned on.

Users can opt out of Rapid Security Response updates and instead receive fixes or mitigations when they’re included in full software updates.

Admins should consult this Apple support document about how to manage Rapid Security Responses on Apple devices.

The post Why You Shouldn’t Ignore Apple’s iOS Rapid Security Response Update appeared first on My TechDecisions.

According to the firm, this could allow sandbox escape on both macOS and iOS. The vulnerabilities range from medium to high severity, with CVSS scores between 5.1 and 7.1. Attackers could use these exploits–which have been fixed in recent updates–to gain access to sensitive information such as a user’s messages, location data, call history and photos.

In a research blog, Trellix details a 2021 bug that allowed for 0-click remote code execution that was used to infect a Saudi activist’s iPhone with the Pegasus malware. The exploits included the initial exploitation of PDF parsing code and sandbox escape.

“While much attention was given to the first exploit, we were much more interested in the second as it described a way to dynamically execute arbitrary code in another process which completely sidestepped code signing,” the company’s researchers say.

Trellix describes that exploit as such:

It involved NSPredicate, an innocent looking class that allows developers to filter lists of arbitrary objects. In reality the syntax of NSPredicate is a full scripting language. The ability to dynamically generate and run code on iOS had been an official feature this whole time. However, this was just the beginning, as this feature revealed an entirely new bug class that completely breaks inter-process security in macOS and iOS.

However, this was not the first example, as a researcher in 2019 discovered how to exploit the mechanics of NSPredicate to run arbitrary code.

The gist of this research was that NSExpression objects, the building blocks of an NSPredicate, could be used to call arbitrary methods on arbitrary classes and objects. Using existing classes in Apple’s private frameworks, it was possible to bypass pointer authentication (PAC) and every other mitigation to call any function. However, the post also describes ways in which Apple has mitigated the dangerousness of these objects, namely through a protocol called NSPredicateVisitor. Classes that implement this protocol can be used to check every expression to make sure they were safe to evaluate. CodeColorist notes at the end of his post that “Without a proper validation, it could be an inter-process attack surface to bypass TCC.”

This led to the discovery of a “large new class of bugs” that allow bypassing code signing to execute arbitrary code in the context of several applications, leading to escalation of privileges and sandbox escape on both operating systems.

Apple has removed features used in previous exploits and added new mitigations to restrict what could be done with NSPredicate using large denylist to prevent the use of certain classes and methods, but Trellix discovered that the new mitigations could be bypassed.

By using methods that had not been restricted it was possible to empty these lists, enabling all the same methods that had been available before. This bypass was assigned CVE-2023-23530 by Apple. Even more significantly we discovered that nearly every implementation of NSPredicateVisitor could be bypassed. There are many processes with XPC Services (the primary method of high-level inter-process communication on macOS and iOS) that accept NSPredicate arguments and use NSPredicateVisitor to ensure that the provided expression is safe to evaluate. While there is no single implementation as nearly every process has its own version, most use the “expressionType” property to filter out function expressions. The issues reside in the fact that this property can be set in the sending process and is trusted to be accurate by the receiver, rendering the checks useless. This bypass was assigned CVE-2023-23531. These two techniques opened a huge range of potential vulnerabilities that we are still exploring.

According to Trellix, an attacker could use the bugs to access a user’s calendar, address book and photos, as well as install arbitrary applications.

Other vulnerabilities could allow an attacker to read potentially sensitive information from the syslog, or exploit an NSPredicate vulnerability in UIKitCore on the iPad. Attackers could use to achieve code execution inside SpringBoard, a highly privileged app that can access location data, camera, microphone, call history, photos and other sensitive data, as well as wipe the device.

Apple addressed these issues with the release of macOS 13.2 and iOS 16.3, according to the Trellix blog.

The post These macOS, iOS Vulnerabilities Could Allow Attackers to Access Messages, Photos & Call History appeared first on My TechDecisions.

Microsoft 365 outage

Multiple Microsoft 365 services were down Wednesday in what Microsoft say was an issue called by a networking change. Services such as Outlook, Teams and others were inaccessible to users early Wednesday morning.

The company said it identified a networking issue and rolled back a networking configuration change. According to a Reuters report, this affected uses around the world, with services impacted in Americas, Europe, Asia Pacific, Middle East and Africa.

