It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Apple alerts Iranians of targeted spyware

In recent months, Apple has sent more than a dozen Iranian users notifications that their devices are being targeted by state actors, according to Iranian cybersecurity researcher Hamid Kashfi, as well as the Miaan Group, a digital rights organization focused on the Middle East. The researchers say it’s not yet clear which specific actor is behind these attacks. But Amir Rashidi, Miaan Group’s director of digital rights and security, told TechCrunch he believes these attacks likely originate from Iran. Since 2021, Apple says they send such notifications to users “multiple times a year” and that the company typically “does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.” Read more.

What you can do

  • Update, update, update: We’ve seen too many examples of spyware specifically targeting journalists. However, the most likely malware risks journalists face are not particularly sophisticated, and neither are the defenses. Simply downloading and installing the latest security updates goes a long way. Read my colleague David Huerta’s post on why software updates are so important.
  • Apple users at risk, try Lockdown Mode: Whether on an iPhone, iPad, or MacOS computer, if you feel you are at elevated risk of targeted attacks on your Apple devices, check out Lockdown Mode for more restrictive security settings. I’ve seen it remove graphics and even break functionality on some websites, and it has occasionally prevented people from messaging me, so there are trade-offs here. But the vast majority of my apps work just as normal. For those at elevated risk, this might be a worthwhile feature to try out. Learn more here.
  • Scan for malware: iVerify for iOS or Android can help scan for the signs of common types of malicious software and even some advanced variants.
  • Ask for assistance: Apple recommends reaching out for Access Now’s 24/7 digital security helpline for assistance from researchers with experience investigating these attacks.

Updates from our team

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation