Chinese police exposed data of 1 billion people in unprecedented leak: States are catching up With the far-reaching implications of the United States Supreme Court’s June decision to strike down the constitutional right to abortion, the risks of being prosecuted for seeking abortion ramp up across the country, WIRED examines the privacy risks posed by widely deployed automated license plate readers. . As civil rights protections and law enforcement powers evolve, researchers emphasize the digital self-defense value of end-to-end encryption anywhere in the world.
Lockdown Mode – Apple IOS Data Leak Protection
Apple this week announced a new protection for iOS 16 called “Lockdown Mode” that lets users choose to put their phone in a more limited, but more secure mode if they’re at risk of being targeted by invasive spyware. New encryption algorithms announced by the National Institute of Standards and Technology are designed to be resistant to quantum computers, which researchers say will be difficult to test in any practical sense for years to come.
We’ve looked at how users can protect themselves from the worst Instagram scams and looked back at the worst hacks and data breaches so far in 2022, with more inevitably to come.
But that’s not all. Every week we’re surrounded by news that doesn’t break or isn’t covered in depth. Click on headlines to read full articles. And be safe out there!
In one of the most extensive and effective breaches of personal data of all time, attackers grabbed the data of nearly 1 billion Chinese citizens from a Shanghai police database and attempted to extort the department for about $200,000. The trove of data includes names, phone numbers, government ID numbers and police reports. The researchers found that the database is secure, but the management dashboard is publicly accessible from the open Internet, allowing anyone with basic technical skills to grab the information without requiring a password.
The scale of the breach is enormous and the first of this magnitude to hit the Chinese government, which is notorious for storing massive amounts of data not only about its own citizens but people around the world. China is memorable for the United States Office of Personnel Management breach and the Equifax credit bureau breach, among many others around the world.
FBI Director Christopher Wray and Ken McCallum, chief of the UK’s security agency MI5, issued a joint warning this week that China is, as Wray put it, “the biggest long-term threat to our economic and national security”. The pair claimed that China has conducted extensive spying around the world and is interfering in elections and other political affairs.
Wray noted that a move by China to annex Taiwan would “represent one of the most horrific trade disruptions the world has ever seen.” McCallum said that since 2019, MI5 has redoubled its focus on China and is carrying out seven times more Chinese community party-related investigations than it did in 2018. Chinese Foreign Ministry spokesman Zhao Lijian described British officials as “trying to hype up the Chinese threat theory.” He said MI5 had to “exorcise the ghosts of speculation”.
Bug bounty program HackerOne, which runs vulnerability submission and reward programs for companies, fired an employee this week for stealing vulnerability disclosures submitted through the platform and submitting them to affected companies to recover the reward for personal gain. HackerOne uncovered the scheme when a customer company flagged a vulnerability disclosure as suspicious, similar to one it received from another researcher in June.
The rogue employee, new to the company, had access to the HackerOne platform from April 4 to June 23 and exposed seven vulnerabilities using stolen research. “This is a clear violation of our values, our culture, our policies and our employment agreements,” HackerOne wrote in an incident report. “We have terminated the employee and further strengthened our safeguards to prevent similar situations in the future.”
The United States Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Treasury Department said in a joint alert this week that North Korean hackers are targeting the healthcare and public health sectors with the little-known Maui ransomware strain. They warned that paying such a ransom could violate US sanctions. In these incidents, Maui ransomware was used by North Korean state-sponsored cyber actors to encrypt servers responsible for healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet services,” the alert warned.
“In some cases, these incidents have long targeted the HPH sector. Organizations have disrupted the services they provide.”