Read the Reuters report for more information.

Microsoft to shut down AltspaceVR

Microsoft is shutting down its social virtual reality platform, AltSpaceVR, on March 10, due to a desire to focus on Mesh, the mixed reality platform that Microsoft wants to grow and turn into a VR communication platform for commercial customers.

“We look forward to what is to come, including our launch of Microsoft Mesh, a new platform for connection and collaboration, starting by enabling workplaces around the world,” the company said in a blog. “In the near-term, we are focusing our VR efforts on workplace experiences, learning from and alongside our early customers and partners, and ensuring we deliver a foundation that enables security, trust and compliance. Over time, we hope to extend to consumer experience a well.”

Read Microsoft’s blog for more information.

DOJ takes down Hive Ransomware

The U.S. Department of Justice says it has undergone a months-long disruption campaign against the Hive ransomware group that has targeted more than 1,500 victims in over 80 countries around the world.

According to the DOJ, the FBI since July 2022 has penetrated the organization’s computer networks, captured decryption keys and offered them to global victims. That saved victims from having to pay $130 million in ransom demands. Law enforcement has provided over 300 decryption keys to Hive victims who were under attack and has distributed over 1,000 other decryption keys to previous victims.

Read the DOJ announcement for more information.

Beware of malicious use of RMM software

Several U.S. agencies are warning of an uptick in cyber campaigns involving the malicious use of remote monitoring and management software, with one particular campaign using phishing emails that led to the download of ScreenConnect and AnyDesk to steal money from victim bank accounts.

While financially motivated, these attacks can lead to other activity, such as selling initial access to other cybercrime organizations. Legitimate RMM software is often used by threat actors to mask their activities and maintain persistence in a victim’s environment, the advisory warns.

Read the advisory for more information.

iOS 16.3 and hardware security keys

Apple has rolled out iOS 16.3, and the new operating system for iPhones and iPads features support for physical security keys for Apple IDs.

This allows users to use third-party security keys instead of two-factor authentication for their Apple ID. The feature will only work with security keys certified by the FIDO Alliance, such as keys from YubiKey or FEITAN.

Read this Apple support document for more information.

The post This Week in IT: Microsoft Outage, VR, Cyberattacks, iOS 16.3 appeared first on My TechDecisions.

According to Microsoft’s Security Threat Intelligence team, the vulnerability, it calls Achilles, could allow attackers to bypass Gatekeeper and use it as a vector of initial access by malware and other threats to help increase the success rate of malicious campaigns and attacks on macOS.

Apple addressed the CVE-2022-42821 issue in several macOS products after Microsoft shared the vulnerability with the company in July, but Microsoft notes that Apple’s Lockdown Mode in macOS Ventura does not defend against Achilles since it only protects against zero-click remote code execution exploits.

In a blog, Microsoft says many macOS infections are due to users running malware inadvertently as a result of fake app bundles that masquerade as different apps or legitimate files. To combat that infection vector, Apple uses security mechanisms when downloading apps from a browser that assigns a special extended attribute to the extended file. That attribute is named com.apple.quarantine and is later used to enforce policies such as Gatekeeper or other mitigations designed to prevent sandbox escapes.

Apple, in recent years, has improved its security policies with the current Gatekeeper design prompting users to give their consent is the app is validly approved by Apple or preventing the app from running.

Microsoft says extended attributes are a filesystem feature supported on common macOS filesystems, such as AFPS and HFS+, and their main purpose is to save file metadata.

While Gatekeeper is a helpful security feature that is effective at blocking untrusted downloaded files and apps, there have been numerous bypass techniques targeting the feature in the past, Microsoft says. Doing so could hare “dire implications” as malware authors sometimes leverage those techniques for initial access.

In fact, Microsoft calls out two Gatekeeper bypass approaches observed in recent years, including misusing the com.apple.quarantine extended attribute assignment and finding a vulnerability in the components that enforce policy checks on quarantined files.

Microsoft lists six total Gatekeeper bypass bugs discovered over the last several years, including one, CVE-2021-1810, which intrigued researchers and got them thinking about what mechanism could be leveraged in archives. That vulnerability exploits assignment of the quarantine attribute, so paths longer than 886 characters were not assigned extended attributes.

