Your choice is a data gold mine. Every trip you make produces a lot of data — from your location to your use of information entertainment systems — and car manufacturers get better at using this information. A 2019 analysis found motors can generate up to 25 gigabytes of data per hour. As companies refine their ability to exploit this data, your car could be the next national security threat. This week, the Chinese town of Beidaihe banned Teslas from its streets while the country’s Communist Party leaders gathered in the area. One possible reason for the ban is that the cars could reveal sensitive details about China’s most senior figures.
Elsewhere, German mobile providers are testing “digital tokens” as a way to offer personalized ads on people’s phones. The trial of TrustPid by Vodafone and Deutsche Telekom generates pseudo-anonymous characters based on people’s IP addresses and uses them to show personalized product recommendations. The move was compared to “super cookies”, which were previously used to track people without their permission. While Vodafone denies that the system is similar to super cookies, privacy advocates say it is a step too far. “Companies that operate communications networks should not track down their customers, nor should they help others track them down,” privacy researcher Wolfie Christl told WIRED.
In other stories this week, we’ve summarized the critical updates from Android, Chrome, Microsoft, and others that came out in June – you need to make those updates now. We also looked at how the new ZuoRAT router malware has infected at least 80 targets worldwide. And we’ve outlined how to use Microsoft Defender on all your Apple, Android, and Windows devices.
But that’s not all. We have an overview of this week’s big security news that we could not cover ourselves. Click on the headings to read the full stories. And stay safe out there.
California’s gun database, called the Firearms Dashboard Portal, was intended to improve transparency around the sale of weapons. Instead, when new data was added to it on June 27, the update was a disaster. During the planned release of new information, the California Department of Justice made a spreadsheet online accessible to the public and exposed more than 10 years of information about gun owners. Included in the data breach were the names, dates of birth, genders, races, driver’s license numbers, addresses and criminal histories of people to whom permits for concealed and carrying weapons were granted or denied between 2011 and 2021. More than 40,000 CCW permits was issued in 2021; However, California’s Department of Justice said financial information and social security numbers were not included in the data breach.
While the spreadsheet was online for less than 24 hours, an initial investigation appears to indicate that the violation was more widespread than initially thought. In a press release issued on June 29, the California DOJ said other parts of its gun databases were also “affected.” Information contained in the dashboards of the assault weapons register, handguns certified for sale, dealer record of sale, firearms safety certificate and firearms restraining order dashboards may have been exposed in the offense, the department said, adding that it was investigating what information could have been. revealed. In response to the data breach, the Fresno County Sheriff’s Office said it was “worse than previously expected” and that some of the potentially affected information “came as a surprise to us.”
Indian hacker-for-hire groups have been targeting lawyers and their clients around the world for most of a decade, a Reuters investigation revealed this week. Burglary groups have used phishing attacks since 2013 to gain access to confidential legal documents in more than 35 cases and have targeted at least 75 U.S. and European companies, according to the report, which is based in part on a series of 80,000 emails that has been sent by Indian hackers over the past seven years. The study provides details on how hack-for-rent groups operate and how private investigators benefit from their ruthless nature. As Reuters published its investigation, Google’s Threat Analysis Group has released dozens of domains belonging to alleged hack-for-rent groups in India, Russia and the United Arab Emirates.
Since 2009, the Chinese burglary group APT40 has targeted companies, government bodies and universities around the world. APT40 has hit countries including the United States, United Kingdom, Germany, Cambodia, Malaysia, Norway, and more, according to security firm Mandiant. This week, at Financial Times investigation found that Chinese university students were misled into working for a front company linked to APT40 that was involved in research into its hacking targets. The newspaper identified 140 potential translators who had applied for job advertisements at Hainan Xiandun, a company allegedly linked to APT40 and named in a July 2021 indictment by the U.S. Department of Justice. Those who applied for jobs at Hainan Xiandun were asked to translate sensitive U.S. government documents and appear to have been “unknowingly drawn into a life of espionage,” according to the story.
In 2021, North Korean hackers stole some $ 400 million worth of crypto as part of the country’s efforts to evade international sanctions and strengthen its nuclear weapons program. Investigators this week began linking about $ 100 million worth of Horizon Bridge cryptocurrency on June 23 to North Korean actors. Blockchain analysis firm Elliptic says it has uncovered “strong indications” that North Korea’s Lazarus group could be linked to the Horizon Bridge burglary incident – and Elliptic is not the only group to have made the connection. The attack is the latest in a series of blockchain bridges, which have become increasingly common targets in recent years. However, investigators say the ongoing crypto crash has wiped out millions worth of North Korea’s crypto robbery.