#DataPrivacy

In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations

by

December 13, 2024 at 08:36AM SecurityWeek’s roundup highlights key cybersecurity stories, including China’s Salt Typhoon espionage revealing phone call recordings, WhatsApp’s fixed View Once feature, and Russia’s Secret Blizzard attacks in Ukraine. Notable developments include MITRE’s evaluations, Gen Digital’s $1 billion acquisition of MoneyLion, and Yahoo’s layoffs in its cybersecurity team. ### Key Takeaways from … Read more

Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement

by

December 12, 2024 at 08:42AM Chinese law enforcement has utilized a surveillance tool called EagleMsgSpy since at least 2017 to collect data from Android devices via physical access. Developed by Wuhan Chinasoft Token Information Technology Co., it gathers sensitive information such as SMS, call logs, and GPS data, linked to public security bureaus in China. … Read more

New EagleMsgSpy Android spyware used by Chinese police, researchers say

by

December 11, 2024 at 04:06PM A new Android spyware, EagleMsgSpy, developed by Wuhan Chinasoft Token, facilitates surveillance by Chinese law enforcement. Operational since 2017, it targets various data types, including messages and location. Evidence ties it to public security bureaus, suggesting systematic government use. An iOS version is suspected but unverified. ### Meeting Takeaways: EagleMsgSpy … Read more

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

by

December 11, 2024 at 10:36AM A new technique exploits Windows UI Automation to conduct malicious activities undetected by endpoint security. It allows for command execution, data theft, and access to messaging apps. Additionally, recent research highlights vulnerabilities in the DCOM protocol, enabling attackers to remotely write and execute payloads, creating embedded backdoors on target machines. … Read more

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

by

December 11, 2024 at 07:30AM Cybersecurity researchers revealed the EagleMsgSpy surveillance program, allegedly used by Chinese police since 2017, to gather extensive data from mobile devices. Operating through an installer and a headless client, it captures messages, call logs, and location data, requiring physical access to activate. It targets law enforcement applications, indicating its serious … Read more

Governments, Telcos Ward Off China’s Hacking Typhoons

by

December 11, 2024 at 02:06AM Telecommunications firms globally, including in the US, Asia-Pacific, and MENA regions, are targets of Chinese-sponsored cyberattacks, such as those from Salt Typhoon and Volt Typhoon. Experts warn that nations should enhance security measures and adopt encryption to protect communications, as foreign intrusions threaten network privacy and integrity. ### Meeting Takeaways … Read more

How Chinese insiders are stealing data scooped up by President Xi’s national surveillance system

by

December 8, 2024 at 12:09PM Chinese tech company employees and government workers are involved in a booming black market for user data, including sensitive information from high-ranking officials. This illegal ecosystem thrives on scams and fraud, using data harvested through state surveillance and compromised systems, raising significant privacy risks for individuals in China. ### Meeting … Read more

Facing sale or ban, TikTok tossed under national security bus by appeals court

by

December 6, 2024 at 05:05PM A US appeals court upheld a law preventing foreign control of apps like TikTok, risking its operation in the US by January 19, 2025, unless overturned. ByteDance plans to appeal, citing constitutional rights. Concerns about data privacy and security from TikTok’s Chinese ownership were central to the ruling. **Meeting Takeaways:** … Read more

Ethyca Raises $10 Million for Data Privacy Platform

by

December 6, 2024 at 08:14AM Ethyca, a data privacy and AI governance platform, raised $10 million, totaling over $37 million since its founding in 2018. The funding, led by Aspenwood Ventures and AVP, will enhance product capabilities and expand its team. Ethyca’s platform aids organizations in managing data visibility, compliance, and privacy requests efficiently. ### … Read more

Chemonics International Data Breach Impacts 260,000 Individuals

by

December 5, 2024 at 07:01AM Chemonics International has notified over 260,000 individuals about a data breach compromising personal information, including names, addresses, and Social Security numbers. Discovered on December 15, 2023, investigators found attackers had accessed data from May 2023 to January 2024. Chemonics is offering 24 months of free identity protection services. ### Meeting … Read more