California’s unprecedented data breach highlights need for privacy In public safety

According to security experts, the data breach was likely triggered by a simple setting error in the program. The leaked data includes the names and whereabouts of 5,770 suspects, the majority of whom were situated in California. In certain instances, the data included the individual’s height, weight, eye color, and homelessness status.

SweepWizard disclosed the Social Security numbers of more than one thousand of these individuals. According to the statistics, several of these individuals were minors at the time of the sweeps. After the raid, numerous individuals whose names appeared in the stolen data were detained, according to police documents and news reports.

The event underlines the necessity of data protection and privacy when it comes to sensitive law enforcement activities. In addition, it raises concerns over the usage of third-party applications in such activities and the possible hazards they may offer. The LAPD claimed that they are collaborating with federal law enforcement to establish the source of the currently unknown unlawful leak of material.

The government must verify that the applications and technology they employ are safe and consistent with data privacy laws and regulations. This event may have grave repercussions, not just for the suspects but also for the cops and their families whose private information was compromised.

In addition, the event underlines the necessity for organizations such as ODIN Intelligence to take data security and privacy seriously and guarantee that their products are compatible with the legislation. In addition, they should implement the necessary security mechanisms to identify and prevent data breaches.

This event serves as a warning to organizations and businesses that they must prioritize data security and privacy and ensure that the technology they employ is safe and compatible with the legislation. It also demonstrates the need for more control and regulation of third-party apps and technology in such sensitive processes.

Read: https://www.wired.com/story/sweepwizard-police-raids-data-exposure/

Apple’s scanning: Consent from current & future iPhone owners required by law

In 2021, Apple revealed intentions to scan media files on smartphones for child pornography, which caused privacy concerns. Apple claimed they would collect feedback and make adjustments before deploying the functionality but did not suggest that they would abandon the concept altogether. Some hypothesized that the decision was made to please the US federal police in anticipation of enhanced encryption capabilities that would restrict police access. The media erroneously stated that Apple had changed its position on the matter.

Jeffrey Paul, founder of EEQJ, describes that when exploring local photos on their Mac, the author observed that the Media Analysis Daemon (mediad) software was connecting to Apple APIs. The security researcher claims that they employ a tool called Little Snitch, which notifies them to network traffic attempts by their programs, and that they have banned network access to a large number of Apple OS-level applications in order to prevent providing data to Apple.

Paul expresses astonishment that this media analysis software was running and connected to Apple APIs in light of Apple’s recent revelation regarding client-side media file scanning. He also criticizes Apple for asserting in their marketing materials that “privacy is a human right” without explaining why this sort of privacy-invading software would be required for individuals who do not partake in child pornography.

Read: https://sneak.berlin/20230115/macos-scans-your-local-files-now/

New BackdoorDiplomacy attacks on Iranian government entities

The threat actor, BackdoorDiplomacy, has been linked to attacks targeting Iranian government entities between July and late December 2022. The Palo Alto Networks Unit 42 discovered malware infrastructure previously associated with the adversary on government domains while tracking activity under its constellation-themed moniker.

The Chinese APT group has been using exploits against unpatched systems to compromise internet-facing web applications such as Microsoft Exchange and SharePoint since at least 2010. Unit 42 observed four different Iranian organizations reaching out to a known command-and-control (C2) server attributed to BackdoorDiplomacy. “The sustained daily nature of these connections to Playful Taurus controlled infrastructure suggests a likely compromise of these networks,” Unit 42 said in a report shared with The Hacker News.

The Turian backdoor offers basic functions to update the C2 server, connect to it, execute commands, and spawn reverse shells. BackdoorDiplomacy’s interest in targeting Iran is said to have geopolitical extensions, as China and Iran have signed a 25-year bilateral agreement to foster economic, military, and security cooperation.

Read: https://thehackernews.com/2023/01/iranian-government-entities-under.html

Hackers attempt to breach ChatGPT’s security

Dark web forums have been spotted with Russian cyber-criminals discussing how to circumvent OpenAI’s API restrictions to access the ChatGPT chatbot.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” explains Check Point Research (CPR), in a report shared with Infosecurity.

According to Check Point Research, Russian hackers are already discussing and trying to figure out how to bypass OpenAI’s restrictions to use ChatGPT for illegal purposes. Cybercriminals are increasingly interested in ChatGPT because its AI technology can make hackers more efficient.

Read: https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

Nostr is here to take over from Mastodon

Notes and Other Stuff, or Nostr, is the latest decentralized microblogging protocol targeting centralized social media platforms. Basically, it’s a decentralized Twitter. With Nostr, decentralization occurs directly at the user level, unlike Mastodon, where decentralization is achieved through a federation of nodes. As soon as you create a Nostr keypair, you are free to move between any client, now or in the future.

Nostr is rising fast within the Bitcoin community, particularly among the Lightning dev community. The reason? Crowds hope it can pave the way for micropayments, as that would change the economics of spam, which is why we are supporters.

Read: https://easydns.com/blog/2023/01/19/move-over-mastodon-here-comes-nostr/

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

Wordfence has put out a public service announcement after their team member received an unsolicited email claiming their site was hacked and demanding a bitcoin payment.

We received the same, seemingly cookie cutter, email too along with members of our team about their own sites and domains, some of which have never had a website on them.

The email reminds us of a very similar message that makes its way around every so often about your email being hacked, all your passwords being stolen and unless you pay up, all your “private” browsing history and photos of you would be revealed.

The potential threat of this is very low, yet it’s a reminder to keep your websites up to date since security vulnerabilities are a real threat. They pop up regularly. This is the main reason easyDNS offers managed website hosting (easyPress). It removes the headache and manages all plugin updates and backups for you.

Read: https://www.wordfence.com/blog/2023/01/psa-your-site-isnt-hacked-by-this-bitcoin-scam-keep-the-money/

DOJ Poised to Sue Google Over Digital Ad Market Dominance

The word is, the DOJ is getting ready to sue Alphabet Inc., the parent company of Google over dominating the digital ad market. It may happen as early as today (Tuesday) or anytime before the end of the week “sources say.”

Read: https://www.bloomberg.com/news/articles/2023-01-24/doj-poised-to-sue-google-over-digital-ad-market-dominance

UPDATE: 8 states sue google: https://nypost.com/2023/01/24/justice-department-sues-google-for-antitrust-violations/


Elsewhere Online:

Uncovering the truth: government pressure and censorship on Twitter
Read: https://www.zerohedge.com/political/infographic-key-revelations-twitter-files

Cyber attack on DNV’s ship management software impacts 1,000 vessels: classification society confirms
Read: https://www.marinelink.com/news/ships-affected-cyber-attack-dnvs-502203

Arizona Attorney General creates a secret, illegal surveillance program

Read: https://www.aclu.org/news/privacy-technology/how-the-arizona-attorney-general-created-a-secretive-illegal-surveillance-program

A Chinese censorship crackdown to suppress Covid rumors is announced for the lunar new year.

Read: https://www.theguardian.com/world/2023/jan/19/china-announces-lunar-new-year-censorship-crackdown-to-silence-covid-rumours

A bored hacktivist browsing an airline server stumbled upon FBI “no-fly” lists and other national security secrets.

Read: https://www.businessinsider.com/hacktivist-finds-us-no-fly-list-reveals-systemic-bias-surveillance-2023-1