The AP says that yesterday's annual report of Germany's Bundesamt für Verfassungsschutz warned that consumers providing information to Chinese companies may also be providing it to the Chinese government.
Attackers are actively scanning for recently patched vulnerabilities in Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, the SANS Institute reports. Users are urged to apply the patches as soon as possible.
Security researchers Pierre Kim and Alexandre Torres report finding vulnerabilities in widely used Fiber-To-The-Home (FTTH) and Optical Line Termination (OLT) devices sold by Shenzhen-based C-Data. ZDNet observes that, of the seven vulnerabilities found, the most serious is the hardcoding of Telnet accounts in the firmware. These grant intruders full administrative access to the devices. Security Affairs points out that the backdoors appear to be intentional.
Data brokers continue to collect information for the benefit of advertisers, and TechCrunch concludes that existing laws seeking to inhibit them are unlikely to do so. Duo Security ran its own test of the California Consumer Privacy Act and decided that even finding out what data were collected is prohibitively difficult. Preventing their sharing with third parties seems even harder.