After what seemed like forever, Apple has finally released its App Tracking Transparency (ATT) feature which requires apps to get your permission to track you across other apps and websites. This was announced last year and delayed by several months to allow app makers to come into compliance (particularly Facebook). Today I’ll tell you what this feature does and doesn’t do, and of course, how to enable it.
Tons of other security and privacy news to cover today, as well: A nasty bug was just fixed in macOS (update now!!); Firefox fixes a bug that could allow fake HTTPS lock icons and therefore compromise security; Facebook Messenger users have been targeted with a major scam; Codecov hack is just the latest in software supply chain attacks that threaten hundreds of companies and their customers; bad guys hacked ad servers to serve up malware; the US Postal Service is running a ‘covert operations program’ that monitors social media accounts; more US federal agencies are turning to private companies to buy data on people and bypass the 4th Amendment; Emotet malware has been taken down; the FBI has been hacking company servers without their consent (but with a warrant) to try to fix Exchange server hacks; some promising new AI regulations have cropped up in Europe and the US; Signal expertly trolls and hamstrings Cellebrite; and finally, Apple’s long-awaited AirTags have finally been released, but the anti-stalker protections seem to fall short, particularly for Android owners.
- A macOS major security bug has just been fixed – UPDATE NOW! https://www.forbes.com/sites/thomasbrewster/2021/04/26/update-your-mac-now-the-worst-hack-in-years-hits-apple-computers/
- Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock https://threatpost.com/mozilla-fixes-firefox-flaw/165501/
- Facebook Messenger users targeted by a large-scale scam https://www.helpnetsecurity.com/2021/04/20/facebook-messenger-scam/
- Codecov hackers breached hundreds of restricted customer sites https://www.reuters.com/technology/codecov-hackers-breached-hundreds-restricted-customer-sites-sources-2021-04-19/
- 120 Compromised Ad Servers Target Millions of Internet Users https://thehackernews.com/2021/04/120-compromised-ad-servers-target.html
- The Postal Service is running a ‘covert operations program’ that monitors Americans’ social media posts https://news.yahoo.com/the-postal-service-is-running-a-running-a-covert-operations-program-that-monitors-americans-social-media-posts-160022919.html
- Federal Agencies Are Secretly Buying Consumer Data https://www.brennancenter.org/our-work/analysis-opinion/federal-agencies-are-secretly-buying-consumer-data
- Emotet Malware Taken Down By Global Law Enforcement Effort https://www.cpomagazine.com/cyber-security/emotet-malware-taken-down-by-global-law-enforcement-effort-cleanup-patch-pushed-to-1-6-million-infected-devices/
- Are we safer with the FBI accessing our computers without consent? https://thenextweb.com/news/are-we-safer-with-the-fbi-accessing-our-computers-without-consent-syndication
- The sun is setting on A.I.’s Wild West https://fortune.com/2021/04/27/the-sun-is-setting-on-a-i-s-wild-west/
- Signal professionally trolls and screws Cellebrite: https://signal.org/blog/cellebrite-vulnerabilities/
- AirTags are scarily good at tracking items and … people. I know because I tried. https://mashable.com/review/apple-airtags-review/
- Apple reveals more about AirTag stalking protections as domestic abuse concerns expressed https://9to5mac.com/2021/04/30/airtag-stalking-protections/