Information Technology

Didi Global has been fined 8 billion yuan ($1.18 billion) for breaching China’s cybersecurity and data security laws. The Chinese ride-sharing operator is accused of 16 illegal practices involving the collection of passenger data. Cyberspace Administration of China (CAC) said Thursday Didi had violated the country’s cybersecurity and data security laws. The industry regulator pointed to the Cybersecurity Law, Data Security Law, and Personal Information Protection Law (PIPL), reported state-run media agency China Daily.CAC said Didi had illegally collected its users’ personal data, including 107 million pieces of passengers’ facial recognition details as well as their photos and short messages. In addition, the company’s CEO Cheng Wei and president Liu Qing were each fined 1 million yuan ($148,070), in accordance with the respective regulations. Didi posted a statement Thursday on Chinese microblogging platform Weibo acknowledging the government’s decision. It said it would comply with the fine order. The Beijing-based company added that it would conduct an internal assessment and cooperate with CAC to beef up its cybersecurity, data security, and personal data security measures.Thursday’s announcement comes a year into CAC’s probe of Didi’s cybersecurity practices, which had kicked just days after the company made its debut on the New York Stock Exchange. Didi in July 2021 was instructed to remove its app from local appstores, after CAC said it had breached regulations governing the collection and use of personal data. The regulator had put the company under a cybersecurity review to “prevent national data security risks” and safeguard public interest. Didi delisted from the New York Stock Exchange in June 2022. Hackers earlier this month claimed to have access to personal data of 1 billion residents in China, after putting the information on sale via an online forum. They allegedly retrieved the data from the Shanghai National Police, though, the Chinese government had yet to publicly acknowledge the leak. Reports emerged last week that Alibaba had been called in by Shanghai authorities over the breach. According to the Wall Street Journal, which cited unnamed sources, the affected database’s administrative dashboard was left open without a password for more than a year. The data was hosted on Alibaba Cloud. CAC in January this year released draft laws that would require, amongst others, mobile apps to be licensed if they provided news and to go through a security assessment if they influenced public opinion. They also must adhere to cybersecurity guidelines and not endanger national security. The proposed legislation would further regulate services provided via mobile apps and ensure these operated alongside the country’s other laws, including the PIPL and Data Security Law, CAC then said. RELATED COVERAGE More

Apple Yesterday, Apple released a bumper pack of updates, with everything from iPhones and iPads to Apple Watches and even the Apple TV and the now defunct iPod Touch needing to be updated. On the iPhone and iPad front, we get iOS 15.6 and iPadOS 15.6. From the release notes, these might seem like minor […] More

