Security News
As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic," Claroty security researcher Uri Katz said in a report.
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus.
The NYPD has rejected 93 percent of the advice from an independent oversight body, the Department of Investigations' Office of the Inspector General for the force about how to comply with the law. These include recommendations like identifying the organizations with which NYPD shares surveillance data: "NYPD should identify in each IUP each external agency, by name, with which the Department can share surveillance data."
Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics. On Thursday, the French National Assembly adopted Article 7 of the pending bill, which authorizes automated analysis of surveillance video from fixed and drone cameras.
A Catholic clergy conformance organization has reportedly been buying mobile app tracking data to identify gay priests, and providing that information to bishops around the US. The group, Catholic Laity and Clergy for Renewal, was formed in Colorado in 2019 and relocated its principal office to Casper, Wyoming in April, 2020, according to Colorado State business records [PDF]. The Washington Post on Thursday said that it learned of CLCR's app data acquisition program from two people with first-hand knowledge of the program, heard an audio recording of group president Jayd Henricks discussing it, and saw documents supporting the allegations.
An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. DrayTek Vigor devices are business-class VPN routers used by small to medium-size organizations for remote connectivity to corporate networks.
A Chinese high-altitude surveillance balloon, spotted drifting over the US, has caused concern about national security - but the Department of Defense says it will not be shot down by F22s at this time. "The United States Government has detected and is tracking a high altitude surveillance balloon that is over the continental United States right now," read a statement from Pentagon press secretary brigadier general Pat Ryder.
Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general's office created in 2014.
The Cyberspace Administration of China has preempted celebrations for Lunar New Year - the Year of the Rabbit* commences on January 22 - by warning citizens to keep evidence of seasonal overindulgence off the internet. The internet regulator warned it will investigate and take action on online flaunting of wealth and overeating during the seasonal celebrations that are marked with displays of generosity and abundance.
The U.S. Federal Communications Commission formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "Unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021.