“Therefore, creating a symbolic link that points to an app that resides in a long path results in a Gatekeeper bypass,” Microsoft researchers say.

With symbolic links not assigned quarantine attributes, it was possible to completely bypass Gatekeeper.

With that knowledge, Microsoft researchers began looking for a mechanism that could persist different kinds of metadata over archives. They eventually discovered a way to persist important file metadata through AppleDouble. Microsoft describes the mechanism as such:

Even though extended attributes are common on different filesystems, they might be implemented differently or even not supported, so copying files with their metadata becomes a challenging task. To solve this problem, back in 1994, Apple introduced the concept of AppleSingle and AppleDouble formats. In a nutshell, AppleSingle is a binary blob that is added as a part of the original file contents so that there’s only a “single” file to process, whereas AppleDouble saves the metadata in a different file side-by-side next to the original file, with a “._” prefix.

Researchers began looking into how they could use AppleDouble to trick Gatekeeper, which narrowed in on using Access Control Lists (ACLs), a mechanism in macOS that extends the traditional permission model and allow fine-grained permissions to files and directories. That includes controlling the ability to write attributes and extended attributes to the file, as well as setting ACLs to the file, and more.

Researchers began adding very restrictive ACLs to downloaded files, which prohibited Safari or other programs from setting new extended attributes, including the com.apple.quarantine attribute.

Microsoft describes the exploitation steps as follows:

1. Create a fake directory structure with an arbitrary icon and payload.
2. Create an AppleDouble file with the com.apple.acl.text extended attribute key and a value that represents a restrictive ACL (we chose the equivalent of “everyone deny write,writeattr,writeextattr,writesecurity,chown”). Perform the correct AppleDouble patching if using ditto to generate the AppleDouble file.
3. Create an archive with the application alongside its AppleDouble file and host it on a web server.

Fake apps are still one of the top entry vectors on macOS, and Gatekeeper bypasses are a useful tool used by attackers, Microsoft researchers say.

“Nonetheless, through research-driven protections and collaboration with customers, partners, and industry experts, we strive to enrich our protection technologies to defend against such issues—regardless of the platform or device in use,” the company says.

The post Microsoft Discovers macOS Security Bypass Bug appeared first on My TechDecisions.

The security update, included in iOS 16.1.2, macOS Ventura, macOS Big Sur, macOS Monterey, Apple TV, fixes a bug that would allow arbitrary code execution if maliciously crafted web content were processed, Apple says.

Although the company fixed the operating systems for all of its devices (except its smart watches), the only known exploit was against versions of iOS prior to iOS 15.1, the company says.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company says on a support page.

The update rolled out to all supported iPhones, essentially iPhone 8 and later, meaning that the security bug impacted all iPhones. The company says the update fixed a type confusion issue and improved state handling.

The bug, officially listed as CVE-2022-42856, was reported by Clément Lecigne of Google’s Threat Analysis Group.

Essentially, any organization that manages their employees’ iPhones should ensure that this latest update is applied immediately.

However, the company also released a wide range of security fixes for all of its supported platforms, including watches, laptops, phones, tablets and more, according to cybersecurity firm Sophos.

Those fixes are included in macOS Ventura 13.1, macOS Monterey 12.6.2, macOS Big Sur 11.7.2, tvOS 16.2, watchOS 9.2, iOS 16.2 (recent devices only), iPadOS 16.2 (recent devices only), iOS 15.7.2 (earlier devices, back to iPhone 6s), and iPadOS 15.7.2 (earlier devices, including iPod touch 7th gen), Sophos researchers say in a blog.

In an advisory, the U.S. Cybersecurity and Infrastructure Security Agency urged users and administrators to review Apple’s security updates page and apply the necessary updates as soon as possible.

The security updates come a week after the company unveiled new security protections, including protections for user data, the ability to verify identity of contacts and support for third-party security keys.

The post Apple Fixes Actively Exploited Bug in WebKit Impacting Wide Range of Devices appeared first on My TechDecisions.

According to the company, the three new features join a suite of other security tools to make Apple devices “the most secure on the market,” such as custom chips with device encryption and data protections to the recently released Lockdown Mode.

Highlighting the company’s announcement is the introduction of Advanced Data Protection for iCloud, which the company calls its “highest level of cloud data security” that gives users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so it can only be decrypted on users’ trusted devices.

