Information Technology

Can you run eBPF on Windows? Sure, if you’re using Windows Subsystem for Linux 2.0. Of course, there you’re running it on the Linux kernel on Windows 10. But running eBPF on Windows natively? Nah. That will change soon, however. Microsoft has started an open-source project to make eBPF work on Windows 10 and Windows Server 2016 and later. 

This is the ebpf-for-windows project. With it, Windows developers can use eBPF toolchains and application programming interfaces (APIs) on top of existing versions of Windows. This won’t be easy. Still, by building on the work of others, it should be possible. This project takes several existing eBPF open-source projects and adds the “glue” to make them run on Windows. Why would you want to do this? Linux developers already know the answer to that, but Windows programmers probably don’t. Here’s the story.First, it all started with a firewall program: The decades-old Berkeley Packet Filter (BPF). This was designed for capturing and filtering network packets on a register-based virtual machine (VM). That was useful. But, as the years went by, Alexei Starovoitov, Linux kernel developer and Facebook software engineer, realized that updating BPF to work with modern processors, extended BPF (eBPF), to run user-supplied programs inside of the kernel would make it far more powerful. It was introduced in the 3.15 Linux kernel and programmers quickly started using it for all kinds of programs. Today, eBPF remains very useful for network filtering, analysis, and management, but it has far more jobs. EBPF is also used for system call filtering and process context tracing. In short, it’s become a Swiss-army knife for programming tracing, system profiling, and collecting and aggregating low-level custom metrics. At a higher level, this means eBPF has become the foundation of security programs, such as Cilium, Falco, and Tracee; Kubernetes observation programs like Hubble and Pixie, and, of course, toolchains such as Clang.In Windows, here’s how it’s going to work: Existing eBPF toolchains will generate eBPF bytecode from source code in various languages. This bytecode can then be used by any application or manually through the Windows netsh command-line tool. This will be done using a shared library that exposes Libbpf APIs. This is still a work in progress.

The library will then send the eBPF bytecode to the PREVAIL static verifier. This, in turn, is hosted in a user-mode protected process, which is a Windows security environment that allows a kernel component to trust a user-mode daemon signed by a trusted key. If the bytecode passes all the verifier’s safety checks, the bytecode can be loaded either into the uBPF interpreter running in a Windows kernel-mode execution context or compiled by the uBPF just-in-time (JIT) compiler and have native code loaded into the kernel-mode execution context. The uBPF step is based on an Apache-licensed library for executing eBPF programs.Then, the eBPF programs running in the kernel-mode execution context will be attached to hooks that handle events and call helper APIs. These are exposed via the eBPF shim. This shim wraps public Windows kernel APIs. This enables eBPF to be used on Windows. So far, two hooks (XDP and socket bind) have been added. Other hooks, and not just network ones, will be added.This is in no way an eBPF fork. It’s just adding a Windows-specific hosting environment for eBPF. The name of the game is to enable Windows developers to use eBPF programs, which will be source code compatible across Windows and Linux. Some of this will be done by using the Libbpf APIs Of course, some eBPF code is very specific to Linux — for example, if it uses Linux internal data structures. But many other APIs and hooks will work across platforms. EBPF, as advanced Linux programmers know, gives Linux developers a great deal of power. Now, this take on eBPF will share the wealth with Windows developers.Related Stories: More

A new Android trojan has been identified by security researchers, who said on Monday that once it is successfully installed in the victim’s device, those behind it can obtain a live stream of the device screen and also interact with it via its Accessibility Services.

The malware, dubbed “Teabot” by security researchers with Cleafy, has been used to hijack users’ credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.Cleafy’s Threat Intelligence and Incident Response team first discovered the banking trojan in January and found that it enabled fraud against more than 60 banks across Europe. By March 29, Cleafy analysts found the trojan being used against Italian banks and by May, banks in Belgium and Netherlands were also dealing with it. Research shows that Teabot is still under development but initially only focused on Spanish banks before moving on to banks in Germany and Italy. The malware now is currently supporting 6 different languages, including Spanish, English, Italian, German, French, and Dutch. The app was initially named TeaTV before repeatedly switching titles to “VLC MediaPlayer,” “Mobdro,” “DHL,” “UPS,” and “bpost.” “When the malicious app has been downloaded on the device, it tries to be installed as an “Android Service,” which is an application component that can perform long-running operations in the background. This feature is abused by TeaBot to silently hide from the user, once installed, preventing also detection and ensuring its persistence,” the Cleafy report said. Once the TeaBot is installed, it will request Android permissions to observe your actions, retrieve window content, and perform arbitrary gestures. ‍When the permissions are granted, the app will remove its icon from the device, according to Cleafy study.

