Security News

Apple will begin requiring app makers to tell users what tracking information they want to gather and get permission to do so, displaying what have been referred to as "Privacy nutrition labels." "Unless you receive permission from the user to enable tracking, the device's advertising identifier value will be all zeros and you may not track them," Apple said this week in an online message to developers.

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.

IBM is working with partners on its Digital Health Pass, which allows for easy sharing of health credentials such as a COVID-19 vaccine or test. IBM's GM Jason Kelley shares details.

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window. Name property has been available for websites to store whatever data they choose to, but such data has often been allowed to leak between sites, essentially allowing for the tracking of users across the pages they visit.

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."

We look at the big-money hacks from the 2021 Pwn2Own competition. We investigate the difficulties of hiring an assassin via the dark web.

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.

Discussions surrounding how to ensure data privacy have been replaced with conversations on how citizens' data is being used, collected and processed. Generally, regulations should continue to pressure companies - including government entities - to provide adequate cybersecurity measures and follow the principle of least privilege to protect the data they have been entitled to collect or process, including transparency and giving users access to their data.

This agreement brings Semafone into the Avaya ecosystem of alliances, with the goal of helping contact center customers solve the complex security and compliance challenges faced as they embrace a work from anywhere model. The integration of Semafone's, DevConnect certified, secure payment technology with Avaya OneCloud enterprise Session Border Controller, enables Cardprotect Voice+ to be deployed and used across all global Avaya OneCloud contact center solutions.

Auth0 announced that Lucy McGrath has been appointed as the company's first Vice President of Privacy. McGrath is an international data privacy lawyer and will be responsible for enabling Auth0 and its customers to continue to solve dynamic privacy challenges and protect the users and other humans impacted by their work.