![](\"https:\/\/media.wired.com\/photos\/62bf749051f58063018c35bd\/master\/pass\/California-Gun-Owner-Leak-Security-Roundup-Security-GettyImages-185059996.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Sat, 02 Jul 2022 13:00:00 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Your car is<\/span> a data gold mine<\/a>. Each trip you make produces a lot of data\u2014from your location to your use of infotainment systems\u2014and car manufacturers are getting better at using this information. One 2019 analysis found cars could generate up to 25 gigabytes of data per hour. As companies refine their ability to mine this data, your car could prove to be the next national security threat<\/a>. This week, the Chinese town of Beidaihe banned Teslas from its streets as the country\u2019s Communist party leaders gather in the area. One possible reason for the ban is that the cars could reveal sensitive details about China\u2019s most senior figures<\/a>.<\/p>\n Elsewhere, German mobile providers are testing \u201cdigital tokens\u201d as a way to serve up personalized advertising on people\u2019s phones. The trial of TrustPid by Vodafone and Deutsche Telekom generates pseudo-anonymous tokens based on people\u2019s IP addresses and uses them to show personalized product recommendations<\/a>. The move has been likened to \u201csupercookies<\/a>,\u201d which have previously been used to track people without their permission. While Vodafone denies the system is akin to supercookies, privacy advocates say it is a step too far. \u201cCompanies that operate communication networks should neither track their customers nor should they help others to track them,\u201d privacy researcher Wolfie Christl told WIRED<\/a>.<\/p>\n In other stories this week, we\u2019ve rounded up the critical updates from Android, Chrome, Microsoft, and others that emerged in June<\/a>\u2014you should make those updates now. We also looked at how the new ZuoRAT router malware<\/a> has infected at least 80 targets worldwide. And we detailed how to use Microsoft Defender<\/a> on all your Apple, Android, and Windows devices.<\/p>\n But that\u2019s not all. We have a rundown of the week\u2019s big security news that we haven\u2019t been able to cover ourselves. Click on the headlines to read the full stories. And stay safe out there.<\/p>\n California\u2019s gun database, dubbed the Firearms Dashboard Portal, was meant to improve transparency<\/a> around the sale of weapons. Instead, when new data was added to it on June 27, the update proved to be a calamity<\/a>. During the planned publication of new information, the California Department of Justice made a spreadsheet publicly accessible online and exposed more than 10 years of gun owner information. Included in the data breach were the names, dates of birth, genders, races, driver\u2019s license numbers, addresses, and criminal histories of people who were granted or denied permits for concealed and carry weapons between 2011 and 2021. More than 40,000 CCW permits were issued in 2021<\/a>; however, California\u2019s justice department said financial information and Social Security numbers weren\u2019t included in the data breach.<\/p>\n While the spreadsheet was online for under 24 hours, an initial investigation appears to indicate that the breach was more widespread than initially thought. In a press release issued on June 29<\/a>, the Californian DOJ said other parts of its gun databases were also \u201cimpacted.\u201d Information contained in the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards may have been exposed in the breach, the department said, adding that it is investigating what information could have been revealed. Responding to the data breach, the Fresno County Sheriff\u2019s Office said<\/a> it was \u201cworse than previously expected\u201d and that some of the potentially impacted information \u201ccame as a surprise to us.\u201d<\/p>\n Indian hacker-for-hire groups have been targeting lawyers and their clients across the globe for the better part of a decade, a Reuters investigation revealed this week<\/a>. Hacking groups have used phishing attacks to gain access to confidential legal documents in more than 35 cases since 2013 and targeted at least 75 US and European companies, according to the report, which is partly based on a trove of 80,000 emails sent by Indian hackers over the past seven years. The investigation details how hack-for-hire groups operate and how private investigators take advantage of their ruthless nature. As Reuters published its investigation, Google\u2019s Threat Analysis Group made public<\/a> dozens of domains belonging to alleged hack-for-hire groups in India, Russia, and the United Arab Emirates.<\/p>\n Since 2009, the Chinese hacking group APT40 has targeted companies, government bodies, and universities around the world. APT40 has hit countries including the United States, United Kingdom, Germany, Cambodia, Malaysia, Norway, and more, according to security firm Mandiant<\/a>. This week, a Financial Times<\/em> investigation<\/a> found that Chinese university students have been tricked into working for a front company linked to APT40 and been involved in researching its hacking targets. The newspaper identified 140 potential translators who had applied to job ads at Hainan Xiandun, a company allegedly linked to APT40 and named<\/a> in a US Department of Justice indictment in July 2021. Those applying for jobs at Hainan Xiandun were asked to translate sensitive US government documents and appear to have been \u201cunwittingly drawn into a life of espionage,\u201d according to the story<\/a>.<\/p>\n In 2021, North Korean hackers stole around $400 million in crypto<\/a> as part of the country\u2019s efforts to evade international sanctions and bolster its nuclear weapons program<\/a>. This week, investigators started linking the theft of around $100 million in cryptocurrency from Horizon Bridge, on June 23, to North Korean actors. Blockchain analysis firm Elliptic says<\/a> it has uncovered \u201cstrong indications\u201d that North Korea\u2019s Lazarus Group may be linked to the Horizon Bridge hacking incident\u2014and Ellipictic is not the only group to have made the connection<\/a>. The attack is the latest in a string against blockchain bridges<\/a>, which have become increasingly common targets in recent years. However, investigators say the ongoing crypto crash has wiped millions in value<\/a> from North Korea\u2019s crypto heists.<\/p>\n