Saumitra Das, CTO of cybersecurity firm Blue Hexagon said Teabot represents a shift in mobile malware from just being a sideline issue to being a mainstream problem just as malware on traditional endpoints. “Threat actors realize the true potential of mobile devices and the threat they can pose to the end-user,” Das said.  “It is important to remember that even though the apps are not on Google Play, the phishing/social engineering tactics used by the actors behind Teabot/Flubot are as good as any threat family on the PC side; that within a short time frame, they can manage to get a huge infection base. These threats should not be underestimated.” More

more coverage

Microsoft’s May Patch Tuesday dump included patches for 55 CVEs with four rated critical. There were also three zero-day bugs but none have been exploited. Products impacted includes Internet Explorer, .NET Core and Visual Studio, Windows 10 and Office to name a few. You can find the updates for May here. The fixed zero day bugs include:CVE-2021-31204 .NET and Visual Studio Elevation of Privilege VulnerabilityCVE-2021-31207 Microsoft Exchange Server Security Feature Bypass VulnerabilityCVE-2021-31200 Common Utilities Remote Code Execution VulnerabilityZero Day Initiative flagged CVE-2021-31166 as one of the more interesting bugs. ZDI said:CVE-2021-31166 – HTTP Protocol Stack Remote Code Execution VulnerabilityThis patch corrects a bug that could allow an unauthenticated attacker to remotely execute code as kernel. An attacker would simply need to send a specially crafted packet to an affected server. That makes this bug wormable, with even Microsoft calling that out in their write-up. Before you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.There’s also a Hyper-V Remote Code Execution Vulnerability flagged by ZDI with a CVSS rating of 9.9. More

For victims of ransomware attacks, paying the ransom doesn’t guarantee that their network will be restored – and handing money to criminals only encourages more criminals to try their luck infecting more companies with the file-encrypting malware.The impact of ransomware attacks continues to rise as cyber criminals encrypt networks while also blackmailing victims with the prospect of stolen data being published, in order to generate as much money as possible from extortion.But speaking at the National Cyber Security Centre’s (NCSC) CYBERUK 2021 virtual conference, Home Secretary Priti Patel warned ransomware victims that the government doesn’t support victims of ransomware attacks paying the ransom.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upNot only does paying the ransom prove to cyber criminals that their campaigns work, but there’s no guarantee that cyber criminals can be trusted not to come back again in future – or just publish the stolen data anyway. “Government has a strong position against paying ransoms to criminals, including when targeted by ransomware,” said Patel.”Paying a ransom in response to ransomware does not guarantee a successful outcome, will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach”.

Patel referred to the Colonial Pipeline ransomware attack as an example of just how disruptive ransomware attacks can be, as “cyber criminals have been increasing focused on companies and organisations, taking the time to research their target so they can maximise their chance of releasing higher sums of money through extortion,” she said.The Home Secretary urged organisations to take heed of high profile ransomware attacks and learn the necessary cybersecurity lessons in order to avoid becoming another victim of malware extortion campaigns.”Understand the consequence of an incident and how it will affect your organisation in the future – this is not just about the loss of data, there can be real disruption and significant impacts,” said Patel.”Ransomware, like other cyber crime types, has no boundaries. The challenge of investigating and identifying those responsible is one we share with our international partners,” she added.Last month, the director of UK intelligence agency GCHQ, Jeremy Fleming, spoke about the increasing danger posed by ransomware, warning that ransomware attacks are growing at an “alarming rate”.MORE ON CYBERSECURITY More

If there’s one thing an organisation should do to protect its network from cyber attacks, it’s turn on automatic updates for security patches so cyber criminals and other malicious hackers can’t exploit vulnerabilities which have already been fixed.

