Pete Recommends – Weekly highlights on cyber security issues, November 5, 2022

Subject: Public Entities in Nearly Every State Use Federally-Banned Foreign Tech, Report Says
Source: Nextgov
https://www.nextgov.com/cybersecurity/2022/10/public-entities-nearly-every-state-use-federally-banned-foreign-tech-report-says/378957/

A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.

The report, which examined public government procurement records provided by GovSpend, found that at least 1,681 state and local entities in 49 states purchased information and communications technology and services, or ICTS, from five banned Chinese companies between 2015 and 2021.

Section 889 of the 2019 National Defense Authorization Act prohibited federal agencies from using technologies or services provided by those five Chinese companies—Huawei, ZTE, Hikvision, Dahua and Hytera—as well as from working with any contractors that use equipment from those firms. As the report noted, Section 889 “is the first and most well-known regulation targeting foreign ICTS on the grounds of national security.”

Topics:


Subject: Thomson Reuters collected and leaked at least 3TB of sensitive data
Source: Cybernews
https://www.bespacific.com/thomson-reuters-collected-and-leaked-at-least-3tb-of-sensitive-data/

cybernews: “Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.

Filed in Cybernews: https://cybernews.com/security/


Subject: 2023 Privacy Guide
Source: LLRX
https://www.llrx.com/2022/10/2023-privacy-guide/

By Marcus P. Zillman, 30 Oct 2022The fundamental concept of privacy has changed dramatically as more individuals have shifted most of their data to online platforms. There are however a wide range of personal, professional, corporate and legal issues that present significant barriers to the goal of maintaining privacy on the internet. Online privacy is not a right or even a choice when you use email, browsers and search engines, social media, ecommerce sites, online subscriptions…the list goes on and on. Trying to achieve even a modicum of online privacy now involves the use of multiple applications and services, specific software and hardware, time, due diligence, and flexibility – as the challenges continue to evolve. This pathfinder will assist in your efforts to secure additional privacy when using email, conducting research, while on social media, completing online learning programs, transferring health records, shopping online, and with many other online services and system with which you interact daily. Even if you only choose to start using several applications or services that are referenced, this will establish a foundation on which you can build and execute a more effective privacy and security plan. Think about starting with choosing a new browser, search engine and email provider, and move forward from there. This is a journey, and it will take time, but it is worth the effort.

Posted in: Email, Email Security, KM, Privacy, Social Media


Subject: Pete Recommends October Categories
Source: LLRX
https://llrx.com/

Pete Recommends weekly postings have a list of Categories which can be linked to see the other articles (not just Pete Recommends) in LLRX.COM. Those categories are curated by the LLRX editor Sabrina Pacifici, creator of beSpacific and LLRX: Here is a compendium of those Categories for October:Posted in: AI, Big Data, Criminal Law, Cybercrime, Cybersecurity, Government Resources, Healthcare, KM, Legal Research, Privacy, Social MediaPosted in: Cybersecurity, Privacy, Social Media


Subject: Malicious App Developer Remains on Google Play
Source: Gizmodo
https://gizmodo.com/google-play-phishing-malicious-apps-1849731818

Google is still failing to catch malicious apps from being listed on its app store, but it seems that some developers that have been cited aren’t even being kicked off the platform. Security software company Malwarebytes reported Tuesday that four apps listed by developer Mobile apps Group contain a well-known malware used to steal users’ information. As of the time of reporting, all four apps are still listed on Google Play Store.Worse still, Malwarebytes wrote that the developer in question has been found deploying malware in its apps before, yet they’re still able to list their apps on Google’s main app store.The apps are listed by the company Mobile apps Group, whose listing on Play Store includes the tagline “Using the smart app, you guarantee a strong and reliable Bluetooth pairing with any device.” The apps include:

  • Bluetooth Auto Connect
  • Driver: Bluetooth Wi-Fi, USB
  • Bluetooth App Sender
  • Mobile transfer: smart switch

Filed: https://gizmodo.com/tech/privacy-and-security


Subject: TikTok allows employees in China to access European data
Source: UPI.com
https://www.upi.com/Top_News/World-News/2022/11/03/eu-tiktok-china-user-data/6841667490597/

Nov. 3 (UPI) — TikTok employees are able to see data from European users, the China-based company said in a notification of privacy policy updates.”We allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States remote access to TikTok European user data,” read a statement from Elaine Fox, Head of Privacy for Europe at TikTok.

Though TikTok has claimed to protect user data, a series of reports have cast doubt on that assertion. In June, BuzzFeed reported that sensitive U.S. user data, like birthdays and phone numbers, had been repeatedly accessed by employees in China.

Brendan Carr, one of the commissioners at the Federal Communications Commission told Axios that the Council of Foreign Investment in the United States should take action to ban TikTok. “I don’t believe there is a path forward for anything other than a ban,” Carr said.

Carr contacted Apple and Google asking them to remove TikTok and Bytedance apps from their app stores due to concerns about user privacy.

Posted in: Big Data, Cybersecurity, Email, Information Management, KM, Privacy, Search Engines, Search Strategies, Social Media, Technology Trends