A leak (obtained by the ICIJ) and a defection (reported by the Times and others) appear respectively to shed light on China's repression of its Uighur minority and on the country's espionage operations.
Qihoo 360 says it's detected a major cyber surveillance campaign against targets in Kazakhstan. Qihoo calls the group "Golden Falcon;" Kaspersky tells ZDNet that they think this is the APT previously tracked as DustSquad. Neither company offers any attribution beyond that, but they say the group appears to be Russian speaking. In itself that means little: there's no shortage of Russian speakers in Kazakhstan.
Very large data leaks from exposed servers have compromised a total of about 1.2 billion records, some four terabytes of personal data. Data Viper suggests that People Data Labs and OxyData, two data aggregation and enrichment shops, were the source of the exposure. The data include home and cellphone numbers, email addresses, social media profiles (Facebook, Twitter, LinkedIn, and GitHub), work histories (apparently from LinkedIn). About fifty-million unique phone numbers and six-hundred-twenty-two-million unique email addresses were exposed, but no passwords, Social Security Numbers, or paycard information.
Citing national security concerns surrounding 5G networks, the US Federal Communications Commission has prohibited using Universal Service Funds to purchase Huawei or ZTE equipment.
Russia's Duma has banned devices that don't come with certain preloaded Russian software, Computing reports.
Louisiana's recovery from the Ryuk ransomware that afflicted state government systems is proving more protracted than officials had hoped: Governor Edwards on Friday declared a state of emergency.