ZDNet Recommends

The advice comes from the UK’s National Cyber Security Centre – the cyber arm of GCHQ – which recommends applying security patches as soon as they’re available as one of the simplest things an organisation can do to prevent intruders entering their networks.”Patching is now so much easier and so much less risky than it was when we first started doing this stuff. If there’s one thing that anyone out there wants to take away, turn on automatic updates, please – even if you’re an enterprise, turn on automatic updates,” said Dr Ian Levy, technical director of the NCSC, speaking at the cybersecurity agency’s CYBERUK 2021 virtual event.”The sort of things we’ve seen over the last six to nine months like the big vulnerabilities and the big incidents, a lot of them come down to people not patching properly. And I know it’s really boring but it is really important”.Levy detailed how the NCSC contacted organisations after the recent vulnerabilities in Microsoft Exchange Server came to light to encourage them to patch their systems – yet some of these still took weeks to apply the updates, all the while potentially leaving themselves open to cyber criminals and other hostile hacking groups actively looking to exploit the flawsSEE: Network security policy (TechRepublic Premium)”People were taking weeks and weeks to patch, even though there was all the noise in the news, even though we were individually contacting them to say ‘hey, you’ve got a vulnerable Exchange server, please patch’,” he explained.

When vulnerabilities are made public, cyber attackers will actively look for networks which have yet to apply the patches. But information security teams can beat criminal hackers to the punch by examining their own networks for potential vulnerabilities, such as unsecured internet facing Remote Desktop Protocol (RDP) ports.”Think about how people select victims – look across your external facing stuff and you can see exactly what they can see,” Levy said. “As soon as RDP pops up, run back home and turn it off because it shouldn’t be connected to the internet any more”.But Levy also warned that some organisations don’t help themselves at all when it comes to applying security updates, noting that the NCSC is aware of over 1,000 endpoints in the UK which are still vulnerable to BlueKeep, a critical vulnerability in Microsoft’s RDP implementation which allows attackers to remotely execute malicious code on machines. It was detailed and patched two years ago but the organiations which haven’t applied the update are still at risk of a vulnerability popular with cyber threat groups.”That’s not okay, that’s not been patched; we know that’s one of the favourite ways of various threat groups to get in – external facing unpatched vulnerabilities, you kind of deserve what you get if you’re on that space these days!,” said Levy.SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  However, there the vast majority of organisations are taking advice on board and learning from major incidents like the SolarWinds supply chain hack or the Microsoft Exchange server attacks – and one of the key things organisations need to do to secure their infrastructure from cyber threats is to provide their information security teams with the resources needed to do things like apply the patches.”This can be done, there are organisations, companies, sectors that do this effectively. This isn’t a technical problem any more, it’s an investment problem, it’s a skills problem it’s making sure you use the right capabilities in the right way and make the right investment choices,” said Paul Chichester, director of operations at the NCSC.”This is not something that’s impossible to fix. Even the highest-end nation state, you can defend against those capabilities and the technology and capabilities is out there,” he added.The NCSC also hopes that the publicity around these high-profile cyber events is reaching the boardroom and that directors are taking notice and asking questions about how they can ensure they’re not the next organisation in the news for being breached.”My sense is the benefit of having SolarWinds as a shorthand for a much wider set of activity is there is a bit more conversation in the boardroom, there’s been a lot of coverage on this incident,” said Lindy Cameron, CEO of the NCSC.”My hope is CEOs are asking questions of their CISO and actually demanding to know there’s a system in place to make sure they can patch on a regular basis,” she added.MORE ON CYBERSECURITY More

The real-world consequences of a successful cyberattack have been clearly highlighted this week with the closure of one of the US’ largest pipelines due to ransomware. 

ZDNet Recommends

Here’s everything we know so far.  On Friday, May 7, Colonial Pipeline said that a cyberattack forced the company to proactively close down operations and freeze IT systems after becoming the victim of a cyberattack.  This measure “temporarily halted all pipeline operations” and cybersecurity firm FireEye, which operates the Mandiant cyberforensics team, was reportedly pulled in to assist. 

What is Colonial Pipeline?

Founded in 1962 and headquartered in Alpharetta, Georgia, privately-held Colonial Pipeline is one of the largest pipeline operators in the United States and provides roughly 45% of the East Coast’s fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies. The company says that it transports over 100 million gallons of fuel daily across an area spanning Texas to New York.

How did the Colonial Pipeline ransomware attack happen?

There are few concrete details on how the cyberattack took place, and it is likely that this will not change until Colonial Pipeline and the third-party company brought in to investigate have concluded their analysis of the incident. However, what appears to have happened is a ransomware outbreak, linked to the DarkSide group, that struck Colonial Pipeline’s networks. The oil giant said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.”Colonial Pipeline’s latest update, published on Monday 10, said that remediation is ongoing and each system is being worked on in an “incremental approach.””This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week,” the company added. In a further update, Colonial Pipeline said that one line is operating under manual control while supplies of gas are “available.””While our main lines continue to be offline, some smaller lateral lines between terminals and delivery points are now operational as well. We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery.”

Why does the Colonial Pipeline ransomware attack matter?

As shown in the company’s operations map, by taking out the systems supporting and managing pipeline operation and fuel distribution, vast swathes of the US have been impacted. At the time of the attack, supply shortage concerns prompted gasoline futures to reach their highest level in three years. Demand has risen, but drivers are being urged not to panic buy, as this could impact prices that have already increased due to the pipeline disruption by six cents per gallon in the past week. With normal operations not expected to resume until, at best, the end of the week, we are likely to see fluctuations — and potentially further price increases — in fuel supplies across impacted areas in the US. US President Biden has also been briefed on the event. If anything highlights just how serious a cyberattack has become, it is this. See also: Ransomware just got very real. And it’s likely to get worse

Will there be gas shortages?

Patrick De Haan

Late Tuesday evening, White House press secretary Jen Psaki said the US government is “monitoring supply shortages in parts of the Southeast,” as reported by The Independent, and “are evaluating every action the Administration can take to mitigate the impact as much as possible.”In other words, it is possible. Disruption to the supply lines for potentially a full week, or more, could lead to supply problems for consumers, aviation, and the military — especially if the security incident incites the former to panic-buy. Some gas stations have already begun running dry. 

Have any agencies become involved?

FMCSATo keep supplies flowing, the USDOT Federal Motor Carrier Safety Administration (FMCSA) issued a Regional Emergency Declaration on Sunday 9, easing standard restrictions on the land transport of fuel and the permissible working hours of drivers. “FMCSA is issuing a temporary hours of service exemption that applies to those transporting gasoline, diesel, jet fuel and other refined petroleum products to Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia,” the agency said. The FBIThe US Federal Bureau of Investigation (FBI) is also aware of the incident. On May 10, the law enforcement agency said:”The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.”

Who is DarkSide?

DarkSide is a Ransomware-as-a-Service (RaaS) group that offers its own brand of malware to customers on a subscription basis. The ransomware is currently in version 2. According to IBM X-Force, the malware, once deployed, steals data, encrypts systems using Salsa20 and RSA-1024 encryption protocols, and executes an encoded PowerShell command to delete volume shadow copies.SecureWorks tracks them as Gold Waterfall and attributes the group as a Russian-speaking past affiliate of the REvil ransomware RaaS service. A decryptor for DarkSide malware on Windows machines was released by Bitdefender in January 2021. In response, the group said the decryptor was based on a key previously purchased and may no longer work as “this problem has been fixed.” Update 13.44BST: Bitdefender told ZDNet that the decryption tool, unfortunately, does not work with the latest version of DarkSide malware. “We’re constantly working on new versions of our tools as cybercriminals fix vulnerabilities that make decryption possible,” the firm added.While believed to be relatively new to the ransomware scene, first spotted in the summer of 2020, DarkSide has already created a leak website used in double-extortion campaigns, in which victim companies are not only locked out of their systems, but also have their information stolen. If these organizations refuse to pay up, stolen data may be published on the platform and made available to the public. DarkSide isn’t just content in making money from ransomware demands, however, as the group has indicated it will happily work with competitors or investors before leaks are published.”If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares,” the group says. Read on: DarkSide explained: the ransomware group responsible for Colonial Pipeline cyberattackPerhaps unusually, however, DarkSide also appears to be trying to cultivate a Robin Hood and good-guy image — stealing from the rich (the so-called ‘big game’ targets) and giving a portion of the criminal proceeds to charity. Charities reportedly offered donations in stolen Bitcoin (BTC) have, so far, refused to accept them. The RaaS service operators have also tried to distance themselves from the incident by vaguely implying it was a customer at fault and that the cyberattack doesn’t fit the DarkSide ethos.”We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” DarkSide said on May 10. “Our goal is to make money, and not creating problems for society. We [will] introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

What happens next?

As a group known to double-extort victims, Colonial Pipeline could be the next company to face the threat of the leak of data unless they give in to blackmail and pay the attackers. It may be, however, that DarkSide could choose not to pursue this usual tactic due to the aforementioned “social” problems caused by the ransomware. Bloomberg says that during the attack, over 100GB in corporate data was stolen in just two hours. As of May 11, Colonial Pipeline has not been added to the DarkSide leak site.  This appears to be one of the largest and most successful cyberattacks on a critical component of a country’s infrastructure to date — but it is not the first. In February, a cyberattacker attempted to add dangerous levels of a chemical to a city in Florida’s drinking water system, and back in 2016, the city of Kieve, in Ukraine, lost all power for an hour due to Industroyer malware.   If the prospect of fuel shortages, the invoking of emergency powers, and the briefing of a president is anything to go by, we may see a more urgent review of cybersecurity procedures and practices in the US soon — and perhaps the implementation of severe punitive actions to companies that do not maintain a strong security posture. However, cyberthreats continue to evolve and, either way, this is unlikely to be the last time we see such severe social disruption caused by cyberattackers just in it for the money. “This incident is not the first and will definitely not be the last, as US critical infrastructure spans across an entire continent and relies on engineers in remote places to log in and perform maintenance when needed,” Bitdefender commented. “It is common for ransomware operators to probe networks for such points of entry or even to buy phished credentials to remote desktop instances that they can use to mount an attack. Critical infrastructure is becoming increasingly appealing to ransomware operators — particularly those who are involved in Ransomware-as-a-Service schemes.”Update 11/5 17.05 BST: The company’s website experienced downtime, but Colonial Pipeline insists it is “unrelated to the ransomware.” The firm said on Twitter:”We are experiencing a temporary service disruption to our corporate website, and unrelated to the ransomware. We continue to make progress on our system restart plan, and will provide an update when our website is restored.”In a follow-up, the company apologized for the “temporary service disruption.”

Previous and related coverageHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

more coverage More

The Australian Security Intelligence Organisation (ASIO) has been given a 10-year funding boost as part of the 2021 federal Budget.The AU$1.3 billion boost, the Budget documents [PDF] say, is to be invested into building ASIO’s ability to protect Australia and Australians from threats to security.Specifically, the cash will go towards enhancing Australia’s national security capabilities.”This will support ASIO’s technological capabilities, enhancing its ability to address threats to Australia’s national security,” the government said.Meanwhile, a further AU$51.8 million is being provided to support the Australian Criminal Intelligence Commission’s (ACIC) role in combatting “transnational, serious, and organised crime”.”This measure also includes funding to support enhanced collaboration and information sharing through the ongoing integration of Australian law enforcement agencies into the National Criminal Intelligence System,” it said.See also: ACIC believes there’s no legitimate reason to use an encrypted communication platform

Partial funding for this measure has already been provided by the government.”While we have been fighting COVID, other threats to our national security have not gone away,” Treasurer Josh Frydenberg said during his Budget speech.”To keep Australians safe from these threats, whether domestic or foreign, the government is providing an additional AU$1.9 billion over the decade to strengthen our national security, law enforcement, and intelligence agencies.”We also need to prepare for a world that is less stable and more contested.”The government is also providing AU$146 million over four years from 2021-22 for initiatives to prevent child sexual abuse, such as through building child safe capability in sporting organisations and delivering online safety education programs to prevent online harm and promote safe online practices for children and young people.In August, the federal government released a lacklustre refreshed Cyber Security Strategy. On Thursday, as part of its digital economy strategy, it added a handful of cyber funding and initiatives, including AU$31.7 million to secure future connectivity using 5G and 6G mobile networks; a pledge to improve standards for trusted identities that underpin the digital environment; a promise to strengthen Australia’s data security settings through the development of a National Data Security Action Plan; the piloting of Cyber Hubs that government hopes will see Canberra’s biggest IT shops help “improve resilience and cybersecurity maturity of government agencies”; and AU$16.4 million over three years for the Peri-Urban Mobile Program to improve mobile phone connectivity in the bushfire prone areas of the peri-urban fringe of Australia’s major cities.FUNDING FOR BILLS YET TO BE PASSEDThe Security Legislation Amendment (Critical Infrastructure) Bill 2020, currently before Parliament, introduces a government assistance regime that provides powers to protect assets during or following a significant cyber attack. This includes the power to authorise information gathering directions, action directions, and intervention requests.On Tuesday, the government announced it was providing funding to “improve security arrangements for critical infrastructure”.The government will provide AU$42.4 million over two years from 2021-22 to improve security arrangements for critical infrastructure assets, including those designated as systems of national significance, in accordance with the Bill, and to assist critical infrastructure owners and operators to respond to significant cyber attacks.   Another yet-to-be-passed Bill, the Telecommunications Legislation Amendment (International Production Orders) Bill 2020, which paves the way for Australia to obtain a proposed bilateral agreement with the United States for implementing the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act), has also been allocated AU$9.6 million.The government said it will provide the AU$9.6 million over four years from 2021-22 to support the bilateral exchange of information between Australia and the United States relating to the investigation of serious crimes. It has also earmarked AU$4 million over four years from 2021-22, and AU$1.1 million per year ongoing, to the Office of the Commonwealth Ombudsman and the Office of the Inspector-General of Intelligence and Security to support oversight of the use of surveillance, data access, and interception powers that will be provided to security agencies under the Telecommunications and other Legislation Amendment (Assistance and Access) Act 2018 and the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020.The Identify and Disrupt Bill — colloquially known as the “hacking” Bill — meanwhile, is still before Parliament.This measure will be offset by redirecting funding from the Department of Home Affairs, Budget documents say.Elsewhere, as part of an investment into critical frontline biosecurity resources, AU$25.5 million over four years from 2021-22 will be used for “modern technologies and diagnostic tools” to improve the speed and accuracy of pest and disease identification at the border.To modernise the country’s biosecurity IT systems, technology, and data analytics, AU$31.2 million over four years from 2021-22, and AU$1.5 million per year thereafter, will be used to deliver digital capability for biosecurity screening of incoming international mail through new technology.    The Australian government will also provide AU$98.8 million over four years from 2021-22, and AU$4.9 million ongoing per year from 2025-26, to establish an Office of Supply Chain Resilience to provide ongoing capacity to monitor and coordinate the government’s efforts to boost supply chain resilience and also to support the implementation of other government policy priorities, including its COVID-19 response and continuing Australian Public Service reforms.Elsewhere, Australia is set to receive a dedicated Freedom of Information Commissioner, a role currently filled by the Office of the Australian Information and Privacy Commissioner. The OAIC has been in need of further funding for extra hands for a while, and the AU$3.9 over four years has been allocated to the new role.  

Australian Budget 2021 More

One of the most anticipated — or hated if you are Facebook — features in iOS 14.5.1 has been the new app tracking transparency tool that means that developers must ask users for permission to use their data to track them for targeted advertising purposes.But the feature isn’t working for everyone. In fact, it was so broken that Apple rolled out a fix in iOS 14.5.1 to try to fix it.But even that didn’t fix it for some, leaving the setting greyed out.App Tracking Transparency feature greyed out even after updating to iOS 14.5.1.Must read: This is what happens when you lose an Apple AirTag
But there’s a solution that seems to help some people.And fortunately, it’s quite simple.First thing you need to do is to sign out of the App Store. To do this fire up the App Store, tap on the icon located at the top-right of the screen that represents you and then scroll down to the bottom of the screen and tap Sign Out.

With that done, reboot your iPhone. Go Settings > General and scroll down to Shut Down and tap to, well, shut down.Then, restart your iPhone and log back into the App Store. Fore up the App Store, tap the blue icon at the top-right of the screen, enter your Apple ID and password and click Sign In.Head over to Tracking (Settings > Privacy > Tracking) and see if that fixed the problem. This has worked for several people who have been in contact with me, so it’s well worth a try. Otherwise, you’re going to have to wait for iOS 14.5.2 in the hopes that fixes the problem.Have you had problems? Did this work for you? Let me know in the comments below! More