Sen. Mark Warner has expressed concern that TikTok poses a threat to national security and has argued that President Trump was justified in his goal to ban the app in 2020.

Warner says that the app is a “massive collector” of information, including information about keystrokes, which is all stored in Beijing. He also asserts that the app can disseminate content to a large number of people and could be used for propaganda.

Senator Tom Cotton, a Republican, agrees with these concerns and stated that China is probably lying about where TikTok stores user data. He suggests that American citizens uninstall the app.

Since the developers who write the code for TikTok are based in Beijing, Senator Warner pointed out that it is difficult to disentangle the app from China’s capital. He also said that TikTok is a network for broadcasting. If the Chinese Communist Party wants to reduce content that criticizes Chinese leadership and increase content that supports China, it can do so on a large scale.

Republican Senator Tom Cotton issued a warning to Americans earlier in a broadcast, claiming that China is lying about keeping TikTok user data in America with backups in Singapore. Reports show that data can be accessed in mainland China and that TikTok, which is a Chinese company, has to follow the laws of communist China.

TikTok is one of the biggest surveillance programs ever, targeting the youth in the United States. TikTok has access to everything on your phone, including photos, videos, text messages, contacts, and even your eye movements and facial features.

Senator Cotton has urged all Americans to uninstall the video-sharing app TikTok from their phones, if possible, or even to buy new ones altogether.

Read: https://www.zerohedge.com/political/democrat-intel-senator-trump-was-right-about-tiktok

Pegasus Project Findings Raise Alarms Around European Government Surveillance

According to the 2021 publication of the Pegasus Project (a spyware investigation led by 16 media outlets around the world) multiple European governments are using advanced spyware and surveillance tools on their own people. Reporters found that European governments had targeted more than 50, 000 phone numbers worldwide using the surveillance tool Pegasus, made by the Israeli company NSO Group. Civilians who were spied on included reporters at CNN, The New York Times, and Reuters, as well as human rights activists and lawyers. The report clearly shows that spyware abuse is just as rampant in European democracies as it is in authoritarian governments like China and Iran.

Modern spyware allows users to both track and pull information from a device. That includes remotely accessing the target’s mic and camera, and downloading texts, emails, and GPS locations without the user’s consent. The software under fire in this report, Pegasus, enables users to quietly access their target’s passwords, contacts, calendar events, texts, and phone calls without the target’s knowledge.

NSO Group, the Israeli company that makes Pegasus, has been used by repressive regimes all over the world for various human rights violations. It is no wonder then that European MPs were deeply concerned by the findings of the report and by the potential impact of such unconstitutional activities on European citizens. According to the findings, most European governments were indulging in undemocratic surveillance activities designed to repress expression and political competition.

The authors of the report didn’t hold back when they wrote that the abuse of spyware “mercilessly exposes the immaturity and weakness of the EU as a democratic entity.” Indeed, for all of their talk of “techno-democracy”, the US and European countries abuse spyware just as much as any other authoritarian regime. Though there is certainly still some semblance of a relatively independent media in these countries, the findings of the Pegasus Project serve as a stark reminder of how fragile democracy really is.

Read: https://slate.com/technology/2022/11/europe-spyware-scandal-pegasus-report.html

Dutch government threatens to dump Facebook if security concerns aren’t addressed

State Secretary Alexandra van Huffelen said that the Dutch government might stop using Facebook if the social media site doesn’t improve how it handles sensitive personal data. The company hired to check Facebook’s privacy policy said it’s unlikely the firm will meet all requirements, so the government will probably stop using the social media site altogether.

Van Huffelen thinks that Facebook users’ information isn’t protected well enough, and sensitive personal information could end up in the hands of U.S. security services, where Meta is headquartered.

The Dutch government has asked Facebook, among other things, to stop storing information about Dutch users who look at government pages. This is done in an attempt to protect the Dutch citizens’ personal information.

State Secretary Van Huffelen says that the government will have to stop using Facebook pages if the risks are not taken care of. Facebook said in response that the report was wrong about how Meta works and misunderstood important parts of Dutch law.

The Netherlands’ secretary admitted that quitting Facebook would be a big mistake since it is a popular social media site and a key way for the government to talk to people. At the beginning of this year, Germany’s data protection authority made a similar decision. This made Van Huffelen want to look into it as part of the Cabinet’s new plan to be stricter with social media.

