Advice column: Why trust Signal?
FPF's digital security advice column today answers, why should I trust Signal?
Apple seeks dismissal of NSO Group lawsuit
Apple has filed a motion to withdraw a lawsuit against NSO Group, an Israeli spyware company.
Setting up a secure tipline on a budget
No need to break the bank when your newsroom sets up its first tipline or drop box.
Telegram rethinks messaging on content moderation
Following the arrest of Telegram founder and CEO Pavel Durov, the messaging app modified its FAQ page to clarify some new rules.
Advice column: Two-factor authentication woes
FPF's digital security advice column today answers, what happens if I lose the phone I use for two-factor authentication?
City sues security researcher after revelations about ransomware attack
Columbus Mayor Andrew Ginther announced that the data was either “encrypted or corrupted.”
How plausible is iCloud security on Apple devices?
Apple has released numerous security and privacy features over the past few years. If you use iCloud, you’ll want to enable Advanced Data Protection.
Telegram misrepresented amid founder’s arrest
The arrest of Telegram founder Pavel Durov has helped foster the mistaken notion that the app is a standard end-to-end encrypted messenger.
Announcing our advice column, “Ask a security trainer”
Are you a journalist with a question about digital security? Ask our team!
Advice column: Top three security tips
FPF's digital security advice column today answers, what are your top three security tips?
Data broker breach leaks Social Security numbers (again)
National Public Data confirmed nearly 3 billion records were affected.
OnionShare for beginners
Protecting sources from harm should be the top priority of any newsroom. Whistleblowers risk identification when sending confidential files over mainstream email and messaging services. Although there are many secure file-sharing applications, they vary in cost and technical expertise.OnionShare, a free file-sharing application, makes it easy to send and …
Russia blocks access to Signal
The latest move means that the app has been removed from Google Play and Apple App Store in Russia.
Cloudflare hides abusive websites
The Spamhaus Project has released a blog criticizing Cloudflare — a content delivery network and cloud cybersecurity provider — for providing security services to abusive domains. These websites could contain spam, phishing links, malware, and even botnets.
One nation under RISAA: What the US election could mean for surveillance of journalists
No matter what happens this November, spying on members of the news media may be an ongoing problem
Android spyware flies under the radar
The cybersecurity firm Kaspersky disclosed that at least five Google Play applications contained Mandrake, a sophisticated cyberespionage tool.
Google backtracks on ad privacy plan
Google has a habit of hitting the brakes on products and features — so much so that it’s become something of a meme to be “killed by Google.” This time it decided to backtrack on its long-standing plan to replace traditional tracking in its Chrome browser.
Beware fraudulent CrowdStrike emails
Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support.
Beyond pen and paper: Secure note-taking apps for journalists
Most note-taking applications have limited security and privacy features. Here are some alternatives you could adopt for your newsroom.
What to do about AT&T breach
Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported.
What the AT&T breach means for source protection
We can learn a lot about how to get ahead of these problems.
Massive Authy leak, plus Proton Docs
The parent company for Authy, an application for two-factor authentication, has issued a critical security update to its Android and iOS users. According to BleepingComputer, hackers utilized leaked phone numbers from past data breaches to identify up to 33 million Authy users.
Eavesdropping on AirPods?
Apple released a firmware update patching a critical Bluetooth vulnerability in AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. According to its support page, an adversary in Bluetooth range could spoof as an intended source device for these wireless headphones. When the targeted headphones send a connection request to the spoofed device, it could eavesdrop on confidential conversations.
Mail surveillance is widespread
According to data unearthed in a congressional probe, more than 60,000 requests by federal investigators and police captured data on 312,000 letters and packages between 2015 and 2023.
When data brokers break
We often talk to newsrooms about dealing with data brokers — companies that aggregate and sell data from commercial and public records. According to recent reporting from TechCrunch, an alleged breach of a U.S. data broker impacted at least 300 million people. Their reporting suggests “mixed results” verifying the authenticity of the data.
