In brief
92% of the top 100 UK charities are failing to comply fully with EU data protection regulations, according to a digital privacy campaign group. In many cases, opt-out forms didn't change anything and there was no opportunity for users to give or refuse consent to be tracked. ProPrivacy
Google has banned stalkerware apps that are used to track the movements of the device on which it's installed and spy on what the user is doing. That's good. Less good is that the ban exempts apps if they say they're designed to track children. Google
Another warning to academic institutions that they're being actively targeted by attackers, as several universities have already discovered. They're urged to ensure systems are kept up-to-date, multi-factor authentication is used, and staff and students are educated about the threats. NCSC
Apple has updated its AppleCare+ policies to cover two incidents of accidental damage every 12 months, instead of two incidents every 24 months. The new policy covers iPhones, iPads, displays, Macs and Apple Watches. MacRumors
A Spanish family has had an unwelcome introduction to the perils of different date formats after being mistakenly accused of uploading child sex abuse material to Facebook. The issue arose because investigators identified an IP address, but misunderstood the date the family had used it because it was in US format. El Pais
US Customs officials excitedly announced the seizure of $400,000 worth of fake Apple AirPods. The only problem...they turned out to be a shipment of genuine OnePlus Buds (as the packaging clearly stated). Rather than admitting the error, US Customs is insisting the seized goods infringe Apple's patents. Wired
Singapore has provided another glimpse of how life might look in the future. It's offering to pay users who buy an Apple Watch and install a health tracking app on it. LumiHealth will deliver “weekly activity goals, wellness challenges and nudges that cover nutrition, sleep, mental wellbeing, and more, tailored to your health goals and Apple Watch activity.” The Register
Updates
Apple: iOS 14 has been released amid a chorus of complaints from developers that they weren't given enough time to test it. We always advise waiting before installing a major new iOS version - and that's particularly true in this case - but it's also important to be aware that the new release does address important security vulnerabilities. A further update is highly likely in the near future because the latest version is supposed to allow users to change the default web browser and email client, but after a reboot they default back to Safari and Mail. There are also updates for Safari, Xcode and watchOS,
Windows: Two mandatory Windows 10 updates will force the installation of Microsoft's Edge browser. Microsoft says the browser now forms an integral part of the operating system (although you can remove it manually if you really want to).
Google: Improved protections against malicious software for users enrolled in Advanced Protection Program.
Firefox: Mozilla has shut down its Firefox Send service which provided a simple way to share files safely. The reason; scumbags had abused it to launch a range of attacks.
Netlogon: Last month, Microsoft issued an update for the Netlogon protocol that is a key element in authenticating users. This month, US officials warned administrators to make sure the update had been applied because a way to exploit is publicly available.
Adobe: Update for Media Encoder 14.4 which is designed to address security flaws "that could lead to information disclosure in the context of the current user."
NitroPDF: Latest version addresses series of security issues discovered by Cisco Talos.
Drupal: Updates for several vulnerabilities, one ratedf 'critical'.