Read: https://nltimes.nl/2022/11/19/dutch-government-will-stop-using-facebook-doesnt-improve-private-data-handling

Tehama County, California Social Services Department Compromised in Data Breach

Tehama County officials have informed former employees and recipients of services of a breach in the county’s social services data systems. The breach was identified earlier this year on April 9th, but investigations into the matter had stretched all the way to August 19th. Officials say that personally identifiable information (PII) of several current and former employees and recipients of social services had been compromised in the breach. Such PII included names, addresses, DOB, social security numbers, driver’s license numbers, and details of services obtained from the social security department.

“The County of Tehama is offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or driver’s license numbers were involved,” the county says, though no cases of fraud seem to have been reported just yet.

The county refused to disclose either the number of victims or the type of cyberattack that took place. Back in June, however, Quantum ransomware operators claimed to have leaked roughly 32 gigabytes of data from the county’s systems.

Read: https://www.securityweek.com/california-county-says-personal-information-compromised-data-breach

Landmark Win for Google in Glupteba Botnet Legal Case

In a blog post last Friday, Google announced its victory against two Russian nationals associated with the Glupteba botnet. The tech giant said that the court’s ruling set an important legal precedent for cybercriminals everywhere. In the post, Google’s VP of engineering for privacy, safety, and security Royal Hansen and the company’s general counsel Halimah DeLaine Prado wrote: “We made the explicit decision to name the criminal actors behind Glupteba as defendants in the suit (filed in New York), to expose them and their various shell companies.” Though the tactic was not a common one, Hansen and DeLaine Prado said that they felt it was important to disrupt the botnet group’s ability to operate discreetly online.

The blog post commented that the risk involved in making such an uncommon move was that these foreign actors could “attempt to abuse the US court system by litigating from abroad with no intention of complying with the court’s orders and could try to use the legal process to get information about Google’s defense mechanisms.” The court, however, was not easily manipulated by the defendants attempts, and it issued “monetary sanctions against both the Russian-based defendants and their US-based lawyer – requiring the criminal actors behind Glupteba to pay Google’s legal fees,” the blog post reads.

“This step is particularly important because it shows that there will be real, monetary consequences for engaging in this type of criminal activity.”

Google believes that exposing Glupteba’s legal defeat makes it less appealing for other criminal groups to collaborate with them. Their strategy seems to be working, as Google’s Threat Analysis Group has recorded a 78% decline in the number of infected hosts.

Read: https://www.infosecurity-magazine.com/news/google-wins-legal-battle-vs/


Announcing the release of Cronly.App

Have you ever had to manage multiple cron jobs or tasks from cloud environments? It can be a daunting task, leaving you with incomplete processes or problems that kill your cron jobs without you even being aware there was a problem.  The costs to efficiency and your wallet can be intense.

Having faced these issues ourselves, we here at easyDNS fell head over heals in love with the simplicity of Cronly.app. We entered into an agreement to purchase the base application and then went to town enhancing and improving what it can do to make it bulletproof for your use.

Cronly makes it dead simple to schedule and monitor your cron jobs in the cloud.

• Create Monitors to keep an eye on your cron jobs
• Get notified when they complete
• Receive alerts if there are any problems or unexpected interruptions
• Setup is all done via a user-friendly GUI

Costing less than a cup of coffee per month, each monitor includes the following:

• Unlimited Triggers
• Unlimited Users
• Unlimited SSL certificates
• Unlimited Projects
• Unlimited Integrations
• Unlimited API Calls

Cronly.app includes flexible notifications with integrations that range the gamut from Slack to Trello to Discord. Monitoring your application is as simple as calling a link we provide for every monitor you setup. You could be up and running in literal minutes. You only pay for what you use, and if you pre-pay a year you receive 2 months for free. Be one of the first to check it out on https://cronly.app today!

Elsewhere Online:

Exploit code for Microsoft Exchange flaws released by a hacker group Read:https://securityaffairs.co/wordpress/138768/hacking/proxynotshell-microsoft-exchange-poc.html

Emotet malware’s return proves that the threat still persists ten years later
Read: https://thehackernews.com/2022/11/notorious-emotet-malware-returns-with.html

Here’s how a China-based advanced persistent threat actor hacks into the world’s computers
Read: https://thehackernews.com/2022/11/chinese-mustang-panda-hackers-actively.html

A hacking forum is offering 487 million WhatsApp user cell phone numbers for sale
Read: https://heimdalsecurity.com/blog/487-million-whatsapp-mobile-numbers-hacking-forum/

There are over 1,650 malicious containers hidden in Docker Hub repositories
Read:https://www.bleepingcomputer.com/news/security/docker-hub-repositories-hide-over-1-650-malicious-containers/