Farewell news from Hong Kong - The new Hong Kong Security Law

Beijing's national security law is already having an impact, pushing activists to take self-protection measures such as resignations, dissolutions of organizations and deletion of social media accounts. The law package could finally destroy the city's democratic hopes.

The new security law (👇🏼PDF) has 66 articles and provides for sentences ranging from ten years to life imprisonment for the new offences of secession, subversion, terrorism and participation in outside interference.

👉🏼 PDF 🇬🇧:
https://www.gld.gov.hk/egazette/pdf/20202444e/es220202444136.pdf

Read more 🇩🇪:
https://netzpolitik.org/2020/repression-gegen-demokratiebewegung-abschiedsnachrichten-aus-hongkong/

#FreeHongKong #democratic #netpolitics #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

They steal your Facebook

New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins. This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps:

https://www.evina.com/they-steal-your-facebook/

#cybersecurity #malware #google #playstore #apps #fb #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data.

👉🏼 Read more:
https://krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/

#cybercrime #covid #breach #payment #card #data
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Espionage software: China is said to have surveilled mobile phones of Uighurs for years

IT security researchers have found numerous apps that spy on China's Uighur Muslim minority - even abroad.

The Uyghur Muslim minority in China lives in a surveillance state: As reported by the SZ, among others, Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, and Uyghurs are sent to re-education camps. Only a few days ago the news agency AP reported that China is also trying to keep the Muslim population under control with drastic birth control.

👉🏼 PDF:
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf

#china #Xinjiang #uyghurs #surveillance #smartphones #apps #malware #pdf #study #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

/e/ Phone Review: Out-of-the-Box Privacy?

The /e/ foundation aims to offer out-of-the-box security and privacy competing directly against Google's Android and Apple's iOS. Does it compete? Is it secure? Is it private? Is their ecosystem good? Find out in this video review!

👀 https://invidio.us/watch?v=CgkuNbtoQc8

#e #review #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

5 Serious Flaws in the New Brazilian “Fake News” Bill that Will Undermine Human Rights

On Tuesday night (6/30), the Brazilian Senate approved the “PLS 2630/2020”, the so-called “Fake News” bill. A final amendment cut back on article 7 “Account Registration” so that mandatory identification no longer applies to all users and is, in principle, optional in general. Under the revised text, companies "may" demand identification from users where there are complaints of non-compliance with the "fake news" law, or when there is reason to suspect they are bots, are behaving inauthentically, or assuming someone else's identity. The companies are also expected to create some means of detecting fraud in account creation. These new provisions seem to match most companies' existing practices but may be expanded to also include those new obligations established in the "fake news" bill.

👉🏼 PDF:
https://legis.senado.leg.br/sdleg-getter/documento?dm=8127649

👉🏼 Read more:
https://www.eff.org/deeplinks/2020/06/5-serious-flaws-new-brazilian-fake-news-bill-will-undermine-human-rights

#brazil #FakeNews #HumanRights #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

When Google listens to you breathe

The world's largest data company could soon gain access to millions of fitness trackers by purchasing Fitbit. The NGO Privacy International explains why it wants to prevent this.

How much does Google know about us? In other words: Is there anything that Google doesn't know about us? Through our searches on Google and YouTube, the company knows our interests. It potentially knows what we think. And through applications like Google Maps, it may even know where we are at all times.

On 15 June, the Google Group informed the European Commission of its plan to acquire Fitbit, a manufacturer of smart watches and fitness trackers. The Commission now has until 20 July to examine the transaction.

Google buys health data treasure
The planned acquisition of Fitbit could give Google access to health data of millions of people. The processing of sensitive data is strictly regulated by EU law - actually. The takeover could violate the rights of billions of people, although many of them have never heard of Fitbit.

Fitbit's products range from simple pedometers to devices that record calorie consumption, breathing and heart rate. Fitness data provides detailed analysis of, for example, sleep patterns, and the devices also allow users to know if they are menstruating or have had unprotected sex. A large part of Fitbit's value lies in this health data.

