Google Enters Into $391.5 Million Settlement for Deceptive Location Tracking Practices
RCMP charges Hydro-Québec employee with spying on behalf of China, Twitter fails at sending 2FA over SMS after turning off 'microservices,' Thales confirms LockBit ransomware attack, more
Check out my piece for README on the new companion conference to CYBERWARCON, BrunchCon (now Sleuthcon), that focused on crimeware, which is a more significant threat to organizations that APT actors.
In the biggest privacy settlement by states in U.S. history, Oregon Attorney General Ellen Rosenblum, along with 39 other state attorneys general, announced an historic $391.5 million settlement with Google over its location tracking practices following charges that Google misled users into thinking they had turned off location tracking in their account settings even as the company continued collecting that information.
Under the settlement, Google will also make its location tracking disclosures clearer starting in 2023. The attorneys general said the agreement was the biggest internet privacy settlement. It capped a four-year investigation into the internet search giant’s practices from 2014-20, which the attorneys general said violated the states’ consumer protection laws.
Google said it had already corrected some of the practices mentioned in the settlement. “Consistent with improvements we’ve made in recent years, we have settled this investigation, which was based on outdated product policies that we changed years ago,” said José Castañeda, a spokesman for the company. (Cecilia Kang / New York Times)
Related: CNET, Android Authority, Associated Press Technology, Security Week, geekinteger, SlashGear » security, Engadget, WSJ.com: WSJD, WRAL Tech Wire, Gizmodo, Axios, Fortune, TIME, Protocol, Engadget, Business Insider, Punch Newspapers, UrduPoint, Insider Paper, Insider Paper, CNBC Technology, UPI.com, 9to5Google, Forbes, Bleeping Computer, CNET, Al Mayadeen, New York Times, NPR, AppleInsider, The Record by Recorded Future, TechCrunch, The Verge, Bloomberg Technology, Ars Technica, The New Arab, Japan Today, Law & Crime, Oregon Department of Justice
The Royal Canadian Mounted Police charged a Hydro-Québec employee, Yuesheng Wang, with espionage for allegedly sending trade secrets to China.
The RCMP said its national security enforcement team began an investigation in August after receiving a complaint from Hydro-Québec’s corporate security branch. Hydro-Québec said Wang was a researcher who worked on battery materials with the Center of Excellence in Transportation Electrification and Energy Storage, known as CETEES. The utility said its security team launched its own investigation before quickly flagging authorities.
Wang faces charges of obtaining trade secrets, using a computer without authorization, and fraud and breach of trust by a public officer. (Rob Gillies / Associated Press)
Twitter users are reporting problems when they attempt to generate two-factor authentication codes over SMS: Either the texts don't come, or they're delayed by hours.
The glitchy SMS two-factor codes come less than two weeks after Twiter laid off about half of its workers, roughly 3,700 people, and come on the heels of Twitter owner Elon Musk saying the company is turning off the “microservices” bloatware, 20% of which are needed for Twitter to work, Musk maintains.
The public meltdown of this Twitter security measure further comes amid a public fight Musk is engaging in with powerful U.S. Senator Edward Markey (D-MA) over the problems created by Musk’s new account verification measures. After being impersonated on Twitter, Markey told Musk in a tweet t“One of your companies is under [a Federal Trade Commission] consent decree,” referring to the mogul’s new acquisition. “Auto safety watchdog NHTSA is investigating another for killing people. And you’re spending your time picking fights online. Fix your companies. Or Congress will.”
French defense multinational Thales confirmed that ransomware group LockBit published internal documents, emphasizing in a public statement that its operations were unaffected by the hack and there was no intrusion of its IT systems.
The ransomware group added Thales to its list of hacking victims in late October, giving the 1.6 billion-euro electronics, avionics, and troop transport maker until Nov. 7 to pay a ransom. Among the 9.5 gigabytes of records listed by hackers are Thales' account files, details regarding software applications, and other data that LockBit describes as "high-risk and confidential." Thales says the source of the leak is likely the compromised user account of an online partner collaboration site. (Akshaya Asokan / Data Breach Today)
A civil lawsuit was filed in Thailand against Israeli spyware company NSO Group for violating the rights, including privacy, of eight people whose phones were infected by Pegasus, the first lawsuit the company faces in Southeast Asia.
Earlier this year, Thai organizations, Internet Law Reform Dialogue (iLaw) and DigitalReach, supported by forensic research from Canadian Citizen Lab, released a report documenting Pegasus infections in the devices of 35 victims — including 24 activists, mostly students from the pro-democracy youth movements, who have been critical of the government and the monarchy. (Access Now)
Some users who installed the KB5019509 update in Windows 10 or 11 were unable to reconnect to Direct Access after temporarily losing connectivity with the network or transitioning between Wi-Fi networks or access points, Microsoft wrote in its Windows Health Dashboard.
Direct Access allows remote workers to connect to resources on the corporate network without using traditional VPN connections. It's designed to ensure that remote clients are always connected without having to start and stop connections. IT administrators can also remotely manage client systems using Direct Access when running and connected to the internet.
Microsoft is using the Known Issue Rollback (KIR) tool to address the problem, which might take up to 24 hours to find its way into non-managed business systems and any consumer devices using the system. Restarting the affected Windows device could speed up the timeframe. (Jeff Burt / The Register)
Researchers at Symantec say that a cyberespionage threat actor tracked as Billbug (a.k.a. Thrip, Lotus Blossom, Spring Dragon) has been running a campaign targeting a certificate authority, government agencies, and defense organizations in several countries in Asia.
The CA authority targeting would have allowed Billbug to deploy signed malware, making it more difficult to detect or decrypt HTTPS traffic. Symantec hasn’t determined how Billbug gains initial access to the target network,s but they have seen evidence of this happening by exploiting public-facing apps with known vulnerabilities. (Bill Toulas / Bleeping Computer)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.