At a glance.
- Arkansas Attorney General sues Temu over alleged privacy violations.
- Google disrupts Chinese influence operations.
- Emerson patches vulnerabilities affecting gas chromatographs.
Arkansas Attorney General sues Temu over alleged privacy violations.
Arkansas Attorney General Tim Griffin has alleged in a lawsuit that e-commerce app Temu is "dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cell phone," the Verge reports. The lawsuit states, "Temu is purposefully designed to gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications. Temu is designed to make this expansive access undetected. even by sophisticated users. Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place. Even users without the Temu app are subject to Temu's gross overreach if any of their information is on the phone of a Temu user. Temu monetizes this unauthorized collection of data by selling it to third parties, profiting at the direct expense of Arkansans’ privacy rights."
Temu is currently the top shopping app in Apple's App Store. Temu's parent company PDD Holdings was founded in China, though it moved its headquarters to Ireland last year. Griffin said in a press release, "Temu is led by a cadre of former Chinese Communist Party officials, which raises significant security risks to our country and our citizens."
Google disrupts Chinese influence operations.
Google's Threat Analysis Group (TAG) has published an update on DRAGONBRIDGE, an influence operator that pushes content aligned with the Chinese government's positions. The researchers state, "DRAGONBRIDGE accounts create content reacting to breaking news, especially wedge social issues, usually within a few weeks of the event. In general, this content is lower quality than the content created for anticipated events, reflecting the speed with which the actor pivots to create content in response to current events."
In 2023, Google removed more than 65,000 YouTube and Blogger instances linked to DRAGONBRIDGE. While the operation is high-volume, it's largely ineffective and gets almost no engagement from users.
Emerson patches vulnerabilities affecting gas chromatographs.
Claroty has discovered four vulnerabilities affecting Emerson Rosemount 370XA gas chromatographs, one of which could allow "an unauthenticated attacker with network access to remotely execute arbitrary commands with root privileges," SecurityWeek reports. The researchers note, "A compromise of such devices can have a tremendous impact on various industries. In the food and beverage sector, attacks against a food processing company’s gas chromatographs could prevent the accurate detection of bacteria and bring a process chain to a halt. Similar attacks against a hospital’s chromatographs would disrupt testing of blood and other patient samples."
Emerson has issued patches and mitigations for the vulnerabilities.