In the past, Fitbit has constantly expanded its database through new acquisitions. The company has also recently entered into lucrative partnerships with health insurance companies.

💡 Read more 🇬🇧 🇩🇪:
https://www.privacyinternational.org/news-analysis/3962/pass-notes-proposed-google-fitbit-merger

https://netzpolitik.org/2020/fitbit-uebernahme-wenn-dir-google-beim-atmen-zuhoert/

👉🏼 BLOCK THE GOOGLE/FITBIT MERGER!
https://action.privacyinternational.org/civicrm/petition/sign?sid=7&reset=1

#google #DeleteGoogle #Fitbit #healthdata #Datenschutz #ourdata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

PWDB - New generation of Password Mass-Analysis

One out of every 142 passwords is '123456'

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.

👉🏼 PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public

👉🏼 Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/

#passwords #study #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

ACM calls for governments and businesses to stop using facial recognition

An Association for Computing Machinery (ACM) tech policy group today urged lawmakers to immediately suspend use of facial recognition by businesses and governments, citing documented ethnic, racial, and gender bias. In a letter (👇🏼 PDF) released today by the U.S. Technology Policy Committee (USTPC), the group acknowledges the tech is expected to improve in the future but is not yet “sufficiently mature” and is therefore a threat to people’s human and legal rights.

💡 PDF:
https://www.acm.org/binaries/content/assets/public-policy/ustpc-facial-recognition-tech-statement.pdf

👉🏼 Read more:
https://venturebeat.com/2020/06/30/acm-calls-for-governments-and-businesses-to-stop-using-facial-recognition/

#acm #StopFacialrecognition #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Anonymous Hackers Target TikTok: ‘Delete This Chinese Spyware Now’

“Delete TikTok now,” the account tweeted today, July 1, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

https://twitter.com/YourAnonCentral/status/1278204068175818752?s=20

https://www.forbes.com/sites/zakdoffman/2020/07/01/anonymous-targets-tiktok-delete-this-chinese-spyware-now/

#anonymous #hacked #TikTok #DeleteTikTok
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Facebook once again accidentally reveals user data

5000 developers were able to access user data from Facebook via some apps, which they were not supposed to get. The leak is fixed.

About 5000 developers had access to user data from Facebook, which they should not have been able to see. Actually, the social network has a ban on information from app users that have been inactive for more than 90 days. Actually, that didn't work.

These are apps that users have logged into with their Facebook account. App developers then get access to information such as birthday, email addresses, friend lists and location. After the Cambridge Analytica scandal, in which millions of data were tapped and used for political purposes, Facebook had restricted this access.

Now it has been noticed, says a Facebook blog post, that this 90-day limit did not always last. Nevertheless, some developers continued to gain insights. "This can happen when someone has used a fitness app to invite friends to a workout about it. We didn't notice that some of the friends were inactive for months," explains Facebook. The company doesn't say how many users are affected by this. The data leak has already been plugged. They still want to investigate the incident, but so far there are no indications of misuse of the information by third parties. "We have no indication that any information was shared that users didn't approve."

👀 https://about.fb.com/news/2020/07/improving-data-limits-simplifying-terms/

Read more 🇩🇪 🇬🇧:

https://www.cnet.com/news/facebook-shared-user-data-with-developers-after-access-should-have-expired/

https://www.heise.de/news/Facebook-gibt-einmal-mehr-aus-Versehen-Nutzerdaten-preis-4801943.html

#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Mark Zuckerberg is trying to sue families in Hawaii, to force my people to sell him our land. He even filed lawsuits against owners who are dead. Leave Hawaiian land in Hawaiian HANDS. Stop the white man from colonizing our island.

👀 https://twitter.com/fuckpiIIar/status/1278433319991074816

#DeleteFacebook #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Multi-million dollar online fraud: Nigerian Instagram Influencer Arrested

On Instagram he posed with luxury cars and reached millions. The money, however, was probably obtained by a Nigerian who had scammed the Internet.

