Tag Archives: Data Security

Is PADU Being Used To Monitor All Your Personal Data?!

Is the government using PADU – the Central Database Hub – to collect and monitor all of your personal data, including your banking information?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : PADU Lets The Government Monitor All Your Data!

People are sharing this message on WhatsApp and social media platforms, which claims or suggests that the new PADU Central Database Hub allows the government to collect and monitor all of your personal data, including your banking information!

Soon for everyone….. Government new method to monitor All Malaysian assets and income.. it’s called PADU.. it links all personal information from your Mycard to your passport to all your officials document’s , including insurance , property & land titles, Electric and water bills to JPJ vechical grant.
All your bank transitions, From PDRM summons including bank loans, credit cards, Business registration and accounts. even your phone SIM card.. In the future a Malaysian can’t even fart, Without the government’s knowledge

Recommended : PADU Central Database Hub : What You Need To Know!

 

Truth : PADU Does Not Let Government Monitor All Your Data

This appears to be yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms, and here are the reasons why…

Fact #1 : PADU Combines Existing Data

Malaysia introduced the PADU Central Database Hub – on Tuesday, 2 January 2024. Developed in just 7 months, PADU is designed to give the government a better way to distribute subsidies, and make other policy decisions going forward.

PADU accomplishes this by combining data from over 400 government agencies, and related organisations, into one central database, hence its name – Pangkalan Data Utama (PADU), or Central Database Hub in English.

The data that PADU stores was always there, just split up into databases owned and managed by different government agencies, and related organisations. All that PADU does is consolidate data from all those different sources into a central database.

Fact #2 : You Are Not Required To Register For PADU

The Malaysian government does not actually require you to register to access PADU. Registering for a PADU account is not mandatory.

In fact, the government has set a deadline limiting public access to PADU. Those who register for a PADU account can check, update, and add information, until 31 March 2024.

Whether you register your account or not, PADU already has your data. The data remains in PADU, even if you refuse to register for an account.

Recommended : How To Appeal Rejected eMADANI Application!

Fact #3 : PADU Has No Access To Banking Data

While PADU is designed to determine whether you qualify for subsidies and other government assistance, there are limits to what the PADU can collect.

Claims that PADU will give the government access to all of your “bank transactions” and data, including “bank loans, credit cards, business registration and accounts”, etc. are false.

That’s because the PADU Central Database Hub is forbidden from collecting banking data by the Banking and Financial Institutions Act 1989 (BAFIA).

Fact #4 : PADU Has No Access To Your SIM Card

Just to be clear – PADU has no access to your SIM card. It only has your mobile phone number.

For more information about the PADU Central Database Hub, please read our FAQ.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Former exec: China has backdoor access to TikTok data!

A former top ByteDance executive is alleging that the China has backdoor access to all TikTok data!

 

Former Exec : China Has Backdoor Access To TikTok Data!

A former top executive at ByteDance – TikTok’s parent company, has just claimed that it built a “backdoor channel” in its code to allow the Chinese Communist Party (CCP) supreme access to user data in TikTok.

This revelation came as part of the lawsuit that Roger Yu Yintao, filed against ByteDance for wrongful termination from his job as head of engineering in the United States. He says he worked there from August 2017 till November 2018.

In his lawsuit filed on May 12 at the San Francisco Superior Court, Roger Yu alleges that he was fired from his job for his “observation and reporting of illegal conduct” at ByteDance to his supervisors.

He said he observed ByteDance being “responsive to the CCP’s requests” to share, elevate, or even remove content”, describing the company as “a useful propaganda tool for the Chinese Communist Party”, and is engaged in a “culture of lawlessness”.

More shockingly, he claimed that the CCP has a special office in ByteDance, sometimes referred to as the “Committee”. Its task was allegedly to monitor ByteDance, and advise it on how to advance “core Communist values”.

He also claimed that the CCP “Committee” can demote content it viewed as unfavourable to China’s interests, and even has a “death switch” to turn off Chinese versions of its apps.

Roger Yu also claimed that he “saw the backdoor channel in the code”. If true, such a backdoor would give China and the CCP government unfettered access to all data in TikTok, no matter where the data is located.

The Committee maintained supreme access to all the company data, even data stored in the United States.

Recommended : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

Roger Yu Yintao (left) and ByteDance founder, Zhang Yiming, at ByteDance, 2015

Allegedly, ByteDance was “aware that if the Chinese government’s backdoor was removed from the international / US version of the app, the Chinese government would, it feared, ban the company’s valuable Chinese-version apps”.

Roger Yu also accused ByteDance of scraping data from its competitors – mainly Instagram and Snapchat, without users’ permission. He claimed that ByteDance used software to “systematically” collect videos from its competitors, and repost them to its own platform using fake accounts, without their creators’ permission.

 

ByteDance Denies Allegations Of Backdoor Access For China

A ByteDance spokesperson has denied the allegations laid out in Roger Yu Jintao’s lawsuit, claiming that he only worked for a short time on an unrelated app called Flipagram, which was discontinued for business reasons.

We plan to vigorously oppose what we believe are baseless claims and allegations in this complaint.

Mr. Yu worked for ByteDance Inc. for less than a year and his employment ended in July 2018.

According to earlier reporting of Roger Yu Yintao’s lawsuit, he realised that ByteDance had been engaged for years in a “worldwide scheme” to steal and profit from content created on other platforms soon after he began his job.

In response to those allegations, the ByteDance spokesperson said that the company is “committed to respecting the intellectual property of other companies, and we acquire data in accordance with industry practices and our global policy.”

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Microsoft : No More Windows 10 Updates, EOL In 2025!

Microsoft will no longer issue major Windows 10 updates, and will end support for the operating system in October 2025!

 

Microsoft : No More Windows 10 Updates, EOL In 2025!

On Thursday, 27 April 2023, Microsoft announced that it will no longer issue any further major Windows 10 update. The current 22H2 version that was released in October 2022, and entered broad deployment on November 18, 2022, would be the final version of Windows 10.

In addition, Microsoft announced that all editions of Windows 10 will reach the end of support on October 14, 2025.

  • Windows 10 Home
  • Windows 10 Pro
  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro Education
  • Windows 10 Pro for Workstations
  • Windows 10 IoT Enterprise

However, Microsoft will continue to issue monthly security update releases (including Windows Defender updates) until that EOL date.

Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles.

The only exception will be existing LTSC (Long Term Servicing Channel) releases – they will continue to receive updates beyond that EOL date, based on their specific lifecycles.

  • Windows 10 Enterprise LTSC 2019 : Jan. 9, 2029
  • Windows 10 IoT LTSC 2019 Core : Jan. 9, 2029
  • Windows 10 IoT Core LTSC : Jan. 9, 2029
  • Windows 10 Enterprise LTSC 2021 : Jan. 12, 2027
  • Windows 10 IoT Enterprise LTSC 2019 : Jan. 9, 2029
  • Windows 10 IoT Enterprise LTSC 2021 : Jan. 13, 2032

Microsoft also took the opportunity to announce that two Windows 11 LTSC releases will be available in the second half of 2024:

  • Windows 11 Enterprise LTSC
  • Windows 11 IoT Enterprise LTSC

Enterprise users who want to plan and test applications and hardware while waiting for a Windows 11 LTSC release, should start doing so with the current Windows 11 22H2 edition.

 

Microsoft : Please Upgrade Before Windows 10 EOL!

Microsoft is therefore encouraging users to transition to Windows 11, because it will no longer release any feature upgrades.

Despite Windows 11 being introduced over 1.5 years ago, many Windows 10 users still refuse to upgrade / migrate to Windows 11.

According to the both Steam Store’s March 2023 and StatCounter’s survey, more than 73% of Windows-based PCs are still running on Windows 10!

On its part, Microsoft stopped selling Windows 120 downloads in January 2023, but until Microsoft starts cutting off security updates in October 2025, there will be little impetus for Windows 10 users to migrate to Windows 11.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MSI Hit By $4 Million Ransomware Attack + Data Theft!

MSI just got hit by a massive ransomware attack, but even worse – it lost a ton of critical data to the hackers!

 

MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Read more : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

 

Hackers Demand $4 Million From MSI To Not Release Stolen Data

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang.

While MSI has apparently restored files encrypted by Money Message’s ransomware, the gang now has access to about 1.5 terabytes of critical MSI data.

According to BleepingComputer, chats between Money Message and an MSI representative show the gang demanding a ransom payment of $4 million. Otherwise, Money Message will release the stolen files.

