Weekly Cybersecurity News
Malloc (YC S21)
Malloc is an AI-driven cybersecurity startup focused on mobile and app security.
We have important cybersecurity news for you from this week. European Union wants to scan personal messages for harmful content which it calls upload moderation and which privacy advocates fear would undermine user privacy. To know more about this and other news, read the below article.
The EU wants to scan your WhatsApp chats—and privacy experts are furious:
The EU is considering a law that would mandate tech companies to scan private messages for child abuse material, known as "Chat Control." This proposal has faced significant criticism from privacy advocates, who argue it undermines encryption and leads to mass surveillance. Despite attempts to modify the proposal to gain consent from users for scanning their media, experts claim it still poses significant security risks. The vote on this legislation has been postponed but remains a contentious issue, with privacy advocates urging citizens to oppose it.
Source: TechRadar
Google may soon vet APK downloads with biometrics to curb malicious content:
Google is planning to enhance the security of sideloading APKs on Android devices by requiring biometric or PIN verification, as indicated by recent updates in the Google Play Store. This measure aims to prevent the easy dismissal of security warnings from Google Play Protect. Additionally, Android 15 will feature AI-driven security enhancements, such as notifications for unsecured networks and restrictions on third-party APK permissions.
Source: AndroidPolice
iOS 18—3 New iPhone Privacy And Security Features Arriving Soon:
iOS 18, set to release soon, introduces significant privacy and security enhancements alongside Apple's first AI capabilities. Key features include the ability to lock and hide apps using Face ID, Touch ID, or a passcode, enhancing privacy when sharing devices. The new Passwords app replaces iCloud Keychain, offering better cross-platform functionality and alerting users to weak or compromised passwords. Contacts permission controls are also improved, allowing users to manage which apps can access their contacts. Additionally, iOS 18 includes enhancements like an Accessory Setup Kit for secure device pairing and a revamped Privacy & Security settings menu for clearer app access management.
Source: Forbes
Apple collected user location data without consent, says Korea; company fined:
In South Korea, Apple has been fined 210 million won (about $153,000) for allegedly collecting user location data without consent. The Korea Communications Commission (KCC) imposed the fine following violations of the Act on the Protection and Use of Location Information. Despite Apple's strict opt-in policy for location data collection, which includes explicit user consent through prompts and settings, the regulator found breaches in disclosing policies related to location data use. Apple's Korean unit was penalized as part of routine inspections under the revised location information protection act of 2022, aimed at balancing convenience and privacy in data usage.
Source: 9To5Mac
TikTok child privacy complaint sent to U.S. Dept. of Justice:
The FTC has referred a complaint to the DOJ alleging that TikTok and its parent company ByteDance violated children's privacy laws. This follows a 2019 settlement where TikTok was required to comply with COPPA, but the FTC believes TikTok has not fully adhered to these requirements. TikTok disputes the allegations, stating it has implemented several privacy measures for minors. This referral occurs amid ongoing U.S. government concerns over TikTok's data privacy and security practices.
Source: Mashable
App warning! 52 dangerous downloads spotted – Check your phone:
Users are warned about 52 malware-infected apps that were removed from the Google Play Store. Discovered by Zscaler, these apps include Joker, Facestealer, and Coper malware which can steal passwords, intercept communications, and even take control of devices remotely. Users are advised to check their device and delete these apps to avoid security risks.
Source: Kim Komando
App for motorbike lovers reveals user plates, home addresses:
A data breach has been reported involving Moto.app, a motorcycle enthusiast app in Italy, which exposed over 211,000 PDF files containing sensitive user data like names, addresses, motorcycle plate numbers, and Italian personal tax IDs. The breach occurred due to publicly accessible Microsoft Azure Blob instances owned by Moto.app. Potential risks include identity theft and fraud, prompting recommendations for immediate security measures such as access restriction, token revocation, audit logs review, and encryption implementation. Despite attempts, Moto.app did not provide an official statement.
Source: Cybernews
Android Phones Hit by Actively Exploited Elevation of Privilege Flaw:
A critical elevation of privilege flaw, CVE-2024-32896, affecting Android devices, including Google's Pixel series, was actively exploited in the wild. Discovered by GrapheneOS and initially partially mitigated in April 2024, the flaw allows attackers to manipulate device reboots during wipes, compromising security. Google's June 2024 update (Android 14 QPR3) provides a complete fix, standardizing protections across Android. Users are urged to update to security patch level 2024-06-05 or later to mitigate risks and enhance device security against such exploits.
Source: Cyber Insider
Pegasus can target government and military officials:
The controversial spyware Pegasus, developed by NSO Group, has once again sparked concern as it was revealed that the software can target government and military officials. NSO Group acknowledged in court filings that Pegasus can be used to spy on individuals without their interaction, utilizing "zero-click" methods to access sensitive data such as call logs, messages, and device locations. Despite claims of targeting criminals and terrorists, Pegasus has been found on phones belonging to journalists, activists, and opposition figures globally, raising significant privacy and human rights concerns.
Source: CSO