It was one other busy week in safety that noticed huge information about protests, surveillance, spy ware, knowledge breaches, and extra. In the US, recent court filings detail how the FBI’s use of a controversial warrant yielded a trove of Google’s location knowledge from 1000’s of gadgets in and across the Capitol on January 6. Meanwhile, in Iran, movies of antigovernment protests shared on social media spotlight the significance of Twitter’s function in documenting human rights abuses and the consequences if the social media platform breaks.

On November 30, Google’s Threat Analysis Group moved to block a Spanish hacking framework that targets desktop computers. The exploitation framework, dubbed Heliconia, got here to Google’s consideration after a sequence of nameless submissions to the Chrome bug reporting program. While Google, Microsoft, and Mozilla have all patched the Heliconia vulnerabilities, it’s reminder to maintain your gadgets up to date. ​​Here’s what you need to know about all the important security updates released in the past month.

Google researchers additionally discovered this week that the encryption keys phone-makers use to confirm software program on their gadgets are real—together with the Android working system itself—were stolen and used in malware.

Finally, we revealed half six of WIRED reporter Andy Greenberg’s sequence, “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the downfall of AlphaBay, the world’s largest dark-web market. Read the final installment here, and take a look at the complete ebook from which the sequence was excerpted, Tracers within the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, obtainable now from wherever you purchase books.

And there’s extra. Each week, we spotlight the information we didn’t cowl in-depth ourselves. Click on the headlines beneath to learn the complete tales. 

A lethal hearth in an residence constructing sparked large demonstrations in China the place 1000’s of protestors in main cities have taken to the streets in defiance of the nation’s zero-Covid policy. The present wave of protests—the dimensions of which has not been seen within the nation because the lethal 1989 Tiananmen Square protests—has been met with the massive surveillance and censorship apparatus that the state has been refining for decades. Authorities are utilizing facial recognition, cellphone searches, and informants to determine, intimidate, and detain those that attended protests. 

The protests are stress-testing China’s refined censorship equipment, and specialists say that the sheer quantity of video clips has probably overwhelmed China’s armies of censors. Leaked documents from China’s Cyberspace Administration referred to as the protests a “Level I Internet Emergency Response,” and authorities ordered ecommerce platforms to restrict the provision of VPNs and firewall-circumventing routers. On Sunday, Chinese-language Twitter accounts spammed the service with links to escort services alongside city names where protests were occurring to drown out information about the protests. 

US Immigration and Customs Enforcement is in scorching water after the company mistakenly posted confidential knowledge about 1000’s of asylum seekers throughout a routine replace to their web site. The knowledge—which included the names, birthdates, nationalities, and detention areas of greater than 6,000 people—was public for 5 hours earlier than being taken down by the company. The knowledge disclosure may expose the immigrants affected by the breach to retaliation from the gangs and governments they’d fled. 

The company’s tech negligence comes because the Biden administration is dramatically increasing using know-how to observe immigrants throughout conditional launch by smartphone apps and ankle monitors.

“The US government has an obligation to hold asylum seekers’ names and information in confidence so they don’t face retaliation,” a lawyer at Human Rights First, the group that found the leak, informed the Los Angeles Times. “ICE’s publication of confidential data is illegal and ethically unconscionable, a mistake that must never be repeated.”

New analysis reveals that Google continues to retain delicate location knowledge from people looking for abortions despite guarantees the corporate made in July to purge this sort of knowledge from its methods. Researchers with Accountable Tech, an advocacy group, performed numerous experiments to investigate the information that Google shops about people on the lookout for abortions on-line. They discovered that searches for instructions to abortion clinics on Google Maps, in addition to the routes taken to go to Planned Parenthood areas, have been saved by Google for weeks. Google spokesperson Winnie King informed the Guardian that customers “can turn Web & App Activity off at any time, delete all or part of their data manually, or choose to automatically delete the data on a rolling basis.”

Their findings contradict the pledges Google made after the US Supreme Court overturned Roe v Wade. “If our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit,” the corporate mentioned in July. Five months later, Google seems to haven’t applied this modification.

LastPass, a preferred password supervisor, is investigating a safety incident after its methods have been compromised for the second time this yr. In a blog post concerning the incident, chief govt Karim Toubba mentioned that an attacker gained entry to their clients’ info utilizing knowledge stolen from LastPass’ methods in August, however didn’t specify what particular buyer info was taken—though he stipulated that customers’ saved passwords remained protected by the corporate’s encryption scheme. “We are working to understand the scope of the incident and identify what specific information has been accessed,” Toubba says. “In the meantime, we can confirm that LastPass products and services remain fully functional.”