Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. [...]

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic. [...]

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” [...]

Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage. [...]

The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it. [...]

The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. [...]

A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app. [...]

Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely. [...]

IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers. [...]

Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’ [...]

In this blog post, I show you how to protect your Amazon Simple Storage Service (Amazon S3) bucket while still allowing access to your AWS Certificate Manager (ACM) Private Certificate Authority (CA) certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the …

Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. (credit: 1905HKN via Getty Images / Jim Salter ) The LA Times reported this week that Los Angeles man Hao Kuo "David" Chi pled guilty to four federal felonies …

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume …

Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials. [...]

Enlarge (credit: Jorg Greuel | Getty Images) More than a thousand web apps mistakenly exposed 38 million records on the open Internet, including data from a number of COVID-19 contact-tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s …

Enlarge (credit: Andriy Onufriyenko | Getty Images) Companies of all kinds use machine learning to analyze people’s desires, dislikes, or faces. Some researchers are now asking a different question: How can we make machines forget? A nascent area of computer science dubbed machine unlearning seeks ways to induce selective …

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part …

A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement. [...]

Computing giant tries to reassure users that the tool won’t be used for mass surveillance. [...]

Enlarge / Pretty Good Phone Privacy wants to minimize how much your wireless provider knows about your location. (credit: Noam Galai | Getty Images) Location data sharing from wireless carriers has been a major privacy issue in recent years. Marketers, salespeople, and even bounty hunters were able to pay shadowy third-party …

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according …

Exclusive: civil service chief points to work to improve cybersecurity in response to Labour concerns Ministers and civil servants conducting “government by WhatsApp” have been at risk of being targeted by hackers, leading to new advice from security chiefs about how to improve their privacy. The cabinet secretary, Simon …

Exclusive: civil service chief points to work to improve cybersecurity in response to Labour concerns Ministers and civil servants conducting “government by WhatsApp” have been exposed to hackers, leading to new advice from security chiefs about how to improve their privacy. The cabinet secretary, Simon Case, revealed that the …

Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted. [...]

John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years. [...]