
The Official DOGE Website Launch Was a Security Mess
Matt Burgess Andrew Couts Feb 15, 2025 6:30 AM Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire. Photograph: Kamran Jebreili/AP
As the United States reels from the upheaval caused by Elon Musk's so-called Department of Government Efficiency (DOGE), hackers from countries the US considers hostile continue to wreak havoc from afar.
New research shows that China's Salt Typhoon hacking group has expanded its targets list to include universities around the world and at least two more telecoms operating in the US. That brings the total number of US telecommunications networks breached by Salt Typhoon to at least 11.
Russia's notorious Sandworm hacking unit may be best known for its attacks on Ukraine, including multiple blackouts caused by its cyberattacks and its release of the destructive NotPetya malware. However, a hacking group within Sandworm is now taking aim at targets in Western nations, including Australia, Canada, the UK, and the US, according to research released this week by Microsoft. The group, which Microsoft calls BadPilot, is known as an 'initial access operation,' breaching targets for the purpose of handing over access to those systems to other Sandworm hackers.
Meanwhile, we dug into the slimy world of romance scammers who are making ill-gotten fortunes by capitalizing on the loneliness epidemic, and we dipped into the opaqueness of online advertising data that could pose a threat to US national security. Finally, we found that US funding cuts under the new Trump administration are hurting the organizations protecting children from exploitation, abuse, and human trafficking.
And there's more. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Elon Musk's DOGE finally started publishing some information about its activities on its threadbare website this week. But it wasn't the only entity publishing on the site.
Two web developers, working independently, found that it is possible to push updates to the DOGE.gov domain, which claims to be an official US government website. The website uses a database that can be edited by anyone online, the experts told 404Media. To demonstrate the insecurity, they left a couple of messages on the DOGE site: 'This is a joke of a .gov site,' one read, while the other says: 'THESE 'EXPERTS' LEFT THEIR DATABASE OPEN.'
The messages stayed on the website for at least 12 hours and remained visible for some time on Friday. The DOGE website was launched in January and until this week was a single landing page containing very little information. The web experts who discovered the vulnerabilities told 404Media that the website appeared to have been 'slapped together.'
The website only started being populated this week—with some figures purporting to show the size of the US government—after Musk promised his organization would be 'maximally transparent.' That transparency may have gone a step too far, however, with HuffPost reporting on Friday that the site included classified material.
As well as being insecure, the DOGE website heavily leans on X, the social media platform owned by Musk. DOGE's homepage is a feed of its own X posts, but it also uses code that directs search engines to X.com instead of DOGE.gov, a WIRED review of the site found. 'This isn't usually how things are handled, and it indicates that the X account is taking priority over the actual website itself,' one developer told WIRED. RedNote Security Flaws Come Into Focus
Chinese TikTok alternative RedNote gained around 700,000 US users and courted American influencers when the ban on TikTok loomed in January. While many of those people may have only used RedNote for a few days, a new analysis from the University of Toronto's Citizen Lab has highlighted how a lack of encryption could have opened up US users to 'surveillance by any government or ISP [Internet Service Provider], and not just the Chinese government.'
The analysis of RedNote found a host of network security issues in both its Android and iOS apps. RedNote fetched images and videos using HTTP connections, not the industry standard and encrypted HTTPS; some versions of the app contained a vulnerability that allows an attacker to have 'read' permissions on a phone; and it 'transmitted insufficiently encrypted device metadata.' The flaws were contained in RedNote's app and several third-party software libraries that it uses. Citizen Lab reported the issues to the companies starting in November 2024 but has not heard back from any of them.
The security researchers say that the vulnerabilities could risk surveillance for all users, including those in China. 'As the Chinese government might already have mechanisms to lawfully obtain detailed data from RedNote about their users, the issues that we found also make Chinese users especially vulnerable to surveillance by non-Chinese governments,' the research says.
It underscores that within China even widely used apps may not meet the same security standards as those developed outside the country. 'Applications that are popular in China often use no encryption, proprietary encryption protocols, or use TLS without certificate validation to encrypt sensitive data,' the analysis says. Military Spy Planes Increase Surveillance Flights at US-Mexico Border
Over the last two weeks, US spy planes have flown at least 18 missions around the Mexico border, analysis from CNN has shown. The flights mark a 'dramatic escalation in activity,' the publication reports, and come as the Trump administration has designated drug cartels as terrorist organizations and has turned the nation's security apparatus toward deporting millions of migrants. According to CNN, various military planes, including Navy P-8s and a U-2 spy plane, were used in the operations and are capable of collecting both imagery and signals intelligence. Also this week, US Immigration and Customs Enforcement has advertised new contracts that would allow it to monitor 'negative' social media posts that people make about it. Backlash Mounts Against UK's Secret Apple Encryption Order
Last month, the UK government hit Apple with a secret order demanding the company create a way to access data stored in encrypted iCloud backups. The order, called a Technical Capability Notice and issued under the UK's controversial 2016 surveillance law, was first reported by The Washington Post last week. Since then, there's been a growing backlash against the demands from the UK government, with many highlighting how a change would impact the security of millions around the world.
US senator Ron Wyden and representative Andy Biggs have sent a letter to Tulsi Gabbard, the new director of national intelligence, saying the order undermines trust between the US and UK. 'If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK,' the pair said, drawing comparisons to the Chinese-linked Salt Typhoon hacks of US telecom firms that utilized a surveillance 'backdoor.' Since details of the order emerged, Human Rights Watch has called it an 'alarming overreach,' while 109 civil society organizations, companies, and other groups signed an open letter saying the 'demand jeopardizes the security and privacy of millions.'

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Which Software Stocks Is BofA Securities Bullish On?
The BofA Securities software research team hosted 18 public and 10 private companies at the BofA Global Technology Conference in San Francisco on June 3-5. With an ever-changing macro policy backdrop, the spending environment was the focus of this discussion. AI product cycles were another key topic discussed, with companies citing healthy pilot activity for agentic applications. Based on discussions, participating software companies endorsed a generally stable environment, although companies remained cognizant of underlying the analyst report noted that while product cycles for agentic AI are still in their early stages, they are reportedly gaining traction through initial pilot deals. Analyst Brad Sills included key takeaways from meetings with participating companies in this report. Sills said Microsoft Corp.'s (NASDAQ:MSFT) (Buy, price forecast $515) Commercial CFO Mat McBride suggested sustained momentum in the Azure business, led by healthy cloud migration. According to the analyst, Microsoft is rapidly innovating across the enterprise stack. ServiceNow's (NYSE:NOW) (Buy, price forecast $1,085) Chief Customer Officer Chris Bedi highlighted solid execution through a tough macro environment in the tariff-impacted manufacturing vertical and DOGE-impacted Federal vertical. ServiceNow noted sustained momentum across the broad IT, customer, and employee application suites. It is expanding rapidly to multiple departments in the enterprise. In front office applications, Salesforce's (NYSE:CRM) (Buy, price forecast $350) COO and CFO, Robin Washington, reiterated pockets of weakness in tariff-impacted verticals like manufacturing and retail, though noting strength elsewhere, Sills said. According to the analyst, Salesforce is driving growth in both core and Agentforce. The analyst noted that Datadog's (NASDAQ:DDOG) (Buy, price forecast $138) CFO, David Obstler, highlighted the company's expanding product offering and its long-term growth potential for monitoring cloud workloads, which are increasing in volume and complexity due to AI. The analyst noted that Datadog's AI-native cohort is growing quickly, though volatility is inherent in the consumption model. Sills said Asana (NYSE:ASAN) (Buy, price forecast $21) noted slight incremental macro headwinds in April for its enterprise segment. According to the analyst, AI Studio could represent a powerful second-half 