To show that they did indeed steal those MSI files, Money Message posted screenshots of what they describe was MSI’s Enterprise Resource Planning (ERP) databases and files containing software source code, private keys, and BIOS firmware.

Recommended : Can Approve New Participant block WhatsApp hackers?!

If Money Message releases MSI confidential data, it may not just be embarrassing for the Taiwanese company, it could allow other threat actors to use the source code and private keys to create malware targeting their customers.

In light of that, MSI users should only download and install software or BIOS firmware from the official MSI website.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

 

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification  

The risk control account has not been verified. The system will cancel the account after 24 hours! 

Personal Information Authentication:[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

  • Do NOT ask questions like “Are you really Sarah??
  • Do NOT ask questions that can be answered by reading previous chat messages.
  • Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?
  • Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Read more : How To Turn On Two-Step Verification In Telegram!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why Leaked Data Did Not Show Pfizer Vaccine Would Kill!

Did leaked data show that Pfizer knew that its COVID-19 vaccine would kill people who took it?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Leaked Data Show Pfizer Knew Vaccine Would Kill!

People have been sharing a photo of The Irish Light newspaper, which claims that leaked data showed that Pfizer knew that its COVID-19 vaccine would kill people who took it!

It’s a long article, so feel free to skip to the next section for the facts!

Pfizer knew their vaccine would kill

Leaked data shows shocking number of fatalities and side effects now officially associated with covid shots

Recommended : Died Suddenly Movie : More Vaccine Lies Exposed!

 

Truth : Leaked Data Did Not Show Pfizer Vaccine Is Dangerous!

This is yet another example of FAKE NEWS created and propagated by anti-vaccination activists, and here are the reasons why!

Fact #1 : The Irish Light Is An Anti-Vaccination Newspaper

While many anti-vaccination activists are promoting the article as coming from an Irish newspaper, The Irish Light is a self-printed newspaper that was launched in August 2021 by two former journalists turned COVID conspiracy theorists – Gemma O’Doherty and John Waters.

Gemma O’Doherty previously worked for the Irish Independent newspaper, while John Waters used to work for The Irish Times.

Unlike regular newspapers which delivers news content, The Irish Light focuses on questioning the effectiveness of vaccines, the COVID pandemic, and other far-right ideas.

Fact #2 : EMA Cyberattack Occurred In January 2021

The Irish Light published their article called “Pfizer knew their vaccine would kill” in April 2022, as part of their 10th issue.

However, the cyber attack on the European Medicines Agency (EMA) it referred to occurred more than a year ago – in January 2021.

Fact #3 : EMA-Pfizer Data Was Leaked To Journalists + Dark Web

More than 40 MB of data was stolen in the EMA cyberattack and released on the dark web, and leaked to several journalists, including from The BMJ and academics worldwide.

The leaked data consisted of confidential documents on the Pfizer BNT162b2 vaccine candidate (later known as the Pfizer-BioNTech COMIRNATY COVID-19 vaccine), which included “internal / confidential email correspondence from November, relating to evaluation processes for COVID-19 vaccines“.

Recommended : Did Pfizer Vaccine Documents Reveal 1,291 Side Effects?!

Fact #4 : Leaked Documents Was About Quality Of Early Vaccine Batches

The BMJ reviewed the leaked documents, and found that they showed that regulators at the EMA had concerns about the quality of some early commercial batches of the Pfizer-BioNTech COVID-19 vaccine.

An email dated 23 November 2020 showed that a high-ranking EMA official complained that Pfizer was not producing its COVID-19 vaccines to the expected specifications.

Specifically, the level of intact mRNA dropped from about 78% in the clinical batches to 55% in the proposed commercial batches. Nothing in the leaked documents referred to safety issues, or side effects.

Fact #5 : Leaked EMA-Pfizer Data Was Tampered Before Release

On 15 January 2021, the European Medicines Agency (EMA) announced that their investigation showed that some of the leaked data was tampered by the hackers before being released.

Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.

The BMJ was criticised for reviewing the leaked documents without first verifying their authenticity and accuracy.

EMA states that the information was partially doctored, and that the perpetrators selected and aggregated data from different users and added additional headings.

It is unclear to us why a respected journal chose to present unverifiable information, in the process damaging an institution that has worked for 25 years in a transparent and successful manner.

Recommended : Does Pfizer CEO aim to cut world population by 50%?

Fact #6 : Leaked Documents Showed EMA Regulation At Work

While anti-vaccination activists framed the leak as evidence of collusion between EMA and Pfizer, they actually show that EMA regulators were doing their jobs.

EMA did not cover up the quality issue, but filed two “major objections” with Pfizer, together with a host of other questions it wanted Pfizer to address.

On 25 November 2020, one of the leaked emails showed that Pfizer had already brought up the level of mRNA in their COVID-19 vaccine lots.

The latest lots indicate that % intact RNA are back at around 70-75%, which leaves us cautiously optimistic that additional data could address the issue.

Ultimately, the EMA authorised the vaccine on 21 December 2020, nothing that “the quality of this medicinal product, submitted in the emergency context of the current (covid-19) pandemic, is considered to be sufficiently consistent and acceptable.

Fact #7 : FDA Never Agreed To Withhold Pfizer Documents For 75 Years

The claim that the US FDA earlier agreed to withhold documents on the Pfizer vaccine for 75 years was debunked months earlier – in December 2021.

The US FDA never asked or agreed to withhold Pfizer COVID-19 vaccine documents for 75 years. That was merely the “interpretation” of Aaron Siri – the lawyer for PHMPT (Public Health and Medical Professionals for Transparency) – the group requesting the data that the FDA used to licence the Pfizer COVID-19 vaccine.

Read more : Did FDA Ask For 75 Years To Release Pfizer Vaccine Data?!

Fact #8 : Pfizer Documents Did Not Reveal Thousands Of Side Effects

The claim that the Pfizer COVID-19 vaccine documents revealed that it had thousands of side effects was debunked in March 2022.

The Pfizer document was publicly released on 17 November 2021, but it took antivaxxers more than 3 months to “discover” the list of 1,291 adverse events of special interest (AESI).

However, the AESI list was not a list of vaccine side effects. It was a list of “adverse events” that must be reported for further investigation.

It was also a generic list, which includes irrelevant adverse events like manufacturing and lab test issues, and even product availability and supply issues, as well as other diseases like MERS and chickenpox.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Don’t forget to protect yourself, and your family, by vaccinating against COVID-19!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | HealthTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is FIFA Giving Free 50GB Data For World Cup 2022?!

Is FIFA offering 50 GB of free mobile data to stream World Cup 2022 matches with no interruptions?!

Take a look at the viral offers, and find out why they are just scams!

Claim : FIFA Is Giving Free 50GB Data For World Cup 2022!

People are sharing viral offers for 50 GB of free mobile data to stream World Cup 2022 matches without interruption. Here are some examples :

* FIFA is giving people around the world 50GB of data for free to watch the 2022 Cartel [Qatar] World Cup.*
* I Have Received Mine.*
* OPEN THIS*

* FIFA memberi orang di seluruh dunia 50GB data secara percuma untuk menonton Piala Dunia Kartel [Qatar] 2022.*
* Saya Telah Menerima Milik Saya.*
* BUKA INI*

FREE 50GB DATA PLAN FOR ALL NETWORKS

PERCUMA PELAN DATA 50GB UNTUK SEMUA RANGKAIAN

 

Truth : FIFA Is Not Giving 50GB Free Data For World Cup 2022!

This is yet another SCAM circulating on WhatsApp and social media, and here are the reasons why you must avoid it!

Fact #1 : FIFA Is Not Offering Free Mobile Data

First, let me just say it out loud and clear – FIFA is not offering free mobile data anywhere in the world, just to watch World Cup 2022 matches.

FIFA makes its money through sale of television, marketing and licensing rights for World Cup 2022, so there is simply no reason for it to provide free mobile data to stream the matches.

Fact #2 : FIFA Would Never Give You Anything Free

Please do NOT be naive. No one is going to give you free data just to participate in a survey!

FIFA is a corporation whose business is to make money, not a charity to give you free data.

Fact #3 : They Do Not Use Official FIFA Domains

Genuine FIFA promotions would be announced on the official website at www.fifa.com, or their official social media accounts:

  • Facebook : https://www.facebook.com/fifaworldcup/
  • Twitter : https://twitter.com/fifacom
  • Instagram : https://www.instagram.com/fifaworldcup/

They would never run contests or promotions via dodgy domains like “subsidy.buzz”, “50g.kxoe1.xyz”, “50gb450.xyz”, or “zlqxt.top”.

