Subject: VICTORY! Apple Commits to Encrypting iCloud, Drops Phone-Scanning Plans
Source: Electronic Frontier Foundation
Today Apple announced it will provide fully encrypted iCloud backups, meeting a longstanding demand by EFF and other privacy-focused organizations.
We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data. Encryption is one of the most important tools we have for maintaining privacy and security online. That’s why we included the demand that Apple let users encrypt iCloud backups in the Fix It Already campaign that we launched in 2019.
Apple’s on-device encryption is strong, but some especially sensitive iCloud data, such as photos and backups, has continued to be vulnerable to government demands and hackers. Users who opt in to Apple’s new proposed feature, which the company calls Advanced Data Protection for iCloud, will be protected even if there is a data breach in the cloud, a government demand, or a breach from within Apple (such as a rogue employee). Apple said today that the feature will be available to U.S. users by the end of the year, and will roll out to the rest of the world in “early 2023.”
Related Issues: Privacy
Source: gHacks Tech News
Security research Or Yair discovered a method to trick antivirus and endpoint security solutions into deleting legitimate files on Windows systems. Yair found out that he could manipulate endpoint detection and response and antivirus programs so that these programs would function as data wipers on Windows devices.The discovered security issue can be exploited from unprivileged user accounts to delete system files and other files the user has no delete permissions for. The exploit could be used to remove important files from a system and this could result in an unbootable system or a system that lacks certain functionality….
In other words, all it took to delete legitimate files on Windows was the following:
- Create a malicious file on the system using a special path.
- Hold it open so that security solutions can’t delete it.
- Delete the directory.
- Create a junction that points from the deleted directory to another.
Yair tested 11 different security and endpoint solutions. Six of these were vulnerable to the file wiping exploit, including Microsoft Defender, Microsoft Defender for Endpoint, Avast Antivirus, SentinelOne EDR and TrendMicro Apex One. Microsoft, TrendMicro and Avast/AVG released updates.