That was something else A busy week in security that saw big news about attacks, surveillance, spyware, data breaches, and more. In the US, recent court documents detail how the FBI used a subpoena to obtain Google’s location information from thousands of devices in and around the Capitol on January 6. Meanwhile, in Iran, videos of anti-government protests which he shared on social media highlights. the importance of Twitter’s role in documenting human rights violations and the consequences if the social network is broken.
On November 30, Google’s Threat Analysis Team moved to block the Spanish framework that targets desktop computers. The exploit, called Heliconia, was made known to Google after several anonymous posts to the Chrome bug reporting program. Although Google, Microsoft, and Mozilla have all addressed the Heliconia issue, it’s a good reminder to keep your devices updated. Here’s what you need to know about all the important security updates released last month.
Google researchers also discovered this week that the encryption keys that phone manufacturers use to authenticate apps on their devices are real, including the Android operating system — that have been stolen and used in malware.
Finally, we published WIRED reporter Andy Greenberg’s sixth installment, “The Hunt for the Dark Web’s Biggest Kingpin,” which details the fall of AlphaBay, the world’s largest dark web marketplace. Read the final episode here, and see the full book from which these stories were taken, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrencyavailable here wherever you buy books.
And there are many. Every week we show stories that we haven’t covered in depth. Click on the topics below to read all the articles.
A deadly apartment fire has sparked protests in China as thousands of protesters in major cities have taken to the streets against the country’s zero-Covid policies. The growing number of protests that have taken place in the country since the deadly 1989 protests in Tiananmen Square have been met with massive surveillance and surveillance tools that the government has been refining for years. Authorities are using facial recognition, phone tracking, and alerts to identify, intimidate, and detain protesters.
The shows are stress-testing China’s surveillance technology, and experts say the number of videos is increasing as China’s military conducts surveillance. A leaked document from the China Cyberspace Administration called the attacks “Level I Internet Emergency Response,” and authorities ordered ecommerce platforms to limit access to VPNs and routers around firewalls. On Sunday, Chinese-language Twitter accounts derailed the project with accompanying links along with the names of the cities where the protests took place in an attempt to discourage the protests.
US Immigration and Customs Enforcement is in hot water after the agency mistyped the personal information of thousands of asylum seekers during a website update. The data, which included the names, dates of birth, countries, and detention facilities of more than 6,000 people, was leaked for five hours before being removed by the agency. The release of the data could expose migrants who have been involved in the violations to retaliate against the criminals and governments they fled.
The agency’s lack of technology comes as the Biden administration is expanding its use of technology to screen immigrants at the time of release through smartphone apps and ankle monitors.
“The U.S. government has a duty to keep the names and identities of asylum seekers confidential from retaliation,” a lawyer for Human Rights First, the organization that discovered the leak, told People. Los Angeles Times. “ICE’s secret printing is illegal and illegal, a mistake that must not be repeated.”
A new study shows that Google continues to store information about people seeking abortions despite the company’s promise in July that it would remove this information from its systems. Researchers with Accountable Tech, an advocacy group, conducted a series of experiments to analyze Google’s data about people seeking abortions online. They found that searches for directions to abortion clinics on Google Maps, as well as directions taken to visit Planned Parenthood locations, were stored by Google for several weeks. Google spokesperson Winnie King said this Guardian that users “can turn off Website and App Experience at any time, delete all or part of their data manually, or choose to simply delete that data on a regular basis.”
The findings contradict what Google promised after the US Supreme Court ruled Roe v. Wade. “If our systems detect that someone has visited one of these locations, we will delete those records from Location History immediately after they leave,” the company said in July. Five months later, Google doesn’t seem to have implemented this feature.
LastPass, the password manager, is investigating security issues after its systems were compromised for the second time this year. In a blog post about the incident, CEO Karim Toubba said the attacker had obtained customer credentials using data stolen from LastPass systems in August, but did not specify what customers had taken—though he said users’ stored passwords remain protected by the company’s security measures. . “We are working to understand the extent of what has happened and identify the findings,” says Toubba. “In the meantime, we can confirm that LastPass products and services are still fully functional.”