Google has announced the general availability of a long-awaited feature -- the ability to manage Windows 10 devices through G Suite. From a report: Until today, companies that used G Suite to manage corporate endpoints could only enroll Android, iOS, Chrome, and Jamboard devices. Once enrolled in a G Suite enterprise plan, system administrators at these companies would have full control over the enrolled devices, to ensure that company data was safeguarded from sloppy employees. G Suite admins could enforce security policies related to login operations, file storage, encryption, and other features. Starting this week, the same features are now also available for working with Windows 10 devices, Google announced in a blog post. These include the ability to, among other things: Log into Windows 10 systems using a Google account, control Windows 10 update rules, and change Windows 10 settings remotely.

The popular anti-malware software MalwareBytes is releasing a new Windows VPN service called Malwarebytes Privacy. The company says it plans on offering Mac, iOS, Android, and ChromeOS versions in the future. Bleeping Computer reports: During our tests yesterday, you could select from 10 states in the USA and 30 countries around the world. [...] Malwarebytes told BleepingComputer that this is not a white-label service, but rather one they developed themselves. A trusted-third party built the network infrastructure, and Malwarebytes developers created the app and other components. Malwarebytes Privacy is using the modern WireGuard VPN implementation that was recently integrated into the Linux kernel.

Unfortunately, not much is known about Malwarebytes Privacy's logging and data retention policies. According to Malwarebytes' product page, "Malwarebytes Privacy does not log your online activities, whether it's browsing or accessing any websites." This is what most people want, but it would be good to get more specific language in a dedicated data retention policy or language in their privacy policy.

One of the largest VPN companies, NordVPN, is rolling out NordLynx -- it's first mainstream WireGuard virtual private network for its Windows, Mac, Android and iOS client-software applications. ZDNet reports: NordVPN's own tests have shown NordLynx easily outperforms the other protocols, IKEv2/IPsec and OpenVPN. How much faster? According to NordVPN's 256,886 speed tests, "When a user connects to a nearby VPN server and downloads content that's served from a content delivery network (CDN) within a few thousand miles/kilometers, they can expect up to twice higher download and upload speed." While speed is what customers will notice, security experts like WireGuard for its code's simplicity. With only about 4,000 lines of code, WireGuard's code can be comprehensively reviewed by a single individual.

Besides WireGuard, NordVPN adds in its double Network Address Translation (NAT) system to protect users' privacy. This enables users to establish a secure VPN connection while storing no identifiable user data on a server. You're assigned a dynamic local IP address that remains assigned only while the session is active. User authentication is done with the help of a secure external database. To switch to NordLynx, users need to update their NordVPN app to the latest version. The NordLynx protocol can be chosen manually from the Settings menu.

In the summer of 2016, researchers at a digital rights organization and a cybersecurity firm announced they had caught one of the rarest fish in the cybersecurity ocean -- an in the wild attack against an iPhone, using unknown vulnerabilities inside Apple's vaunted operating system. Since then, only a handful of similar attacks have been caught and publicly disclosed. Now, a small startup said it has caught another one. From a report: ZecOps, a company based in San Francisco, announced on Wednesday that a few of its customers were targeted with two zero-day exploits for iOS last year. Apple will patch the vulnerability underlying these attacks on an upcoming release of iOS 13. "We concluded with high confidence that it was exploited in the wild," Zuk Avraham, the founder of ZecOps, told Motherboard. "One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely."

"These vulnerabilities," ZecOps researchers wrote in a report they published Wednesday, "are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs." One of the two vulnerabilities, according to Avraham, is what's known as a remote zero-click. This kind of attack is dangerous because it can be used by an attacker against anyone on the internet, and the target gets infected without any interaction -- hence the zero-click definition. Vulnerabilities or exploits called zero-days are bugs in software or hardware that are unknown to their manufacturers and can be used to hack targets. They can be particularly effective attacks because they use flaws that are not patched yet, meaning there's no code deployed to specifically defend against them.

An anonymous reader quotes a report from Ars Technica: As many as a billion mobile phone owners around the world will be unable to use the smartphone-based system proposed by Apple and Google to track whether they have come into contact with people infected with the coronavirus, industry researchers estimate. The figure includes many poorer and older people -- who are also among the most vulnerable to COVID-19 -- demonstrating a "digital divide" within a system that the two tech firms have designed to reach the largest possible number of people while also protecting individuals' privacy.

The particular kind of Bluetooth "low energy" chips that are used to detect proximity between devices without running down the phone's battery are absent from a quarter of smartphones in active use globally today, according to analysts at Counterpoint Research. A further 1.5 billion people still use basic or "feature" phones that do not run iOS or Android at all. "In all, close to 2 billion [mobile users] will not be benefiting from this initiative globally," said Neil Shah, analyst at Counterpoint. "And most of these users with the incompatible devices hail from the lower-income segment or from the senior segment which actually are more vulnerable to the virus." Ben Wood, analyst at CCS Insight, estimates that only around two-thirds of adults would have a compatible phone. "And that's the UK, which is an extremely advanced smartphone market," he said. "In India, you could have 60-70 percent of the population that is ruled out immediately."

