Metacurity

Share this post
Democratic Lawmakers to Google: Stop Collecting Location Data That Imperils Abortion Seekers
metacurity.substack.com

Democratic Lawmakers to Google: Stop Collecting Location Data That Imperils Abortion Seekers

Hacker releases heartbreaking images of Chinese camps, Ransomware attack delays flights at Indian airline, DuckDuckGo creates carve-out for Microsoft ad data, Zoom fixes four flaws and much more

Cynthia Brumfield
May 25
1
Share this post
Democratic Lawmakers to Google: Stop Collecting Location Data That Imperils Abortion Seekers
metacurity.substack.com

Google sign
Photo by Pawel Czerwinski on Unsplash

More than 40 Democratic members of Congress, led by Senator Ron Wyden (D-OR), sent a letter to Sundar Pichai, the CEO of Google parent Alphabet Inc., asking him to stop what they see as Google’s unnecessary collection and retention of people’s location data. They argue that anti-choice actors could use the information to identify women seeking abortions.

The lawmakers expressed concern that if abortion were to become illegal in the U.S., the company’s “current practice of collecting and retaining extensive records of cell phone location data will allow it to become a tool for far-right extremists looking to crack down on people seeking reproductive health care.” But to date, tech companies have tried mainly to stay out of the impending repeal of reproductive healthcare rights that will be ushered in when the Supreme Court overturns its landmark Roe v. Wade decision. (Barbara Ortutay / Associated Press)

Related: Wyden.Senate, The Conversation, Wired, Motherboard, The Verge, Cyberscoop, Techradar, CNBC Technology, Digital Journal, Daily Dot

Twitter avatar for @evan_greerEvan Greer @evan_greer
BREAKING: More than 40 lawmakers just sent a letter to Google demanding that they stop unnecessarily collecting troves of location data that can and will be used to target people seeking abortions if Roe v Wade is overturned
Democrats: Google must protect privacy of abortion patientsMore than 40 Democratic members of Congress are asking Google to stop what they see as the unnecessary collection and retention of people’s location data, arguing the information could be used to identify women seeking abortions.apnews.com

May 24th 2022

74 Retweets177 Likes

Thousands of photographs from the heart of China’s highly secretive system of mass incarceration in Xinjiang, as well as a shoot-to-kill policy for those who try to escape, are among a massive cache of data called the Xinjiang Police Files hacked from police computer servers in the region. An anonymous source claims to “have hacked, downloaded and decrypted the files from a number of police computer servers in the Xinjiang region.”

The cache reveals, in unprecedented detail, China’s use of “re-education” camps and formal prisons as two separate but related systems of mass detention for Uyghurs - and seriously calls into question its well-honed public narrative about both. (John Sudworth / BBC News)

Related: DataBreaches.net, The New Arab, EL PAÍS, Candid.Technology, Motherboard, Bloomberg, Digital Journal, The Guardian, Daily Mail, New Statesman Contents, Ars Technica, Hong Kong Free Press HKFP, Washington Examiner

Twitter avatar for @snlyngaasSean Lyngaas @snlyngaas
US Ambassador to UN weighs in on the hacked Xinjiang police files

Ambassador Linda Thomas-Greenfield @USAmbUN

Horrified by the Xinjiang Police Files, which spotlight China's mass incarceration of Uyghurs and other ethnic and religious minorities. @mbachelet and @UNHumanRights must take a hard look at these faces and press Chinese officials for full, unfettered access – and answers. https://t.co/ZkpbfA7ZvJ

May 24th 2022

3 Likes

An attempted ransomware attack on India’s Spice Airlines delayed flights at the Delhi, Jaipur, and Kanpur airports.

Spicejet acknowledged the attempted attack but said the situation had been rectified and flights are operating normally now. (India Today)

Related: Newstracklive, Al Bawaba, NDTV Gadgets360.com, Business Standard, Economic Times, BGR, The Hindu Business Line, The Asian Age | Home, Deccan Chronicle

Twitter avatar for @flyspicejetSpiceJet @flyspicejet
#ImportantUpdate: Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today. Our IT team has contained and rectified the situation and flights are operating normally now.

May 25th 2022

26 Retweets83 Likes

Security researcher Zach Edwards found hidden limits on privacy-oriented browser DuckDuckGo’s (DDG) tracking protection that creates a carve-out for specific advertising data requests by its search syndication partner, Microsoft.

Edwards tested browser data flows on a Facebook-owned site, Workplace.com, and found that while DDG informed users it had blocked Google and Facebook trackers, it did not prevent Microsoft from receiving data flows linked to their browsing on the non-Microsoft website. The limitation on DDG’s browser’s tracker blocking amounts to an exemption from protection against certain advertising data transfers to Microsoft subsidiaries, including Bing and LinkedIn, to undermine DDG browser users’ privacy. (Natasha Lomas / TechCrunch)

Related: WebProNews, iTech Post : Latest News, Bleeping Computer, Natasha Lomas – TechCrunch, Slashdot, Review Geek

Twitter avatar for @thezedwardsℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 @thezedwards
I tested the DuckDuckGo so-called private browser for both iOS and Android, yet *neither version* blocked data transfers to Microsoft's Linkedin + Bing ads while viewing Facebook's workplace[.]com homepage. Look at DDG bragging about stopping Facebook on Workplace, no MSFT..:
The Duck Duck Go brags about stopping data transfers on Workplace.com

May 23rd 2022

2 Retweets39 Likes
Twitter avatar for @evacideEva @evacide
So...this is bad.

Shivan Kaul Sahib @shivan_kaul

This is shocking. DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can't talk about it! This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn't work. https://t.co/bzxw8vaxsy

May 24th 2022

822 Retweets2,769 Likes

The team at Sonatype vetted claims that the PyPI module ctx that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables.

