What can be learned from the story of the ByteDance anti-Russian attack on the Kremlin and Russian forces in Ukraine?

The Chinese government has access to data about US citizens, and that’s why the platform’s security is a concern for US lawmakers. After a June report from BuzzFeed News alleged that US user data had been accessed from China, TikTok CEO Shou Zi Chew wrote a letter to Republican critics addressing how the company planned to keep American user data separate from ByteDance.

The article said that the Internal Audit team at ByteDance would be looking at at least two Americans who had never worked for the company. Forbes does not include details about who was potentially going to be tracked or why ByteDance was planning on doing so, claiming that doing so may endanger its sources.

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. The conflict is entering an ominous phase as it gets more complex. Russia has begun using Iranian suicide drones to launch attacks that are difficult to defend against. We examine what indicators can be found in the international community to determine whether or not Russia is preparing to use nuclear weapons.

What are Passwords? How to Avoid Breaking Privacy Rules in Google Chrome, Android and Exchange Server Using the Vice Society’s Censors

Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. And new research examines how Wikipedia’s custodians ferret out state-sponsored disinformation campaigns in the crowdsourced encyclopedia’s entries.

If you are concerned about the threat of attacks on your computer, it is important to know that the Vice Society, like most pack groups, minimize their exposure by investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.

Wait, there’s more! The news we didn’t cover is highlighted each week. To read the full stories please click on the headlines. And stay safe out there.

The White House’s Plan for a Labeling Scheme to Protect Internet of Things Devices, and a Report to the National Security Council

Microsoft said some prospective customers’ data was exposed due to a misconfiguration. The leak to Microsoft was disclosed by researchers from the threat intelligence firm and the exposure was quickly closed. The information was exposed from as far back as July of this year and up to August of this year. The researchers linked the data to more than 65,000 organizations from 111 countries. Microsoft said the exposed details included names, company names, phone numbers, email addresses, email content, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that have led to a lot of exposure.

There aren’t any easy ways to increase the security of dumpster fires caused by cheap, undefended internet of things devices in homes and businesses. After years of problems, Singapore and Germany found that adding security labels to internet-enabled cameras, printers, toothbrushes, and more. The labels give consumers more information about protections built into the devices and give manufacturers incentive to improve their practices and get a gold seal. This week, the United States took a step in this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration had a summit with companies and industry organizations this week to discuss guidelines for labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

A Roundup of the Most Important Vulnerabilities That You Can (and Should!) Know About Iran, China, and the Internet: An Analysis Using Rust

Sources told The Washington Post this week that sensitive information related to Iran‘s nuclear program and the United States’ own intelligence operations in China were included in documents seized by the FBI this summer at former President Trump‘s Mar-a-Lago estate in Florida. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. People aiding the US intelligence efforts are at risk, according to the Post. The information could also potentially motivate retaliation by other countries against the US.

The election of an American candidate to run the International Telecommunications Union relieved proponents of open internet. We looked at the susceptibility of the world’s internet infrastructure and the vulnerability of vital undersea cables.

Researchers see evidence that the US’s new legal climate for abortion access is promoting a culture of community surveillance, a hallmark of authoritarian states in which neighbors and friends are encouraged to report possible wrongdoing. Soccer stadiums are being monitored more and more around the world. There will be more than 15,000 cameras to monitor the crowd at the eight stadiums for the World Cup in Qatar.

Rust is a memory safe programming language that is making inroads into the tech industry offering hope that a massive swath of common vulnerabilities could eventually be eliminated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.

Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/

Are Cash Apps Harming Russians? The Case of Liz Truss in the Shadow Home Secretary: Investigations are Taking a Backseat

Liz Truss is having a rough time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. Russian operatives were able to eavesdrop on messages between Truss and officials in other countries. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. While the breach remains unconfirmed, Labor Party officials are calling for an “urgent investigation” into their Conservative opponents. There are a lot of national security issues raised by a hostile state which will be taken seriously by our intelligence and security agencies, according to the Shadow Home Secretary. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”

Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. Based on police records, “hundreds of court filings,” and claims by former Cash App employees, the investigation found rampant use of the Cash App in sex trafficking and other crimes. The company, which is owned by Block Inc., insists that it “does not tolerate illegal activity on Cash App” and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”

Since 2020, the amount of payments made by the US financial institutions has increased by 200 percent. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. The Treasury Department’s Financial Crimes Enforcement Network acting director Himamauli Das said in a statement thatransomware- including attacks by Russians- remain a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.

The U.S. Social Media Crisis: State-Dependent Security Impact of a State-Mean-Field App like TikTok

“It’s troubling that rather than encouraging the Administration to conclude its national security review of TikTok, some members of Congress have decided to push for a politically-motivated ban that will do nothing to advance the national security of the United States,” Hilary McQuaide, a spokesperson for TikTok, said in a statement.

China, Russia, Iran, and North Korea are considered to be foreign adversaries by the federal government and social media companies would be barred from conducting business in the US.

And several governors have ordered their agencies not to use the app on state-issued devices. This week, Alabama, Georgia, Idaho and Utah joined other states in issuing such bans.

The flurry of activity contrasts with the lengthy negotiations TikTok has been having for years with the US government on a potential deal that may allow the company to address the national security concerns and to continue serving US users.

“We will continue to brief members of Congress on the plans that have been developed under the supervision of our country’s top national security agencies, plans that we are well underway in implementing”, said McQuaide.

A version of this article first appeared in the “Reliable Sources” newsletter. Sign up for the daily digest chronicling the evolving media landscape here.

Government officials are alarmed by its widespread usage. FBI Director Christopher Wray raised eyebrows after he said that the app could be used to control users’ devices.

The Senate-passed bill would provide exceptions for “law enforcement activities, national security interests and activities, and security researchers.”

Comments on Berkman’s App on G-odd Streaming Radio and Social Network (GAN-APS-09-03)

Berkman acknowledges how difficult it would be to get users to leave the app. Last year, the app reported that more than a billion users flock to its site each month.