your car A data gold mine. Every trip you take generates a lot of data—from your location to the use of your infotainment systems—and carmakers are getting better at using this information. A 2019 analysis found that cars can generate 25 gigabytes of data per hour.
As companies improve their ability to mine this data, your car may prove to be the next national security threat. This week, the Chinese town of Beidaihe banned Tesla from its streets as the country’s Communist Party leaders gathered in the area. One reason for the ban is that the cars could reveal sensitive details about China’s most senior figures.
Elsewhere, German mobile providers are testing “digital tokens” as a way to deliver personalized ads to people’s phones. A trial of TrustPid by Vodafone and Deutsche Telekom generates pseudo-anonymous tokens based on people’s IP addresses and uses them to show personalized product recommendations.
This action is compared to “Super Cookies,” which has previously been used to track people without their consent. While Vodafone has denied the system resembles supercookies, privacy advocates say it goes too far. “Companies that operate communications networks should not track their customers or help others track them,” privacy researcher Wolfie Christl told WIRED.
In other stories this week, we’ve rounded up critical updates from Android, Chrome, Microsoft, and more that rolled out in June—you should make those updates now.
We also looked at how the new ZuorAT router malware infected at least 80 targets worldwide. And we’ve explained how to use Microsoft Defender on all your Apple, Android, and Windows devices.
But that’s not all. We have a rundown of the week’s big security news that we can’t cover. Click on headlines to read full articles. And stay safe out there.
California’s firearms database, known as the Firearms Dashboard Portal Improve transparency Around the sale of weapons. Instead, when new data was added to it on June 27, the update proved to be a disaster. At the time of the planned publication of the new information, the California Department of Justice made the spreadsheet publicly accessible online and disclosed more than 10 years of gun owner information. The data breach included the names, dates of birth, genders, races, driver’s license numbers, addresses and criminal histories of people who were granted or denied permits to carry concealed and carry weapons between 2011 and 2021. There are more than 40,000 CCW permits. Issued in 2021; However, the California Department of Justice said the data breach did not include financial information and Social Security numbers.
Although the spreadsheet was online within 24 hours, a preliminary investigation appears to indicate the breach was more extensive than first thought. In a press release Issued on 29 June, the California DOJ said other parts of its firearms database were also “impacted.” The department said it is investigating what information may have been exposed in the breach, including information on the assault weapon registry, certified handguns for sale, dealer record of sale, firearm safety certificate and gun violence prevention order dashboards. Revealed. Responding to the data breach, the Fresno County Sheriff’s Office Said It was “worse than previously expected” and some of the influential information “surprised us.”
Indian hacker-for-hire groups have been targeting lawyers and their clients around the world for a decade. A Reuters investigation revealed this week. Hacking groups have used phishing attacks to gain access to confidential legal documents in more than 35 cases since 2013 and targeted at least 75 US and European companies, according to the report, which is based on 80,000 emails sent by Indian hackers. Last seven years. The investigation details how hack-for-hire groups operate and how private investigators take advantage of their ruthless nature. Reuters published its research, Google’s threat analysis group made public Dozens of domains belonging to hack-for-hire groups in India, Russia and the United Arab Emirates.
Since 2009, the Chinese hacking group APT40 has targeted companies, government agencies and universities around the world. According to the security firm, APT40 has hit the United States, United Kingdom, Germany, Cambodia, Malaysia, Norway and more. Mandiant. This week, A Financial times investigation Chinese university students found themselves tricked into working for a front company linked to APT40 and engaged in researching its hacking targets. The newspaper identified 140 potential translators who applied to job ads in Hainan’s Jiangdun, the company APT40 and Ane In a July 2021 indictment by the US Department of Justice. Those applying for jobs in Hainan’s Xiandun were asked to translate sensitive US government documents and appeared to be “unwittingly drawn into a life of espionage”. the story.
In 2021, North Korean hackers can evade international sanctions and Strengthening its nuclear weapons program. This week, investigators began linking the June 23 theft of $100 million in cryptocurrency from Horizon Bridge to North Korean actors. Blockchain analytics firm Elliptic They say It uncovered “strong indications” that North Korea’s Lazarus group may be linked to the Horizon Bridge hacking incident—and Elliptic isn’t the only group Connection made. The attack is the latest in a string against blockchain bridges, which have become common targets in recent years. However, researchers say the crypto crash is ongoing Wiped out the value of lakhs From North Korea’s crypto exploits.