Google Just Denied Cops a Key Surveillance Tool

A hacker group calling itself Solntsepek, previously linked to the infamous Russian military hacking unit Sandworm, took credit this week for a disruptive attack on the Ukrainian internet and mobile service provider Kyivstar.
Kytch argues in a recent court filing that the email reveals the real reason why, a couple of weeks later, McDonald's sent an email to thousands of its restaurant franchisees claiming safety hazards related to Kytch's ice-cream-machine-whispering device.
WIRED looked at how Microsoft's Digital Crime Unit has refined a strategy over the past decade that combines intelligence and technical capabilities from Microsoft's massive infrastructure with creative legal tactics to disrupt both global cybercrime and state-backed actors.
We dove into the controversy over reauthorization of Section 702 surveillance powers in the US Congress.
Each week, we round up the security and privacy news we didn't break or cover in depth ourselves.
Geofence warrants, which require tech companies to cough up data on everyone in a certain geographic area at a certain time, have become an incredibly powerful tool for law enforcement.
Now, Google has made technical changes to rein in that surveillance power.
The company announced this week that it would store location history only on users' phones, delete it by default after three months, and, if the user does choose to store it in a cloud account, keep it encrypted so that even Google can't decrypt it.
The move has been broadly cheered by the privacy and civil liberties crowds as a long-overdue protection for users.
It will also strip law enforcement of a tool it had come to increasingly rely on.
Geofence warrants were sent to Google to obtain data on more than 5,000 devices present at the storming of the US Capitol on January 6, 2021, but they have also been used to solve far smaller crimes, including nonviolent ones.
In a different sort of technical move to tighten users' data protections, Apple has added new security features designed to make it harder for thieves to exploit users' sensitive data and accounts.
The Wall Street Journal had previously reported on how thieves who merely learned someone's passcode-say, by looking over their shoulder-and then stole their phone could access their online accounts and even make payments to drain their bank balances.
Apple has now created a Stolen Device Protection feature that, when enabled, will require you to use a biometric feature like TouchID or FaceID to access certain accounts and phone features, in addition to the passcode that unlocks the phone.
For the most sensitive features, like changing passwords or passcodes or turning off Find My, Apple will also force you to wait an hour and authenticate again if the phone isn't in a location the user typically frequents.
The group of Chinese hackers known as Volt Typhoon has rung alarm bells across the cybersecurity industry all year with news of its intrusions targeting power grids and other critical infrastructure in the Pacific region and the US. A new report from The Washington Post offers fresh details of the disturbing mix of networks that the group has breached, including a water utility in Hawaii, an oil and gas pipeline, and a major West Coast port.
The hackers haven't actually caused any disruptions, nor have they penetrated the industrial control system side of their targets' networks-the sensitive systems capable of triggering physical effects.
In combination with previous reports of Volt Typhoon's work to plant malware inside electric utilities in the continental US and Guam, the report paints a picture of China's escalating moves to prepare the groundwork for disruption in the event of a crisis, such as an invasion of Taiwan.
The notion that your iPhone or Amazon Echo is quietly listening to your conversations has long been one of the most paranoid suspicions of all technology users-bolstered, of course, by the targeted ads that are often so accurate that they seem to be pulled directly from verbal conversations.
This week, that suspicion finally became more than an urban legend when 404 Media reported on an advertising company actively claiming that it can eavesdrop on conversations via those kinds of devices.


This Cyber News was published on www.wired.com. Publication date: Sat, 16 Dec 2023 14:43:04 +0000


Cyber News related to Google Just Denied Cops a Key Surveillance Tool

San Francisco Police's Live Surveillance Yields Almost 200 Hours of Spying-Including of Music Festivals - A new report reveals that in just three months, from July 1 to September 30, 2023, the San Francisco Police Department racked up 193 hours and 19 minutes of live access to non-city surveillance cameras. That means for the equivalent of 8 days, police ...
10 months ago Eff.org
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying. - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
1 year ago Schneier.com
Schneier on Security - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
1 year ago Schneier.com
'Corrupt' cop jailed for tipping off pal to EncroChat op The Register - A British court has sentenced a "Corrupt" police analyst to almost four years behind bars for tipping off a friend that officers had compromised the EncroChat encrypted messaging app network. Natalie Mottram, 25, of Warrington, England, was sent down ...
1 year ago Theregister.com
The SAFE Act to Reauthorize Section 702 is Two Steps Forward, One Step Back - Section 702 of the Foreign Intelligence Surveillance Act is one of the most insidious and secretive mass surveillance authorities still in operation today. The Security and Freedom Enhancement Act would make some much-needed and long fought-for ...
9 months ago Eff.org
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
2 months ago Unit42.paloaltonetworks.com
The House Intelligence Committee's Surveillance 'Reform' Bill is a Farce - Earlier this week, both the House Committee on the Judiciary and the House Permanent Select Committee on Intelligence marked up two very different bills, both of which would reauthorize Section 702 of the Foreign Intelligence Surveillance Act-but in ...
1 year ago Eff.org
The Atlas of Surveillance Hits Major Milestones: 2023 in Review - That's what a New York Police Department lieutenant wrote on LinkedIn after someone sent him a link to the Atlas of Surveillance, EFF's moonshot effort to document which U.S. law enforcement agencies are using which technologies, including drones, ...
11 months ago Eff.org
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
8 months ago Techrepublic.com
Google Just Denied Cops a Key Surveillance Tool - A hacker group calling itself Solntsepek, previously linked to the infamous Russian military hacking unit Sandworm, took credit this week for a disruptive attack on the Ukrainian internet and mobile service provider Kyivstar. Kytch argues in a recent ...
1 year ago Wired.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
11 months ago Cysecurity.news
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com
EFF adds surveillance hub so Americans can check spying The Register - For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows. The Hub contains detailed breakdowns of the type of ...
10 months ago Go.theregister.com
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
1 year ago Techrepublic.com
Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests - Ring, the Amazon-owned home surveillance company known for its long history of partnering with police, announced today that it plans to shut down a controversial tool that allows law enforcement to ask users to share their footage without first ...
10 months ago Wired.com
What is Proposition E and Why Should San Francisco Voters Oppose It? - In addition to removing certain police oversight authority from the Police Commission and expanding the circumstances under which police may conduct high-speed vehicle chases, Proposition E would also amend existing laws passed in 2019 to protect San ...
10 months ago Eff.org
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - In today's fast-paced business world, protecting digital identities and optimizing daily workflows are crucial. The iShield Key Pro series from Swissbit addresses these challenges by offering top-notch security combined with effortless usability. ...
5 months ago Helpnetsecurity.com
Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks - Journalists, lawyers, and human-rights activists in the Middle Eastern nation of Jordan face increased surveillance from the controversial Pegasus spyware app, with nearly three dozen civilians targeted over the past four years. According to an ...
10 months ago Darkreading.com
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
7 months ago Bleepingcomputer.com
Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
8 months ago Hackread.com
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
11 months ago Bleepingcomputer.com
Proposed US surveillance regime would enlist more businesses The Register - Many US businesses may be required to assist in government-directed surveillance - depending upon which of two reform bills before Congress is approved. Under rules being considered, any telecom service provider or business with custodial access to ...
1 year ago Go.theregister.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
5 months ago Crowdstrike.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)