Privacy

Data brokers may be banned from selling your personal data without legitimate justification, under a new proposal by the Consumer Financial Protection Bureau (CFPB). Back in the summer it was revealed that one of these brokers was hacked, resulting in the compromise of personal data for every person in the US, UK, and Canada.

The proposed change would limit the sharing of sensitive data like your name and social security number by subjecting data brokers to the same rules as credit checking agencies …

Popular video conferencing platform Zoom agreed to pay $85M in compensation back in 2021 after it was revealed that the company lied to users about the type of encryption it offered. It has now offered to pay an $18M fine to the Securities & Exchange Commission (SEC) in order to settle an investigation into the same security and privacy issue.

Zoom disclosed the offer in a regulatory filing …

Some six years after virtual private network company NordVPN started searching data breaches for the most-used passwords, things are every bit as bad as when the company started.

Each year, the company searches the dark web for passwords stolen by malware or exposed in security breaches to determine the most commonly-used passwords, and this year’s crop is as depressing as ever …

Earlier this week Ming-Chi Kuo suggested that we’ll see an Apple smart home camera in 2026, with the company confident it will prove to be a popular accessory, selling in the tens of millions per year.

Given Apple’s habit of minimizing the number of products it makes, if the report is accurate the company must feel there’s good reason to enter a crowded product category, and I think an Apple camera will likely differentiate itself in two ways: privacy, and Apple Intelligence …

A UnitedHealth hack exposed the personal information and health data of more than 100M Americans – the first time the company has put a specific number on the security breach.

A ransomware attack was made on Change Healthcare back in February, but it was only yesterday that the company revealed its “unprecedented magnitude” …

Apple Intelligence is launching later this month, bringing a first wave of AI features to your iPhone, iPad, and Mac. But as with all AI technology, the matter of privacy is a key one to pay attention to. How does Apple Intelligence handle user privacy? Here’s what you should know.

One of the new features of iOS 18 and macOS Sequoia is iPhone Mirroring – but using this with a personal iPhone on a work Mac currently creates a privacy risk for employees, and a legal risk for businesses.

The problem, as cybersecurity company Sevco discovered, is that apps on the iPhone get treated as Mac apps, and that means their presence is included in corporate IT audits …

It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US.

What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement …

A MoneyGram hack has seen an attacker obtain the personal data of an unknown number of the company’s 50 million money transfer users.

A separate hack of a debt collection company has seen personal data obtained for more than 200,000 Comcast customers, despite previous assurances that this was not the case …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

I’m in the midst of traveling to Ukraine this week for OFTWv2.0, and I can’t help but think about the comments on last week’s edition of Security Bite defending the VPN apps that still exist on the App Store in Russia. While almost every app from legitimate providers in the country has been removed, Russian users can still find a surplus of VPN options claiming to offer secure encryption and private browsing. The only question being–really?

Some developers yesterday argued that a change to iPhone contact privacy in iOS 18 made it harder for new social media apps to compete.

But I think they’re wrong, and that the more granular privacy control offered in iOS 18 actually makes it more likely that we’ll be willing to grant contacts access to apps …

iOS 18 is full of big, headline changes like new customization tools, upgrades to Photos, Notes, and Messages, and the forthcoming Apple Intelligence features. But one smaller update is causing a lot of concern for social apps, and it’s a change designed to protect user privacy.

A succession of T-Mobile data breaches saw millions of customers have their personal data exposed. The company has now been fined $15.75M, and has agreed to spend the same amount again on upgrading its security.

The Federal Communications Commission (FCC) says that the combination of fine and promised security enhancements represents a model for future handling of such incidents …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Since Russia’s full-scale assault on Ukraine, Apple has significantly scaled back its operations in the country. It has since suspended all product sales and limited certain services, such as Apple Pay. Despite this, Apple continues to operate a full-fledged App Store in Russia. However, it’s now facing worthy criticism for complying with Russian government requests to remove VPN apps to adhere to local regulations–censorship.

Apple has improved iPhone security and privacy with iOS 18. One of the valuable new features is the ability to require Face ID for individual apps as well as putting them in a hidden folder. Read along for how to lock and hide apps on iPhone in iOS 18.

Discord end-to-end encryption (E2EE) is rolling out today for both audio and video calls. You can update to the latest mobile and desktop apps to get access to the privacy protection today.

There are, however, some exceptions to strong encryption, which result from a mix of technical limitations and Discord policy …

Security researchers came up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls.

They’ve put together a YouTube video (below) to demonstrate how tracking the avatar’s eye movements accurately detects the virtual keys the Vision Pro user is looking at when typing …

Apple software SVP Craig Federighi says that the Private Cloud Compute servers used for Apple Intelligence features are really basic – and with good reason.

The exec says it’s one of a number of decisions the company made to ensure that it’s AI cloud servers form a “hermetically sealed privacy bubble” with your iPhone …

When Apple introduced the M4 iPad Pro earlier this year, the company quietly added a new privacy feature to it, which is called “Secure Exclave.” Now the company is bringing the same new privacy technology to the iPhone 16 models, which are powered by the A18 chip.

Meta has admitted to scraping all public Facebook and Instagram posts made since 2007 in order to train its generative AI model, adding to the privacy contrast with Apple Intelligence.

While the admission was made during a public enquiry in Australia, the company’s statement applies globally …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The privacy implications of Notification Center popups are well-known in the security forensics community. Whether a user likes it or not, macOS temporarily keeps a log of every notification received in a single plaintext database. This can include messages from applications like iMessage, Slack, Teams, and virtually anything else.

However, it now appears Apple has moved the Notification Center database in macOS Sequoia to address concerns.