• 🗒️✅ Your Security Checklist
• 📰 Your Weekly Security Update
• 🏆🎖️ Test Your Security Skills
• 🤨 This Should Be on Your Radar 📡
• 🙈 Security Fail of the Week 👎
• 🍎📱 Security Updates from Apple 🍎

If you take nothing else from this newsletter, do these three things to protect yourself:

1. Set up a passkey for accounts that support it. Passkeys are generally considered more secure than passwords since they are unique keys controlled by your password manager.
2. Having trouble finding a specific password? Find the one you need fast in the Passwords app by using this tip to sort your passwords in different ways.
3. If the Passwords app doesn’t automatically save your login information, you can manually add passwords to the app.

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

Last week, we mentioned that Apple had been asked by the UK to engineer a backdoor into encrypted iCloud systems, and Apple declined to do so. Instead of engineering a way for UK spooks to access their systems, Apple has elected to turn off the Advanced Data Protection for iCloud feature for all UK residents. This means that iCloud backups, photos in iCloud, and a few other features of iCloud cannot be encrypted. Apple has made this unfortunate decision not because it wanted to but because the UK government has given it no other choice if the company wishes to remain committed to keeping iCloud secure for the rest of the world. In fact, Apple has already submitted an appeal to the Investigatory Powers Tribunal, which could overturn the UK’s order.

The Bottom Line: The Advanced Data Protection feature is opt-in, so if you have never turned it on, then this won’t change anything for you. However, if you live in the UK and are a user of Advanced Data Protection for iCloud, then you will need to download your iCloud Drive files and iCloud photos, then switch to a local backup option for those and for your iPhone before the feature is disabled.

What should you do in the following scenario?

Almost everyone uses search engines in their daily lives to ask questions and find information. Which search engine should you use for maximum privacy? 🤔

1. Bing
2. DuckDuckGo
3. Yahoo
4. Google

Scroll to the bottom to see how you did!

Apple Moves to Help Protect Your Children Online

Apple released a guide covering its new features that are designed to help keep children safe when using their devices. This includes an easier way of setting up Child Accounts as well as allowing kids (with their parents’ permission) to share their age range with developers so apps only show them age-appropriate content. Apple has also updated its age rating guidelines to include more detail.

Related: How to Create Apple ID for Kids under 13

US Inches Closer to Passing Right-to-Repair Laws in All States

404media reports that all 50 states in the US have either passed, are considering, or have introduced right-to-repair laws. These laws make it easier for ordinary customers to repair their devices by requiring companies, such as Apple, to make parts and manuals available to the general public. It also prevents companies from using “software locks” that restrict users from making repairs themselves. For example, agricultural manufacturer John Deere was forced by right-to-repair laws to stop including software locks on some farming equipment.

The Bottom Line: Right-to-repair laws can only be a benefit to consumers, so we’re hoping more states will pass them in the near future.

Federal Cybersecurity Programs & Consumer Protections Under Threat

Brian Krebs over at Krebs on Security summarized the security and privacy aspects of the first two months of the Trump administration. Some of the actions this administration has taken include laying off 130 staffers at the Cybersecurity and Infrastructure Security Agency, ending operations at the Consumer Financial Protection Bureau, stopping enforcement of the U.S. Foreign Corrupt Practices Act, and putting a hold on all USAID funding. Suffice it to say that from a purely technical data privacy and security perspective, the situation is alarming.

Warning to Parallels Users on Mac: Serious Security Bugs

Parallels is a popular Mac program that lets you run a version of Windows on your Mac computer so you can access Windows-only software. Security researcher Mickey Jin claims to have found two serious bugs in Parallels, which he disclosed to the software maker over seven months ago, and they never patched them, so he has gone public on his blog. The bugs allow a potential attacker to gain full access and control over any Mac with Parallels installed, but it is unknown if hackers have exploited the bugs.

The Bottom Line: If you have Parallels installed currently, you may consider isolating that machine or uninstalling Parallels until a patch is released.

Be Careful! New PayPal Phishing Email Comes from a Legitimate Paypal Address

Scammers have figured out a way to send a phishing email that comes from a legitimate PayPal address, tricking users into thinking their accounts have been hacked. Bleeping Computer has done an excellent write-up of this rather clever PayPal scam.

The Bottom Line: If you receive a potentially alarming email from PayPal, do not click any links in the email. Instead, log in to Paypal in a fresh browser tab or through their app to double check your address and recent purchases.

OpenAI Disrupts Misuse of ChatGPT

OpenAI has taken action against accounts that were using ChatGPT to power a surveillance tool and spread “anti-American, Spanish-language articles.” OpenAI claims Meta’s Llama AI model was also used to create the surveillance tool. This is the first time OpenAI has discovered its tools being misused in this way. Head over to eWeek for the full story.

$1.5 Billion Stolen from Bybit Cryptocurrency Exchange

We don’t cover cryptocurrency heists very often because there are so many, but it’s worth the reminder that unregulated currencies are not only prone to speculative investment bubbles and rife with scamming of all kinds, but the exchanges that manage crypto also get knocked over at a rate that would make Bonnie and Clyde blush. The latest hacker heist made off with an eye-watering $1.5 billion in investor assets (mostly Ethereum tokens) managed by Bybit, which is a bit more than usual. Researchers have linked the theft to rogues working for the government of North Korea.

The Bottom Line: If you have any cryptocurrency, be wary of where and how you invest your funds. Be sure you can trust the establishment that manages your crypto.

Antivirus Provider Kaspersky Banned in Australia

Back in 2017, the US banned antivirus software Kaspersky from being installed on government devices and expanded the ban to all US companies and customers in 2024. The ban came after allegations of ties between Kaspersky and the Russian government. Now, Australia is following suit and prohibiting Kaspersky from being installed on government systems.

Messages Between Members of Ransomware Group Leaked

Black Basta, one of the most prominent ransomware groups, has had messages between its members leaked online, revealing internal strife. It would appear the rising tensions began when one of the organization’s leaders was arrested, making the rest of its members paranoid about the possibility of being caught. Ars Technica reports that a security firm, Hudson Rock, has fed the leaked data to ChatGPT to help other cybersecurity researchers better understand Black Basta.

Everything you need to know about Apple’s latest software updates.

• The most recent iOS and iPadOS is 18.3.1
• The most recent macOS is 15.3.1
• The most recent tvOS is 18.3
• The most recent watchOS is 11.3.1
• The most recent visionOS is 2.3.1

The correct answer is B. DuckDuckGo..

DuckDuckGo is a privacy-oriented search engine that does not track you. DuckDuckGo also has a web browser that is designed with privacy in mind, much like Firefox. In addition to switching your search engine from Google to DuckDuckGo, we also recommend using either DuckDuckGo or Firefox for your web browser instead of Google Chrome.

There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Donna Schill.

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

Interested in browsing the web privately? Check out:

• What Is a VPN on iPhone & How Does It Work?
• Can Private Browsing on iPhone be Traced?

If you enjoyed this newsletter, you’ll love all the security content available on iPhone Life Insider!

This premium subscription includes:

• The complete iPhone Life Privacy & Security Course for Apple Enthusiasts and other free online courses taught by expert instructors
• In-depth guides on everything from security to iPhone photography to other Apple devices
• Daily, bite-sized video tips on topics ranging from iCloud security to password management
• A digital subscription to iPhone Life Magazine, where you’ll find articles covering the best security gear, apps, and in-depth how-tos
• The monthly premium iPhone Life Security Newsletter covering everything you need to know to keep your digital life secure
• Access to the ad-free version of the iPhone Life Podcast and exclusive bonus content
• Expert help with all your most pressing Apple Watch questions in our private Ask an Expert Facebook Group

Join the Insider community today and save 30 percent!