“Weekly Security News: U.S. Privacy Scores a Victory as Judge Restricts FBI’s Warrantless Searches”

This week unfolded with dramatic developments that kept momentum high. In the early hours of Saturday night, TikTok was blocked for users in the United States, just ahead of Sunday’s deadline that required Apple and Google to remove the app from their stores. During the outage, users scrambled to bypass the TikTok ban, while several other apps faced unexpected access restrictions. By midday Sunday, TikTok was back online in the US. By Monday night, President Donald Trump signed an executive order extending the ban by 75 days.

On Tuesday, Trump fulfilled a campaign promise by pardoning Ross Ulbricht, the creator of the Silk Road dark-web marketplace, where drugs, firearms, and other illicit items were sold. Ulbricht had been in prison for over 11 years after his 2013 arrest and life sentence. The pardon is widely seen as influenced by support from the libertarian cryptocurrency community, which views Ulbricht as a martyr.

As the world enters Trump’s second term, cybersecurity experts sat down with Jen Easterly, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), to discuss the cyber threats confronting the US and the agency’s uncertain role as a critical defense against nation-state hackers and other digital security challenges.

In other news, researchers exposed significant vulnerabilities in Subaru’s vehicle tracking system. They discovered that flaws in an employee portal allowed access to up to a year’s worth of location data for customer vehicles, revealing even specific parking spots. Although Subaru has patched the issues, employees still retain access to sensitive location data.

Judge Rules FBI Searches Under FISA Require Warrants

A federal judge in New York ruled that the FBI’s practice of searching US citizens’ data under Section 702 of the Foreign Intelligence Surveillance Act without a warrant is unconstitutional. While FISA allows the US government to collect communications from foreign entities, the FBI has conducted “backdoor searches” on US persons communicating with foreigners without prior warrants. Judge DeArcy Hall concluded that such searches violate constitutional rights, stating that allowing them would create a repository of communications accessible without oversight.

Cloudflare Flaw Could Reveal Users’ Locations

An independent security researcher discovered a vulnerability in Cloudflare’s content delivery network (CDN) that could expose users’ general locations. Cloudflare’s CDN improves internet performance by caching data on servers close to users. The researcher, Daniel, found a method to pinpoint the state or city of a target by analyzing which data center delivered an image sent to them. Cloudflare has since resolved the issue after being notified.

Trump Administration Disbands Review Board Investigating Chinese Cyberattacks

In a controversial move, the Trump administration disbanded several advisory committees, including the Cyber Safety Review Board (CSRB), which had been investigating cyberattacks by the China-backed group Salt Typhoon. The group infiltrated nine US telecommunications networks, potentially enabling Beijing to spy on unencrypted calls and messages. With the board dissolved, sources say the investigation into Salt Typhoon’s activities has been effectively terminated.