Once you see those random domains, click delete. Or just ignore. DO NOT CLICK.

Fact #4 : They Are Advertisement Scams

After you click on the link, you will be redirected through a series of hidden advertisements before you arrive at the “offer page”.

The offer page will ask you a series of simple questions. Regardless of your answers, you will be congratulated and told you won the 50 GB free data plan for three months.

You will be asked to key in your mobile number to receive the free mobile data, but you will never receive anything. In one variant, you are even redirected to more advertisements, including a video advertisement.

Fact #5 : Brands Won’t Ask You To Forward The Contest

To get that free 50 GB data for three months, you are asked to share the “contest” with 12 friends or groups on WhatsApp.

That’s a clear sign of a scam. No brand will insist that you must share their contest or free offer with WhatsApp friends of groups.

Please do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Fact #6 : They Can Potentially Be Dangerous

Similar scams in the past have more dangerous variants, where you are asked to :
a) install an app, which is really a malware to keep sending you advertisements
b) enter your banking or credit card details, ostensibly to prove your identity or some other excuse

Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!

If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.

If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Fact #7 : They Are Just Another Example Of Online Scams

These are just more examples of online scams offering freebies.

Now that you know the facts, please WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

 

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

Read more : Beware Of Telegram Screenshot Hack + Scam!

 

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

 

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

XPeng Engineer Guilty Of Stealing Apple Car Secrets!

An XPeng engineer just pleaded guilty to stealing trade secrets from the Apple Project Titan self-driving car program!

Here is what we know so far…

 

XPeng Engineer Guilty Of Stealing Apple Car Secrets!

A former Apple engineer who joined Xpeng – the Chinese electric vehicle maker, just pleaded guilty to the criminal charge of stealing trade secrets from the Apple self-driving car program!

Zhang Xiaolang initially pleaded not guilty to the charges, but he reached a plea deal with prosecutors and changed his plea to guilty, according to court documents released on Monday, August 22, 2022.

The plea deal is sealed, so the details are unknown. Zhang’s attorney, Daniel Olmos, confirmed the plea agreement but declined to comment on the details. Sentencing however is set for November 2022.

Zhang faces a maximum sentence of 10 years in prison, and a $250,000 fine. With this plea deal, he should serve a much shorter sentence.

In addition to Zhang, US federal prosecutors also charged Chen Jizhong with stealing secrets from the Apple self-driving car program. Chen, however, continues to plead not guilty, and will have his day in court on August 29, 2022.

Chen is also represented by the same lawyer as Zhang – Daniel Olmos.

Recommended : Did China Make 7nm Chips In Spite Of US Sanctions?!

 

How XPeng Engineer Stole Apple Car Secrets!

Zhang Xiaolang worked on the Apple Project Titan autonomous vehicle program as a hardware engineer between 2015 and 2018, during which he designed and tested circuit boards.

He travelled to China during his paternity leave in 2018, and on returning in April 2018, he told his boss at Apple that he was leaving to work for XPeng (Guangzhou Xiaopeng Motors Technology) in China.

XPeng, also known as XMotors in the United States, is a Chinese electric car startup backed by Alibaba, Foxconn and IDG Capital. It has developed electric cars like the XPeng G3 and XPeng P5.

His boss felt that Zhang was “being evasive” during the meeting. There was also increased network activity and visits to his office, before he resigned. All that led to an internal Apple investigation of his two company-issued phones and laptop.

That’s when they discovered that Zhang had been downloading confidential files from the Apple lab during his time away. He was also caught on CCTV removing circuit boards and a Linux server from their lab.

Zhang’s network activity was found to consist of “both bulk searches and targeted downloading copious pages of information from the various confidential database applications“.

Recommended : US Mil Contractor Admits Selling Aviation Secrets To China!

Zhang was arrested at the San Jose airport in July 7, 2018, before he could board a last-minute, one-way flight to China aboard Hainan Airlines.

In an interview with Apple’s security team, Zhang admitted that he downloaded the data online, and removed hardware from its labs. He also admitted to the FBI that he stored the files he downloaded on his wife’s laptop.

The FBI described the data he stoled as “largely technical in nature, including engineering schematics, technical reference manuals, and technical reports“.

The files – about 24 GB worth – include a 25-page document containing engineering schematics of a circuit board, as well as technical manuals and PDFs related to the Apple self-driving car prototype.

The other Apple engineer to be charged with stealing secrets of its autonomous car project – Chen Jizhong – was accused of stealing stolen thousands of sensitive documents, as well as 100 photos taken inside its self-driving facility – all discovered in a hard disk drive he owned.

Chen was also arrested when he attempted to board a flight to China, ostensibly to visit his ill father.

Recommended : TikTok Leak : China Repeatedly Accessed Private User Data!

 

XPeng Denies Involvement In Theft Of Apple Car Secrets!

XPeng said in a Weibo post that it was aware of the plea agreement from media reports, but it was “not clear about the details, nor involved in further investigation conducted by US law enforcement“.

It has been more than four years into the case, and we are not aware of the specifics of the case and have not been involved in the follow-up investigation of the case by the US judiciary.

We also have no relevant dispute with Apple and have no connection with the case. We strictly abide by relevant laws and attaches great importance to intellectual property protection.

Zhang joined XMotors in May 2018, but the company quickly distanced itself from its employee, stating on July 11, 2021 :

There is no indication that he has ever communicated any sensitive information from Apple to XMotors.

XMotors always has strictly abided by the laws of China and the United States and takes protection of intellectual property rights seriously.

Company spokesperson Isabel Jiang also stated that once they were notified in late June 2018 that US authorities were investigating Zhang, they secured his computer and office equipment and denied him access to his work. They subsequently fired him.

XPeng also said that Zhang signed an intellectual property compliance document on the day he joined, and that there was “no record that he reported any sensitive and illegal situations” to the company.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

China Fines Didi Global $1.2 Billion For Violating Laws!

China just fined Didi Global a whopping $1.2 billion for violating its cybersecurity, data security and privacy laws!

 

China Fines Didi Global $1.2 Billion For Violating Laws!

On Thursday, 21 July 2022, the Cyberspace Administration of China (CAC) announced that Didi Global breached the country’s cybersecurity law, data security law, and personal information protection law.

The Chinese cyberspace regulator fined Didi Global 8 billion yuan ($1.2 billion), as well as a personal fine of 1 million yuan ($148,000) each on Chairman and CEO Cheng Wei, as well as President Liu Qing (also known as Jean Liu).

The facts of violations of laws and regulations are clear, the evidence is conclusive, the circumstances are serious, and the nature is vile.

Didi Global responded to the regulator’s announcement with a contrite statement “sincerely” accepting the judgement and penalties :

We sincerely accept this decision, and resolutely obey it. We will strictly follow the penalty decision and the requirements of relevant laws and regulations, conduct comprehensive and in-depth self-examination, and actively cooperate with supervision and complete rectification carefully.

We will take this as a warning and further strengthen the construction of cyberspace security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities. We will serve every passenger, driver and partner well, and realize the safe, healthy and sustainable development of the enterprise.

 

What Did Didi Do To Incur China’s Wrath?

According to an FAQ by the CAC, its investigators started their investigation of Didi in July 2021.

After conducting an extensive investigation, they found that Didi conducted data processing activities that “seriously affected national security”, and refused to comply with “the explicit requirements of regulatory authorities” and conducted “malicious evasion” of regulatory supervision.

They also stated that Didi Global committed 16 violations of China’s laws, including :

  1. Didi illegally collected 11.9639 million screenshots from its users’ mobile phone photo albums.
  2. Didi excessively collected 8.323 billion pieces of its users’ clipboard information, and application list information.
  3. Didi excessively collected 107 million pieces of passenger face recognition information, and 53.5092 million pieces of age group information, 16.3556 million pieces of occupational information, 1.3829 million pieces of family relationship information, and 153 million pieces of taxi address information.
  4. Didi excessively collected passengers’ evaluation of the drivers, when the app is running in the background, and 167 million pieces of precise location (longitude and latitude).
  5. Didi excessively collected 142,900 pieces of driver education information, and 53.976 billion pieces of “intent information”, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information.
  6. Its users are frequently asked to provide “telephone permissions” while using its services.
  7. Inaccurate and clear description of user personal information processing, including device information.

The CAC noted that Didi started its bad practices in June 2015, and continued even after the Cybersecurity Law was implemented in June 2017, the Data Security Law started in January 2022, and the Personal Information Protection Law was implemented in November 2021.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Chinese Netizens Explode Over WPS Office Censorship!

Chinese netizens are incensed over evidence that WPS Office was monitoring and deleting their files!

Find out what’s going on, and what it means for the digital privacy of WPS Office users!

 

Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!

Chinese company, Kingsoft, is under fire for claims that its productivity suite WPS Office is actively monitoring and deleting user documents that might displease Beijing!

At the heart of this issue is the WPS Cloud platform that works like Microsoft 365, allowing users to store their documents in the cloud, or locally.

Chinese netizens are alleging that WPS Office was actively monitoring their documents, and even deleting those that were detected to contain content that might displease the Chinese authorities.

One novelist who goes by the pseudonym Mitu, claimed that she was unable to access her unpublished 1.3 million character document. Not only was it blocked in her cloud storage, she couldn’t access the local copy using the desktop WPS client.

She was told that “the file may contain sensitive content and access has been disabled“.

Mitu shared her experience on Lkong – an online Chinese literature forum, and the social media platform Xiaohongshu, in late June 2022; and it only began trending in Weibo in early July after an influencer reposted her complaint.

A Weibo post on her complaint appears to have been deleted, but fortunately a screenshot was captured. This was the post in Chinese, machine translated into English :

Simply put, WPS seems to have some kind of sensitive word harmony function, Then after being detected, not only the ones stored on the cloud disk will be harmonized

According to the victim’s complaint, it is not only on the cloud, but also on local files. It’s hard to escape a harmony.

At present, according to some netizens, it may be checked after being saved.Sensitive words are detected and then determined to be files that may contain sensitive information,

Directly blocked, or it may be directly locked after being remotely detected by the background server local files There is no other way but to appeal (and it will be fixed in time) but this Is it remote from the server?

Now there is a lot of panic in the online literature circle, for fear that hundreds of thousands of words of manuscripts will be blocked overnight. Asking both online and offline harmony, many people re-use ms and writing pads write file

Mitu said she reported the problem to Kingsoft, which eventually apologised and restored access to the file within two days. The company admitted that “the file was not problematic”.

However, her story spurred other Chinese netizens to come forward with their own stories. A writer in Guangzhou who goes by the pseudonym Liu Hai also said that his WPS Office document of nearly 10,000 words was similarly blocked on July 1, 2022.

These incidents have sparked concerns about privacy in China. While the Chinese government routinely monitors and censors social media content, monitoring and blocking of personal documents would represent a new level of censorship in China.

 

WPS Office Admits Blocking File Access

After the online furore over claims that WPS Office deleted user files, the software developer issued a terse public statement on July 11, 2022.

It said that WPS Office does not delete the “user’s local files”, and that it was a misunderstanding. They only deleted the “online document link”, and blocked “others from access the link according to the law”.

Here is the Weibo post in Chinese, machine translated into English :

Statement on the exposure of online transmission #WPS will delete the user’s local files

A recent online document link shared by a user is suspected of violating the law, and we have prohibited others from accessing the link according to law. This has been misrepresented as #WPS delete user local files.

To this end, we specifically declare: WPS, as an office software developed for more than 30 years, has always put user experience and user privacy protection first.

WPS Office cleverly claims that it never “censors, locks or delete users’ local files”, which is technically correct but as Mitu and Liu Hai described, WPS Office blocks access to their users’ local files.

It was discovered that the files can still be opened by other software, like Microsoft Word or Tencent Docs. But the blocked files cannot be opened by WPS Office, even if they are stored locally (in the user’s computer).

It should be noted that Mitu never shared her file online. So WPS Office’s claim that they only blocked “others” from accessing the file is misleading.

 

WPS Office Not The Only Cloud Provider Monitoring Content

To be fair to WPS Office and Kingsoft, they are not the only ones monitoring content uploaded to the cloud. They just took things one step further by blocking access to local files.

By default, traffic to and from cloud-based productivity services like Google Docs, Microsoft 365 and WPS Office are not end-to-end encrypted.

That means they can and most likely are reading / monitoring EVERYTHING you type or upload. This includes files uploaded and stored in cloud-based storage services like Google Drive and Microsoft OneDrive.

That is the right of cloud service providers, because you are using their servers to store your content.

Google, for example, lists content that can be automatically removed and could even lead to a ban :

  • Account hijacking
  • Account inactivity
  • Child sexual abuse and exploitation
  • Circumvention
  • Dangerous and illegal activities
  • Harassment, bullying, and threats
  • Hate speech
  • Impersonation and misrepresentation
  • Malware and similar malicious content
  • Misleading content
  • Non-consensual explicit imagery
  • Personal and confidential information
  • Phishing
  • Regulated goods and services
  • Sexually explicit material
  • Spam
  • System interference and abuse
  • Unauthorized images of minors
  • Violence and gore
  • Violent organizations and movements

People need to be aware of this, and stop assuming that they have privacy on such cloud services, even if they paid to use them.

So it is not surprising that WPS Office monitors everything its users do. If they stopped at blocking access to the online files that contravened local laws, no one would bat an eye.

What is unusual though is that it also blocked access to the users’ local files! That means that their desktop and mobile apps were specifically designed to enforce a list of blocked files issued by WPS Office / Kingsoft.

If WPS Office / Kingsoft goes to that extent, does it mean that they would also alert the Chinese authorities about users producing content that displease them?

That is something everyone should think about, not just Chinese netizens who are justifiably concerned about WPS Office.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Science | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!

 

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.

 

Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

Read more : Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

 

This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Read more : Was Facebook Taken Down By 13 Year-Old Chinese Hacker?

 

Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.

 

China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Read more : Chinese Media Accidentally Leaks Ukraine Censorship Order!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

US Mil Contractor Admits Selling Aviation Secrets To China!

A US military contractor just pleaded guilty to selling classified aviation secrets to China!

 

US Mil Contractor Admits Selling Aviation Secrets To China!

On 23 June 2022, Shapour Moinian, 67, of San Diego, pleaded guilty to selling classified aviation secrets to “representatives of the Chinese government”.

Moinan admitted that he knew that those individuals were employed by, or directed by, t he government of the People’s Republic of China.

He also admitted making false statements to cover that up, by lying on his government background questionnaires in July 2017 and March 2020 that he did not have any close or continuing contacts with foreign nations, and that no foreign national had offered him a job.

He now faces a maximum penalty of 10 years in prison, and a fine of up to $250,000 for action as an agent of a foreign government, and up to 5 years in prison and a $250,000 fine for making false statements.

His sentencing is scheduled for August 29, where federal prosecutors have agreed to recommend a sentence of no more than 20 months, as part of his plea agreement.

As Special Agent in Charge Stacey Moy of the FBI’s San Diego Field Office explains :

The defendant admitted to being an unregistered agent of a foreign power, lying on his background check paperwork to obtain his security clearance, knowingly providing proprietary information to people controlled by the Chinese government, and willingly receiving payments from them. This is another example of how the Chinese government enhances its defense capabilities through the illicit exploitation of U.S. technology.

When someone holds a security clearance, they know what information should be reported to security officials. In this case, the defendant betrayed his sacred oath, knew his actions were wrong, and subsequently lied about it. The FBI and our partners on the Counterintelligence Task Force will pursue anyone who abuses their placement and access to obtain proprietary information on behalf of a foreign government. I specifically want to thank the Naval Criminal Investigative Service (NCIS) for their continued partnership on this case.

 

How This Military Contractor Sold Aviation Secrets To China!

Moinan was a former US Army helicopter pilot who served in the United States, Germany and South Korea from 1977 to 2000. After leaving the US Army, he worked for various “cleared” defence contractors in the United States.

The term “cleared” indicates that the contractor has been vetted and cleared to work on projects involving classified information.

While working for a cleared defence contractor on various aviation projects involving the US military and intelligence agencies, Moinan was contacted by an individual in China, who claimed to be working for a technical recruiting company.

This Chinese individual offered Moinan the opportunity to consult for the aviation industry in China. In March 2017, Moinan travelled to Hong Kong to meet with this recruiter.

At that meeting, he agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States, in exchange for money. Moinan accepted between $7,000 to $10,000 during that meeting.

On returning to the United States, Shapour Moinan began gathering aviation-related materials for the Chinese government.

In one instance, he copied classified materials obtained from a cleared defence contractor into a thumb drive, which he handed over to Chinese government officials during a stopover in the Shanghai airport in September 2017.

Moinan arranged for payment for this transfer to be paid through his stepdaughter’s South Korean bank account. He told her that these funds were payments for his overseas consulting work, and instructed her to transfer the funds to him in multiple transactions – to avoid scrutiny.

Moinan also accepted a mobile phone, and other equipment from these Chinese government officials to securely communicate with them, and to aid in the electronic transfer of classified materials and information.

At the end of March 2018, Moinan travelled to Bali to meet with the same individuals again. After that meeting, his step daughter received thousands of dollars in her South Korean bank account, which she wired to him in multiple transactions.

Later in 2018, Moinan went to work for another cleared defence contractor, and in August 2019, he travelled with his wife to Hong Kong to meet with the same Chinese government officials.

This time, he received $22,000 in cash for his services, which Moinan and his wife smuggled into the United States that trip.

It is currently unknown how the US government discovered Moines’s activities, but he was investigated by the FBI’s Counterintelligence Division and the Naval Criminal Investigation Service (NCIS).

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Military | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ministry of Education Website Uses Plain Text CAPTCHA!

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

 

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

 

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

  • child : name, date of birth, telephone number, home address
  • school : location, class name, teacher’s name,
  • parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why You Should NOT Move WhatsApp Chats To Telegram!

Telegram just highlighted the ability to migrate WhatsApp chats to their app, but you really should NOT do that.

Find out why this is a BIG security and privacy risk than just leaving your chats in WhatsApp!

 

Telegram : Moving Chat History From WhatsApp, Line + KakaoTalk

In a recent version 7.4 update for their iOS app, Telegram announced a new feature – the ability to move your chat messages from other apps like WhatsApp, Line and Kakaotalk to their app.

Curiously, that ability has actually been part of WhatsApp since 2018, when they introduced the ability to export chats to email and other apps.

And while this feature is purportedly available only with the iOS version of Telegram Messenger, you can already do that with existing versions of WhatsApp and Telegram.

 

Why You Should NOT Move WhatsApp Chats To Telegram!

You should note that the privacy risks with WhatsApp have been grossly exaggerated by the media and many Internet “experts”.

For one thing – WhatsApp users have been sharing metadata with Facebook since September 2016, a fact initially lost on many media outlets and “experts”.

But we understand the fear – Facebook is a real snoop. Even so, it would be a mistake to migrate from WhatsApp to Telegram.

Let us share with you why you should NOT migrate from WhatsApp to Telegram, and why it is a BIG mistake to migrate your WhatsApp data to Telegram.

Fact #1 : Telegram Is LESS Secure Than WhatsApp

WhatsApp fully implemented end-to-end encryption across all of their apps and network since 5 April 2016.

End-to-end encryption prevents WhatsApp or Facebook from reading your messages. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Telegram, on the other hand, has STILL NOT implemented end-to-end encryption for all messages by default.

Instead, they still insist on offering end-to-end encryption only when you create a Secret Chat.

This leaves the bulk of your messages completely readable by Telegram and anyone who intercepts those messages as they travel from your device through the Internet to the recipient.

The very presence of Secret Chats between certain people is itself metadata that can help oppressive regimes identify their enemies or whistleblowers.

Fact #2 : Your Data Is Stored In Telegram Cloud Servers

All WhatsApp data is stored only in your registered device. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

It’s the opposite with Telegram – all of your data – messages, photos, videos, documents – is stored in their cloud servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

This ability has its advantages like convenient access across multiple devices, but it also makes Telegram less secure.

Telegram has access to your encrypted files, including the ability to decrypt them for authorities that legally compels them to do so.

Fact #3 : Moving Your Messages + Media To Telegram Exposes Them

While your chats and media remain within your WhatsApp app, they are encrypted and not available to anyone but yourself (and the recipients).

Migrating your chat messages and media to Telegram would involve sending them unencrypted to Telegram’s servers.

This exposes your hitherto secure chats and media to a man-in-the-middle attack – allowing a third party to snoop or grab a copy of the data as it travels unencrypted to the Telegram servers.

Fact #4 : Facebook Already Has Your Metadata

As we pointed out earlier, WhatsApp has been sharing our metadata with Facebook since September 2016.

So moving your existing chats out of WhatsApp won’t limit or reduce your exposure. That horse has long bolted from the stable.

Moving your chat history and files to Telegram will just offer a new attack surface for cybercriminals and oppressive regimes.

Fact #5 : Facebook Will Still Have Your Data If You Still Use Facebook!

Here is the other thing that people don’t realise – migrating from WhatsApp to another messaging app is pointless if you do not also stop using Facebook.

As long as you still use Facebook, they will still have access to a consideration amount of metadata. Losing your WhatsApp metadata just gives them less metadata.

After all, Facebook can track your movements and activity even if you are NOT on Facebook! This is what they call Off-Facebook Activity.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Is WhatsApp Forcing Us To Share Data With Facebook In February 2021?

Many websites are claiming that WhatsApp is forcing us to share our data with Facebook in February 2021.

Find out what’s going on, and what the FACTS really are!

 

WhatsApp Sharing Data With Facebook : What’s Going On?

We wrote about this earlier, but it looks like many websites (including very influential ones) are still peddling the claim that WhatsApp is going to force us to share data with Facebook in February 2021.

It all started with this pop-up alert that started appearing on WhatsApp a few days ago, alerting us to a change in its terms and privacy policy.

You must accept this new privacy policy to continue using WhatsApp from 8 February 2021 onwards. Otherwise, the alert subtly suggests, you should “delete your account”.

Since then, numerous articles have been written about how this new privacy policy is forcing us to share our WhatsApp data with Facebook.

This has led to many people switching to alternatives like Telegram and Signal, in fear that the new privacy policy would allow Facebook to access and read all of their WhatsApp messages.

 

No, WhatsApp Is Not Forcing You To Share Data With Facebook

As we shared earlier, NO, the new WhatsApp privacy policy does not force you to share data with Facebook, because…

Fact #1 : It Has Been A Requirement Since September 2016!

It is perplexing why so many websites claim that this new privacy policy forces us to let WhatsApp share data with Facebook. After all, this has been a requirement since September 2016!

Back in August 2016, WhatsApp announced that they would start sharing data with Facebook. At that time, they gave existing users 30 days to opt-out.

This was a one-time offer that has never been repeated. Since then, every new and current user MUST agree to let WhatsApp share data with Facebook.

Fact #2 : WhatsApp Will Still Honour The Opt-Out

If you are a WhatsApp veteran who opted out of data sharing in August 2016, WhatsApp will still honour that opt-out.

You can safely agree to the new privacy policy – your data opt-out will remain active.

Fact #3 : WhatsApp Will Share MORE Information With Facebook

The new WhatsApp privacy policy is mainly focused on enabling Businesses on WhatsApp.

So while they DO NOT need your permission to continue sharing data with Facebook, they still need your permission to SHARE MORE data with Facebook.

This is the list of additional data that we must agree to let WhatsApp share with Facebook :

  • Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
  • Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
  • Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
  • User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
  • Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

Fact #4 : WhatsApp + Facebook Cannot Read Your Messages

WhatsApp finished implementing end-to-end encryption on 5 April 2016, about 4.5 months before instituting the requirement to share data with Facebook.

Since then, WhatsApp nor Facebook can no longer read your messages, as they are encrypted. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Fact #5 : Telegram Is Less Secure!

For those who are fleeing to Telegram, you should note that Telegram does not encrypt messages (only Secret Chats).

In fact, all of your data – messages, photos, videos, documents – are stored in Telegram servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

In contrast, WhatsApp data is only stored in your devices. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

WhatsApp will, however, store the time and date of the messages you send and receive.

Fact #6 : Signal Is The Most Secure Alternative

Those who want a more private and secure messenger should opt for Signal, instead of Telegram.

It offers end-to-end encryption using the open-source Signal protocol, the same protocol which WhatsApp uses in its own proprietary format.

On top of that, it offers a Sealed Sender feature which prevents everyone – including Signal – from knowing the sender and recipient of a message.

But best of all, Signal does not share your data with any third-party company. In fact, the only metadata it collects is your phone number, and even that is not linked to your identity.

That said, Signal lacks features found in WhatsApp and Telegram, so we cannot call it the best alternative, only the most secure alternative.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Fact Check : Fat Bidin Claims On MySejahtera Snooping!

Wan Azlee, who goes by Fat Bidin, claims that MySejahtera is mining private information from our phones.

Find out what he discovered, and what the FACTS really are!

Updated @ 2020-12-03 : Added MySejahtera version history for more context.