Banks and financial services institutions have opportunities to manage digital identities in the metaverse, potentially tapping modern cryptography to do so. They should, however, ensure they are prepared to manage the risks that come with adopting any new technology. There had yet to emerge an effective way to implement general-purpose digital identity and without which, the metaverse could not function. This currently was the missing ingredient in the equation, said advisor on digital financial services David G.W. Birch, who was speaking at Huawei’s Intelligent Finance Summit 2022 held this week in Singapore.Citing The Financial Times’ definition, Birch said the metaverse was a collection of shared virtual worlds in which people could navigate via their digital assets and digital identity–or” economic avatars”, as coined by virtual reality specialist Jaron Lanier. While physical things could be repurposed–via tokens–and exist in virtual worlds, there needed to be an effective way to manage social identities and credentials.Birch noted the lack of a global digital identity that was recognised regardless of where the individual was. Pointing to banks as potential players that could lead in this space, he said these financial services institutions already were experienced in Know Your Customer (KYC) processes. These are adopted by banks worldwide to verify a customer’s identity and transactions as well as assess risks of unlawful practices, such as money laundering,With their expertise in KYC, financial services institutions then could apply modern cryptography to plug the digital identity gap, he said. Based in the UK, Birch also is a venture parter at 1414 Ventures, a US-based fund that invests in early-stage startups in the digital identity market.He added that a winning strategy in the metaverse would further comprise digital wallets, which he said were central to three key components in the metaverse–virtual worlds, Web 3.0, and digital identity.With wallets now containing mostly data related to identity and credentials, these had to transition into the virtual space to support the metaverse. Being part of the digital wallet ecosystem, hence, would be a critical strategy for banks, he said. He noted that financial services institutions, backed by an established reputation in the physical realm, would have the differentiating trait to facilitate this.Digitalisation carries with it multiple risksThe involvement of any new technology, though, came with potential challenges that banks would have to manage. Speaking at the summit, Vincent Loy, assistant managing director of technology at Monetary Authority of Singapore (MAS), said the adoption of emerging technology came with some amount of uncertainty and chance it would not work as expected. Financial services institutions needed time to understand the technology and ensure they could handle the risks that came with it, said Loy, noting that this was amongst key risks he was concerned about as an industry regulator. Early adopters typically were the first to confront design flaws and other unforeseen implementation challenges, he said. While this did not mean banks should not be innovative and leverage new technology, he underscored the need to be able to mitigate potential risks. He also pointed to legacy systems as another area that posed serious risks to the sector. These systems supported critical workloads but were costly to maintain, he said, adding that they also lacked documentation and carried unknown vulnerabilities. In addition, they were reliant on employees who might not be with the organisation in the future. Cybersecurity also continued to be a key challenge for the sector due to an increasing attack surface, Roy said. Third-party attacks, in particular, were concerning as financial services institutions’ use of open source software and open standards increased, he said, noting that it was neither economically viable nor realistic for these organisations to use only in-house products and services.Along with the benefits it offered, the adoption of cloud services also came with potential risks that needed to be managed, he added. He urged financial services institutions to be mindful about managing the technological risks that came with digitalisation, as they navigated a complex and fast-moving external environment, He also underscored the need for organisations in both the financial services and technology sectors to engage with regulators to better understand the various challenges and ideate potential solutions. At the summit, Huawei urged the financial sector to “rebuild its core competitiveness” as global markets underwent digital transformation and focused on sustainable development.To do so, the Chinese tech giant identified key challenges the industry would need to address, including the ability to process massive volumes of data in real-time, deliver “end-to-end” user experience, and manage complex networks and multi-cloud environments. Huawei’s global digital finance CEO Jason Cao said the vendor looked to facilitate this by enabling its customers in the sector build “smarter and greener finance based on better connections, stronger intelligence, and more scenarios”. These encompassed providing converged data platforms, customer engagement applications, and hybrid- and multi-cloud architectures to ease cross-cloud management and deliver more agility, Cao said. RELATED COVERAGE More

StackCommerce The following content is brought to you by ZDNet partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. While your data is at risk whenever you’re online, hackers can also crack your passwords using social engineering to figure out what words you might use. That’s why […] More

By Rawpixel.com — Shutterstock Last week, July 12 and 13 were — together — Prime Day. Two days later, someone used Amazon to try to defraud our account. Presumably, the crook assumed Amazon was going to be showing up on so many financial accounts this week that Prime Day would provide some air cover for […] More

Image: Getty/Marko Geber Critical security vulnerabilities in a popular GPS tracker used to track vehicle fleets by critical infrastructure, governments and emergency services around the world could be used to remotely track, stop and even take control of vehicles, according to security researchers Six flaws in MiCODUS MV720 vehicle GPS trackers – including the use […] More

There are trackers everywhere. Their goal is to glom onto your network behavior and inform businesses of your: browsing habits, visited websites, time spent on websites, purchases, and clicks on advertisements. The result is a full-blown advertising profile for you. Thanks to trackers, I’ve experienced some rather disturbing behavior on mobile devices. I’ve witnessed someone just pause over an ad on Facebook, only to get that product pushed to their email account and even via SMS. 
ZDNet Recommends
It’s not just disturbing; it could be dangerous to the wellbeing of your data and privacy. Unfortunately, neither Android nor iOS is very successful when preventing trackers on a global scale. There is hope for you, however, hope that comes in the form of the DuckDuckGo web browser. For those that don’t know, DuckDuckGo started out as an alternative search engine, offering considerably more privacy than Google. The company then released its own web browser for both Android and iOS that focused on user privacy and online trust. By default, this browser collects no data nor shares any data with third parties. On top of that, DuckDuckGo as a straight-up web browser is quite good, with plenty of user customization options.But there’s one particular feature that should prompt you to immediately make the switch from your default: App Tracking Protection.At this time, you have to actually request an invitation to gain access to the feature. This will be the case until the feature is out of beta, so you must join the waitlist for the feature in-app (from Settings – Figure 1).Figure 1 More

Credit: CNET ZDNet Recommends Microsoft is adding yet another cloud bundle to its Microsoft Cloud line-up. The latest is known as the “Microsoft Cloud for Sovereignty.” It’s similar to Microsoft’s own Cloud for Government, except that it’s not only for US government customers; instead, it’s for government and public sector customers worldwide. Sovereignty is a […] More