The report adds: "Counterpoint Research is more optimistic, estimating that 88 percent compatibility in developed markets such as the US, UK, and Japan, while about half of people in India would own the necessary handset."

Facebook's dedicated Gaming app is now live on Android, months before its planned June release. From a report: The social media giant pushed the app out two months prior to its scheduled unveiling amid a global pandemic that's left people all over the world isolated at home, rapidly burning through entertainment options. The New York Times announced the upcoming release in an exclusive over the weekend, noting that Facebook's massive gaming investment has culminated in more 700 million of the sites's 2.5 billion users actively playing games through the platform monthly. The launch of a devoted app is a clear next step for content that has, until now, been the domain of the site's Gaming tab. Social engagement is the focus for the app (naturally), which will be getting an iOS version at some point in the near future (pending Apple approval).

macOS and iOS software developers will soon be able to code on an iPad or even iPhone, if an unconfirmed report is correct. iPadOS 14 and the iPhone equivalent will reportedly include support for Xcode, Apple's software development environment. Cult of Mac reports: This report comes from Jon Prosser, founder of YouTube channel Front Page Tech, who recently correctly predicted the launch date of the 2020 iPhone SE. On Monday, Prosser said via Twitter "XCode is present on iOS / iPad OS 14. The implications there are HUGE." Whenever anyone suggests that iPads have become as powerful as MacBooks, someone always asks, "Does it do Xcode?" The implication is that iPads are just toys -- only Macs are real computers. But if Prosser is correct, then devs will be able to use iPad or Mac, whichever they prefer. This is part of Apple steadily upgrading the capabilities of its tablets over years, especially the iPad Pro line. These now have USB-C ports, support for accessing external media, mouse support, etc. And top-tier iPad processors as powerful as Apple laptops.

Movie ticketing company Fandango has agreed to buy Walmart's on-demand video streaming service, Vudu, for an undisclosed sum. From a report: The video service today reaches over 100 million living room devices across the U.S. including smart TVs, Blu-ray players, game consoles, and other over-the-top streaming devices, as well as Windows 10 and Mac computers, and iOS and Android mobile devices. To date, the Vudu app on mobile has been installed over 14.5 million times. As a part of the agreement, Vudu will continue to power Walmart's digital movie and TV store on Walmart.com. In addition, Walmart says Vudu customers will have uninterrupted access to their Vudu library. They'll also continue to be able to use their Walmart login as well as their Walmart wallet to make purchases on Vudu, the retailer notes.

The web-based Apple Music experience that launched in beta last September is now available at music.apple.com. MacRumors reports: The previous beta.music.apple.com address automatically forwards to the newly launched version. Once you're signed into the web version of Apple Music with your Apple ID that has an associated Apple Music subscription, you'll have access to all of your library and playlist content, as well as the same personal mixes and recommendations you'll see in the Music apps for iOS, Mac, and Android. Apple Music content plays right in the web browser, providing access for an array of devices and platforms that don't have native Music app support, include Windows 10, Linux, and Chrome OS.

Engineering teams at Apple and Google have banded together to create a decentralized contact tracing tool that will help individuals determine whether they have been exposed to someone with COVID-19. From a report: Contact tracing is a useful tool that helps public health authorities track the spread of the disease and inform the potentially exposed so that they can get tested. It does this by identifying and 'following up with' people who have come into contact with a COVID-19 affected person. The first phase of the project is an API that public health agencies can integrate into their own apps. The next phase is a system level contact tracing system that will work across iOS and Android devices on an opt-in basis. The system uses on-board radios on your device to transmit an anonymous ID over short ranges -- using Bluetooth beaconing. Servers relay your last 14 days of rotating IDs to other devices which search for a match. A match is determined based on a threshold of time spent and distance maintained between two devices.

More than 3.5 million iOS users have installed "fleeceware" apps on their devices, UK security firm Sophos warned in a report published earlier this week. From a report: The term fleeceware is a new addition to the cyber-security jargon and describes apps engaging in a new form of online fraud. Coined last year by Sophos researchers, the term refers to mobile apps that abuse legal loopholes in the app trial mechanism on Android -- and now iOS. Both the Google and Apple app stores allow app makers to create trial periods for commercial/paid/subscription apps. Users can install these apps and sign-up for a trial by giving the app permission to incur a charge on the user's Play Store or App Store account. Once the trial period ends, the user is charged automatically on their card and allowed to use the app.

Apple is working on a new way to offer specific parts of third-party apps across the system without needing to have them installed, 9to5Mac has learned based on an early build of iOS 14. From a report: The feature would allow users to experience parts of an app's functionality by scanning a QR Code. If you open a link or scan a QR code today from an app that you haven't installed on your iPhone or iPad, it will open that link in Safari. Apps can provide universal links, which open the app instead of Safari when the app is installed. But that could change in the near future with a new API internally referred to as "Clips" found on iOS 14 code. As 9to5Mac has analyzed this new API, we can say that it allows developers to offer interactive and dynamic content from their apps even if you haven't installed them. The Clips API is directly related to the QR Code reader in the build we have access to, so the user can scan a code linked to an app and then interact with it directly from a card that will appear on the screen.