The threat actor replaced the older, safe versions of ctx with code that exfiltrates the developer's environment variables to collect secrets like Amazon AWS keys and credentials. In addition, versions of a phpass fork published to the PHP/Composer package repository Packagist had been altered to steal secrets similarly. (Ax Sharma / Bleeping Computer)

Related: The Hacker News, Security Week, Reddit - cybersecurity, Sonatype Blog

Zoom has fixed as many security vulnerabilities that could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and executing malicious code.

Discovered by Ivan Fratric of Google Project Zero, the flaws are tracked from CVE-2022-22784 through CVE-2022-22787 and range from 5.9 to 8.1 in severity. (Ravie Lakshmanan / The Hacker News)

Related: The Register - Security, ZDNet Security

BlackBerry researchers published new insights into the Chaos ransomware builder, revealing a twisted family tree that links it to both the Onyx and Yashma ransomware variants.

The researchers say that someone claiming to be the creator of the Chaos ransomware builder’s kit joined a discussion between a recent victim and the threat group behind Onyx ransomware and revealed that Onyx was constructed from the author’s own Chaos v4.0 Ransomware Builder. The author went on to promote the most current version of the Chaos ransomware line, now renamed Yashma. (Steve Zurier / SC Magazine)

Related: The Hacker News, BlackBerry

Actor and producer Seth Green was robbed of several NFTs this month after succumbing to a phishing scam that inadvertently threw a monkey wrench into the plan for his new animated series developed from characters in Green’s expansive NFT collection.

On May 8, an anonymous scammer swiped four of Green’s NFTs in a phishing scheme. A Bored Ape, two Mutant Apes, and a Doodle were transferred out of Green’s wallet after he unknowingly interacted with a phishing site. One of the mutant apes was sold for $42,000, and the Bored Ape was sold for more than $200,000, potentially giving the new buyers more substantial intellectual property rights over the images. (Sarah Emerson / Buzzfeed News)

Related: Kotaku, Cointelegraph, AV Club

Twitter avatar for @morebuttertvMore Butter 🧈 @morebuttertv
Seth Green’s Bored Ape NFT, which was set to star in its own animated show, was stolen through a phishing scam. Green no longer owns the commercial rights to the NFT and thus the show cannot move forward. 🔗:
buzzfeednews.com/article/sarahe…
Image

May 24th 2022

7,428 Retweets70,234 Likes

The Cybersecurity and Infrastructure Security Agency (CISA) added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR.

The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday. (Bill
Toulas / Bleeping Computer
)

Related: Security Affairs, CISA

A scammer was able to trick a prolific NFT collector into signing a transaction on a fake trading website, which then allowed the scammer to maliciously transfer 29 pricey Moonbirds NFTs worth around 750 ETH or $1.5 million in a single transaction.

The targeted trader was a big-time Moonbirds fan, holding 29 of the NFTs in their affected wallet. (Molly White / Web 3 is going just great)

Related: Cointelegraph

Identity-driven threat detection and monitoring service Semperis raised over $200 million in a Series C funding round.

KKR led the round with participation from Ten Eleven Ventures, Paladin Capital Group, Atrium Health Strategic Fund, Tech Pioneers Fund, and existing investors, including Insight Partners. (Krystal Hu / Reuters)

Related: Globes, Calcalist, SC Magazine, Business Wire Technology News, Business Wire Technology News, Security Week, Becker's Hospital Review, FinSMEs, SiliconANGLE, CRN, SC Magazine, GovInfoSecurity, VC News Daily, Grit Daily News, VC Deals – PE Hub

Managed intelligence company Nisos raised $15 million in a Series B venture funding round.

Paladin Capital Group, Columbia Capital, and Skylab Capital led the round. (FinSMEs)

Related: Business Wire, Dark Reading

Open-source supply chain security provider Tidelift announced it had raised $27 million in a Series C venture funding round.

Dorilton Ventures led the round with Kaiser Permanente and Atlassian Ventures joining existing investors General Catalyst and Foundry Group. (Tim Keary / Venture Beat)

Related: Business Wire, Silicon Angle, SD Times, Pitchbook

ShardSecure, the inventor of Microshard™ technology that mitigates data security and privacy risks in the cloud, closed an oversubscribed Series A venture investment round.

Grotech Ventures led the round with significant participation from Gula Tech Adventures and KPMG LLP and existing investors Tom Noonan, EPIC Ventures, and Industrifonden. (PR Newswire)

Share this post
Democratic Lawmakers to Google: Stop Collecting Location Data That Imperils Abortion Seekers
metacurity.substack.com
TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing