ZDNETIn the name of beefing up Android security, Google has added a new feature called Identity Check that automatically locks sensitive settings behind biometric authentication. How Identity Check worksThe feature works when you carry your phone beyond trusted locations. Once Identity Check kicks in, you’ll need to use biometric authentication to access saved passwords and passkeys, autofill passwords in apps, change screen lock and biometrics, factory reset your device, turn off Find My Device and other anti-theft features, set up a new device, add or remove a Google account, and access developer options.Also: How to clear your Android phone’s cache and make it feel like new for 2025The goal of Identity Check is to prevent bad actors from taking control of your Google Account and accessing features that could then enable them to steal data or otherwise compromise the security of your device.How to enable Identity Check More

Health Minister Greg Hunt launching the COVIDSafe app on 26 April 2020.
Image: Getty Images
The Digital Transformation Agency (DTA) has changed the way feedback is provided for the country’s COVIDSafe app, as the issue-plagued app moves to “business as usual” mode.As highlighted by software developer Geoffrey Huntley on Twitter, the DTA has disabled the ability to collaborate on GitHub. “This removes a huge wealth of information, history and discussion around decisions made, bugs that were fixed etc. @DTA surely this is a mistake?”But according to the DTA, it was not a mistake. “As part of the COVIDSafe app’s transition to ‘business as usual mode’, we have streamlined the channels for support and engagement with the community,” a spokesperson told ZDNet.”Feedback and support channels for the COVIDSafe app remain open via [email protected], we welcome input from the tech community. “The process for reporting security concerns remains unchanged and is published on GitHub.”

The reason for posting on GitHub was previously touted by the agency as enabling the tech community an opportunity to provide feedback.See also: A Bluetooth revamp touted to fix Australia’s COVIDSafe app connectivity flawsAfter pinning the cost of keeping the COVIDSafe app running at AU$100,000 a month in March, former DTA CEO Randall Brugeaud in May almost halved the previous estimate.”I estimated AU$100,000 per month to host COVIDSafe at the last hearing, that has ended up at AU$75,094.98 per month. And we’ve made a number of performance improvements to the app over the last couple of months, which should see that sitting at about AU$60,000 per month from the first of July,” he said at the time.The total cost to build and operate the app as of May was AU$7,753,863.38, including GST. To the end of January, that figure was AU$6,745,322.31, which Brugeaud said comprised around AU$5,844,182.51 for the app’s development and AU$901,139.80 for hosting.Earlier this week, the Department of Health released freedom of information documents requested by the Canberra Times pertaining to the evaluation of the operation and effectiveness of COVIDSafe and the National COVIDSafe Datastore. The final report is meant to provide information on the app’s appropriateness, implementation, and efficiency.In May, the DTA said the app had picked up 567 close contacts not found through my manual contact tracing, a large increase on the previous number of 17 contacts, and that there had been 779 uploads to the National Data Store since inception last year.Whole paragraphs that discuss the effectiveness of the app in New South Wales, Queensland, and Victoria are missing from the report, however.The heavily redacted document does however provide the finding that the app touted by Prime Minister Scott Morrison as digital sunscreen was the “correct tool” to implement.”As our technology review indicates, based on the parameters of knowledge and capabilities at the time of app launch, it is believed that the COVIDSafe app was the correct tool to employ,” the report says. “Many of the international contact tracing apps, such as Singapore’s TraceTogether, utilised BLE to capture digital ‘handshakes’ between mobile devices.”As of 9pm AEST 22 July 2021, there were around 1,700 active cases of COVID-19 in Australia, with most of the country remaining under strict lockdown orders.MORE DIGITAL SUNSCREEN14 COVIDSafe enquiries to OAIC, but still no complaints or breachesThe agency’s second six-month report shows there have been no reports of breaches, no complaints made, and no investigations underway regarding the COVIDSafe app that Labor has referred to as a ‘turkey’.Australian Committee calls for independent review of COVIDSafe appIt said the AU$5.24 million app has significantly under-delivered on the Prime Minister’s promise that the app would enable an opening up of the economy in a COVID safe manner.Attorney-General urged to produce facts on US law enforcement access to COVIDSafeIn its second interim report, Australia’s COVID-19 committee argues misuse of public interest immunity claims from agencies, including by the Attorney-General’s Department which it has accused of failing to confirm whether a US law enforcement agency was barred from accessing data collected by COVIDSafe. More

The MosesStaff hacking group has entered the ‘ransomware’ fray with a difference: blackmail payments are furthest from their minds.

