Security News

Here comes digital product placement

Plus, real-time bidding makes billions and Apple lets apps raise subscription prices.

Both Amazon Prime Video and NBCU’s Peacock have unveiled beta programs that allow products and product ads to be digitally placed in their streaming content. During the Interactive Advertising Bureau’s NewsFronts convention this month, Amazon showed off its Virtual Product Placement service and NBCU spotlighted its “In Scene” service. Both will give advertisers the ability to digitally place ads, billboards, and products into movies and shows during post-production, meaning the ads can also be switched out periodically. Video games already feature this service, and Bloomberg says product placement is a $23 billion industry. For more on this story, see Gizmodo

RTB industry shares user data hundreds of times daily

In a new report, The Irish Council for Civil Liberties (ICCL) uncovered the full scale of the real-time bidding (RTB) industry and found that European users’ data is shared an average of 376 times per day. For American users, that average jumps to 747 times. According to the report, “RTB is a $117 billion industry that operates behind the scenes on websites and apps. It tracks what you are looking at, no matter how private or sensitive, and it records where you go.” Google provides RTB info – which includes device information, location details, and browsing history – to 4,698 companies. Though personal information is not involved, the ICCL still calls the RTB industry “the biggest data breach” in history. For more, see BBC News

Apple lets apps raise subscription prices automatically

In a policy change this week, Apple informed users that, moving forward, when developers raise the price of auto-renewable subscriptions, users will not have to opt-in to be charged more. The update explained that certain conditions need to be met in order for this to happen. Specifically, a price increase can not occur more than once per year, it can not exceed US$5 and 50% of the subscription price, or US$50 and 50% for an annual subscription price, and it must be permissible by local law. Apple said users will always receive notifications alerting them of the price increase before it takes effect. Learn more at CNET

Sysrv botnet variant installs cryptominers

Last week, Microsoft tweeted about a new variant of the Sysrv botnet that is exploiting vulnerabilities in web apps and databases on both Windows and Linux systems to install cryptominers. The variant is called Sysrv-K, and Microsoft said it has the ability to gain control of web servers. “Sysrv-K scans the internet to find web servers with various vulnerabilities to install itself,” the company wrote. “The vulnerabilities range from path traversal and remote file disclosure to arbitrary file download and remote code execution vulnerabilities.” To learn more about Sysrv-K, read The Hacker News

New SIG forms to enhance ICS/OT cybersecurity

Research and development company MITRE has announced a new special interest group (SIG) that is intended to enhance cybersecurity defenses for industry control systems (ICS) and operational technology (OT). MITRE is co-chair of the SIG along with the Cybersecurity Manufacturing Innovation Institute, a research organization that focuses on manufacturing and supply chains in the U.S. “The goal is to provide a forum for researchers and vendors to interact and share opinions and expertise in an effort to identify and classify vulnerabilities and common attack patterns that are specific to ICS and other OT,” Security Week reported. 

This week’s must-read on the Avast blog 

Just because your iPhone is powered off doesn’t mean it can’t be attacked. The better we understand how adversaries can eavesdrop on our phones, the more confidence we can have in our privacy and help protect our communications.