Month: September 2020

Daily Digest (9/18)

US Bans TikTok, WeChat From App Stores Beginning Sunday

The Commerce Department said Friday that it would ban Chinese-owned TikTok and WeChat from U.S. app stores on Sunday, citing national security and privacy concerns.

The order comes after Oracle, the California tech company, reached a deal over the weekend with TikTok’s owner, Bytedance, to satisfy White House concerns over the app’s data-collection and related issues, The Associated Press reports.

It was not clear how the order would affect the Oracle deal.

The Commerce Department was enacting an executive order President Donald Trump signed last month, AP reports.

“At the president’s direction, we have taken significant action to combat China’s malicious collection of American citizens’ personal data, while promoting our national values, democratic rules-based norms, and aggressive enforcement of U.S. laws and regulations,” Commerce Secretary Wilbur Ross said in a statement.

Source (all external links):

WeChat ‘Ban’ Won’t Target Users, US Says

A White House ban on the Chinese app WeChat will not affect users, according to a U.S. Justice Department document filed Wednesday in federal court.

The Trump administration issued executive orders last month to ban TikTok and WeChat, claiming the apps were threats to national security, The Associated Press reports.

The nonprofit group, WeChat Users Alliance, have sued in federal court, saying their members rely on the app for work, worship and to keep in touch with relatives in China.

The alliance sued Aug. 22, claiming the ban violated users’ freedom of speech and other constitutional rights, AP reports.

But the Justice Department said in its filing that the Commerce Department “does not intend to take actions that would target persons or groups whose only connection with WeChat is their use or downloading of the app to convey personal or business information between users.”

Such users, the filing added, would not be exposed to “criminal or civil liability.”

The government filing said that using and downloading the app to communicate would not be a banned transaction, although messaging on the app could be “directly or indirectly impaired” by the ban.

The Justice Department’s filing said the “assurances largely address” concerns raised by the plaintiffs.

A hearing on the WeChat users’ petition for an injunction will be heard in a federal district court in California on Thursday, AP reports.

Source :

100K Customer Records Exposed in Razer Data Leak

Records of 100,000 customers of Razer, an electronics hardware maker, were exposed through a misconfigured server — disclosing personal transactions that included names, emails and customer ID numbers.

Volodymyr Diachenko, an independent cybersecurity consultant, discovered the breach, CPO Magazine reports.

Razer is owned by Bitglass, whose CTO Anurag Kahol told the magazine that leaving the database open to the public was a “common occurrence,” but that it was still a basic security risk that needed to be prevented.

Razer sealed the data leak early last month before making it public, and Diachenko eventually received a response from the company after several failed attempts, CPO reports.

In a public statement, Razer said it would scrutinize its IT security practices more carefully.

Source:

US Indicts 5 Members of APT41 Threat Group Over Hack

Five alleged members of the known hacking group, APT41, were indicted this week by a federal grand jury in a case brought by the Justice Department.

The group is known for its state-backed cyberespionage activity and financial crimes, Threatpost reports.

In its indictment, the Justice Department alleged that the group facilitated many ransomware and crypto-jacking attacks, leading to source-code theft and other activity.

“This is a unique hacker, who carries out global cyber-espionage while simultaneously pursuing a criminal venture,” cybersecurity analyst John Hultquist told Threatpost.

“APT41’s ability to successfully blend their criminal and espionage operations is remarkable,” he said.

Source:

— By DPN Staff

Workers, Homeowner Associations Square Off Over Rules in Pandemic

By Joanne Cleaver 

A home-based doggy boarding business nearly cost Dianna Sells her house.  

Sells didn’t realize that her retirement business of taking in sedate older dogs for short periods violated the rules and regulations of the homeowners association (HOA) in which her house is situated in Round Rock, Texas.

After all, her yard is big, the geriatric dogs were quiet — and many of her clients were neighbors. 

Then someone — Sells told Digital Privacy News she still doesn’t know who — complained to the association’s board.

Continue reading “Workers, Homeowner Associations Square Off Over Rules in Pandemic”

Back to School, Back to Crime?

Schools See Rise in Cyberthreats With Online Learning

By Samantha Cleaver

This fall, back to school means back on defense.

Schools in Haywood County, N.C., started remote learning last month. They then closed abruptly because of a cyberattack.

Later in the month, Palm Springs Unified Schools in California, also virtual, reported having to clear a hacking attack. The district addressed it with teacher, student and parent training.

This is the landscape for schools for the 2020-21 year. With networks branching out into households, and hackers well aware of the value of education data, phishing and ransomware attacks are expected to be a common occurrence, experts told Digital Privacy News.

Continue reading “Back to School, Back to Crime?”

The Security Flaw That Almost Knocked Apple Off Its Perch

By Felix Okendo

A flaw discovered this spring within Apple Inc.’s “Sign in With Apple” feature by an India-based developer brought him $100,000 through the company’s Security Bounty Program, part of an industry genre known as “bug-bounty programs.”

“Bug-bounty programs are likely becoming an important best practice for a widening swath of industries,” Graham Dufault, senior director for public policy at ACT-The App Association in Washington, told Digital Privacy News.

Such programs offer rewards to researchers for discovering and reporting bugs in software and hardware. In most cases, the flaws are related to vulnerabilities and exploits in the products — and companies pay well for the discoveries.

Continue reading “The Security Flaw That Almost Knocked Apple Off Its Perch”

UK Officials Reveal Proposals for Digital Identity Framework

By Robert Bateman

The U.K. government is developing a nationwide “digital identity” framework that would enable it to identify individuals across various public services.

Several news outlets have characterized the scheme as a plan to assign a so-called “digital ID card” to every citizen, a move that would concern many privacy advocates.

The U.K.’s proposals are still unclear, but they do not appear to involve a physical ID card. The government claims the framework would reduce fraud and check individual identities more easily.

Continue reading “UK Officials Reveal Proposals for Digital Identity Framework”

Q&A: Delegate Eleanor Holmes Norton, D-D.C.

Bill Seeks to Limit Use of Police Cameras

By Mukund Rathi 

Congresswoman Eleanor Holmes Norton, D-D.C., introduced the Federal Police Camera and Accountability Act in June 2019.

It was incorporated into the George Floyd Justice in Policing Act that recently passed the House of Representatives.

The bill regulates federal law-enforcement’s use of body and dashboard cameras.

Generally, it requires them to activate cameras when interacting with the public and to disclose videos on appropriate requests.

The legislation would affect the more than 30 federal law-enforcement agencies working in Washington.

Continue reading “Q&A: Delegate Eleanor Holmes Norton, D-D.C.”