2026 catalyst for Asana. The analyst noted that software firms cited solid leading indicators for agentic application adoption, though these cycles remain nascent. He said data management vendors such as Microsoft noted added database activity as enterprises prepare for running agentic AI applications. DevSecOps software vendor JFrog (NASDAQ:FROG) (Buy, price forecast $48) discussed how AI-focused code is beginning to show up more this year, Sills said. The analyst pronounced JFrog's setup good heading into the second half of 2025. Application vendors Salesforce and ServiceNow cited healthy pilot activity for agentic applications, Agentforce, and Now Assist, the analyst noted. However, he said revenue targets are limited at this cycle stage. Microsoft cited hundreds of thousands of customers running Microsoft 365 Copilot, expanding deployments, Sills noted. He said that OneStream (NASDAQ:OS) (Buy, price forecast $33) highlighted its attractive AI value proposition and adoption trends in the back office with its SensibleAI Forecast offering. OneStream is an AI-powered back-office disruptor. The analyst said Asana and Freshworks (NASDAQ:FRSH) (Neutral, price forecast $18) noted healthy demand for AI Studio and Freddy AI. Freshworks' AI offerings are driving up the list across all growth levers. Read Next:Photo by Bumble Dee via Shutterstock Date Firm Action From To Feb 2022 Tigress Financial Maintains Buy Jan 2022 Citigroup Maintains Buy Jan 2022 Morgan Stanley Maintains Overweight View More Analyst Ratings for MSFT View the Latest Analyst Ratings Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market. Get the latest stock analysis from Benzinga? MICROSOFT (MSFT): Free Stock Analysis Report SALESFORCE (CRM): Free Stock Analysis Report SERVICENOW (NOW): Free Stock Analysis Report FRESHWORKS (FRSH): Free Stock Analysis Report This article Which Software Stocks Is BofA Securities Bullish On? originally appeared on © 2025 Benzinga does not provide investment advice. All rights reserved. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
tpay Releases White Paper on the Transformative Power of Open Banking Across the Middle East
DUBAI, United Arab Emirates, June 11, 2025 (GLOBE NEWSWIRE) -- tpay, the leading payment connector in the META region, has published a new white paper highlighting how Open Banking is accelerating financial innovation and inclusion across the region. The white paper explores the rapid rise of fintech in the Middle East, where updated licensing frameworks and increased investment are driving significant growth. Despite lower valuations compared to Western markets, the region offers immense profit potential for fintech players, digital banks, and regulators alike. With Open Banking unlocking new use cases and creating seamless digital experiences for consumers and businesses, the white paper outlines the strategic importance of the Middle East in the global financial ecosystem. The region is poised to play a key role in the expected surge of digital payment adoption, with global digital wallet users projected to exceed 5.2 billion by 2026, up from 3.4 billion in 2022, marking robust growth of over 53%. Download the full white paper to explore how Open Banking is reshaping the financial landscape in the Middle East. Open Banking: A Game Changer In the Middle East CONTACT: For more information, please contact: in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
tpay Releases White Paper on the Transformative Power of Open Banking Across the Middle East
DUBAI, United Arab Emirates, June 11, 2025 (GLOBE NEWSWIRE) -- tpay, the leading payment connector in the META region, has published a new white paper highlighting how Open Banking is accelerating financial innovation and inclusion across the region. The white paper explores the rapid rise of fintech in the Middle East, where updated licensing frameworks and increased investment are driving significant growth. Despite lower valuations compared to Western markets, the region offers immense profit potential for fintech players, digital banks, and regulators alike. With Open Banking unlocking new use cases and creating seamless digital experiences for consumers and businesses, the white paper outlines the strategic importance of the Middle East in the global financial ecosystem. The region is poised to play a key role in the expected surge of digital payment adoption, with global digital wallet users projected to exceed 5.2 billion by 2026, up from 3.4 billion in 2022, marking robust growth of over 53%. Download the full white paper to explore how Open Banking is reshaping the financial landscape in the Middle East. Open Banking: A Game Changer In the Middle East CONTACT: For more information, please contact: in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data