Is Russia Ready to Use Suicide Drones? Investigations into the Internal Audit Of ByteDance, a Non-US-based Cyber-Monetary Security Company

Tik Tok does not share its information with the Chinese government and a US-based security team is who can access US user data from China. TikTok employees in China can currently access user data.

The article said the ByteDance Internal Audit team planned to surveill at least two Americans, who had never worked for the company before. Forbes says its report was based on materials it reviewed but did not include details about who was potentially going to be tracked or why ByteDance was planning on tracking them, claiming that doing so may put its sources at risk.

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. But as the conflict evolves, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. With NATO watching for signs that Russia is about to use a nuclear weapon, and with Putin’s rhetoric getting bolder, we examine what indicators are out there for the global community to assess if Russia is indeed preparing to use nukes.

How to Fix Your Passwords: The Case Against the Vice Society in the Age of Goliathm, MS Exchange, and Cloud Email Hosting

Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. There is new research that examines how the custodians of the encyclopedia ferret out state-sponsored misinformation in their entries.

If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.

Wait, there is more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Towards an Energy Star for IoT Security Labeling: The United States Helps Make Internet of Things Safer, Smarter, and Safer

Microsoft said this week that a misconfiguration exposed the data of some prospective customers of its cloud services. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. According to a report, the exposed information is as far back as the beginning of the year and the end of the year. The researchers linked the data to more than 65,000 organizations from 111 countries. Microsoft said the exposed details included names, company names, phone numbers, email addresses, email content, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that can lead to more than one exposure.

There are no easy answers to solve the longstanding security dumpster fire caused by cheap internet of things devices in homes and businesses around the world. Germany and Singapore have found that adding security labels to internet- connected video cameras, printers, toothbrushes, and more has alleviated many problems of the past. The labels give consumers a better understanding of the protections, and manufacturers an incentive to improve their practices and get a gold seal. This week the United States took a step in this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration had a summit with companies to discuss standards and guidelines for the labels. According to the National Security Council, a program to secure devices would give Americans peace of mind that the technology they are buying at stores is safe and would encourage manufacturers to meet higher cybersecurity standards.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

Cyber-Security, Cyber-Private, and Information Security Roundup: What You Can Do Now and What You Shouldn’t Do

Sources told The Washington Post that documents seized by the FBI included sensitive information about the Iranian nuclear program and the United States intelligence operations in China. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. People aiding US intelligence efforts may be in danger, according to the Post. The information could inspire retaliation against the US.

Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.

There is a suspicion that the US’s new legal climate for abortion access is promoting a culture of community surveillance, a hallmark of authoritarian states where neighbors and friends are encouraged to report wrongdoing. Soccer stadiums around the world are being watched more and more. The eight stadiums in use during the 2022 World Cup in Qatar, for example, will be packed with more than 15,000 cameras to monitor spectators and to conduct biometric scanning.

Rust, a programming language more secure than previous ones, is making inroads in the tech industry, offering hope that a lot of common vulnerabilities could eventually be mitigated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.

Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/

What have we learnt about the Chern-Simons cash app, which helped fuel sex trafficking in the UK and other countries?

Liz Truss is having a rough time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. Russian operatives were able to intercept messages between Truss and her officials in other countries. The Mail claimed that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the leak. Labor Party officials are calling for an investigation into their Conservative opponents, even though the break remains unconfirmed. The Labor Party Shadow Home Secretary said last weekend that there were important national security issues raised by an attack by a hostile state which would have been taken seriously by our intelligence and security agencies. There are a lot of questions about how this information was leaked and released, and it needs to be thoroughly investigated.

This is the third time this year that a corporate creation created by Jack Dorsey faces new heat. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. The investigation found rampant use of the Cash App in sex trafficking and other crimes, as well as police records and claims from ex-Cash App employees. The company is owned by a group of people known as Block Inc. and has staff who are dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”

The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. A White House summit is aimed at counteracting the rise of a type of threat that allows attackers to hold a target’s files for a fee until the victim pays. ransomware, including attacks perpetrated by Russian-linked actors, remain a serious threat to our national and economic security, Himamauli Das said in a statement. In order to take into account the costs and other financial consequences that come with a cyberattack outside of the payment itself, the number doesn’t quite make sense.

Implications of the Recent Senate Passage of a Social Media Privacy Law against Electronic Transactions on Government-Owned Devices

The legislation names Tik Tok and its parent company, ByteDance, as social media companies. A Washington Post op-ed written last month by two of the House sponsors indicated their intention to introduce the bill.

The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.

The legislation comes as a wave of Republican governors introduced state-level restrictions on the use of TikTok on government-owned devices. A number of states have introduced these measures, including Maryland, South Dakota and Utah.

The flurry of activity contrasts with the lengthy negotiations TikTok has been having for years with the US government on a potential deal that may allow the company to address the national security concerns and to continue serving US users.

The plans that have been developed under the oversight of the country’s top national security agencies will continue to be brief to members of Congress.