According to Apple, users who opt in can protect most of their iCloud data even in the case of a data breach in the cloud.

While iCloud currently protects 14 sensitive data categories–such as passwords and health data–with end-to-end encryption enabled by default, Advanced Data Protection essentially expands this to 23 data categories, including iCloud Backup, Notes and Photos.

Now, the only major iCloud data categories not covered are iCloud Mail, Contacts and Calendar because of the need to interoperate with global email, contacts and calendar systems, Apple says.

Apple says iMessage Contact Key Verification adds another layer of security to the already end-to-end encrypted iMessage, enabling users more at risk to digital threats to choose to verify that they are communicating with only the people they intend.

According to Apple, the feature will send automatic alerts to users when they are communicating with another user who has the feature enabled in the event of an advanced attack in which a hacker breached cloud servers and inserts their own deice to eavesdrop on encrypted communications.

At a higher level, Apple says iMessage Contact Key allows users to compare a Contact Verification Code in person, on FaceTime or through another secure call.

The company’s new security key feature gives users the choice to make use of third-party hardware security keys to enhance two-factor authentication for their iCloud accounts. The feature is designed for high-profile individuals such as journalists, celebrities, government officials and others.

Users who opt in will have to present a hardware security key as one of the two authentication factors, which the company says can help prevent advanced attackers from stealing a user’s second factor in a phishing scam.

Message Contact Key Verification and Security Keys for Apple ID will be available globally in 2023. Advanced Data Protection for iCloud is available now for members of the company’s beta software program and will be available to U.S. users by the end of the year before a global rollout in early 2023.

Craig Federighi, Apple’s senior vice president of software engineering, says the company constantly identifies and mitigates emerging threats to user data on devices and in the cloud.

“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications,” Federighi says.

The post Apple Introduces Wider Data Protections, Encryption, Security Keys appeared first on My TechDecisions.

According to a Microsoft blog, this is an improvement to the Setup Assistant with modern authentication enrollment method since it no longer requires the Company Portal app for Azure AD registration or compliance checking.

Microsoft says by removing the Company Portal requirement, it eliminated extraneous steps, removed required app downloads that can’t be changed, and put an end to switching between apps to get the device compliant. This is designed to streamline the user flow.

With JIT Registration, once the user completes enrollment during Setup Assistant and lands on the home screen, the user authentication can be completed in any Microsoft Office application to register the device with Azure AD and kick off compliance, according to Microsoft.

The compliance checks are integrated right into the Office app that is used for authentication, so the user doesn’t need to switch between multiple apps to understand the steps that they need to take to become compliant, the company says.

Microsoft is utilizing Apple’s single sign-on (SSO) extension functionality to significantly minimize authentication prompts. The first authentication in Setup Assistant completes enrollment and establishes user device affinity while the next authentication handles Azure AD registration within a pre-authorized Office app.

According to Microsoft, this ensures that SSO is fully established across the device. These authentications are all that are required to fully enroll the corporate device with Intune, register it with Azure AD, and ensure compliance on the device with a fully integrated compliance experience right within any Office app.

Read the Microsoft blog to learn about how to setup the admin-side configuration for JIT Registration for ADE, or watch this video.

The post Microsoft Streamlines Just-in-Time Apple Device Registration with Intune appeared first on My TechDecisions.

New iPhones to require USB-C charging

Apple confirmed this week that it will comply with European Union lesiglsation setting a common charging standard for mobile phones and other portable electronic devices. Speaking at the Wall Street Journal’s Tech Live conference, Greg Joswiak, senior vice president of worldwide marketing at the tech giant, said the company will comply.

The law will require mobile phones and tablets to support USB-C charging by 2024, so new devices with that standard could come as early as next year. The company is likely to introduce the standard globally, not just within the European Union, CNBC reports.

Ransomware families mature, weaponize vulnerabilities in last two quarters

A new report on ransomware from cybersecurity firm Ivanti finds that vulnerabilities associated with ransomware have grown 466% since 2019, and several vulnerabilities tied to ransomware are not being detected by popular scanners

According to the firm,  even federal agencies tasked with cybersecurity are missing some ransomware vulnerabilities, such as CISA, which Ivanti says is missing 124 ransomware vulnerabilities it is Known Exploited Vulnerabilities catalog.