Updated @ 2020-12-01 : Added more information, including how to disable permissions in Android and iOS for the paranoid.

Originally posted @ 2020-11-30

 

Fat Bidin : MySejahtera Is Mining Information From Our Phones!

In Episode 41 of Fat Bidin Knows Everything, Wan Azlee claimed (between mouthfuls of oats) that MySejahtera is mining a wealth of private information from our phones.

His evidence? A report by the Exodus Privacy website, stating that MySejahtera has 6 trackers and 24 permissions.

He went through the 24 permissions and made these concerning observations about MySejahtera :

  • it can take control of your phone and pair it with your Bluetooth devices
  • directly call phone numbers
  • find accounts on your phone
  • read your contacts in your phone
  • read the contents of your SD card
  • modify or delete the contents of your SD card
  • prevent your phone from sleeping
  • modify your contacts

Phwoarrrr…. shocking, isn’t it? Wan Azlee / Fat Bidin then asks the Malaysia Ministry of Health to be transparent and tell us what’s going on.

Well, let’s take a closer look at his claims…

 

Fat Bidin On MySejahtera Is Mining Our Information : A Fact Check

Wan Azlee is very articulate, but Fat Bidin honestly doesn’t quite know everything… and here’s why.

Fact #1 : That MySejahtera Version Was From April 2020

Fat Bidin posted his video on 24 November 2020, and we noticed that he was checking an old version of MySejahtera – version 1.0.10, that was posted way back in April 2020.

For the record, there has been FOURTEEN UPDATES since that version :

  • 1.0.11 : 23 April 2020
  • 1.0.12 : 28 April 2020
  • 1.0.13 : 3 May 2020
  • 1.0.15 : 4 May 2020
  • 1.0.16 : 13 May 2020
  • 1.0.17 : 23 May 2020
  • 1.0.18 : 30 May 2020
  • 1.0.19 : 3 June 2020
  • 1.0.20 : 28 June 2020
  • 1.0.21 : 30 June 2020
  • 1.0.22 : 21 July 2020
  • 1.0.23 : 29 July 2020
  • 1.0.24 : 11 August 2020
  • 1.0.25 : 5 November 2020

The latest version of MySejahtera – version 1.0.25 –  was released on 5 November 2020 – 19 days before Wan Azlee posted his video.

Why on Earth would he focus on a 6 month-old version of the app, when there is a much newer version?

Fact #2 : Exodus Posted Their Latest MySejahtera Report On 20 November 2020

Exodus posted their latest report on the latest version of MySejahtera (version 1.0.25) on 20 November 2020 at 10:47 am (as you can see in this screenshot).

That was 4 days before Wan Azlee posted his video, so why didn’t he use this new report instead?

Fact #3 : MySejahtera Has 1 Tracker + 14 Permissions According To Exodus

According to the November 20 Exodus report, MySejahtera has 1 tracker – Google Firebase Analytics, and 14 permissions, of which the highlighted ones were :

  • ACCESS_COARSE_LOCATION : access approximate location (network-based)
  • ACCESS_FINE_LOCATION : access precise location (GPS and network-based)
  • CALL_PHONE : directly call phone numbers
  • CAMERA : take pictures and videos
  • READ_EXTERNAL_STORAGE : read the contents of your SD card
  • WRITE_EXTERNAL_STORAGE : modify or delete the contents of your SD card

We immediately noticed that several controversial permissions are no longer in it :

  • GET_ACCOUNTS : find accounts on the device
  • READ_CONTACTS : read your contacts
  • WRITE_CONTACTS : modify your contacts

So if you are worried that MySejahtera is reading your contacts or modifying them, just UPDATE it to the latest version 1.0.25!

Fact #4 : Actual Permissions Are Fewer

When we checked MySejahtera 1.0.25 as installed in our phone, we found that it actually asked for and used only 11 permissions, instead of 14 as reported by Exodus.

The report also offered a bit more context about those permissions. For instance, location data is only made available when you are actively using the app.

That’s because the location data is used by MySejahtera for its Hotspot Tracker and Locate Health Screening Facility features.

In your phone, you can tap on them for more information on what they allow the app to do.

Fact #5 : Apps Need To Read, Modify + Delete Their Own Data

The permission to read, modify and delete content on our phone may seem ridiculous, but it is a necessity for most apps.

Unless the apps is merely a container for a website or web service, it needs to store data, and modify or delete it when necessary.

Fact #6 : Access To External / SD Card Is Necessary

Most developers will also ask for the permission to read, modify and delete content to the (micro) SD card, because of Adoptable Storage.

Adoptable Storage is a feature that lets smartphones use external storage (like a microSD card) as if it is part of their internal storage.

When a microSD card is used this way, apps like MySejahtera can be installed on it. Therefore, it would require permission to read, modify and delete its own data on the external storage card.

Fact #7 : Android Restricts Data Snooping

Apps that have access to read / modify / write external storage are allowed to access files from other apps. However, this is limited to only these three media collections :

  • MediaStore.Images
  • MediaStore.Video
  • MediaStore.Audio

MySejahtera, or any other app with similar permissions, cannot read / modify / delete data outside of those three media storage locations.

Fact #8 : MySejahtera Has A Privacy Policy

Like all other Android and iOS apps, MySejahtera has a privacy policy, where it is stated clearly that

MySejahtera is owned and operated by the Government of Malaysia. It is administrated by the Ministry of Health (MOH) and assisted by the National Security Council (NSC) and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU). The Government assures that the collection of your personal information is align with Personal Data Protection Act 2010 (Act 709).

The app will not record user’s Personal Data except with the permission and voluntarily provided by the user. Information collected are used for monitoring and enforcement purposes by Government authorities in dealing with the COVID-19 pandemic. This information is not shared with other organizations for other purposes unless specifically stated.

Fact #9 : You Are Protected By PDPA 2010 (Act 709)

We are all protected by the Personal Data Protection Act 2010 (Act 709).

Anyone who is caught sharing our personal data without permission is be liable to a fine not exceeding three hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.

Fact #10 : You Can Disable Permissions

You can view and disable any permission that worries you :

Android

  1. Go to Settings > Apps >  MySejahtera > Permissions.
  2. Tap on the permission you don’t want, and select Deny.

Apple iOS

  1. Go to Settings > MySejahtera.
  2. Disable the permissions you don’t want.

But note that doing this will likely break some features in MySejahtera.

Fact #11 : Many Other Apps Are Worse For Your Privacy

When it comes to privacy, we have bigger fishes to fry. Take a look at how many trackers and permissions these four popular apps require.

They make MySejahtera look absolutely privacy-conscious!

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Dell EMC PowerProtect Cyber Recovery for Sheltered Harbor!

Dell EMC PowerProtect Cyber Recovery just received a Sheltered Harbor endorsement!

Find out what this means for financial services organisations looking for a Sheltered Harbor-certified turnkey data vault!

 

Dell EMC PowerProtect Cyber Recovery : Endorsed by Sheltered Harbor!

On 10 November 2020, Dell EMC PowerProtect Cyber Recovery was officially endorsed by Sheltered Harbor – the non-profit initiative to improve the stability and resiliency of the financial sector.

This is the culmination of two years of work between Dell and Sheltered Harbor teams, to develop a solution designed for financial services organisations.

If your organisation is a Sheltered Harbor participant, or eligible to be one, you can now purchase and quickly deploy the Dell EMC PowerProtect Cyber Recovery – a turnkey data vault that meets all of the stringent Sheltered Harbor criteria.

The Dell EMC PowerProtect Cyber Recovery Solution for Sheltered Harbour helps participants achieve compliance with data vaulting standards and certification, and plan for operational resilience and recovery against any cyber attack.

If your organisation is not part of the Sheltered Harbor community, you can still deploy PowerProtect Cyber Recovery to protect your data with the same stringent Sheltered Harbor standards.

 

Dell EMC PowerProtect Cyber Recovery : What Is It?

Dell EMC PowerProtect Cyber Recovery is an on-premise turnkey data vaulting solution that protects customers from all kinds of cyber threats.

Its CyberSense analytics and machine learning capabilities allow customers to monitor data integrity, ensuring the continued quality of their data.

It also comes with forensic tools to let customers discover, diagnose and remediate ongoing attacks.

 

Recommended Reading

Go Back To > Enterprise IT | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


PowerProtect Data Manager Nov 2020 Update: What’s New?

Dell Technologies just announced enhancements to PowerProtect Data Manager available globally in November 2020!

