At a glance.
- WhatsApp's EU privacy policy.
- Lessons from the Twitch breach.
- Apple sues NSO Group, alleging abusive surveillance.
- Recipe apps hunger for personal data.
WhatsApp adds privacy policy details for EU users.
SecurityWeek reports that WhatsApp is adding stipulations to its privacy policy particularly directed at European users. The move is in response to being hit with a 225 million euro fine after Ireland’s data privacy watchdog found the messaging giant in violation of EU data privacy rules, particularly regarding the sharing of data with other companies owned by parent company Meta, formerly known as Facebook. The privacy policy will be more transparent about what data the platform collects and how that data is used, as well as how it secures data transferred internationally for its global service, and European users will be directed to the new information via a banner at the top of their screens.
Lessons learned from the Twitch breach.
JDSupra discusses the recent, massive, Twitch data breach and what it says about security compliance. In the unprecedented October 6 incident, the attackers stole and published source-code, internal security protocols, and earning data of the streaming platform’s top users. In the aftermath, it’s important for companies to familiarize themselves with popular hacking tactics like social engineering and phishing operations, and understand the implications of the data privacy regulations that pertain to them. In the case of an incident, businesses should also have a response strategy in place that includes identifying the impacted data, securing the network, and informing the necessary authorities, legal counsel, and the company’s cyber insurance provider.
Apple files lawsuit against NSO Group.
Apple announced yesterday that it is suing Israeli surveillance software company NSO Group, makers of the controversial Pegasus spyware, amid allegations that Pegasus was used to infect Apple devices of human rights activists and journalists. Apple is also pursuing a permanent injunction banning NSO Group from using any Apple products. The New York Times notes that this move could render NSO obsolete, as the company’s main selling point is offering government clients access to a target’s mobile device. Reuters adds that Apple claims NSO Group created over one hundred fake Apple ID user credentials to carry out its activities, and that NSO misused and manipulated Apple’s servers to spy on the targets. Apple is requesting damages for the time and money lost dealing with NSO’s alleged abuse of its products, the proceeds of which will be donated to the organizations that revealed the misconduct. “This is Apple saying: If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists or journalists, Apple will give you no quarter,” said Ivan Krstic, head of Apple security engineering and architecture. In response to the announcement of the suit, an NSO spokesperson stated, “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth.” The Record by Recorded Future notes that Apple is not the first tech giant to file a suit against NSO in a US court, as back in May 2019 Facebook (now Meta) sued NSO for deploying a WhatsApp zero-day. As well, US officials put NSO on a trade blacklist earlier this month.
Add a pinch of personal data.
Just in time for prepping your Thanksgiving meal, a new study from the Mozilla Foundation shows that popular Android recipe apps like Allrecipes Dinner Spinner, Recipes Home, and Food Network Kitchen are sharing copious amounts of user data with advertisers. The info includes a user’s precise location, device information, and even scrolling and tapping behavior, all being used to target advertising directed at users. “There’s something that just feels icky about it, to know that you were using an app in one way and then that data was used in a completely different, unexpected way,” Mozilla researcher Becca Ricks told the Washington Post. “For me, it raises questions around consent. What am I agreeing to when I download an app?” Makers of the apps in question said that users are agreeing to their privacy policies when they decide to use the app, and that their policies are in keeping with Google’s ad standards. Google spokesman Scott Westover stated, “We are committed to empowering consumers to make their own choices by providing clear information about how apps use data, as well as offering advanced security and privacy controls.”