1. Signal for Mac users should disable notifications to keep their messages secure by Taylor Hatmaker

Signal, the encrypted messaging app of choice for many, was quick to fix an issue that left supposedly disappearing messages viewable to anyone with physical access to a Mac. Messages received through the app's desktop version could be seen through macOS' notification center, even if a user had selected to send a "disappearing message," a message that self-destructs so to speak after its sent. The issue is obviously concerning for users who value their privacy, like journalists or government workers. Initially publications (like TechCrunch and Motherboard) encouraged users to change Signal's settings to outright disable notifications. Signal didn't waste too much time putting out a new version of the app (1.10.0) that resolves the issue. Patrick Wardle, a noted Apple security expert and Chief Research Officer at Digita, verified the fix works.

2. NIST wants to the federal government to pay more attention to the supply chain by Sean Lyngaas

As if NIST's recent revisions last month to its Cybersecurity Framework weren't enough this week the agency (which operates under the US Department of Commerce) released a new update to its Risk Management Framework, a tool federal agencies defer to when assessing cyber risk. NIST says “the growing dependence on component products, systems, and services from external providers and the relationships with the providers, present an increasing amount of risk to an organization." There are several sections in the document (.PDF) that harp on the importance of supply chain management. The draft arrives just a few weeks after NIST stressed that supply chain risk management (SCRM) plays a "crucial role" in addressing risk when it comes to critical infrastructure. This week’s document – viewable here – also encourages agencies to shore up their information security program and privacy program to better safeguard personally identifiable information, or PII.

3. What Europe’s Tough New Data Law Means for You, and the Internet by Adam Satariano

Even if you’ve been beaten over the head, over and over again, the last several months on the EU's General Data Protection Regulation, or GDPR, the New York Times’ ran a refresher this past Sunday that’s worth a read. Adam Satariano, the Times' Europe tech correspondent explains succinctly and coherently what users can expect from the regulation, including users' privacy rights and responsibilities. The article skimps on the minutiae but it's the perfect article to send to your mother or your uncle if they've been confused by all these privacy notices that have been hitting inboxes of late.

Photo copyright: jorisvo / 123RF Stock Photo