Pete Recommends – Weekly highlights on cyber security issues, September 30, 2023

Subject: iOS 17: iPhone Users Report Worrying Privacy Settings Change After Update
Source: Forbes

Some iPhone users are discovering that their existing privacy settings are being changed without notification or consent when updating to iOS 17. Here’s what you need to know.

Previously Disabled Privacy Settings Switched Back On After iOS 17 Update – Two iOS developers interested in security and privacy matters have issued a warning to anyone installing the latest iOS 17 update to their iPhone. Going by the combined name of Mysk, the Canada and Germany-based duo have discovered that, for some users at least, iOS 17 appears to turn sensitive location and and iPhone analytics options on, even if they were disabled before the user updated.



Subject: It’s 2030, and digital wallets have replaced every card in our purses and pockets
Source: ZDNET

OpenWallet, now joined by Microsoft, looks to the near future when digital wallets replace traditional wallets in the same way debit cards replaced checkbooks.

BILBAO, Spain – The digital wallet took another step toward world domination as Microsoft joined the horde of tech and financial organizations supporting the OpenWallet Foundation (OWF).

At the Open Source Summit Europe, the OWF, a Linux Foundation-sponsored open-source initiative focused on creating secure and interoperable digital wallets, announced the software giant as its newest member. The move comes alongside significant open-source code contributions from industry leaders Google, Ping Identity, and neosfer.

[hope they have this at the local farmer’s market especially where the Amish sell their produce /pmw1]

As Marie Austenaa, Visa’s head of digital identity, said in her keynote discussion, “You have everything now on your mobile phone, your tickets, your cars, your boarding pass, your loyalty cards. Behind all that is a digital ecosystem.  Both you and your cards are dependent on a trusted ecosystem. It’s a consumer tool to interact with the digital world. So it’s pretty important that it uses open source to create an ecosystem that works on open standards.”

Microsoft Pay (formerly Microsoft Wallet) is a mobile payment and digital wallet service that never gained much traction. Now, Microsoft is re-entering the eWallet space.

Filed: Finance


Subject: Report: Insider Cybersecurity Threats Have Jumped 40% in 4 Years

The total number of insider incidents across 2023 rose to reach 7,343, up from just 6,803 the year before.

The average cost of an insider cybersecurity attack has sharply risen by 40% across the past four years, a new research report has found.On top of that, the typical annual cost of these types of cyber threats has risen to reach $16.2 million per attack in the past 12 month period.

The biggest costs happen after the attack has occurred, which means that businesses everywhere should prepare their potential responses now in order to lose the least.

“Insider” attacks, according to the new report, might be both malicious (Espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is negligent, mistaken, or outsmarted). The report, sponsored by insider cybersecurity firm DTEX Systems and out from the data privacy-focused Ponemon research institute, is titled 2023 Cost of Insider Risks Global Report.


Subject: China Cyber Threat Overview and Advisories
Source: CISA

The Office of the Director of National Intelligence’s 2023 Annual Threat Assessment makes clear the cyber threat posed by the People’s Republic of China (PRC): “China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the U.S. homeland. . . China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”In this context, every organization must take urgent action to understand and address known tactics, techniques, and procedures (TTPs) used by PRC cyber actors – including efforts to detect and prevent intrusions and respond to and recover from incidents, particularly by investing in the operational resilience of essential services. CISA and our partners in the U.S. government and around the world provide timely and actionable information about the PRC cyber threat to help organizations prioritize the most effective cybersecurity measures. As a starting point, organizations should:…


Subject: DHS biometrics management dinged by watchdogs
Source: Nextgov/FCW

“Hundreds of millions of individuals’ personally identifiable information” is impacted by the privacy weaknesses, according to the Government Accountability Office. The Department of Homeland Security is being chided by oversight officials for its management and privacy practices around the use of biometrics like facial recognition.

The department’s Office of the Inspector General issued a report Friday stating that DHS lacks an up-to-date strategic plan for managing biometrics as well as a policy for collecting and using such data.

DHS houses the government’s largest repository of biometrics in its Office of Biometric Identity Management. It has been working to update its 1990’s-era system — the Automated Biometric Identification System, or IDENT — for years, although the effort has been plagued by delays and cost overruns. Several DHS components use the system, as well as other agencies, state and local law enforcement and international partners.

“We identified critical policy gaps for the consistent collection and use of biometrics across DHS,” the report states, pointing to the lack of specifics regarding the age of people whose biometrics are collected, for example.

See Also:



Posted in: Cybercrime, Cybersecurity, E-Commerce, Government Resources, Privacy, Technology Trends