Your car is a data gold mine. Every trip you take generates a lot of data — from your location to your infotainment system usage — and automakers are getting better and better at using this information. A 2019 analysis found that cars can generate up to 25 gigabytes of data per hour. As companies improve this data mining, your car could be the next car national security threat. This week, the Chinese town of Beidaihe banned Teslas from the streets as the country’s Communist party leaders gathered in the area. One possible reason for the ban is revealable cars Sensitive details about China’s most senior figures.
Elsewhere, German mobile service providers are experimenting with “digital tokens” as a way to serve personalized ads on people’s phones. Vodafone and Deutsche Telekom’s TrustPid test generates pseudo-anonymous tokens based on people’s IP addresses and uses them to display personalized product recommendations. This move is referred to as “super rookie,” which was previously used to track people without their permission. While Vodafone denies the system resembles supercookies, privacy advocates say it’s a step too far. Privacy researcher Wolfie Christl: “Companies that operate media networks should not spy on their customers, nor should they help others spy on them. tell WIRED.
In other stories this week, we’ve rounded up the key issues updates from Android, Chrome, Microsoft and others coming in June—You should make those updates now. We also looked at how Malware on ZuoRAT . router infected at least 80 targets worldwide. And we present the details How to use Microsoft Defender across all your Apple, Android and Windows devices.
But that’s not all. We have a recap of the big security news for the week that we can’t hand out on our own. Click on the title to read the full story. And it’s safe out there.
California’s gun database, known as the Gun Panel Portal, aims to improve transparency around arms sales. Instead, when new data was added to it on June 27, the update proved to be disaster. As part of the planned new information release, the California Department of Justice made a publicly accessible spreadsheet online and revealed more than 10 years of gun owner information. In the data breach the names, dates of birth, gender, race, driver’s license numbers, addresses and criminal histories of those who were granted or denied permission to conceal and carry weapons from 2011 to 2021. More than 40,000 CCW licenses have been issued Released in 2021; however, the California Department of Justice said financial information and Social Security numbers were not included in the data breach.
While the spreadsheet was online in less than 24 hours, an initial investigation seems to indicate that the breach was more widespread than initially thought. In a press release Released on June 29, the California DOJ said other parts of its gun database were also “affected”. The Department said the information contained in the Assault Weapons Register, Certified Pistols for Sale, Dealer Sales Records, Firearm Safety Certificates and Gun Violence Prohibition may have been disclosed in the violation case. disclosure. Response to data breach, Fresno . County Sheriff’s Office speak it was “worse than previously expected” and some potentially affected information “came to us unexpectedly.”
Indian hacker groups for hire have been targeting lawyers and their clients globally for over a decade, Reuters investigation revealed this week. Hacking groups have used phishing attacks to gain access to confidential legal documents in more than 35 cases since 2013 and targeted at least 75 US and European companies, according to the report. report, based in part on a number of 80,000 emails sent by Indian hackers. past seven years. The investigation details how hack-for-hire groups operate and how private investigators take advantage of their ruthless nature. As Reuters announced its investigation, Google’s Threat Analysis Team public announcement Dozens of domain names belonging to alleged hacking groups for rent in India, Russia and the United Arab Emirates.
Since 2009, the Chinese hacking group APT40 has been targeting companies, government agencies, and universities around the world. APT40 has hit countries including the US, UK, Germany, Cambodia, Malaysia, Norway and more, according to the security firm Mandiant. This week, a Financial Times investigation discovered that Chinese university students were tricked into working for a front company affiliated with APT40 and engaged in research into its attack targets. The newspaper identified 140 potential translators who had applied for a job advert at Hainan Xiandun, a company allegedly linked to APT40 and named in an indictment filed by the US Department of Justice in July 2021. Hainan Xiandun job applicants were asked to translate sensitive US government documents and appear to have been “inadvertently manipulated” into a life of espionage”, according to story.
In 2021, North Korean hackers stole about 400 million dollars in cryptocurrency as part of the country’s efforts to evade international sanctions and strengthen its nuclear weapons program. This week, investigators began linking the theft of about $100 million in cryptocurrency from Horizon Bridge, on June 23, to North Korean actors. Blockchain analytics company Elliptic speak it found “strong indications” that North Korea’s Lazarus Corporation may be involved in the Horizon Bridge hack — and Ellipictic isn’t the only group connected. The attack is the latest in a string against blockchain bridge, which has become increasingly popular in recent years. However, investigators say the ongoing crypto crash has been wiped out millions of values from North Korean crypto thefts.