An anonymous reader writes: Google today launched Chrome 81 for Windows, Mac, Linux, Android, and iOS. Chrome 81 includes an Origin Trial of Web NFC for mobile, early Augmented Reality support, mixed images autoupgraded to HTTPS, TLS 1.0 and TLS 1.1 deprecated, and more developer features. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 81 removes the "discard" element and FTP support.

Samsung is killing its Smart View app for Android and iOS, which serves as a remote control for its older smart TVs. From a report: The company has updated the application's descriptions to announce that it will no longer be supported starting on October 5th. Android Police first spotted the changes and noted that, in addition to its capability as a remote control, Smart View can also beam music and media to the company's TVs. It's unclear how Samsung defines "older" -- hence which all models will be impacted.

Here's some interesting thoughts from long-time Slashdot reader theodp: CNBC reports that the next frontier in the Microsoft, Google, Amazon cloud battle is over a world without code.

Google recently acquired no-code app development platform AppSheet, Microsoft just launched a new public preview of its low-code Power Apps mobile app for iOS and Android, and there is speculation about an 'Amazon for Everyone' product from AWS. "Anything a Java developer or engineer can build using custom code, we can do it 200 times faster," boasted Unqork CEO Gary Hoberman, whose no-code company raised $131 million in its latest funding round from investors that included Alphabet.

The promise of no-code development platforms has been touted for decades — is it different this time?

An anonymous reader quotes a report from Wired: Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target's webcam and microphone on iOS and macOS devices. Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.

The bugs Pickren found all stem from seemingly minor oversights. For example, he discovered that Safari's list of the permissions a user has granted to websites treated all sorts of URL variations as being part of the same site, like https://www.example.com, http://example.com and fake://example.com. By "wiggling around," as Pickren puts it, he was able to generate specially crafted URLs that could work with scripts embedded in a malicious site to launch the bait-and-switch that would trick Safari. A hacker who tricked a victim into clicking their malicious link would be able to quietly launch the target's webcam and microphone to capture video, take photos, or record audio. And the attack would work on iPhones, iPads, and Macs alike. None of the flaws are in Apple's microphone and webcam protections themselves, or even in Safari's defenses that keep malicious sites from accessing the sensors. Instead, the attack surmounts all of these barriers just by generating a convincing disguise.

Apple's native iOS password manager may be getting an overhaul later this year with the presumed release of iOS 14 that will make it more competitive with third-party options like 1Password and LastPass, reports 9to5Mac. From a report: Right now, iCloud Keychain can store your passwords and help autofill them on the iPhone, where copying and pasting long strings of letters and numbers or manually doing so has been a headache since the advent of the mobile touchscreen. But it doesn't have reminders for changing those passwords like competitors do, and it doesn't support two-factor authentication (2FA) options. That means users are still stuck using potentially insecure methods like SMS or email in the event that they do have 2FA set up.

An anonymous reader quotes Motherboard: On Friday video-conferencing software Zoom issued an update to its iOS app which stops it sending certain pieces of data to Facebook. The move comes after a Motherboard analysis of the app found it sent information such as when a user opened the app, their timezone, city, and device details to the social network giant.

When Motherboard analyzed the app, Zoom's privacy policy did not make the data transfer to Facebook clear.

"Zoom takes its users' privacy extremely seriously. We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday....

"We sincerely apologize for this oversight, and remain firmly committed to the protection of our users' data," Zoom's statement concluded.

Apple launched its own coronavirus screening site and iOS app developed alongside the White House, CDC and FEMA. From a report: The site is pretty simple with basic information about best practices and safety tips alongside a basic screening tool which should give you a fairly solid idea on whether or not you need to be tested for COVID-19. The site which is -- of course -- accessible on mobile and desktop also includes some quick tips on social distancing, isolation, hand-washing, surface disinfecting and symptom monitoring. The app, which contains identical information to the site, is US-only at the moment while the website is available worldwide. Depending on your symptoms, the site will push you to get in contact with your health provider, contact emergency services or it will inform you that you likely do not need to be tested. It will not route you to a testing center directly. Apple says that its app and website gather or collect zero personal information about anyone using it.

An anonymous reader quotes a report from Bleeping Computer: A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses. While connections made after connecting to a VPN on your iOS device are not affected by this bug, all previously established connections will remain outside the VPN's secure tunnel as ProtonVPN disclosed.

The bug is due to Apple's iOS not terminating all existing Internet connections when the user connects to a VPN and having them automatically reconnect to the destination servers after the VPN tunnel is established. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own," ProtonVPN explains. "However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel." During the time the connections are outside of the VPN secure communication channels, this issue can lead to serious consequences. For instance, user data could be exposed to third parties if the connections are not encrypted themselves, and IP address leaks could potentially reveal the users' location or expose them and destination servers to attacks. Until Apple provides a fix, the company recommends using Always-on VPN to mitigate this problem. "However, since this workaround uses device management, it cannot be used to mitigate the vulnerability for third-party VPN apps such as ProtonVPN," the report adds.