It's not just Apple, the EU also wants to scan devices! And other security and privacy news

Privacy

It’s not just Apple, the EU also is considering client side scanning, but many people see Client-side content scanning as an unworkable, insecure disaster for democracy. If you want to know more, here’s an analysis by leaders in the security and privacy field: Bugs in our Pockets: The Risks of Client-Side Scanning

Beyond this high-profile case, there are other invasions:

• Ad-blocking browser extension actually adds ads, say Imperva researchers

• UK Judge: Ring Security Cams Violated Neighbor's Privacy

• Google pulls ‘stalkerware’ ads that promoted phone spying apps

Facilitating new surveillance methods,

• Facebook is researching AI systems that see, hear, and remember everything you do

• Tesla debuts new car insurance that uses Texans' real-time driving behavior

With all this invasive technology, it’s really amazing that Americans Have Faith in Tech Companies, Despite All the Evidence That They Shouldn't

Naturally, people in other countries are exposed as well: Moscow metro launches facial recognition payment system despite privacy concerns

Security

Olympus confirms US cyberattack, weeks after BlackMatter ransomware hit EMEA systems and Acer confirms second cyberattack in 2021 after ransomware incident in March

confirming once more that Ransomware is the biggest cyber threat to business. But most firms still aren't ready for it. And it’s not likely to get better:

• This new ransomware encrypts your data and makes some nasty threats, too

• Enterprises struggle with security monitoring ‘tool sprawl’

• CISA outlines cyberthreats targeting US water and wastewater systems

In other hacks, Microsoft Fends Off 2.4Tbps DDoS Attack, Second Largest on Record. More broadly, Software supply chain breaches are ‘staggeringly high,’ report finds

Again, new vulnerabilities for consumers became public:

• Apple releases iOS 15.0.2 with a security fix for a bug ‘under active exploitation’

• Apple Patches New Zero-Day iOS Vulnerability Possibly Under Exploitation

• Microsoft warns over password attacks against these Office 365 customers

• Security flaws at NFT marketplace OpenSea left users' crypto wallets open to attack

• Whole Foods customer records among 82M exposed due to vulnerable database

• Google's VirusTotal reports that 95% of ransomware spotted targets Windows

Some of these vulnerabilities are even created by government: Missouri Gov. Goes After Reporter Who Found Shockingly Bad Flaw in State Website

However, there was also quite a bit of good security news last week:

• Google unveils new security programs, 'Cybersecurity Action Team' and partnerships with CrowdStrike, Palo Alto

• Ransomware: Even when the hackers are in your network, it might not be too late

• More than 30 countries outline efforts to stop ransomware after White House virtual summit

• BlackByte ransomware decryptor released

• REvil ransomware group goes dark after its Tor sites were hijacked

Trying to address security issues globally, US invites friends to multilateral cybersecurity meetings – Russia and China strangely absent

Regulation

In anti-trust news, Senate bill would prevent tech companies from favoring their products over rivals, and Pressure mounts on Amazon and App Store discrimination in new bill

Social media again was the target of some announcements:

• Lawmakers want to strip legal protections from the Facebook News Feed

• FTC to Companies: Knock It Off With the Deceptive Social Media Endorsements

• Lawmakers Want to Hold Social Networks Responsible for 'Malicious Algorithms'

Giving Facebook and almost-free pass, Irish regulators support Facebook's 'consent bypass' legal maneuver, suggest $42 million fine for GDPR violations

Entering a new space, US regulator targets Tesla on NDAs, over-the-air software updates