The United States Immigration and Customs Enforcement (ICE) agency has relied on administrative subpoenas to collect data from vulnerable populations, such as elementary schools and abortion clinics. This information was obtained through a Freedom of Information Act request. Additionally, a recent supply chain attack on the VoIP software 3CX indicates that hackers, believed to be working for the North Korean government, targeted cryptocurrency companies. Italy’s data regulator, Garante per la Protezione dei Dati Personali, temporarily stopped OpenAI from incorporating Italians’ personal information into training data. OpenAI responded by preventing people in Italy from accessing its generative AI platform, ChatGPT. The lack of security defense in the US agriculture sector and food supply chain was also explored. Finally, the story of a small US gadget blog that discovered security flaws in foreign security cameras and confronted the Chinese surveillance industry to fix them was detailed.
In the news about virtual private networks, the open-source VPN Amnezia is helping users in Russia bypass the government’s censorship and digital control. The Tor Project collaborated with the open-source VPN maker Mullvad to create a new privacy-focused browser that incorporates users’ choice of VPN.
In other security news, cybersecurity researchers discovered that the Chinese e-commerce app Pinduoduo, with over 750 million customers per month, is malicious and exploits Android vulnerabilities to gain access to users’ devices and data from other apps. Current and former Pinduoduo employees revealed that the company has a specific initiative to discover Android vulnerabilities and develop exploits, allegedly to increase sales by monitoring customers and competitors. Law enforcement from 17 countries collaborated in the takedown of the digital criminal marketplace Genesis, which sold massive quantities of stolen login credentials and access tokens. The effort resulted in the seizure of the site’s infrastructure, the execution of 208 property searches, and the arrest of 119 of the site’s alleged users.
According to public procurement records reviewed by Motherboard, the US Internal Revenue Service (IRS) is interested in purchasing a digital mass surveillance tool from Team Cymru, a company that makes digital monitoring products. The tool, which is already used by the FBI and US military, gives users access to “netflow” data, revealing broad internet activity, including interactions like server communication. Without such surveillance tools, only a server’s host or operator and internet service provider would have access to such data. The records also show that the IRS is looking to purchase access to several cybersecurity products for defense. This news comes just in time for tax day.
Tesla employees reportedly accessed and shared private videos and images from customers’ cars on an internal company communication platform between 2019 and 2022, according to Reuters. Although Tesla vehicles incorporate a number of cameras, the video they capture is supposed to be locked down for privacy reasons. Some of the footage was merely of dogs or comical road signs, but it also captured an array of compromising situations, including nudity. Tesla did not respond to detailed questions from Reuters about the findings.
The Chinese spy balloon that caused an uproar as it floated over the US earlier this year made multiple passes over sensitive military sites and successfully collected some electronic signals, such as those from communications and weapons systems, according to three current and former officials who spoke to NBC News. The US government had said at the time that it was taking steps to block the balloon from collecting anything useful. The three officials added, however, that the US’s countermeasures succeeded at substantially reducing the amount of information the balloon was able to collect.
Go to Source
Author: Lily Hay Newman