Apple Accounts “Permanently” Blocked
https://mjtsai.com/blog/2021/12/07/apple-accounts-permanently-blocked/
U.S. State Department phones hacked with Israeli company spyware - sources - Reuters
iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group
Apple AirTag Linked to Increasing Number of Car Thefts, Canadian Police Report - MacRumors
https://www.macrumors.com/2021/12/03/airtag-linked-to-car-thefts/
This thought experiment captures Facebook’s betrayal of users’ privacy - Richard Ashby Wilson - The Guardian
https://www.theguardian.com/commentisfree/2021/nov/03/thought-experiment-facebook-betrayal-privacy
Imagine if the postman read your mail and then sold your information to extremists who want to target you
Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users
The hackers had set up a watering hole attack, meaning they hid malware within the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong. Users who visited those websites would get hacked with an unknown vulnerability—in other words, a zero-day—and another exploit that took advantage of a previously patched vulnerability for MacOS that was used to install a backdoor on their computers, according to Hernandez.
Apple patched the zero-day used in the campaign in an update pushed out on September 23, according to the report.
1.8 TB of Police Helicopter Surveillance Footage Leaks Online - WIRED
https://www.wired.com/story/ddosecrets-police-helicopter-data-leak/
The leak illustrates the inherent risk of collecting and retaining sensitive footage that could be breached.
Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find
AI voice cloning is used in a huge heist being investigated by Dubai investigators, amidst warnings about cybercriminal use of the new technology.
In early 2020, a bank manager in the Hong Kong received a call from a man whose voice he recognized—a director at a company with whom he’d spoken before.
Østre Toten kommune får fire millioner i bot etter dataangrepet mot kommunen – NRK
kommunen har hatt store mangler på grunnleggende sikkerhet.
– Vi ser at det har vært mangler i logging, av tofaktorautorisering, innen sikkerhetskultur og i rutiner for backup.
Tilsynet skriver i vedtaket at de ser særlig alvorlig på at personopplysninger og opplysninger om barn er rammet av angrepet. Begge har krav på et særskilt vern. Dataene er tapt for kommunen og delt i ukjent omfang på det mørke nettet.
The Risks of Client-Side Scanning
https://mjtsai.com/blog/2021/10/15/the-risks-of-client-side-scanning/
Ledende eksperter advarer mot å skanne mobiler for overgrepsmateriale – NRKBeta
https://nrkbeta.no/2021/10/15/ledende-eksperter-advarer-mot-a-skanne-mobiler-for-overgrepsmateriale/
– Introduksjonen av skanning på våre personlige enheter – enheter som lagrer informasjon fra våre gjørelister, tekstmeldinger og bilder – går midt imot enkeltborgeres behov for personvern. Denne formen for masseinnsamling kan føre til omfattende nedkjølingseffekter på ytringsfriheten og faktisk på selve demokratiet, skriver ekspertene i en artikkel publisert på forskningsnettstedet arXiv.
– Vi mener at CSS verken garanterer effektiv kriminalitetsbekjempelse eller forhindrer overvåkning. Faktisk er effekten det motsatte. CSS vil skape alvorlige sikkerhets- og personvernsrisikoer for hele samfunnet, men hjelpen det kan gi politimyndigheter i beste fall er problematisk, skriver de.
– Dette kan utnyttes til sensur og overvåking av brukere. Det er ingen tekniske hindringer som stopper Apple eller noen andre i å bruke det samme verktøyet til å spore alle brukere som uttaler seg kritisk om regimer, har en annen seksualitet eller religion enn hva statslederne godtar, sier han.
Lithuanian government warns about secret censorship features in Xiaomi phones - The Record
The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
The news highlights the continued risk from the online advertising ecosystem. Some hackers leverage how adverts are delivered to send target devices malware. Data brokers and potentially intelligence agencies can leverage the ecosystem to gather information on devices and by extension people, sometimes including their physical location. The IC taking steps to protect itself from the dangers of the advertising ecosystem shows just how malicious it can be.
How Facebook Hobbled Mark Zuckerberg’s Bid to Get America Vaccinated - WSJ
https://www.wsj.com/articles/facebook-mark-zuckerberg-vaccinated-11631880296
Company documents show antivaccine activists undermined the CEO’s ambition to support the rollout by flooding the site and using Facebook’s own tools to sow doubt about the Covid-19 vaccine
Facebook Employees Flag Drug Cartels and Human Traffickers. The Company’s Response Is Weak, Documents Show. - WSJ
Apple and Google Remove ‘Navalny’ Voting App in Russia - The New York Times
https://www.nytimes.com/2021/09/17/world/europe/russia-navalny-app-election.html
The app, created by allies of the opposition leader Aleksei Navalny, vanished from online stores, reflecting a new level of pressure against U.S. technology companies in the country.
Friday’s move could embolden the Kremlin as well as governments elsewhere in the world to use the threat of prosecuting employees to gain leverage against the companies. It presents a test of Silicon Valley ideals around free expression and an open internet, balanced not only against profit but against the safety of their workers.
Apple must allow other forms of in-app purchases, rules judge in Epic v. Apple - The Verge
https://www.theverge.com/2021/9/10/22662320/epic-apple-ruling-injunction-judge-court-app-store
In short, iOS apps must be allowed to direct users to payment options beyond those offered by Apple. The injunction is scheduled to take effect in 90 days — on December 9th — unless it is enjoined by a higher court.
Toyota pauses Paralympics self-driving buses after one hits visually impaired athlete - Self-driving cars - The Guardian
Japan’s Aramitsu Kitazono was left with cuts and bruises after being hit by the e-Palette vehicle at the athletes’ village
Engrave Danger: An Analysis of Apple Engraving Censorship across Six Regions - The Citizen Lab
The perfectionism trap - The Economist
https://www.economist.com/1843/2021/08/10/the-perfectionism-trap
Zoom Lied about End-to-End Encryption - Schneier on Security
https://www.schneier.com/blog/archives/2021/08/zoom-lied-about-end-to-end-encryption.html
Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.
The proposed settlement would generally give Zoom users $15 or $25 each.