In the third quarter, Ivanti identified 13 new vulnerabilities tie to ransomware, bringing the total to 323.

Read the report here.

Google Chrome ends support for Windows 7, 8, 8.1 next year

Google announced that it is ending Chrome support for Windows 7, 8 and 8.1 early next year, with Chrome 110 scheduled to be released on Feb. 7, 2023, as the last version of Chrome that will work on those operating systems. Users will need to be using Windows 10 or later to continue receiving future Chrome releases.

This matches Microsoft’s end of support for Windows 7 ESU and Windows 8.1 extended support on Jan. 10, 2023. Older versions of Chrome will continue to work, but there will be no updates released, meaning users won’t get new features or security fixes.

Microsoft’s diversity data

Microsoft has released its fourth annual Global Diversity & Inclusion Report on the company’s internal workforce demographics, claiming that the company is more diverse than it ever has been.

According to the company’s own data:

• For the first time, women now make up more than 30% of the Microsoft’s core workforce worldwide at 30.7%, up 1.0 percentage point since last year.

•  Employees from racial and ethnic minority communities now make up 53.2% of Microsoft’s core U.S. workforce, up 1.9 percentage points from last year.
• 7.8% of employees in the U.S. self-identified as having a disability. This is an increase of 0.7 percentage points from last year.
• The company says minorities and women earn comparable pay to white employees and men.

Read the company’s blog to learn more about their workforce demographics.

The post This Week in IT: USB-C for iPhones, Ransomware, Google Chrome, Microsoft’s Diversity appeared first on My TechDecisions.

Zoom is reportedly preparing email and calendar product launches

Zoom is reportedly preparing to launch new email and calendar products in an attempt to make the Zoom platform a more comprehensive suite of business tools and better compete with the likes of Microsoft 365 and Google Workspace.

First reported by The Information, citing anonymous sources, the videoconferencing giant could announce those new offerings as soon as its Zoomtopia conference in November. This comes nearly two years of the company quietly developing the new services. Zoom CEO Eric Yuan reportedly wants to transform the company from a videoconferencing platform into a fully-fledged communication platform. The company has recently rolled out improvements to its Chat capabilities.

Red Hat announces flexible work policy

Red Hat is embracing flexible workplace arrangements and is giving the majority of its employees full autonomy to choose where they want to work. The enterprise Linux provider says no employee is required to be in the office, and the company is offering employees a work-from-home stiped to cover the costs of remote work.

Employees that do go into the office need to book work stations online. Red Hat office spaces now contain fewer desks and booths, couches and small collaboration spaces.

Red hat is also introducing quarterly “recharge” days—essentially a company-wide day off—to address burnout.

Learn more about Red Hat’s workplace strategy here.

New Microsoft 365 app update experience

Microsoft is introducing a new update experience for Microsoft 365 apps called update under lock, a new feature that uses Click-to-Run technology that helps IT teams reach compliance within their timeframes without disrupting end users. It is designed to reduce the need for abrupt forced updates and make updates more reliable by saving app state before closing.

Update under lock will try to shut down any Office apps running when it is safe to do so, and after the update is applied, apps will be restored to their previous state—all in about four seconds.

Learn more about this new feature in this Tech Community blog.

U.S. government issues security guidance to software companies

The U.S. Office of Management and Budget is issuing guidance to ensure federal agencies use software that has been built using common cybersecurity practices. The guidance comes after two years of supply chain attacks and software vulnerabilities that threaten U.S. national security and the security of private organizations as well.

According to Chris DeRusha, federal CISO and deputy national cyber director, the guidance was developed with input from the public sector, private sector and academia. The guidance directs agencies to use only software that complies with secure software development standards, creates a self-attestation form for software producers and agencies, and will allow the federal government to quickly identify security gaps when new vulnerabilities are discovered.

Read the guidance here.

Apple adds new security features in iOS16

Apple is adding a host of new security features to iOS devices with the release of iOS16, including passkeys that are synced across Apple devices through iCloud Keychain, faster security updates, Lockdown Mode and more.

Read about all the new iOS features.

The post This Week in IT: Zoom Email, Red Hat’s WFH Strategy, Software Updates, Supply Chain Security appeared first on My TechDecisions.