Subject: Weakness in Microsoft Office 365 Message Encryption could expose email contents
Source: Help Net Security
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain sensitive information.OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook (ECB) implementation – a mode of operation known to leak certain structural information about messages.
Attackers able to obtain enough OME emails could use the leaked information to partially or fully infer the contents of the messages by analyzing the location and frequency of repeated patterns in individual messages, and then matching these patterns to ones found in other OME emails and files.
Because there is no fix from Microsoft or a more secure mode of operation available to email admins or users, WithSecure recommends avoiding the use of OME as a means of ensuring the confidentiality of emails.
Source: CRS in Focus via beSpacific
CRS in Focus – Data Protection and PrivacyLaw: An Introduction, Updated October 12, 2022 – “Recent controversy surrounding how third parties protect the privacy of individuals in the digital age has raised national concerns over legal protections of Americans’ electronic data. The current legislative paradigms governing cybersecurity and data privacy are complex and technical and lack uniformity at the federal level. This InFocus provides an introduction to data protection laws and an overview of considerations for Congress.(For a more detailed analysis, see CRS Report R45631, Data Protection Law: An Overview, by Stephen P. Mulligan, Wilson C. Freeman, and Chris D. Linebaugh.)
Abstracted from beSpacific
Copyright © 2022 beSpacific, All rights reserved.
The Chinese government is using its investments in surveillance technologies to advance “both its ambitions of becoming a global technology leader as well as its means of domestic social control,” according to a report released by the Atlantic Council on Monday.The report, authored by Bulelani Jili—a non-resident fellow at the Atlantic Council’s Cyber Statecraft Initiative—noted that Beijing’s domestic surveillance system “is confined to its national borders,” but said that the Chinese companies that “make its surveillance state possible are now actively selling their tools abroad.”
These technologies—produced almost exclusively by companies funded by and tied to the Chinese government—enable Beijing to monitor its citizens through the collection of a vast array of personal data.
By allowing for the export of technologies underpinning its surveillance system to the Global South—particularly to African nations—the report said that Beijing is able to “expand and strengthen their political and economic influence worldwide,” while also empowering other countries to implement an authoritarian model of surveillance and control over their own citizens.
China’s growing sphere of influence around the world, coupled with its push to outcompete America in the production and development of new technologies, has led the Biden administration to issue warnings about Beijing’s growing threat to U.S. national security interests.
Subject: How Facebook Became the Internet’s Covid-19 Misinformation Hub
Texas Attorney General Ken Paxton announced the state is suing Google for allegedly collecting biometric data from millions of Texans without consent, his office said in a press release Thursday. The case is part of a recent flood of lawsuits against tech companies over biometrics, which measure physical characteristics like faces and fingerprints. But this new lawsuit makes an unusual and potentially gamechanging argument: Paxton alleges Google violated the privacy of people who aren’t even Google users.
A Google spokesperson said in a statement, “AG Paxton is once again mischaracterizing our products in another breathless lawsuit.”
Elaborating on specifics, the statement reads, “For example, Google Photos helps you organize pictures of people, by grouping similar faces, so you can easily find old photos. Of course, this is only visible to you and you can easily turn off this feature if you choose and we do not use photos or videos in Google Photos for advertising purposes. The same is true for Voice Match and Face Match on Nest Hub Max, which are off-by-default features that give users the option to let Google Assistant recognize their voice or face to show their information. We will set the record straight in court.”
Subject: TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens
Forbes: “…The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang. The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices. TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.” But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens…