Investigating the Security of TikTok and ByteDance: Comments on a U.S.-based Attack on Russian Suicide Drones

The security of TikTok data has been a broadly-cited concern about the platform for years, especially for US lawmakers concerned about the Chinese government’s access to data about US citizens. After a June report from BuzzFeed News alleged that US user data had been accessed from China, TikTok CEO Shou Zi Chew wrote a letter to Republican critics addressing how the company planned to keep American user data separate from ByteDance.

The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” Forbes claims that its report was based on the materials it reviewed but didn’t include details about who was going to be tracked or why.

As the conflict in Russia drags on, Ukrainian forces have proved their resilience by mounting intense counterattacks on Kremlin forces. As the conflict develops, it’s entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. With Russian president Vladimir Putin escalating his rhetoric about the potential for a nuclear strike, and NATO officials watching closely for any signs of movement, we examine what indicators are available to the global community in assessing whether Russia is actually preparing to use nuclear weapons.

Tikto Dance America’s Data Security Roundup: Why We Need More Than One Server, And Why We Shouldn’t Forget About It

Researchers are worried that the platform isn’t getting the development resources it needs, and customers should seriously consider moving to cloud email hosting. New research examines how the custodians of encyclopedia prevent state sponsored campaigns from entering their entries.

If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. They are able to target under-funded sectors like health care and education with little more than a few operations. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.

But wait, there’s more! We highlight the news that we did not cover. Click on the headline to read the full story. Stay safe out there.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

The United States will be an Energy Star for IoT Security: Towards Labeling a Low Cost Internet of Things Devices with Security Labels

Microsoft said this week that a misconfiguration exposed the data of some prospective customers of its cloud services. The leak of information from the threat intelligence firm to Microsoft was quickly closed. SOCRadar said in a report that the exposed information stretched back to as far as 2017 and up to August of this year. The researchers linked the data to more than 65,000 organizations from 111 countries. According to Microsoft, there were exposed details such as names, company names, phone numbers, email addresses, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk and have led to many exposures.

There are no easy answers to improve the longstanding security dumpster fire created by cheap, undefended internet of things devices in homes and businesses around the world. Adding security labels to internet-connected video cameras, printers, toothbrushes, and more has been done in countries like Singapore and Germany after many years of problems. The labels give consumers a better understanding of the protections that come into different devices and give manufacturers an incentive to improve their practices. This week, the United States took a step in this direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their home is safe, and encourage manufacturers to meet higher cybersecurity standards, and retailers to market secure devices, said a National Security Council spokesman.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

Implications of a Supreme Security Breakdown on WikiLeading: State-Level Measures to Restrict TikTok Use in the United States

The Washington Post has learned that the FBI seized sensitive information about the nuclear program of Iran as well as the United States’ own intelligence operations in China during a raid on Donald Trump’s Mar-a-Lago estate in Florida this summer. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could possibly be used to retaliate against the US.

Some leading Democrats have also raised concerns over the years. And none of this is to say that there aren’t real issues with TikTok related to data privacy protections and its all-powerful algorithm, where small tweaks could dramatically influence the public discourse on a number of subjects. Those types of concerns, however, are already being reviewed by the Committee on Foreign Investment. But the type of action being taken by Republicans seems more geared toward playing to their base than anything else.

The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.

The legislation comes as a wave of states led by Republican governors have introduced state-level restrictions on the use of TikTok on government-owned devices. Maryland, South Dakota and Utah are three of the seven states that have introduced measures in the past two weeks.

The US government and TikTok have been negotiating a potential deal for years that would allow the app’s continued use in the US and address national security concerns.

McQuaide said that they would continue to brief members of Congress on the plans that had been developed under the oversight of the country’s top national security agencies.

“It’s a mystery, but an unsolved mystery”: The most recent issue of the “Reliable Sources” newsletter

A version of this article first appeared in the “Reliable Sources” newsletter. The evolving media landscape is chronicled in the daily digest.