USA WIRED Immigration and Customs Enforcement Database obtained through a Freedom of Information Act request indicates that the agency relied on a certain type of administrative subpoena to collect data from primary schools, abortion clinics and other vulnerable populations. And New details on a recent supply chain attack against 3CX VoIP software indicates that the attackers — likely hackers working for the North Korean government — are targeting crypto companies in a widespread attack.
We also looked at this week’s move by Italy’s data regulator, Garante per la Protezione dei Dati Personali, to temporarily prevent OpenAI from incorporating Italians’ personal information into training data. In response, the company has now prevented people in Italy from accessing its general-purpose AI platform, ChatGPT. Meanwhile, we discover Dangerous deficiencies in defense and security in the U.S. agricultural industry and the nation’s food supply chainand we’ve dived in the story of a small US gadget blog that found disturbing holes in foreign security cameras and take on China’s surveillance industry to fix them.
In virtual private network news, open source VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin’s ingrained digital censorship and control. And the Tor Project has partnered with open source VPN maker Mullvad to create a new privacy-focused browser incorporating the VPN of your choice.
Plus, there’s much more. Each week, we compile security news that we don’t cover in depth ourselves. Click on the title to read the full story and stay safe while out there.
Chinese e-commerce giant Pinduoduo has more than 750 million customers a month and sells a wide range of products and groceries. But cybersecurity researchers who analyzed the company’s Android app discovered that it contained invasive malware that exploited Android vulnerabilities to take control of a user’s device—gaining access to Android devices. access data from other apps, change system settings, and track people’s digital activity in some cases. way.
Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover Android vulnerabilities and develop exploits. The stated goal is to increase sales by tracking customers and competitors. CNN said there is no concrete evidence that Pinduoduo provided the data it stole to Beijing, but under Chinese law it is very likely. Google suspended the app from the Play Store at the end of March, but the app store is banned in China, so Android users usually download their apps from local app stores. Previously, Pinduoduo denied “rumors and allegations that [the] The Pinduoduo app is malicious,” but it did not respond to CNN’s multiple requests for comment on the new findings. Tech giants around the world are often criticized for their massive, even excessive data collection practices. But the researchers say that Pinduoduo’s application is particularly serious.
Law enforcement from 17 counties collaborated on this week’s takedown of the widely used digital crime marketplace Genesis, known for selling large numbers of logins and codes. Stolen access notification. Police seized the site’s infrastructure and also carried out a massive operation in multiple countries to conduct 208 property searches and arrest 119 of the site’s alleged users. The FBI and Dutch National Police are leading the effort with support from Europol and other organisations. “Working across our 45 FBI offices and together with our international partners, the Department of Justice has conducted an unprecedented takedown of a major crime market that has allowed cybercriminals to become fall victim to individuals, businesses, and governments around the world,” US Attorney General Merrick Garland said in a statement. “Our arrest of Genesis Market should serve as a warning to cybercriminals operating or using these criminal markets.”
Just in time for the tax day, public procurement records reviewed by Motherboard showed that the Internal Revenue Service was interested in purchasing an internet monitoring tool from Team Cymru, a company that makes digital surveillance products. . The FBI and the US military were clients. The tool provides users with access to “netflow” data, which indicates widespread activity on the internet, including interactions such as communicating with servers. Without such monitoring tools, only the host server or its operator and internet service provider would have access to such data. The filing also indicates that the IRS is looking to purchase access to certain cybersecurity products for defense.
Tesla vehicles have several cameras built in, but the video they record is said to be locked so you have privacy in your car. However, Reuters found that Tesla employees had been sharing embarrassing and “highly intrusive” videos and photos from customers’ cars on an internal communication platform from the company. 2019 to 2022. Some footage is simply about dogs or funny signs, but it also attracts public attention. a variety of compromise situations, including nudity. Tesla did not respond to detailed questions from Reuters about the findings.
The Chinese spy balloon caused an uproar when it flew over the United States earlier this year, making multiple passes over sensitive military sites and successfully collecting a number of electronic signals, such as those from an intercontinental system. equipment and weapons, according to three current and former officials who spoke to NBC News. The US government said at the time that it was taking steps to prevent the balloon from collecting anything useful. However, the three officials added that US countermeasures have been successful in significantly reducing the amount of information the balloon can collect.
