Subject: iOS 17: iPhone Users Report Worrying Privacy Settings Change After Update
Some iPhone users are discovering that their existing privacy settings are being changed without notification or consent when updating to iOS 17. Here’s what you need to know.
Previously Disabled Privacy Settings Switched Back On After iOS 17 Update – Two iOS developers interested in security and privacy matters have issued a warning to anyone installing the latest iOS 17 update to their iPhone. Going by the combined name of Mysk, the Canada and Germany-based duo have discovered that, for some users at least, iOS 17 appears to turn sensitive location and and iPhone analytics options on, even if they were disabled before the user updated.
The total number of insider incidents across 2023 rose to reach 7,343, up from just 6,803 the year before.
The average cost of an insider cybersecurity attack has sharply risen by 40% across the past four years, a new research report has found.On top of that, the typical annual cost of these types of cyber threats has risen to reach $16.2 million per attack in the past 12 month period.
The biggest costs happen after the attack has occurred, which means that businesses everywhere should prepare their potential responses now in order to lose the least.
“Insider” attacks, according to the new report, might be both malicious (Espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is negligent, mistaken, or outsmarted). The report, sponsored by insider cybersecurity firm DTEX Systems and out from the data privacy-focused Ponemon research institute, is titled 2023 Cost of Insider Risks Global Report.
The Office of the Director of National Intelligence’s 2023 Annual Threat Assessment makes clear the cyber threat posed by the People’s Republic of China (PRC): “China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the U.S. homeland. . . China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”In this context, every organization must take urgent action to understand and address known tactics, techniques, and procedures (TTPs) used by PRC cyber actors – including efforts to detect and prevent intrusions and respond to and recover from incidents, particularly by investing in the operational resilience of essential services. CISA and our partners in the U.S. government and around the world provide timely and actionable information about the PRC cyber threat to help organizations prioritize the most effective cybersecurity measures. As a starting point, organizations should:…
“Hundreds of millions of individuals’ personally identifiable information” is impacted by the privacy weaknesses, according to the Government Accountability Office. The Department of Homeland Security is being chided by oversight officials for its management and privacy practices around the use of biometrics like facial recognition.
The department’s Office of the Inspector General issued a report Friday stating that DHS lacks an up-to-date strategic plan for managing biometrics as well as a policy for collecting and using such data.
DHS houses the government’s largest repository of biometrics in its Office of Biometric Identity Management. It has been working to update its 1990’s-era system — the Automated Biometric Identification System, or IDENT — for years, although the effort has been plagued by delays and cost overruns. Several DHS components use the system, as well as other agencies, state and local law enforcement and international partners.
“We identified critical policy gaps for the consistent collection and use of biometrics across DHS,” the report states, pointing to the lack of specifics regarding the age of people whose biometrics are collected, for example.