TikTok Confirms Some China-Based Employees Can Access US User Data

TikTok, the viral video-sharing app owned by China’s ByteDance, said certain employees outside the US can access information from American users, stoking further criticism from lawmakers who have raised alarms about the social network’s data-sharing practices. From a report: The company’s admission came in a letter to nine US senators who accused TikTok and its parent of monitoring US citizens and demanded answers on what’s becoming a familiar line of questioning for the company: Do China-based employees have access to US users’ data? What role do those employees play in shaping TikTok’s algorithm? Is any of that information shared with the Chinese government?

Currently, China-based employees who clear a number of internal security protocols can access certain information on TikTok’s US users, including public videos and comments, TikTok Chief Executive Officer Shou Zi Chew said in the June 30 letter obtained by Bloomberg News. None of that information is shared with the Chinese government, and it is subject to “robust cybersecurity controls,” he said. The social network said it’s working with the US government on strengthening data security around that information — particularly anything defined as “protected” by the Committee on Foreign Investment in the US, or CFIUS.

Facial recognition in Oz

Despite concerns from privacy advocates, Australia is currently the only democracy in the world that uses facial recognition technology to aid Covid-19 containment procedures. Police ensure that Western Australian citizens are following the seven-day quarantine rule by sending periodic text messages that require the quarantined person to send a response in the form of a selfie within 15 minutes. The police then use GPS tracking and facial recognition tech to determine if the person is really at home. (If they are not, the police show up at the door to issue a citation.) 

US publisher Macmillan confirms cyberattack forced systems offline

Macmillan, one of the largest book publishers in the U.S., said it has been hit by a cyberattack that forced it to shut down its IT systems. 

Jon Raper named CISO at Costco













Jon Raper named CISO at Costco | Security Magazine

Red Hat Security Advisory 2022-5481-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Red Hat Security Advisory 2022-5477-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Red Hat Security Advisory 2022-5469-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Red Hat Security Advisory 2022-5472-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Red Hat Security Advisory 2022-5479-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Red Hat Security Advisory 2022-5474-01

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

A Day In the Life with Tier 3 SOC Analyst, Vin Munk

I’m Vin (he/him)! I live in the Tech Center area of Denver with my best friend, a Doberman mix named Benelli. I have an Associate’s degree and gunsmithing certificate from Colorado School of Trades, and I most recently got my diploma from SecureSet Academy which landed me in cybersecurity.

I Know What You Read Last Summer: How SAP Read Access Logging Can Help Identify Data Theft 

I Know What You Read Last Summer: How SAP Read Access Logging Can Help Identify Data Theft 

Inching Toward Defend Forward

The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless. Even as threat actors like ransomware groups face growing pressure from law enforcement, it is clear that the rule of law will not be enough to stop the scourge, as much as governments try to indict their way out of advanced persistent threats. Organizations must look for other, more proactive ways to fight and prevent this type of attack. The Cyberspace Solarium Commission recommends incorporating a ‘defend forward’ stance as a component of achieving a layered defense.

Scammers used phishing QR codes to hijack QQ accounts | Kaspersky official blog

Folks today are generally mostly aware that clicking links from questionable sources, for example in e-mails, isn’t a good idea. However, when it comes to scanning QR codes, people are often much less vigilant. In fact, QR codes can be even more dangerous: while you can check a link with your own eyes before clicking, that’s not the case with a QR code. So perhaps this story about a phishing QR-code attack in China shouldn’t come as a surprise.

The Fog

Recent advances in synthetic biology, soft robotics, AI, and genetic engineering make it clear that the line between technology and biology is becoming more and more difficult to trace. If an AI can be sentient and a slime mold can solve computational challenges, then what does it mean, exactly, to be alive? Elvia Wilk’s surreal, sensuous tale of biobots and their keepers gets to the heart (and nose) of the matter. — The Eds

Cybersecurity experts question Microsoft’s Ukraine report

Written by

AMD held to ransom by gang that claims 450GB of data has been stolen

Semiconductor giant AMD says that it is investigating what claims to be a major data breach of its network, that saw a group of online criminals steal 450GB of data from its systems.

Police Tactic of Sweeping Google Searches To Find Suspects Faces First Legal Challenge

An anonymous reader quotes a report from NBC News: A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers. In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google’s records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. Two of them, including the 17-year-old, are being tried as adults; they both pleaded not guilty. The defendant in juvenile court has not yet entered a plea. The 17-year-old’s lawyers say the search, and all evidence that came from it, should be thrown out because it amounted to a blind expedition through billions of Google users’ queries based on a hunch that the killer typed the address into a search bar. That, the lawyers argued, violated the Fourth Amendment, which protects against unreasonable searches.