The ByteDance Detection of State-Sponsored Cybercrime Using the Encyclopedia: A Guide to Passing Passkeys on Android and Google Chrome
Forbes’ article says that TikTok and ByteDance didn’t answer questions about whether the internal audit team had ever targeted US politicians, activists, public figures, or journalists, and compared the alleged plan to Uber’s “greyball” program that targeted specific users, in some cases serving regulators a misleading version of the app.
The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” Forbes claimed that it did not include details about who was potentially going to be tracked or why ByteDance was planning on doing so, because doing so might expose its sources to risk.
As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. But as the conflict expands, it is entering a phase of drone warfare. Russian has begun launching attacks using Iranian drones to wreak damage that is difficult to defend against. With Russian president Vladimir Putin escalating his rhetoric about the potential for a nuclear strike, and NATO officials watching closely for any signs of movement, we examine what indicators are available to the global community in assessing whether Russia is actually preparing to use nuclear weapons.
The platform that underlies Microsoft’s Exchange server is in dire need of development resources, and researchers are raising the alarm that the service isn’t getting the resources it needs anymore. new research shows how the custodians of the encyclopedia ferret out state-sponsored misinformation.
If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. They do not target health care or education because they run the most sparse and unremarkable operations. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.
More Technology News from KITCOTTOK-Americas Roundup: Detecting Cloud Misconfigurations in Prospective Customers of Microsoft Cloud Services
But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. The full stories can be found below. And stay safe out there.
Microsoft said this week that a misconfiguration exposed the data of some prospective customers of its cloud services. The leak to Microsoft was disclosed by the researchers from the threat intelligence firm. The exposed information goes back as far as last year, and as far as this year, according to the report. The researchers linked the data to more than 65,000 organizations from 111 countries. The exposed details include names, companies, phone numbers, email addresses, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that can lead to thousands of exposures.
Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/
The IoT Security Energy Star: How the U.S. Planned to Create a Security Label to Protect Electronics and Printing Devices will Protect the Internet of Things
There are no easy solutions to fix the longstanding security dumpster fire that is caused by cheap, undefended internet of things devices in homes and businesses around the world. Germany and Singapore have found that security labels can be added to cameras, printers, and more. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. The United States took a step this week in this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration hosted a summit this week to discuss standards and guidelines for the labels. The National Security Council recommended that a labeling program to secure such devices be put in place to give American consumers the peace of mind that the technology is safe and to encourage manufacturers to meet higher cybersecurity standards.
Sources told The Washington Post that documents seized by the FBI in Florida contained sensitive information about Iran’s nuclear program and the US’s intelligence operations in China. The experts say that unauthorized disclosures of particular information in the documents pose multiple risks. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could also potentially motivate retaliation by other countries against the US.
An American candidate defeated a Russian opponent in the election of the International Telecommunications Union, an important global standard body for cross-border communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.
The US is promoting a culture of community security, a hallmark of authoritarian states in which neighbors are encouraged to report possible wrongdoing, because it has a new legal climate for abortion access. In soccer stadiums around the world, there’s more and more monitoring. The eight stadiums in use during the 2022 World Cup in Qatar, for example, will be packed with more than 15,000 cameras to monitor spectators and to conduct biometric scanning.
Updated Patches for Rust and the Common Vulnerabilities in the Windows Programming Language, and how to protect yourself against attack by a hostile state
There is hope that a lot of the common vulnerabilities could be reduced with the use of the Rust programming language. In the meantime, we have a list of the most important vulnerabilities you can patch right now.
Liz is having a hard time. The Mail on Sunday reported that agents from Russia had hacked into her cell phone when she was foreign minister. The breach allegedly allowed these Russian operatives to intercept messages between Truss and officials in other countries, including messages about Ukraine. The Mail reports that Boris Johnson and Simon Case suppressed the violation. Labor Party officials want an “Urgent Investigation” into their Conservative opponents. The national security issues raised by an attack by a hostile state were said to be taken seriously by our intelligence and security agencies. “There are lots of security questions about the leak of this information and how it came about, which needs to be immediately investigated.”
Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
The Jack Dorsey Cash App: Not Even a Single Payment Platform Would Suffer from Ransomware Attacks During the 2020 White House Summit
Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. According to police records and claims from former employees of the Cash App, there was rampant use of the app in sex trade and other crimes. The company, which is owned by Dorsey-led Block Inc., maintains that it “does not tolerate illegal activity on Cash App” and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”
This week the US Treasury Department reported that there was a 200 percent increase in the amount of ransomware payments in the US since 2020. The report landed as the White House hosted an international summit to fight the rise of the type of software that allows attackers to hold a victim’s files for ransom, unless the victim pays. The acting director of the Treasury Department’s Financial Crimes Enforcement Network stated that attacks perpetrated by Russian-linked actors are a serious threat to our national and economic security. The number does not factor in the costs and other financial consequences that come with a Ransomware attack outside of the payment itself.