Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label bloomberg. Show all posts

New Privacy Policy: X Plans on Collecting Users’ Biometric Data


According to a new privacy policy introduced by X (formerly known as Twitter), it will soon be collecting its users’ biometric data. 

The policy says that the company intends to compile individuals' employment and educational histories. According to the policy page, the modification will take effect on September 29. 

The updated policy reads, “Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes.” While biometric data usually involves an individual’s physical characteristics, like their face or fingerprints, X has not yet specified the data they will be collecting. Also, X is yet to provide details on its plans to collect it. 

In a conversation with Bloomberg, the company noted that biometrics are only for premium users and will have the opportunity to submit their official ID and a photograph in order to add an additional layer of verification. According to Bloomberg, biometric information can be retrieved from both the ID and the image for matching reasons.

“This will additionally help us tie, for those that choose, an account to a real person by processing their government issued ID[…]This will also help X fight impersonation attempts and make the platform more secure,” X said in a statement to Bloomberg.

Last month, X had its name filed in a ‘proposed class action suit,’ where it was accused of illicitly capturing, storing and using Illinois residents’ biometric data,, including facial scans. The lawsuit says X “has not adequately informed individuals” that it “collects and/or stores their biometric identifiers in every photograph containing a face.”

In addition to the modified details of the biometric collection, X’s updated policy reveals its intention of storing users’ employment and education history. 

“We may collect and use your personal information (such as your employment history, educational history, employment preferences, skills and abilities, job search activity and engagement, and so on) to recommend potential jobs for you, to share with potential employers when you apply for a job, to enable employers to find potential candidates, and to show you more relevant advertising,” the updated policy reads.

The move seems to be related to the beta functionality of X, which enables verified companies on the network to publish job postings on their accounts. The prominent social networking platform has also established a legitimate @XHiring account. The hiring drive is a component of Musk's plans to make X an "everything app."  

Data Centers Hacked to Collect Data from Multinational Firms

Over the past 18 months, there have been reports of cyberattacks against numerous data centers in various parts of the world, which have led to the leakage of information about some of the biggest corporations in the world and the publication of access privileges on the dark web.

Resecurity discovered several actors on the dark web, some of whom may have come from Asia, who were able to access customer records and exfiltrate them from one or more databases linked to particular apps and systems utilized by various data center firms during the campaign.

Initial access in at least one of the situations was probably obtained through a weak helpdesk or ticket management module which was connected with other programs and systems, allowing the threat actor to move laterally.

According to Resecurity, the threat actor was able to harvest credentials for data center IT personnel and clients, as well as a list of CCTV cameras and their corresponding video stream identifiers used to monitor data center settings.

Bloomberg said that two of the victim companies are GDS Holdings, based in Shanghai, and ST Telemedia Global Data Centres, based in Singapore. Resecurity did not identify the data center operators that were mentioned in the attack.

According to Bloomberg, GDS acknowledged that a customer assistance website was compromised in 2021 but insisted that there was no risk to the IT systems or data of its clients. It presented no risk to the clients, according to ST Telemedia.

According to Resecurity, businesses with a global presence in finance, investment funds, biomedical research firms, technology vendors, e-commerce sites, cloud services, ISPs, and content delivery network firms were among those whose information was exposed. According to the researchers, the companies are headquartered in the US, UK, Canada, Australia, Switzerland, New Zealand, and China.

Resecurity has not pinpointed any known APT groups as the perpetrators of the attacks. The experts point out that numerous, distinct perpetrators might compromise the victims.

The Moscow Kremlin and the Russian Government Have Estimated the Russian Cryptocurrency Market at $214 Billion

 

Bloomberg claims, citing its own sources that the Kremlin and the Russian government have estimated the Russian cryptocurrency market at $214 billion. This assessment is used during the development of a plan to regulate the industry. 

The volume of cryptocurrency held by Russians was calculated in January 2022 by analyzing the IP addresses of major cryptocurrency exchange users and other information. The agency writes that the estimate may be an underestimate because many traders hide their activities. 

In November 2021, the Central Bank of Russia estimated the annual volume of transactions of Russians with digital assets at $5 billion. The data were obtained based on the results of a survey of large banking organizations in July 2021. The Central Bank also noted that Russian users are among the most active participants in the digital currency market. Russia is among the leaders in the number of visits to digital currency exchanges. 

Later, during the parliamentary hearings, Anatoly Aksakov, head of the State Duma Committee on Financial Market, estimated investments of Russian residents in cryptocurrencies at $194 million. Aksakov stressed that unqualified investors are also interested in digital assets, so the authorities need to determine the position on digital assets and legislate it. 

It is interesting to note that on January 20, the Central Bank published a report for public discussion, in which it proposed to ban the issuance, circulation, and exchange of cryptocurrencies in Russia, as well as the organization of these operations. The regulator also considers it necessary to ban the mining of digital assets and start monitoring the investments of Russians in cryptocurrency on foreign trading platforms. 

However, after the Central Bank report, Deputy Prime Minister Dmitry Chernyshenko approved a roadmap on cryptocurrencies, which proposes the regulation of cryptocurrencies, rather than their prohibition, identification of customers, responsibility for illegal trafficking of digital assets, as well as the development of a methodology for assessing the value of cryptocurrencies. 

Representatives of the Ministry of Finance, the Ministry of Economic Development, the Prosecutor General's Office, Rosfinmonitoring, the FSB, the Ministry of Internal Affairs, the Federal Tax Service, the Ministry of Finance, and the Bank of Russia participated in the development of the roadmap. 

On January 26, Russian President Vladimir Putin called on the government and the Central Bank to come to a consensus on the regulation of digital assets. The Head of state said that he was familiar with the discussion concerning the regulation of cryptocurrencies. 

Earlier, CySecurity News reported that the Russian billionaire Oleg Deripaska criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.