Find out what’s new in the latest Dell EMC PowerProtect Data Manager!

 

PowerProtect Data Manager : What Is It?

Dell EMC PowerProtect Data Manager provides software-defined data protection, automated discovery, and deduplication for physical, virtual and cloud environments.

Its software-defined architecture allows for greater operational agility, and faster IT transformation, while delivering next-generation data protection.

 

PowerProtect Data Manager November 2020 Update : What’s New?

In its November 2020 update, PowerProtect Data Manager offers these new enhancements :

  • In-cloud workloads in Microsoft Azure and AWS are now protected
  • VMware Tanzu portfolio is now supported
  • Native vCenter Storage Policy-Based Management integrated for VM protection
  • VMware-certified solution to protect VMware Cloud Foundation infrastructure layer.
  • Protection for containerised apps with open source databases, including PostgreSQL and Apache Cassandra, in Kubernetes environments.
  • Customers can now protect Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) to back-up Kubernetes cluster-level resources.

 

PowerProtect Data Manager November 2020 Update : Availability

The November 2020 enhancements are available globally with immediate effect.

 

Recommended Reading

Go Back To > Enterprise IT  | Software  | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


2020 Dell EMC PowerProtect DP Series IDPA : What’s New?

Dell Technologies just announced the 2020 Dell EMC PowerProtect DP Series appliances!

Here is what you need to know about the next-generation integrated data protection appliances!

 

2020 Dell EMC PowerProtect DP Series : What Is It?

The 2020 PowerProtect DP series is the next-generation family of integrated data protection appliances (IDPA) from Dell Technologies.

They offer a complete solution for backup, recovery, replication, deduplication, cloud readiness with disaster recovery, and long-term rotation to the public cloud!

The 2020 Dell EMC DataProtect DP series are all-in-one data protection solutions that offer :

  • Storage capacities from 8 terabytes to 1 petabyte
  • Greater efficiency, with up to 65:1 data reduction
  • Up to 38% faster backups, and up to 45% faster restores, compared to previous generation.
  • Instant access and restore of up to 50% greater IOPS, compared to previous generation.
  • Consumes up to 23% less power than the previous generation
  • Cloud long-term retention, and cloud DR-ready
  • VMware integration

The 2020 Dell EMC DataProtect DP series is also guaranteed under the Future-Proof Program, and is part of the Dell Technologies on Demand program.

 

2020 Dell EMC PowerProtect DP Series : Models + Key Specifications

The 2020 Dell EMC PowerProtect DP series consists of four models – DP4400, DP5900, DP8400 and DP8900. Here are their key specifications.

Specifications DP4400 DP5900 DP8400 DP8900
Physical Capacity 8 TB to 96 TB 96 TB to 288 TB 192 TB to 768 TB 576 TB to 1 PB
Physical Capacity
with Cloud Tier
Up to 288 TB Up to 864 TB Up to 2.3 PB Up to 3 PB
Logical Capacity Up to 4.8 PB Up to 18.7 PB Up to 49.9 PB Up to 65 PB
Logical Capacity
with Cloud Tier
Up to 14.4 PB Up to 56.1 PB Up to 149.7 PB Up to 195 PB
Max Throughput Up to 9 TB/hr Up to 33 TB/hr Up to 57 TB/hr Up to 94 TB/hr
Drive Type SAS 12 TB SAS 4 TB SAS 8 TB SAS 8 TB
Networking 8 x RJ45, or
8 x SFP
4 x 40 GbE uplinks
Each Quad SFP port can be split into 4 x 10 GbE
Max. Power 475 VA 2,830 VA 5,480 VA 7,250 VA
Thermal Rating 1,620 BTU/hr 9,300 BTU/hr 17,800 BTU/hr 23,400 BTU/hr

 

2020 Dell EMC PowerProtect DP Series : Availability

The 2020 Dell EMC PowerProtect series appliances – DP4400, DP5900, DP8400 and DP8900 – will be available globally in December 2020.

 

Recommended Reading

Go Back To > Enterprise IT  | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Lazada RedMart Data Breach : What You Need To Know!

Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!

Find out what happened, and what it could mean for Lazada and RedMart customers!

 

Lazada RedMart : What Is It?

RedMart is an online grocery platform in Singapore that was founded in August 2011.

Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.

This March 2019 date is important, because that was when the RedMart database was last updated.

 

Lazada RedMart Data Breach : What Happened?

The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.

In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :

  • Email address
  • Password
  • Mailing address
  • Name
  • Phone number
  • Partial credit card information

Picture Credit : CNA

In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.

They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.

Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.

The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.

Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.

We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.

They also set their platform to log out all Lazada users, and require them to register a new password.

They are also warning their users to be on the alert for spam mails requesting personal information.

 

Lazada RedMart Data Breach : What’s The Implication?

A Data Breach Is A Data Breach Is A Data Breach

Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.

They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.

Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.

Closing The Barn Door After The Horses Have Bolted

Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.

Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.

Lazada Migrated RedMart Users In March 2016

It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.

They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.

Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.

The Data Isn’t Necessarily Outdated

Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.

So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.

This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.

Only Ex-RedMart Users Affected

The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.

That means Lazada users who never registered or used the RedMart app or website are not affected.

 

Lazada RedMart Data Breach : What Can You Do?

If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :

  • change your Lazada password
  • change the password of accounts that use the same password as your Lazada / RedMart account
  • do NOT click on links in emails warning you about this data breach and asking you to change your password
  • do NOT respond to calls or messages warning you about this data breach
  • do NOT respond to requests for personal information

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware just announced that vSphere 7 Update 1 will add support for AMD SEV-ES encryption!

Find out what this means for enterprise security, and the future of AMD EPYC processors!

 

AMD SEV-ES Encryption : What Is It?

SEV-ES, short for Secure Encrypted Virtualization-Encrypted State, is a hardware-accelerated encryption capability in AMD EPYC processors.

Leveraging both the AMD Secure Processor and the AES-128 encryption engine built into every AMD EPYC processor, SEV-ES encrypts all CPU register contents when a virtual machine stops running.

This prevents the leakage of information from the CPU registers to components like the hypervisor. It can even detect malicious modifications to a CPU register state.

 

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware vSphere 7 Update 1 adds support for both AMD SEV-ES and AMD EPYC processors.

The AMD Secure Processor in the first-generation EPYC processors can handle up to 15 encryption keys.

That increases to more than 500 encryption keys with the second-generation EPYC processors.

ESXi has many layers of isolation within its virtualised infrastructure, but all of that is implemented in software. They still require a level of trust in the hardware, which is where AMD SEV-ES comes in.

A guest operating system that supports SEV can ask the AMD Secure Processor to issue it an encryption key, for full in-memory, in-hardware encryption.

SEV-ES extends that protection to CPU registers, so that the data inside the CPU itself is encrypted. This protects the data from being read or modified when the virtual machine stops running.

Even a compromised hypervisor that accesses the register data cannot make use of it, because it is now encrypted.

Needless to say, adding support for AMD SEV-ES in vSphere 7 will spur the uptake of AMD EPYC processors in the datacenter.

 

Recommended Reading

Go Back To > Enterprise IT | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How Hackers Attack Healthcare During COVID-19 Pandemic!

Even during the COVID-19 pandemic, hackers have been attacking the healthcare system already buckling under pressure.

Take a look at the first part of a newly-released documentary on how hackers are attacking the healthcare system, and what it means for us and the world!

 

How Hackers Attack Healthcare During COVID-19 Pandemic!

Cybercriminals and state-sponsored hackers do not care that almost a million people have died from COVID-19. In fact, they see the pandemic as an opportunity.

Over the last few months, the creators of this documentary spoke to hospitals, law enforcement agencies, health organisations and research centres across the world, to understand how they are coping with increased cyberattacks and malware.

This particular feature was directed by Didi Mae Hand, and produced by Max Peltz.

 

Hackers Increased Attacks On Healthcare During COVID-19 Pandemic

The documentary reveals a shocking surge in cyberattacks on healthcare systems during the COVID-19 pandemic. The World Health Organisation (WHO), for example, reported a 5X increase in cyberattacks on its systems since March 2020.

State-sponsored hackers are mainly looking for biodata, including research on COVID-19 vaccines. Meanwhile, cybercriminals are capitalising on the fact that hospitals may be more willing than usual to pay a ransom.

For example, the Brno University Hospital, which was responsible for running a big share of COVID-19 testing in the Czech Republic, was held to ransom and forced to shut down its IT network at a critical time.

