that’s another one The busy week in security saw big news about protests, surveillance, spyware, data breaches, etc. In the United States, Recent court filing details The FBI’s controversial use of the warrant yielded a trove of Google location data from thousands of devices in and around the Capitol on January 6. Meanwhile, in Iran, videos of Anti-government protests shared on social media highlight the importance of Twitter’s role in documenting human rights abuses and the consequences if the social media platform is broken.
On November 30, Google’s threat analysis team moved to block a Spanish hacking framework targeting desktop computers. The exploit framework, dubbed Heliconia, caught Google’s attention after a series of anonymous submissions to Chrome’s bug reporting program. Although Google, Microsoft, and Mozilla have all patched the Heliconia vulnerabilities, you should always keep your devices up to date. .Here’s what you need to know about all the important security updates released in the past month.
Google researchers also discovered this week that the encryption keys phone manufacturers use to verify the software on their devices is genuine—including the Android operating system itself—was stolen and used in malware.
Finally, we published part six of WIRED reporter Andy Greenberg’s series, “The Dark Web’s Biggest Boss Hunt,” chronicling the demise of AlphaBay, the world’s largest dark web marketplace. Read the last part hereand see the entire book from which the series is extracted, Tracers in the Dark: The Global Hunt for Crypto’s Crime Lordsnow available from wherever you buy the book.
And there’s much more. Each week, we highlight news that we don’t cover in depth. Click on the titles below to read the full stories.
A deadly fire in an apartment building has sparked massive protests in China, where thousands of protesters in major cities have taken to the streets despite a national ban. no covid policy. The current wave of protests—the scale of which has not been seen in the country since the deadly Tiananmen Square protests of 1989—has faced a massive apparatus of surveillance and censorship that the state has fine-tuned for decades. Authorities are using facial recognition, phone searches and informants to identify, intimidate and detain protesters.
The protests are testing China’s sophisticated censorship apparatus, and experts say the sheer volume of video clips may have overwhelmed China’s army of censors. Leaked documents from China’s Cyberspace Administration called the protests a “Level I Internet Emergency Response,” and authorities ordered e-commerce platforms to limit availability. of VPNs and routers bypassing the firewall. On Sunday, Chinese-language Twitter accounts have been spamming the service with links to escort services along with the name of the city where the protests are taking place to drown out information about the protests..
US Immigration and Customs Enforcement is in trouble after it mistakenly posted confidential data on thousands of asylum seekers in a periodic update to its website. The data — including the names, dates of birth, nationality and locations of detention of more than 6,000 individuals — was made public for five hours before it was taken down by the agency. The data disclosure could expose immigrants affected by the breach to retaliation from the gangs and governments from which they fled.
The agency’s technological malpractice comes as the Biden administration is dramatically expanding its use of technology to monitor immigrants during their conditional release through the United States. Smartphone app and ankle monitor.
“The U.S. government is obligated to keep the names and information of asylum seekers confidential so that they do not face retaliation,” said an attorney at Human Rights First, the organization that discovered the leak. , said. LA time. “The release of confidential data by ICE is illegal and morally unconscionable, a mistake that should never be repeated.”
New research shows that Google continues to withhold sensitive location data from individuals seeking abortions despite promises the company made in July to remove this type of data from its systems. . Researchers from Accountable Tech, an advocacy group, conducted various tests to analyze the data Google stores about individuals who search for abortions online. They found that searches for directions to abortion clinics on Google Maps, as well as routes to visit Planned Parenthood sites, were stored by Google for weeks. Google spokesperson Winnie King told guardian that users “can turn off Web & App Activity at any time, delete all or part of their data manually, or choose to have persistent data automatically deleted”.
Their findings contradict the commitments Google made after the incident US Supreme Court overturned Roe v Wade. “If our system determines that someone has visited one of these locations, we will remove these entries from Location History immediately upon their visit,” the company said in July. Five months later, Google apparently hasn’t made this change.
LastPass, a popular password manager, is investigating a security incident after its system was breached for the second time this year. In a blog post About the incident, CEO Karim Toubba said that the attackers gained access to their customer information using data stolen from LastPass’s systems in August, but did not specify What specific customer information was taken away—although he specified that the users’ stored passwords were still protected by the company’s encryption scheme. “We are working to understand the scope of the incident and determine what specific information was accessed,” Toubba said. “In the meantime, we can confirm that LastPass products and services are operating as normal.”