A Nigerian Instagram influencer and several of his accomplices have been arrested in Dubai for millions of dollars of Internet fraud. Dubai police announced on Thursday that the FBI had thanked the authorities of the United Arab Emirates for the arrest and extradition to the USA. The man, together with accomplices, is said to have defrauded nearly two million victims over the Internet.

👉🏼 Source 🇬🇧:
https://www.facebook.com/126070364137174/posts/3126225064121674

👉🏼 Read more 🇩🇪:
https://www.heise.de/news/Millionenfacher-Online-Betrug-Nigerianischer-Instagram-Influencer-festgenommen-4805836.html

#nigeria #instagram #online #fraud
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Avoid Google apps spyware!

📡 @NoGoolag (links at @microGsupport)

★English Group:
https://t.me/joinchat/FyFlS0X2D7eDayZ4R4Gkzw

★Indonesian channels and group:
@microGindonesia
@StopGapps_id
https://t.me/joinchat/HVU5S1HNr9FuSwsX0vRCuQ

★Off-Topic Group:
In NoGoolag group, retrieve the saved note #ot to know

★Guide: t.me/NoGoolag/63
★Installers: t.me/NoGoolag/182

More software
📡 @Libreware

📡 @AuroraOfficial Aurora sw channel

💬 @AuroraSupport Aurora Store group (Foss playstore alternative)

💬 @AuroraDroid Aurora Droid group (F-Droid client)

💬 @AuroraOSS
Group to discuss upcoming Aurora projects (Contacts & Dialer, Aurora Services, Aurora Sync, Aurora Maps)

🦊 @qd_invitation
Firefox Configuration Hardening
DNScrypt Proxy Android
Mixplorer updates

News
📡 @cRyPtHoN_INFOSEC_EN
📡 @cRyPtHoN_INFOSEC_DE
📡@BlackBox

Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe

At a joint press conference today, French and Dutch law enforcement and judicial authorities, Europol and Eurojust presented the impressive results of a joint investigation team to dismantle EncroChat, an encrypted phone network widely used by criminal networks.

Over the last months, the joint investigation made it possible to intercept, share and analyse millions of messages that were exchanged between criminals to plan serious crimes. For an important part, these messages were read by law enforcement in real time, over the shoulder of the unsuspecting senders.

👉🏼 Read more:
http://www.eurojust.europa.eu/press/PressReleases/Pages/2020/2020-07-02b.aspx

#EncroChat #encrypted #network #busted #french #dutch #Europol #Eurojust
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Surveillance under Surveillance

Surveillance under Surveillance shows you cameras and guards — watching you — almost everywhere. You can see where they are located and, if the information is available, what type they are, the area they observe, or other interesting facts.

Surveillance under Surveillance uses data from OpenStreetMap contributors that is not visualized on the regular OpenStreetMap site.

👉🏼 https://sunders.uber.space 👈🏼

#surveillance #defense
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

New Trump Appointee Puts Global Internet Freedom at Risk, Critics Say

A battle involving Michael Pack and a U.S.-funded tech group revolves around software from Falun Gong, the secretive, anti-Beijing spiritual movement with pro-Trump elements.

WASHINGTON — When Michael Pack, a conservative filmmaker and ally of Stephen K. Bannon, recently fired the heads of four U.S. government-funded news outlets, many became alarmed that he would turn the independently operated organizations, as well as the Voice of America, into “Trump TV.”

But Mr. Pack, the new chief executive of the U.S. Agency for Global Media, also cleaned house last month at the lesser-known Open Technology Fund, an internet freedom group overseen by the agency Mr. Pack now runs.

Many worry that the move could have an even greater effect.

In less than a decade, the Open Technology Fund has quietly become integral to the world’s repressed communities. Over two billion people in 60 countries rely on tools developed and supported by the fund, like Signal and Tor, to connect to the internet securely and send encrypted messages in authoritarian societies.

After Mr. Pack was confirmed for his new post on June 4, following a personal campaign of support by President Trump, Mr. Pack fired the technology group’s top officials and bipartisan board, an action now being fought in the courts. A federal judge on Thursday ruled in Mr. Pack’s favor, a decision that plaintiffs will likely appeal.