Fortunately, the surge in cyberattacks was met with an incredible response by the cybersecurity community. Some 3000 cybersecurity volunteers created the CV19 group to provide hospitals and healthcare institutions with free support to protect their systems.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


WD NAS Can’t Be Seen In Windows? Here Are The Solutions!

You may be wondering why your WD NAS is no longer visible in Windows 10.

Where did it go? How do you get it back?

Find out why your WD NAS cannot no longer be seen in Windows, and what are the solutions!

 

WD NAS Can’t Be Seen In Windows : What Happened?

You may have been using your WD NAS for some time, but one day, its network share – the “drive” that you directly access – can no longer be seen in Windows 10.

The NAS links in Windows File Explorer will only lead you to the login page for the WD NAS management page, not the actual drive where you can directly read, copy, write or edit your files.

All these NAS issues are happening because Microsoft disabled the Network Browse function from Windows 10 v1709 onwards.

The problems started after Windows 10 Fall Creators Update 1709, which :

The Computer Browser service relies on the SMB 1.0 protocol to discover network devices and display them in the Windows Network Neighbourhood.

Disabling SMB 1.0 breaks the Computer Browser service, so it is automatically uninstalled and your NAS drives “disappear” from Network Neighbourhood.

Disabling guest access prevents guest or public access to your NAS drives, even to folders you specifically set to allow for public access. Hence, the Public folder they had access to earlier “disappears”.

 

Why Did Microsoft Disable Those Network Features?

The SMB1 network protocol was first implemented in Windows back in 1992, so it’s old… very old.

It’s so old that it lacks encryption. Everything transmitted via SMB1 can be captured and read, and even modified, by any attacker who gains access to the network.

Guest logins even on SMB2 do not support standard security features like signing and encryption. This makes them vulnerable to man-in-the-middle attacks.

That’s why Microsoft (finally) disabled them both, starting with the Windows 10 Fall Creators Update 1709.

 

WD NAS Can’t Be Seen In Windows : Before We Start…

Preliminary Step #1 : Update Your NAS

Before you do anything, you should log into your WD NAS management system and update its firmware, in case it’s not already set to automatically update.

Updating its firmware will ensure that your NAS supports at least SMB 2, if not SMB 3 as well.

WD NAS Windows URL macOS URL
My Cloud EX2100 http://wdmycloudex2100 http://wdmycloudex2100.local
My Cloud DL2100 http://wdmyclouddl2100 http://wdmyclouddl2100.local
My Cloud EX4100 http://wdmycloudex4100 http://wdmycloudex4100.local
My Cloud DL4100 http://wdmyclouddl4100 http://wdmyclouddl4100.local

Preliminary Step #2 : Use A Higher SMB Protocol

Then, enable the highest SMB protocol your WD NAS supports (Settings > Network). Set it to SMB 3 if possible.

This will ensure that both your WD NAS and your network support the most secure network protocol possible, for your security.

 

WD NAS Can’t Be Seen In Windows : The Solutions!

Best Solution : Map Your WD NAS By Device Name

The best way is to manually map your WD NAS by its device name. This lets you use the more secure SMB2 or SMB3 network protocols, with direct access to your files as usual.

  1. Determine your WD NAS network path, which is based on the device name.If you changed your WD NAS device name to TechARPCloud (for example), the network name will be \\TechARPCloudHere is a list of default network paths for different WD NAS :
WD NAS Default Network Path
My Cloud Home \\MYCLOUD-last 6 digits of serial number
Example : \\MYCLOUD-123456
My Cloud Home Duo
My Cloud \\WDMYCLOUD
My Cloud Mirror \\WDMYCLOUDMIRROR
My Cloud Mirror Gen 2
My Cloud EX2 \\WDMYCLOUDEX2
My Cloud EX2 Ultra \\MYCLOUDEX2ULTRA
My Cloud EX4 \\WDMYCLOUDEX4
My Cloud EX2100 \\WDMYCLOUDEX2100
My Cloud EX4100 \\WDMYCLOUDEX4100
My Cloud DL2100 \\WDMYCLOUDDL2100
My Cloud DL4100 \\WDMYCLOUDDL4100
My Cloud PR2100 \\MYCLOUDPR2100
My Cloud PR4100 \\MYCLOUDPR2100
  1. Open Windows File Explorer and click on Network on the left pane.
  2. Key in the network path of the WD NAS, which is based on its device name. Make sure you include \\ before the network path.

  1. You will be asked to key in a user name and password.
    This can be the administrator’s login, or the login of any registered user of your WD NAS.
    Remember – Windows 10 no longer allows guest logins or public access. So you will need to create a password-protected account even for guests to use.

  1. Once you successfully authenticate your user name and password, the network shares of your WD NAS will become visible in File Explorer under Network!You can stop here, but you will need to keep keying in the network path and login to access your NAS every time you boot into Windows.

  1. For more convenience, you can create a password-protected Private Share.Start by right-clicking on a network share from your WD NAS and select Map network drive…

  1. Select a drive letter for the network share.
    Check Reconnect at sign-in if you don’t want to automatically log into the drive.
    Then click Finish to map the drive.

That’s it! If you expand This PC in Windows File Explorer, you should now see that the WD NAS network drive has now been mapped by its device name!

 

Alternate Solution : Enable Network Discovery Without SMB1

This Windows 10 workaround can be used if your WD NAS supports SMB2 or SMB3 and you prefer not to map the network drives.

  1. Go to Windows Services.
  2. Start these two services :
    Function Discovery Provider Host
    Function Discovery Resource Publication
  3. Set the Startup type for both those services to Automatic (Delayed Start).
  4. Open Windows File Explorer and go to Network.
  5. When prompted, enable Network Discovery.

Your WD NAS shares should now be visible in Windows File Explorer.

 

Worst Case Solution : Enable Network Discovery Without SMB1

This should only be attempted if your WD NAS simply cannot support SMB2 or SMB3, and can only use SMB1.

  1. Go to Control Panel > Programs.
  2. Click on Turn Windows features on or off.
  3. Expand the SMB 1.0/CIFS File Sharing Support option.
  4. Check the SMB 1.0/CIFS Client option.
  5. Click the OK button.
  6. Restart Windows 10

After Windows 10 restarts, your WD NAS shares should now be visible in Windows File Explorer.

 

Recommended Reading

Go Back To > Computer Hardware | Home

Support Tech ARP!

If you like this review, please support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


HUAWEI 5G Aces GSMA NESAS Security Audit : The Impact?

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA NESAS cybersecurity audit!

While that is great news for them, what exactly is the impact on the deployment of HUAWEI 5G equipment globally?

 

HUAWEI 5G Passes GSMA Network Security Assurance Audit!

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA Network Equipment Security Assurance Scheme (NESAS) audit!

  • 5G RAN gNodeB
  • 5G Core UDG, UDM, UNC, UPCF
  • LTE eNodeB

Here is a summary of the twenty NESAS assessment categories and the compliance levels of the HUAWEI 5G equipment that were tested :

Prior to passing the GSMA NESAS audit, these HUAWEI 5G equipment also passed the 5G cybersecurity test by China’s IMT-2020 (5G) Promotion Group, using test specifications based on 3GPP International standards for 5G security assurance.

 

HUAWEI 5G Faces Political, Not Technical, Pressures

Passing the GSMA NESAS audit will help assuage the cybersecurity concerns of nations planning, or already implementing HUAWEI 5G network equipment.

However, HUAWEI faces political, not technical, pressures with their 5G network equipment.

The 100% compliance score in the NESAS audit will not change minds in the US, and their Five Eyes partners are unlikely to consider HUAWEI 5G equipment.

That said, passing this audit will nevertheless strengthen HUAWEI’s shield against claims that their 5G equipment pose much greater cybersecurity risks than competing platforms.

It will help them win additional contracts in smaller countries whose concerns are far less about cybersecurity and privacy, and more with costs.

 

GSMA Network Security Assurance Scheme (NESAS)

The GSMA Network Equipment Security Assurance Scheme (NESAS) audit is a standardised cybersecurity assessment mechanism, jointly defined by GSMA (GSM Association) and 3GPP, together with regulators, industry partners, major global operators, and vendors.

This is a voluntary program which network equipment vendors can subject their product development and lifecycle processes to a comprehensive and independent security audit.

The GSMA NESAS covers 20 assessment categories, defining security requirements with an assessment framework for 5G product development and product lifecycle processes. It also uses security test cases by 3GPP to assess the security of network equipment.

 

Recommended Reading

Go Back To > Business | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!