ZDNet Recommends

On November 15, Check Point Research (CPR) said the group began targeting organizations in Israel during September this year, joining campaigns launched by Pay2Key and BlackShadow. The focus of these operations was to deploy ransomware on their victim’s systems, cause damage, and steal valuable information destined for future public leaks.  Ransomware operators, including Maze, Conti, and LockBit, to name but a few, have adopted double-extortion tactics through the launch of dedicated data leak websites on the Dark Web.  During an assault, these groups will steal valuable corporate information ahead of the encryption of a victim’s systems. If they refuse to pay up, these organizations are then faced with the threat of this data being leaked to the public or sold.  However, MosesStaff is open about its intentions: the attacks are political. No ransom demand is made — the only purpose is to steal information and to cause damage.  “In the language of the attackers, their purpose is to “Fight against the resistance and expose the crimes of the Zionists in the occupied territories,” CPR says.

The researchers assume that initial access is obtained through vulnerabilities in public-facing systems, such as the bugs in Microsoft Exchange Server, which were patched earlier this year.  Once access has been secured, MosesStaff then drops a webshell to execute further commands; batch scripts for disabling Windows firewall and to enable SMB; PsExec for operating processes remotely; and OICe.exe, an executable written in the Golang programming language for receiving and executing commands via the command line.   Data is then exfiltrated from the victim machine, including domain names, machine names, and credentials — information which is then used to compile a custom version of the PyDCrypt malware. This payload is focused on infecting any other vulnerable machines on a network as well as ensuring the main encryption payload, DCSrv, is executed properly. DCSrv is based on the open source DiskCryptor tool. The DiskCryptor bootloader is also executed to ensure the system can’t be booted again without a password. However, the researchers say that it may be possible to reverse the current encryption process if properly kept EDR records are available in the right circumstances. Attribution is not firm in this case, but CPR suspects that they may be located in Palestine due to development time logs and coding clues in a tool used, OICe.exe, which was submitted to VirusTotal from Palestine several months before the campaign began.  “Like the Pay2Key and BlackShadow gangs before them, the MosesStaff group is motivated by politics and ideology to target Israeli organizations,” the researchers commented. “Unlike those predecessors, however, they made an outright mistake when they put together their own encryption scheme, which is honestly a surprise in today’s landscape where every two-bit cybercriminal seems to know at least the basics of how to put together functioning ransomware.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Mova P50 Pro Ultra <!–> ZDNET’s key takeaways The Mova P50 Pro Ultra is available for only $799, down $200 from its regular price. This is one of the strongest robot vacuums on the market with 19,000Pa of suction, with reliable edge cleaning, mop removal, and obstacle avoidance. While its obstacle avoidance far exceeds its […] More

Brazil’s National Data Protection Authority (ANPD) will gain independence from the presidency. The data protection body was elevated to the special authority status under a provisional measure published today.According to the text, ANPD will be transformed into an autarchy of a special nature while still maintaining the organizational structure and competences of the law that created it in 2018. The provisional measure notes that, considering the scope of the powers of the authority, which oversees both the public and private sectors, the shift towards becoming an autarchy is legally important to ensure independence. 
ZDNet Recommends
The effects of the provisional measure become immediate after its signature, thus giving full administrative and budgetary autonomy to ANPD, which previously had only technical and decision-making autonomy. However, for the measure to be definitively signed into law, it will still require on approval by the Lower House of the Brazilian Congress as well as the Senate.Brazil’s data protection regulations (LGPD) granted the ANPD powers of inspection, sanction, and regulation. The authority has a critical role in the legal framework for the protection of data subjects, which enables the proper use of personal data in public and private contexts.ANPD’s link with the presidential office has been heavily criticized since its inception in 2020. When the Brazilian Constitution was amended to make data protection a fundamental citizen right in February, consumer protection body Idec said the authority’s lack of independence was “something that goes against international recommendations for the constitution of authorities on the subject and jeopardizes the necessary supervision of data processing in the country.”After the provisional measure that creates the autarchy is signed into law, the National Data Protection Authority will have the autonomy it needs to fully perform its functions and legal competences. This includes the activities related to the administrative management of the body itself.According to the ANPD, its independence from the presidency is aligned with government policies and programs, such as facilitating international trade and increasing competitiveness, in addition to bringing relevant impacts to society and companies, providing compatibility with other regulatory regimes around the world. In addition, the authority noted that the move improves Brazil’s readiness for entry into international organizations and blocs, such as the Organization for Economic Cooperation and Development (OECD).”The transformation of the ANPD’s legal nature will enable the Authority to be more capable of prioritizing actions and generating better results for society”, the authority said in a statement. “In addition, it will bring greater legal certainty to individuals and organizations, representing an advance in the application of the LGPD, increasing Brazil’s international reputation and credibility.”
Government More