Security
Headlines
HeadlinesLatestCVEs

Headline

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

Wired
#vulnerability#intel#auth

Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.

Researchers see evidence that the US’s new legal climate for abortion access is promoting a culture of community surveillance, a hallmark of authoritarian states in which neighbors and friends are encouraged to report possible wrongdoing. And surveillance is on the rise in soccer stadiums around the world as well. The eight stadiums in use during the 2022 World Cup in Qatar, for example, will be packed with more than 15,000 cameras to monitor spectators and to conduct biometric scanning.

The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

There’s no longer a question about whether TikTok staff in China can access Europeans’ data. The company this week announced that it plans to update its privacy policy to explicitly list China as one of the countries where workers can access data from users in the European Union, such as location data that users opt to share. TikTok’s policy update comes amid a yearlong investigation by Ireland’s Data Protection Commission, which is looking into its data-transfer policies under the EU’s General Data Protection Regulation. The inquiry is part of Western governments’ increased scrutiny of the video-sharing platform, which some US officials have characterized as a national security threat due to frequently close relationships between Chinese companies and the government in Beijing. TikTok, which is owned by China-based ByteDance, says in its announcement that its privacy policy update is meant to “include greater transparency into how we share user information outside of Europe and how we collect user location information.” The new policy goes into effect on December 2.

Liz Truss is having a rough time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. The breach allegedly allowed these Russian operatives to intercept messages between Truss and officials in other countries, including messages about Ukraine. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. While the breach remains unconfirmed, Labor Party officials are calling for an “urgent investigation” into their Conservative opponents. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”

Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation, the Cash App is helping fuel sex trafficking in the US and elsewhere. Based on police records, “hundreds of court filings,” and claims by former Cash App employees, the investigation found rampant use of the Cash App in sex trafficking and other crimes. The company, which is owned by Dorsey-led Block Inc., maintains that it “does not tolerate illegal activity on Cash App” and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”

The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. Himamauli Das, acting director of the Treasury Department’s Financial Crimes Enforcement Network, said in a statement that “ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist