Like the summer winds Researchers warned this week about Systematic vulnerabilities in mobile application infrastructureas well as a New iOS security bug and one of TikTok. And new discoveries of ways exploit Microsoft’s Power Automate tool in Windows 11 shows how it can be used to deliver malware, from ransomware to keyloggers and more.
The Anti-Putin Media Network February Morning, which runs on the Telegram communication app, has played an important role in the underground resistance to the Kremlin. Meanwhile, “California’s Age-appropriate Design Code” passed the California legislature this week with potentially major impacts on the online privacy of children and everyone else.
Plus, if you’re ready to take a more radical step toward protecting your privacy on mobile and feel like the bad guy doing it, we’ve got you covered. Instructions for installing and using the phone recorder.
But wait a minute! Every week we highlight news that we don’t cover in depth. Click on the title below to read the full story. And it’s safe out there.
Data broker Fog Data Science has sold access to what it claims are billions of points of location data from more than 250 million smartphones to local, state and federal law enforcement agencies. states across the United States. The data comes from technology companies and cell phone towers and is collected in the Fog Reveal tool from thousands of iOS and Android apps. Importantly, access to this service is very cheap, often costing local police departments less than $10,000 per year, and investigations by the Associated Press and Electronic Frontier Foundation Found that law enforcement sometimes obtains location data without a warrant. The EFF investigated more than 100 public records requests filed over several months. “Troublesomely, those records show that Fog and some law enforcement agencies do not believe that Fog’s surveillance activities relate to Fourth Amendment rights of the people and require that authorities warrants are required,” the EFF wrote.
An unprotected database containing information on millions of faces and license plates was exposed and publicly accessible in the cloud for months until it was finally protected in mid-August. TechCrunch linked the data with Xinai Electronics, a technology company based in Hangzhou, eastern China. The company develops authentication systems for accessing spaces such as garages, construction sites, schools, offices or vehicles. It also touts additional services related to payroll, employee engagement and performance tracking, and license plate recognition. The company has a huge network of cameras deployed across China to capture face and license plate data. Security researcher Anurag Sen warned TechCrunch about the unprotected database, which also revealed names, ages, and resident ID numbers in facial data. This incident comes just months after a huge database from Shanghai police was leaked online.
Montenegro authorities on Wednesday said a gang called “Cuba” targeted their government networks with a ransomware attack last week. The gang has also claimed responsibility for an attack on a dark web. Montenegro’s National Security Service (ANB) says the group has ties to Russia. The attackers are said to have deployed a strain of malware called “Zerodate” and infected 150 computers at 10 Montenegrin government agencies. It is not clear if the attackers stole the data as part of the hack. The US Federal Bureau of Investigation is sending investigators to Montenegro to help analyze the attack.
On Monday, the US Federal Trade Commission announced it was suing data broker Kochava for selling geo-location data collected from apps on “hundreds of millions of mobile devices”. The data can be used to track people’s movements and reveal information about where they’re going, including showing visits to sensitive locations, the FTC said. “Kochava data can reveal visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and facilities,” the agency wrote. addiction recovery. “The FTC alleges that by selling people tracking data, Kochava is allowing others to identify individuals and expose them to threats of stigma, stalking, discrimination, loss of employment and even physical violence.” The lawsuit is intended to prevent Kochava from selling sensitive location data, and the agency is asking the company to delete what it already has.
In August, the Cl0p ransomware gang attacked South Staff Water, a water utility in the UK. The gang says they even have access to SSW’s industrial control network, which handles things like water flows. The hackers have published screenshots that allegedly show they have access to the water supply control panel. Experts told Motherboard that it appears hackers may indeed have tampered with water supplies, highlighting the risks when critical infrastructure networks are not sufficiently prevented from business networks normally. “Yes, had access, but we just made screenshots,” Cl0p told Motherboard. “We do not harm people and treat critical infrastructure with respect. … We weren’t really involved because we didn’t want to harm anyone.” SSW said in a statement“This incident does not affect our ability to provide safe water.”
