We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Privacy Roundup: Week 12 of Year 2025
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Privacy Roundup: Week 12 of Year 2025

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

This is a news item roundup of privacy or privacy-related news items for 16 MAR 2025 – 22 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.

Privacy Tip of the Week

You should at least enable MFA on important/sensitive accounts. While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts.

Surveillance Tech in the News

up close view of camera lens This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy. Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS Cyber Insider Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices. This data collection is primarily facilitated by software development kits, which developers may include in apps to bring features without coding things from the ground up – however, they may even be unaware of the privacy implications for their app users. Judge stops Musk’s team from ‘unbridled access’ to Social Security private data Reuters As DOGE continues to push for more access to various systems containing sensitive information of Americans’ a judge orders the Social Security Administration to stop sharing data with “DOGE affiliates”. Allegedly (and in line with prior reporting), DOGE accessed sensitive SSA data without proper vetting — similar to when they gained access to US Treasury payment data, which also contains sensitive information of millions of Americans. Researchers name several countries as potential Paragon spyware customers TechCrunch The Citizen Lab, a group of academics and security researchers, recently published a report indicating the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are “likely” customers of Israeli spyware maker Paragon Solutions.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

fingerprint scan on blue background Bitwarden enables biometric unlock on Linux Bitwarden Installing Bitwarden through Snapcraft on Linux can use biometrics to unlock the desktop application.

Privacy Services

data and storage concept orange and yellow tiles Cape opens $99/month beta of its privacy-first mobile plan, inks Proton deal, raises $30M TechCrunch I usually don’t include beta software on in this series (or really on avoidthehack) or early-stage startups because things in those early-stages go through such turbulence… but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore. Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services. They also have appeared to partner with Proton…

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

padlock with bullet hole on circuit board Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch 9to5Mac Mysk security researchers first discovered this vulnerability after noticing the Passwords app had connected to 130 different domains over regular (unencrypted) HTTP. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP. This vulnerability was patched by Apple in December 2024, but they only disclosed it recently. Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign Infosecurity Magazine Threat actors are leveraging a “bring your own vulnerable driver” (BYOVD) attack to bypass Windows security measures. Once bypassed, threat actors had high-level access and could view information such as user passwords and other stored credentials. Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying The Register Nation-state backed threat actors (which includes North Korea, Iran, Russia, and China) have been abusing Windows shortcut files LNK for many years. These threat actors go to lengths to bury the actual commands used in malicious .LNK files which download malware onto the machine. According to Microsoft, despite this observed trend, it doesn’t intend to release a security fix — but could do so in the future.

Malware

red virus detection on dark background AMOS and Lumma stealers actively spread to Reddit users MalwareBytes Reddit posts (directly on reddit.com) by threat actors on subreddits frequented by cryptocurrency traders link to information stealing malware. New Arcane infostealer infects YouTube, Discord users via game cheats Bleeping Computer A campaign spreading information stealer Arcane primarily uses video game cheats as a lure; specifically, the campaign uses YouTube videos promoting game cheats and cracks to trick users into downloading a password-protected archive containing a malware loader script. Once executed, the script fetches the information stealing malware. The Kaspersky researchers noted the this “Arcane” information stealer has no known links or overlapping code with Arcane Stealer V. Additionally, Arcane steals a wide range of user data, including VPN account credentials, gaming client information, messaging apps, and information stored in various web browsers. 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads SecurityWeek Vapor campaign included over 180 malicious apps on Google Play posing as utility, health and fitness, and lifestyle apps designed to deploy “endless, intrusive full-screen interstitial video ads.” Apps in the Vapor campaign bypassed the recent protections introduced in the latest…

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2025/03/privacy-roundup-week-12-of-year-2025/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Privacy Roundup: Week 11 of Year 2025
  2. The 2024 cyberwar playbook: Tricks used by nation-state actors
  3. Privacy Roundup: Week 7 of Year 2025
  4. Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks