USA WIRED Immigration and Customs Enforcement database obtained through a Freedom of Information Act request shows that the agency has been relying on some type of administrative subpoena to collect data from elementary schools, abortion clinics and other vulnerable populations. AND new details about a recent supply chain attack against 3CX VoIP software indicate that the attackers, likely hackers working for the North Korean government, were targeting cryptocurrency companies in the broad attack.
We also look at this week’s move by Italy’s data regulator, Garante per la Protezione dei Dati Personali, to temporarily prevent OpenAI from incorporating the personal information of Italians into training data. In response, the company has currently blocked people in Italy from accessing its generative AI platform, ChatGPT. Meanwhile, we explore the dangerous security defense missing in the US agricultural sector and the nation’s food supply chainand we enter the saga of a small US gadget blog finding troubling flaws in foreign security cameras and he took on the Chinese surveillance industry to fix them.
In virtual private network news, open source VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin’s inveterate censorship and digital control.. And Tor Project collaborated with open source VPN maker Mullvad to create a new privacy-focused browser that incorporates the VPN of your choice.
Plus, there’s more. Every week, we round up security news that we don’t cover in depth ourselves. Click the headlines to read the full stories and stay safe.
Chinese e-commerce giant Pinduoduo has more than 750 million customers a month and sells a wide range of products and groceries. But cybersecurity researchers who analyzed the company’s Android app found that it contains invasive malware that exploits Android vulnerabilities to take control of users’ devices, gaining access to data from other apps, changing system settings and monitoring people’s digital activity in various ways.
Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover Android vulnerabilities and develop exploits. Supposedly, the goal is to increase sales by tracking customers and competitors. CNN said there is no specific evidence that Pinduoduo turns over the data it steals to Beijing, but under Chinese law that would be quite possible. Google suspended the app from its Play Store at the end of March, but the app store is banned in China, so Android users often download their apps from local app stores anyway. In the past, Pinduoduo has rejected “the speculation and accusation that [the] The Pinduoduo app is malicious,” but did not respond to multiple requests from CNN for comment on the new findings. Tech giants around the world are often criticized for their massive and even excessive data collection practices. But the researchers said the Pinduoduo app was particularly egregious.
Law enforcement from 17 counties assisted in the takedown this week of the widely used digital crime marketplace Genesis, known for selling massive amounts of stolen login credentials and access tokens. Police seized the site’s infrastructure and also launched a massive multi-country campaign to conduct 208 property searches and arrest 119 of the site’s alleged users. The FBI and the Dutch National Police led the effort with the support of Europol and many others. “Working out of 45 of our FBI field offices and together with our international partners, the Department of Justice has launched an unprecedented takedown of a major criminal market that enabled cybercriminals to victimize individuals, businesses, and governments around the world.” said US Attorney General Merrick Garland. in a sentence. “Our Genesis Market seizure should serve as a warning to cybercriminals operating or using these criminal marketplaces.”
Just in time for tax day, public procurement records reviewed by Motherboard show the US Internal Revenue Service is interested in buying an Internet surveillance tool from Team Cymru, a company that makes products digital monitoring. The FBI and the US military are already clients. The tool gives users access to “netflow” data, which reveals extensive Internet activity, including interactions such as server communication. Without such surveillance tools, only the host or operator of a server and the Internet service provider would have access to such data. The records also indicate that the IRS is looking to buy access to a number of defense cybersecurity products.
Tesla vehicles come with multiple cameras, but the video they capture is supposed to be locked so you have privacy in your own car. However, Reuters found that Tesla employees shared embarrassing and “highly invasive” videos and images of customer cars on an internal company communication platform between 2019 and 2022. Some of the images were simply of dogs or signs. comedic traffic jams, but they also captured a number of compromising situations, including nudity. Tesla did not respond to detailed questions from Reuters about the findings.
He chinese spy balloon That caused quite a stir as it hovered over the US earlier this year, making multiple passes over sensitive military sites and successfully collecting some electronic signals, such as those from communications and weapons systems, according to three current and former officials. who spoke to NBC News. The US government had said at the time that it was taking steps to prevent the balloon from collecting anything useful. However, the three officials added that the US countermeasures succeeded in substantially reducing the amount of information the balloon could collect.