On Friday, Mr. Pack appointed an interim chief executive, James M. Miles, to head the fund, according to a letter obtained by The New York Times. Mr. Miles is little known in the internet freedom community, and his appointment needs approval from the fund’s new board, which is stacked with Trump administration officials and chaired by Mr. Pack.

This battle revolves around software developed by Falun Gong, the secretive spiritual movement persecuted by the Chinese Communist Party.

Some Falun Gong members have become notable players in American politics. The Epoch Times, a newspaper started by Falun Gong practitioners, has spent millions of dollars on pro-Trump ads, including conspiratorial ones, on Facebook and YouTube — and was even banned by Facebook last year from buying more ads because it had tried to evade advertising rules.

Now, allies of Falun Gong are making a big push for the Open Technology Fund and the State Department to give money to some of the group’s software, notably Ultrasurf, developed about a decade ago by a Falun Gong member.

https://www.nytimes.com/2020/07/04/us/politics/michael-pack-china-internet.html

#thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Facebook, WhatsApp, Twitter Suspend Review of Hong Kong Requests for User Data

Action is taken ‘pending further assessment’ of China’s national-security law for territory, WhatsApp says

"Facebook’s WhatsApp messaging service has suspended its processing of requests for user data from Hong Kong law-enforcement agencies following China’s imposition of a national-security law on the city.

The company is “pausing” such reviews “pending further assessment of the impact of the National Security Law, including formal human rights due diligence and consultations with human rights experts,” a WhatsApp spokeswoman said in response to a Wall Street Journal query on Monday […]

Dubai-based Telegram Group Inc. said in a statement that was earlier reported by the Hong Kong Free Press that it doesn’t intend to process “any data requests related to its Hong Kong users until an international consensus is reached in relation to the ongoing political changes in the city.” A Telegram representative said in a statement that the company “has never shared any data with the Hong Kong authorities in the past.”

https://9to5mac.com/2020/07/06/whatsapp-and-telegram/

https://www.wsj.com/articles/whatsapp-to-suspend-processing-law-enforcement-requests-for-user-data-in-hong-kong-11594034580

#china #hk #fb #DeleteFacebook #wa #twitter
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

National Security Agency |Cybersecurity Information

Securing IPsec Virtual Private Networks

Many organizations currently utilizeIP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites andenable telework capabilities. These connections use cryptographytoprotect sensitive information that traversesuntrusted networks. To protect this trafficand ensure data confidentiality, it is critical that these VPNs use strong cryptography.This guidance identifiescommon VPN misconfigurations andvulnerabilities.

👀 PDF:
https://media.defense.gov/2020/Jul/02/2002355625/-1/-1/0/SECURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_EXECUTIVE_SUMMARY_2020_07_01_FINAL_RELEASE.PDF

#nsa #cybersecurity #IPsec #vpn #information #guide #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

U.S. looking at banning Chinese social media apps, including TikTok

(Reuters) - Secretary of State Mike Pompeo said on Monday that the United States is “certainly looking at” banning Chinese social media apps, including TikTok, suggesting it shared information with the Chinese government, a charge it denied.

“I don’t want to get out in front of the President (Donald Trump), but it’s something we’re looking at,” Pompeo said in an interview with Fox News.

U.S. lawmakers have raised national security concerns over TikTok’s handling of user data, saying they were worried about Chinese laws requiring domestic companies “to support and cooperate with intelligence work controlled by the Chinese Communist Party.”

Pompeo said Americans should be cautious in using the short-form video app owned by China-based ByteDance.

“Only if you want your private information in the hands of the Chinese Communist Party,” Pompeo remarked when asked if he would recommend people to download TikTok.

👀 Read more 🇬🇧:
https://www.reuters.com/article/us-usa-tiktok-china-pompeo/pompeo-says-u-s-looking-at-banning-chinese-social-media-apps-including-tiktok-fox-idUSKBN2480DF

👀 Read in 🇩🇪:
https://t3n.de/news/social-media-apps-china-visier-1297614

#DeleteTikTok #TikTok #usa #china #pompeo #ToddlerTrump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox