Apple goes to court to fight UK demand for iCloud encryption backdoor
Apple is suing the UK government over its demands to weaken iCloud encryption under the Investigatory Powers Act. The UK wants a backdoor for law enforcement, and Apple argues that would compromise global security. Apple previously pulled its Advanced Data Protection feature from the UK, and the battle has drawn criticism from some U.S. officials. The case could set a precedent for encryption policies worldwide, with major implications for user privacy and tech companies.
3 VMware Zero-Day bugs allow sandbox escape
Broadcom is telling VMware customers to patch three actively exploited zero-day vulnerabilities affecting ESXi, Workstation, and Fusion. These flaws allow attackers with admin access to escape virtual machines and compromise the underlying host, which can lead to data exfiltration, malware deployment, and service disruption. CISA has added the vulnerabilities to its exploited list, requiring federal agencies to patch by March 25th.
The Firefox I loved is gone – how to protect your privacy on it now
Mozilla’s recent changes to Firefox’s privacy policies have sparked backlash, with users upset over a new terms update that seemingly grants Mozilla broad rights over user data. The company removed its previous claim that it never sells data, fueling concerns that Firefox could be monetizing user information or using it for AI training. Mozilla says it’s just legal wording, not a policy shift. Users can control their Firefox settings, switch to alternatives like Brave or Tor, or use privacy-focused Firefox variants like Waterfox and LibreWolf.
(ZDNet)
Exclusive: Fired US government workers with top security clearances were not given exit briefings, sources say
Reuters’ sources say some U.S. government workers with top security clearances were fired without standard exit briefings, which typically include reminders about non-disclosure agreements and instructions on handling foreign adversary approaches. The layoffs were overseen by the Department of Government Efficiency (DOGE). Former security officials warn this poses a counterintelligence risk, especially for those with knowledge of nuclear security. A DOE spokesperson said steps are being taken to remind dismissed employees of their obligations, but experts call the lack of debriefings a serious security concern.
(Reuters)
Huge thanks to our sponsor, ThreatLocker
Meet Rayhunter: a new open source tool from EFF to detect cellular spying
The EFF launched an open-source tool called Rayhunter, designed to detect cell-site simulators… or devices that mimic cell towers to track phones and potentially intercept data. Rayhunter runs on a $20 Orbic mobile hotspot and monitors control traffic to identify suspicious activity, like forced downgrades to vulnerable 2G networks. Users get alerts for anomalies and can review logs. EFF expects Rayhunter to help build defenses against CSS and inform legal efforts to regulate their use.
(EFF)
Serbian police hack protester’s phone with Cellebrite exploit chain
Amnesty International reports that Serbian police used a Cellebrite mobile extraction tool and an exploit chain to hack a student activist’s phone. The attack used Android USB driver vulnerabilities and let authorities gain root access and possibly install spyware. Cellebrite claims its products are for lawful investigations but has stopped supplying certain customers. Some experts debate the ethical responsibility of vendors providing these kinds of tools, with calls for stricter safeguards and accountability.
UR Encoder launch by FaceTec introduces new option for biometric ID issuers
FaceTec has launched UR Encoder, which is software that lets biometric ID issuers create UR Codes—digitally signed face data stored on a user’s device for secure identity verification. The system promises privacy while letting authorities like DMVs, passport offices, and employers issue biometric credentials. UR Codes use cryptographic signatures to prevent tampering and can be scanned on a mobile device or webcam. FaceTec offers a free license for governments and nonprofits, with commercial use available through partnerships. Developer access is now open, with additional software components rolling out soon.
New Eleven11bot botnet infects 86,000 devices for DDoS attacks
Nokia researchers have discovered Eleven11bot, infecting more than 86,000 IoT devices like security cameras and NVRs—for DDoS attacks. The botnet is loosely linked to Iran and has targeted telecom providers and gaming servers, reaching attack volumes of hundreds of millions of packets per second, spreading through brute-force attacks on weak admin credentials and scans for exposed Telnet/SSH ports. Security researchers say blocking associated IPs, updating firmware, disabling unnecessary remote access, and changing default credentials is the way to mitigate risk.
Threat actor ‘JavaGhost’ targets AWS Environments in phishing scheme
Palo Alto Networks’ Unit 42 reports a threat actor known as JavaGhost is exploiting misconfigured AWS environments to steal access keys and send phishing emails that bypass security filters. JavaGhost has been scanning for exposed credentials in public files, gaining unauthorized access, and avoiding detection by sidestepping common AWS tracking methods since 2022. The group then uses compromised AWS Simple Email Service (SES) accounts to send phishing messages, making them seem legitimate.