Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. 

SB 362, or the DELETE Act, like the right to repair bill passed earlier this week, is now on its way to Governor Gavin Newsom's desk for signature - or not. "We don't typically comment on pending legislation. Each bill will be evaluated on its merits," the Governor's office told us.

If signed, the bill will require the California Privacy Protection Agency (CPPA) to set up a website by 2026 where residents could go to, listing every single data broker registered in the state of California, to delete whatever data they had on the individual - and to keep deleting anything new they acquired every 45 days. The bill would also prohibit the selling or sharing of any newly collected personal data of an individual who requested deletion. 

To ensure that the brokers follow the law, SB 362 would also shift responsibility for data broker registration from the California Attorney General's office to the CPPA so all the enforcement could happen under one roof. The bill will also require data brokers to undergo triennial audits to ensure they've been complying with the bill's provisions, and would impose civil penalties on violators. 

Californians have every right under the law, as it stands, to request their data be deleted from a broker's database, but it's difficult. There are around 500 data brokers registered in the state of California, and consumers have to contact every single one individually to request their data be wiped.

"Data brokers currently have the ability to use data on reproductive healthcare, geolocation, and purchasing data to sell it to the highest bidder," California state Senator Josh Becker, who introduced the bill, said of SB 362.

"This bill will help Californians actually exercise the right to delete their information from data brokers and protect our right to privacy," Becker told the LA Times. 

New ransomware family spotted in the wild

A new ransomware range, dubbed 3AM by Symantec researchers, has been found in the wild and appears to be a completely fresh family of malware. 

3AM was spotted in just a single attack so far, Symantec said, in which it was deployed by a ransomware affiliate as a backup when the target's network blocked an attempt to install LockBit. Written in Rust, 3AM attempts to stop a whole bunch of security and backup services before encrypting files, after which it attempts to delete volume shadow copies to ensure recovery is more difficult.

"It is still unclear whether its authors have any links to known cybercrime organizations," Symantec said, adding that new ransomware families appear and disappear all the time.

However, the Threat Hunter Team noted in their blogpost, the fact that 3AM's first appearance was alongside ransomware as high profile as Lockbit "suggests that it may be of interest to attackers and could be seen again in the future." 

Better take a look at those IoCs. 

AirTags find a new illicit use: Arms smuggling

Apple AirTags are great: They can help you keep track of easily lost items like a purse or backpack, or be used to locate a lost pet. They can also (allegedly) be used by stalkers and murderers to track their victims, and now arms dealers are turning to the tiny Bluetooth trackers to help them keep an eye on illicit gun shipments.

According to Forbes, US Customs and Border Patrol have intercepted packages of gun parts with AirTags in them as an alternative to the bulky, often unreliable GPS trackers gun runners have traditionally used to mail their merch.

In this case, it appears a single criminal gang was behind the gun parts smuggled with AirTags as trackers, and one member has been arrested and accused of shipping illegal switches for Glock firearms that turn them into automatic weapons. 

Apple said last year that it was introducing changes to AirTags to prevent them being used for stalking and other "criminal purposes," and while progress has been made to prevent stalking, Apple apparently has yet to code in the anti-smuggling features. ®

https://www.theregister.com//2023/09/18/california_passes_bill_to_set/