Pete Recommends – Weekly highlights on cyber security issues, October 5, 2024

Subject: Why Microsoft’s Security Initiative and Apple’s Cloud Privacy Matter
Source: VentureBeat
https://venturebeat.com/security/why-microsofts-security-initiative-and-apples-cloud-privacy-matter-to-enterprises-right-now/

With cyber threats growing more automated and malicious, securing enterprise data and privacy has never been more challenging. Apple and Microsoft‘s new security initiatives capitalize on their core cloud security and privacy strengths to close security gaps and reduce risk for every business.Microsoft’s Secure Future Initiative (SFI) and Apple’s Private Cloud Compute (PCC) represent the latest enterprise-ready approaches to improving cloud security and privacy. The larger the enterprise, the more diverse its cybersecurity and privacy needs, so SFI and PCC are designed to deliver real-time responses at scale.

Microsoft first unveiled the Secure Future Initiative (SFI) in Nov. 2023 to enhance its clients’ enterprise cloud security infrastructure. SFI’s goal is to deliver step-wise improvements in security across the Microsoft ecosystem. The company recently published its Secure Future Initiative Progress Report.

Apple launched its Private Cloud Compute (PCC) platform in June 2024. The PCC is a cloud intelligence system created specifically for private AI processing. Apple’s device-level security and privacy architecture is core to PCC and extended to cloud-based AI operations. One of the PCC’s primary design goals is to keep cloud-processed user data private. This is done with custom silicon, a hardened OS and privacy-preserving methods that manage data requests without storing data.

Microsoft’s Secure Future Initiative (SFI) is a multi-layered defense for enterprise security

Apple’s Private Cloud Compute (PCC) has privacy at the core

Security and privacy comparison: Microsoft SFI vs. Apple PCC

Filed: https://venturebeat.com/category/security/


Subject: Scammers Use QR Code Stickers to Target UK Motorists
Source: KnowBe4 blog
https://blog.knowbe4.com/scammers-use-qr-code-stickers

Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.In the UK, the QR codes lead to phishing sites that impersonate the parking payment app PayByPhone. The phishing sites are designed to steal personal information and payment data.“Looking at British media reports, these parking QR code scams appeared to peak during the summer holiday period (June to September),” Netcraft says. “Activity is concentrated in coastal tourism locations such as Blackpool, Brighton, Portsmouth, Southampton, Conwy and Aberdeen. There are now at least 30 parking apps in the UK, varying by location—an abundance that benefits criminals. By targeting tourist destinations, threat actors can prey on tourists who need to download the parking payment apps and are searching for ways to do so.”The phishing pages collect complete payment card details, as well as information about vehicles.


Subject: The Verizon outage showcases why satellite connections and ‘disaster roaming’ are important
Source: Android Central
https://www.androidcentral.com/phones/verizon-outage-hurricane-helene-showcase-importance-of-satellite-connectivity

You might still have a connection.

There are two very important things you need to know about if you’re a Verizon customer: Satellite messaging and disaster roaming.

Another important thing to know is that the state of North Carolina has enabled the disaster roaming rule. This means anyone with any phone can connect to any available cellular provider provided your phone has the correct network capabilities (it probably does). This means Verizon customers can connect using AT&T or T-Mobile infrastructure to make calls and send messages.


Subject: Are Lesser-Known Browsers More Secure?
Source: MakeUseOf
https://www.bespacific.com/are-lesser-known-browsers-more-secure/MakeUseOf:

“Privacy and security concerns are a big issue, and many people are considering switching to lesser-known browsers, thinking they might offer better protection than popular ones like Chrome or Firefox. I was curious about this, so I decided to dive in to see if they live up to the hype…” [answer: yes and no, but good recommendation to try other browsers as you may be stuck with one that is not serving your research and privacy requirement.]



Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.


Subject: PayPal’s data sharing controversy: New setting raises privacy concerns
Source: gHacks Tech News
https://www.ghacks.net/2024/10/02/paypals-data-sharing-controversy-new-setting-raises-privacy-concerns/

PayPal has reportedly made a change to its privacy policy that allows the company to share user data with third-parties. There is a way to opt-out of this data sharing.A report by 404 Media claims that PayPal has opted in users, without their explicit permission, to share their data with marketers. Why? Well, the company wants to offer users a “personalized shopping experience”.

Users discover opt-out feature for third-party data sharing, sparking debate on digital privacy

The article shows a screenshot that is related to a setting captioned, Personalized Shopping.

How to disable data sharing on PayPal – Go to this page:  Settings > Data & Privacy > Manage shared info > Personalized shopping. Disable the toggle for the option under Personalized Shopping.

Neither Martin nor I found the setting in our accounts, in Germany and India, respectively. However, the setting may also be available for users in Europe, one person from France said that GDPR did not protect them, because the option was available for their account, and enabled.

[I wonder how many state governments or prosecutors will be buying this data? /pmw1]


Subject: AI assistants are blabbing our embarrassing work secrets
Source: Washington Post
https://www.bespacific.com/ai-assistants-are-blabbing-our-embarrassing-work-secrets/

Washington Post [unpaywalled]: “Corporate assistants have long been the keepers of company gossip and secrets. Now artificial intelligence is taking over some of their tasks, but it doesn’t share their sense of discretion. Researcher and engineer Alex Bilzerian said on X last week that, after a Zoom meeting with some venture capital investors, he got an automated email from Otter.ai, a transcription service with an “AI meeting assistant.” The email contained a transcript of the meeting — including the part that happened after Bilzerian logged off, when the investors discussed their firm’s strategic failures and cooked metrics, he told The Washington Post via direct message on X….

But AI can’t read the room like humans can, and many users don’t stop to check important settings or consider what could happen when automated tools access so much of their work lives…”



Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

See also this 1-yr old article: https://www.washingtonpost.com/technology/2023/09/08/gmail-instagram-facebook-trains-ai/


Subject: CIA Is Openly Recruiting Informants on Social Media
Source: Newser
https://www.newser.com/story/357263/cia-is-openly-recruiting-informants-on-social-media.html

The CIA says it was successful in recruiting Russian informants following the invasion of Ukraine. Now, “we want to make sure individuals in other authoritarian regimes know that we’re open for business,” a rep said Wednesday as the agency put out a call for informants in China, Iran, and North Korea, whose governments have proved hard to penetrate. The CIA posted messages in Mandarin, Farsi, and Korean on various social media channels (Facebook, Instagram, LinkedIn, YouTube, Telegram, and X) and the Dark Web, directing interested parties to contact the agency securely—for example, using a virtual private network or the anonymous web browser Tor—per the BBC and Reuters….


Subject: EU Court of Justice bars Meta from using public third party data for targeted advertising
Source: UPI.com
https://www.upi.com/Top_News/World-News/2024/10/04/EU-Meta-data-use-advertising-ruling/9541728046805/

Oct. 4 (UPI) — The European Court of Justice ruled Friday that Meta’s Facebook and other social media cannot use sexual orientation or other sensitive public data from third parties for targeted advertising.Social media cannot freely use all personal data obtained for advertising without restrictions, the court said. Third parties have to process that data in compliance with GDPR rules.

The court said the panel discussion disclosure alone “does not authorize the processing of other personal data relating to that data subject’s sexual orientation.”

Topics

Posted in: AI, Cybersecurity, Economy, Privacy, Social Media