remixtures

"In her remarks, Neuberger confirmed that nine telecommunications providers were impacted by the breaches, adding one more firm to the eight she acknowledged earlier this month. She noted that guidance was given to key U.S. telecommunications firms early on — a “hunting guide” and a “hardening guide” — that detailed Chinese hacking methods and allowed companies to “look for those techniques in their networks and call for help if they discover it.” This led to the determination that a ninth telco provider had been impacted by the same Salt Typhoon breach, alongside Lumen Technologies, AT&T, Verizon and others.

It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.

Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"

https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082

#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking

"Quien sí piensa que Pegasus se debe prohibir es Claudiu Dan Gheorghe, exingeniero jefe de WhatsApp. Pero el software de espionaje comercial funciona precisamente porque trabaja sobre monocultivos: un agujero de seguridad en WhatsApp abre la puerta a 2.000 millones de usuarios. Un fallo de seguridad en Android abre 2.500 millones de teléfonos a la vez. Las empresas como Google, Apple y Meta invierten mucho presupuesto luchando contra estos ataques y comprando agujeros de seguridad en un mercado caliente y competitivo. Al final, Pegasus está en el mismo negocio que WhatsApp —espiar al usuario a través de sus propios dispositivos—, pero no existiría sin él. Los dos son la verdadera amenaza contra nuestro modelo de sociedad."

https://elpais.com/opinion/2024-12-30/la-vigilancia-que-devoro-occidente.html

#CyberSecurity #Surveillance #Spyware #NSOGroup #Pegasus #WhatsApp

"If you’ve purchased a car made in the last decade or so, it’s likely jam-packed with enough technology to make your brand new phone jealous. Modern cars have sensors, cameras, GPS for location tracking, and more, all collecting data—and it turns out in many cases, sharing it.

While we’ve been keeping an eye on the evolving state of car privacy for years, everything really took off after a New York Times report this past March found that the car maker G.M. was sharing information about driver’s habits with insurance companies without consent.

It turned out a number of other car companies were doing the same by using deceptive design so people didn’t always realize they were opting into the program. We walked through how to see for yourself what data your car collects and shares. That said, cars, infotainment systems, and car maker’s apps are so unstandardized it’s often very difficult for drivers to research, let alone opt out of data sharing.

Which is why we were happy to see Senators Ron Wyden and Edward Markey send a letter to the Federal Trade Commision urging it to investigate these practices. The fact is: car makers should not sell our driving and location history to data brokers or insurance companies, and they shouldn’t make it as hard as they do to figure out what data gets shared and with whom."

https://www.eff.org/deeplinks/2024/12/cars-and-drivers-2024-year-review

#Cars #EVs #Surveillance #Privacy #DataProtection #USA

"EFF’s attorneys, activists, and technologists were media rockstars in 2024, informing the public about important issues that affect privacy, free speech, and innovation for people around the world.

Perhaps the single most exciting media hit for EFF in 2024 was “Secrets in Your Data,” the NOVA PBS documentary episode exploring “what happens to all the data we’re shedding and explores the latest efforts to maximize benefits – without compromising personal privacy.” EFFers Hayley Tsukayama, Eva Galperin, and Cory Doctorow were among those interviewed."

https://www.eff.org/deeplinks/2024/12/eff-press-2024-review

#DigitalRights #USA #Privacy #DigitalActivism

"Of course, this user never requested that my on-device experiences be "enriched" by phoning home to Cupertino. This choice was made by Apple, silently, without my consent.

From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it's private, whereas if my computer sends data to the manufacturer of the computer, then it's not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device.

I don't understand most of the technical details of Apple's blog post. I have no way to personally evaluate the soundness of Apple's implementation of Enhanced Visual Search. One thing I do know, however, is that Apple computers are constantly full of privacy and security vulnerabilities, as proved by Apple's own security release notes. You don't even have to hypothesize lies, conspiracies, or malicious intentions on the part of Apple to be suspicious of their privacy claims. A software bug would be sufficient to make users vulnerable, and Apple can't guarantee that their software includes no bugs. (To the contrary, Apple's QA nowadays is atrocious.)

It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There's no benefit to outweigh the risk. By enabling the "feature" without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.

Remember this advertisement? "What happens on your iPhone, stays on your iPhone.""

https://lapcatsoftware.com/articles/2024/12/3.html

#Apple #ApplePhotos #Privacy #DataProtection #Encryption #iOS #iPhone

"A brave YouTuber has managed to defeat a fake Nintendo lawyer improperly targeting his channel with copyright takedowns that could have seen his entire channel removed if YouTube issued one more strike.

Sharing his story with The Verge, Dominik "Domtendo" Neumayer—a German YouTuber who has broadcasted play-throughs of popular games for 17 years—said that it all started when YouTube removed some videos from his channel that were centered on The Legend of Zelda: Echoes of Wisdom. Those removals came after a pair of complaints were filed under the Digital Millennium Copyright Act (DMCA) and generated two strikes. Everyone on YouTube knows that three strikes mean you're out and off the platform permanently.

Suddenly at risk of losing the entire channel he had built on YouTube, Neumayer was stunned, The Verge noted, partly because most game companies consider "Let's Play" videos like his to be free marketing, not a threat to their business. And while Nintendo has been known to target YouTubers with DMCA takedowns, it generally historically took no issues with accounts like his."

https://arstechnica.com/tech-policy/2024/12/youtuber-won-dmca-fight-with-fake-nintendo-lawyer-by-detecting-spoofed-email/

#Copyright #CopyrightTrolls #Nintendo #YouTube #DMCA #Streaming #IP

#Nintendo

"Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.

Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday.

"Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension," the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was "part of a wider campaign to target Chrome extension developers across a wide range of companies."

Cyberhaven added: "We are actively cooperating with federal law enforcement.""

https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/

#CyberSecurity #GoogleChrome #Chrome #Cyberhaven

"Barcelona has become the cyber offensive capital of Europe, and Haaretz has learned that at least three teams of Israeli researchers focused on facilitating advanced hacking capabilities have relocated to the Catalonian capital in the past year and a half, the latest of them in recent months.
Haaretz Podcast

"There are roughly six such groups of Israelis who are the elite in the field – and half of them have moved to Spain," says an industry executive.

In the past two months, a team of Israeli vulnerability researchers - an industry term for hackers specializing in identifying weaknesses in digital defenses, known as "exploits" - arrived in Barcelona from Singapore. The team specializes in finding breaches in smartphone defenses through which spyware can be remotely installed."

https://www.haaretz.com/israel-news/security-aviation/2024-12-26/ty-article/.premium/israeli-hackers-flock-to-barcelona-as-spyware-industry-shifts/00000193-fec4-df5b-a9b3-fec5d9dc0000

#Israel #CyberSecurity #Hacking #Spyware #Spain #Barcelona

"This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates."

https://www.sciencedirect.com/science/article/pii/S0267364924001614

#Australia #HealthInsurance #Anonymization #Privacy #DataProtection #GDPR #Insurance

"EFF supporters get that strong encryption is tied to one of our most basic rights: the right to have a private conversation. In the digital world, privacy is impossible without strong encryption.

That’s why we’ve always got an eye out for attacks on encryption. This year, we pushed back—successfully—against anti-encryption laws proposed in the U.S., the U.K. and the E.U. And we had a stark reminder of just how dangerous backdoor access to our communications can be."

https://www.eff.org/deeplinks/2024/12/defending-encryption-us-and-abroad

#Encryption #USA #UK #CyberSecurity #EU #Surveillance #Privacy #DigitalRights

"North Korea-linked hackers stole more from cryptocurrency platforms this year than ever before, according to Chainalysis Inc., showcasing rising capabilities that researchers say threaten US national security.

Digital thieves linked to North Korea utilize advanced methods such as manipulating remote work opportunities and are responsible for more than half of the total $2.2 billion stolen from platforms in 2024, the blockchain analytics company said in a report Thursday. North Korean-affiliated groups stole $1.34 billion in 47 incidents 2024, up from $660.5 million across 20 incidents in 2023, according to the company’s findings."

https://www.bloomberg.com/news/articles/2024-12-19/north-korean-hackers-stole-record-1-3-billion-in-crypto-in-2024

#Crypto #CryptoCurrencies #NorthKorea #CyberCrime #CyberSecurity

"Capitalist and technology-enabled surveillance has moved beyond targeting users with ads to targeting their lives. This is why privacy online today means freedom tomorrow. Protecting our privacy secures our fundamental rights for the future.

I will be honest, it can be overwhelming; however, in times like this, I like to focus on what can be done instead of worrying about what hasn't happened yet. The most important thing is to act, no matter how difficult it can be during times of fear and stress. Pushing for incremental change and improvements requires small actions every day. We have to engage the folks that are willing to join our fight, pave the way for those actions, and build the communities we want collectively.

There is a lesson to be learned from merging with Tails in 2024 and our growth in the last several years: together we are stronger. And in 2025, I want to use this lesson as a guiding principle, that solidarity and collaboration are our greatest strengths."

https://blog.torproject.org/tor-in-2024/

#Tor #Anonymity #Privacy #Surveillance