India’s foreign ministry leaks passport details
The publication Cybernews reports the Global Pravasi Rishta Portal, a platform for expats run by the Ministry of External Affairs of India, exposing personal information. Using a browser’s “edit” function, any registered user could access details to any other user by changing their user ID. This exposed names, email addresses, phone numbers and passport numbers in plaintext. Cybernews reached out to the Ministry of External Affairs about the leak. It didn’t receive a reply, but the issue appeared fixed within a week.
Cloudflare Zero Trust suite available to at-risk groups
The internet infrastructure company already offers free enterprise-level cybersecurity services to journalists, activistis, humanitarian groups, and election services through its Project Galileo and Athenian Project initiatives. Now it’s adding its Cloudflare One Zero Trust security suite. This will monitor traffic and continuously validate users at all stages of digital interactions while on protected networks. This also supports DNS filtering and HTTP inspection and isolation to catch and filter phishing attempts. Over 10,000 organizations globally already use its Zero Trust platform.
Greece outlaws spyware
Lawmakers in Greece approved new legislation to ban commercial spyware in the country, as well as reforming rules around wiretaps. Use, sale, or distribution of spyware in the country now carries a two-year minimum prison sentence. This ban doesn’t come out of the blue. Back in August, politician Nikos Androulakis (An-dro-U-lake-is) said he had been targeted by Predator spyware by the country’s National Intelligence Service in September 2021. Subsequent reporting alleged that spyware was used against other politicians and journalists.
(AP News)
Ransomware takes down cash registers
Over the Black Friday holiday shopping weekend, shoppers at the sports retail chain Intersport in France saw signs that a cyberattack prevented using cash registers, gift cards, and loyalty programs. Since the incident, the Hive ransomware group took credit for the attack, publishing data claimed to have been stolen from the retailer on its leak site. It’s not clear if Intersport paid Hive a ransom. The company said it didn’t believe the attacks accessed any customer data. This is another cybersecurity black eye for Interpsort, which saw it host a Magecart payment skimmer on its website back in 2020.
Thanks to today’s episode sponsor, Fortra
Chipmaking exports to China get tighter
Bloomberg’s sources say Japan and the Netherlands agreed in principle to join the US with tighter export controls on advanced chipmaking equipment to China, impacting 14nm and newer chipmaking processes. This would block access to tools from the Dutch lithography specialist ASML and Japan’s Tokyo Electron, critical suppliers in the chipmaking industry. A formally announcement from the three countries should arrive in the coming weeks. Once enacted, this would represent a near-total blockage on leading-edge chip equipment to China.
Twitter rolls out crowd-sourced fact checking
Over the weekend Twitter began rolling out its crowd-sourced Community Notes feature to all users globally. The feature began testing last year under the name Birdwatch. Previously only US users could see notes. Twitter will soon start enrolling Community Notes contributors from users outside the US to submit and vote on notes. This comes as Twitter also began relaunching its Twitter Blue subscription service, which will offer additional checks against impersonating other accounts.
(Engadget)
Google refuses request over Hong Kong protest anthem
Last month, the Asia Rugby Association played the song “Glory to Hong Kong” during the finals of its tournament in South Korea. The song is an unofficial anthem of the 2019 pro-democracy protests. Organizers blamed human error for playing the song, saying it was the top search result in Google for Hong Kong’s anthem. Hong Kong security secretary Chris Tang requested Google replace the top result with China’s national anthem, but said Google denied the change as its results are entirely algorithmically generated. China banned “Glory to Hong Kong” in 2020 as part of a sweeping national security law.
(Reuters)
China’s deepfake rules set to go into effect
The Cyberspace Administration of China issued regulations, forbidding the use of “deep synthesis service providers” to alter facial or voice data, known as “deepfakes,” without consent. The new rules go into effect January 10th. Chinese regulator said the move was meant to protect people from being impersonated and to prevent the spread of misinformation. It also said the move would spur deep learning and virtual reality industries toward more healthy development.
(Reuters)