• Vietnam recorded its second coronavirus death as the country battles a new outbreak of the virus, which emerged in the city of Danang.

• Spain reported a second day of 1,000-plus coronavirus infections, the highest since the nation lifted its lockdown in June.

Here are the latest updates:

Saturday, August 1

04:21 GMT – S Korea arrests Christian leader over church cluster

Authorities in South Korea arrested the founder of a secretive Christian sect at the centre of the country’s largest outbreak on charges of obstructing the government anti-virus efforts.

Lee Man-hee is the powerful head of the Shincheonji Church of Jesus which is linked to more than 5,200 coronavirus infections, or 36 percent of South Korea’s total cases.

Prosecutors allege the 89-year-old conspired with other sect leaders to withhold information from authorities, including meeting places and the number of participants at the sect’s gatherings as authorities tried to trace infection routes in February.

Lee and his church have steadfastly denied the accusations, saying they’re cooperating with health authorities. Its spokesperson, Kim Young-eun, said the church will do its best so that “the truth is clearly proved in court”.

03:47 GMT – Google says 20 US states, territories ‘exploring’ contact tracing apps

Alphabet Inc’s Google said that 20 US states and territories, representing about 45 percent of the country’s population, are “exploring” contact tracing apps using a tool it developed with Apple Inc.

In addition, the company said public health authorities in 16 countries and regions outside the US had launched apps using the Apple-Google tool, up from 12 previously. They include Austria, Brazil, Canada, Croatia, Denmark, Germany, Gibraltar, Italy, Ireland, Japan, Latvia, Northern Ireland, Poland, Saudi Arabia, Switzerland and Uruguay.

The technology enables app users to track encounters with other people through Bluetooth signals and anonymously notify contacts if they later become infected with the virus.

Google said the first of the US apps would be released in the “coming weeks,” but declined to name the states. It added that its system with Apple now enables apps launched by different countries to talk to each other, allowing contact-logging to continue even when users cross borders.

03:26 GMT – Sharp drop in new cases in China

China reported a sharp drop in newly confirmed infections in the mainland, logging 45 additional cases in a possible sign that its latest outbreak in Xinjiang may have run its course.

Thirty-one of the cases were in far western Xinjiang, eight were in northeastern Liaoning and the remaining six were imported cases. The figures are down from 127 cases reported nationally on Friday.

03:15 GMT – Vietnam logs 12 new cases, ramps up testing

Vietnam’s health ministry reported 12 new local coronavirus cases linked to the recent outbreak in the tourist hotspot of Danang, taking total infections to 116 since the virus resurfaced last week.

The new patients, with ages ranging from two to 78, are linked to Danang hospital, the ministry said in a statement. 

Vietnam has registered a total of 558 coronavirus cases since the pandemic began. After months of successful curbs, it reported its first two deaths on Friday. 

In Hanoi, where two people have tested positive after returning from Danang, more than 100 clinics have been set up with test kits to detect the virus. Hanoi has tested a third of the 54,000 people returning from Danang.

Residents wait to be tested at a makeshift rapid testing centre as Vietnam records a rise in cases of the COVID-19 coronavirus in Hanoi on July 31, 2020 [Manan Vatsyayana/ AFP]

“I want to be tested so I can stop worrying if I have the virus or not. It is for me and for the community,” said Pham Thuy Hoa, a banking official who recently went to Danang for a family vacation.

“Since coming back, my family and I have quarantined ourselves at home. I did not go to work or see others. We must be responsible for the entire community.”

In Ho Chi Minh City, the country’s southern hub, five people who returned from Danang have tested positive for the virus. The city is testing some 20,000 other returnees.

As the number of cases continues to increase, Danang has tightened security and set up more checkpoints to prevent people from leaving or entering the city, which has been in lockdown since Tuesday.

02:48 GMT – California, Florida report record rise in deaths

California and Florida, two of the most populous US states, reported record increases in COVID-19 deaths on Friday, according to a Reuters tally.

Florida reported 257 deaths and California 208 fatalities.

For Florida this is the fourth day in a row with a record rise in deaths and for California the second this week. Mississippi, Montana and Nevada also had a one-day record increase in deaths on Friday.

Overall in the US, deaths have increased by over 25,000 in July to 153,000 total lives lost since the pandemic started.

01:41 GMT – Puerto Rico extends restrictions

Wanda Vazquez, the governor of Puerto Rico, extended measures aimed at curbing the spread of the coronavirus for two more weeks.

That means bars, gyms, marinas and movie theatres across the US territory will stay shuttered until at least August 15. Beaches remain closed on Sundays, and are open the rest of the week only to people doing exercise, including surfers, swimmers and runners.

Face masks continue to be mandatory, and those who refuse to wear one will be arrested, Vazquez said.

A curfew from 10pm to 5am will remain in place, and no parties or gatherings will be allowed in short-term rental facilities.

01:22 GMT – Fitch revises US outlook to negative

Fitch Ratings revised the outlook on the US’s AAA rating to negative from stable, citing eroding credit strength, including a growing deficit to finance stimulus to combat fallout from the coronavirus pandemic.

The credit rating agency also said the future direction of US fiscal policy depends in part on the November election for president and the resulting makeup of Congress, cautioning there is a risk policy gridlock could continue.

00:56 GMT – Mexico overtakes UK to post third-highest death toll

The number of coronavirus deaths in Mexico rose to 46,688 on Friday, with the Latin American country overtaking the United Kingdom for the world’s third-highest COVID-19 death toll.

The health ministry registered 8,458 new cases, a record for a single day, as well as 688 additional deaths, bringing the total to 424,637 cases and 46,688 fatalities.

The government has said the real number of infected people is likely significantly higher than the confirmed cases.

00:36 GMT – Free tests for migrants stuck at Costa Rica-Nicaragua border

Costa Rican doctors began giving free coronavirus tests to about 200 Nicaraguan migrants who have been stranded at the two countries’ border for more than a week because the Nicaraguan government has demanded negative test results.

Clinica Biblica Hospital in the capital of San Jose sent a mobile lab to the Penas Blancas border crossing.

“I thank God that finally we are going to be able to return to our country,” said one migrant, who declined to give their name.

Nicaragua has prevented the entry of hundreds of its citizens from Costa Rica citing COVID-19 concerns [File: Wendy Quintero/ AFP]

00:18 GMT – Argentina halts plans to ease lockdown

Argentina President Alberto Fernandez announced a halt on the easing of lockdown measures due to an increase in new cases and fears the health system could become overwhelmed.

“We will keep things as they are until August 16,” said Fernandez.

“In the last few days the virus has been spreading more, and we’ve seen a larger increase in infections. All this generates hospital admissions and unfortunately, deaths.”

In Argentina, more than 185,000 infections and nearly 3,500 deaths have been registered so far, figures well below those of other countries in the region.

Hello and welcome to Al Jazeera’s continuing coverage of the coronavirus pandemic. I’m Zaheena Rasheed in Male, Maldives. 

For all the key developments from yesterday, July 31, go here. 

A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam.

According to the U.S. Department of Justice, Mason Sheppard, aka “Chaewon,” 19, from the United Kingdom, Nima Fazeli, aka “Rolex,” 22, from Florida and an unnamed juvenile was charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

Florida news channel WFLA has identified a 17-year-old teen named Graham Clark of Tampa Bay this week in connection with the Twitter hack, who probably is the juvenile that U.S. Department of Justice mentioned in its press release.

Graham Clark has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromised accounts.

On July 15, Twitter faced the biggest security lapse in its history after an attacker managed to hijack nearly 130 high-profile twitter accounts, including Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple.

The broadly targeted hack posted similarly worded messages urging millions of followers of each profile to send money to a specific bitcoin wallet address in return for larger payback.

“Everyone is asking me to give back, and now is the time,” a tweet from Mr. Gates’ account said. “You send $1,000; I send you back $2,000.”

The targeted profiles were also include some popular cryptocurrency-focused accounts, such as Bitcoin, Ripple, CoinDesk, Gemini, Coinbase, and Binance.

The fraud scheme helped the attackers reap more than $100,000 in Bitcoin from several victims within just a few hours after the tweets were posted.

As suspected on the day of the attack, Twitter later admitted that the attackers compromised its employees’ accounts with access to the internal tools and gained unauthorized access to the targeted profiles.

In its statement, Twitter also revealed that some of its employees were targeted using a spear-phishing attack through a phone, misleading “certain employees and exploit human vulnerabilities to gain access to our internal systems.”

Twitter said a total of 130 user accounts were targeted in the latest attack, out of which only 45 verified accounts were exploited to publish scam tweets. It also mentioned that the attackers accessed Direct Message inboxes of at least 36 accounts, whereas only eight accounts’ information was downloaded using the “Your Twitter Data” archive tool.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney Anderson.

“Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.  Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.  In particular, I want to say to would-be offenders, break the law, and we will find you.”

“We’ve significantly limited access to our internal tools and systems. Until we can safely resume normal operations, our response times to some support needs and reports will be slower,” Twitter added.

This is a developing story and will be updated as additional details become available.

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.

The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are ‘WannaCry‘, ‘NotPetya‘, and ‘Operation Cloud Hopper,’ as well as an attempted cyber-attack against the organization for the prohibition of chemical weapons.

Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals. The companies involved in carrying out cyberattacks include an export firm based in North Korea, and technology companies from China and Russia.

The sanctions imposed include a ban on persons traveling to any EU countries and a freeze of assets on persons and entities.

Besides this, EU citizens and entities are also forbidden from doing any business or engaging in transactions with those on the sanction list.

According to the European Council, the detailed of these persons or entities are:

• Two Chinese Individuals—Gao Qiang and Zhang Shilong—and a technology firm, named Tianjin Huaying Haitai Science and Technology Development Co. Ltd, for the Operation Cloud Hopper.

The US government has also charged Shilong in 2018 for targeting over 45 companies and government agencies and stealing hundreds of gigabytes of sensitive data from its targets, but the suspect is still at large.

Operation Cloud Hopper was a series of cyber-attacks targeting information systems of multinational companies in six continents, including those located in the EU, and gaining unauthorized access to commercially sensitive data, resulting in economic loss.

• Four Russian nationals (also wanted by the FBI) — Alexey Valeryevich, Aleksei Sergeyvich, Evgenii Mikhaylovich, and Oleg Mikhaylovich—for attempting to target the Organisation for the Prohibition of Chemical Weapons (OPCW), in the Netherlands.
• A Russian technology firm (exposed by the NSA) — Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation—for the NotPetya ransomware attack in 2017 and the cyber-attacks directed at a Ukrainian power grid in the winter of 2015 and 2016.
• A North Korean export firm — Chosun Expo, for the WannaCry ransomware attack that made havoc by disrupting information systems worldwide in 2017 and linked to the well-known Lazarus group.

According to the European Union, the two Chinese nationals who carried out Operation Cloud Hopper are members of the APT10 threat actor group, also known as ‘Red Apollo,’ ‘Stone Panda,’ ‘MenuPass’ and ‘Potassium.’

On the other hand, the four Russian nationals were agents of the Russian intelligence agency GRU who once aimed to hack into the Wi-Fi network of the OPCW, which, if successful, would have allowed them to compromise the OPCW’s ongoing investigatory work.

“Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool,” the Council said.

Last year, the United States also sanctioned the Lazarus group, also known as Hidden Cobra and Guardians of Peace, which has also been associated with several high-profile cyberattacks, including Sony Pictures hack in 2014 and Bangladesh Bank heist in 2016.

Hong Kong’s leader Carrie Lam has invoked emergency laws to postpone September’s Legislative Council election by a year, citing a worsening coronavirus outbreak as the reason.

The move on Friday is seen as a setback for the pro-democracy opposition, which was hoping to capitalise on disenchantment with the current pro-Beijing majority to secure a historic majority itself.

At a news conference, Lam said the decision to delay the vote until September 5, 2021, was her “most difficult” this year but it was necessary to safeguard people’s health.

“We want to ensure fairness and public safety and health, and need to make sure the election is held in an open, fair and impartial manner. This decision is therefore essential,” added the Beijing-backed leader, noting that the Chinese government had given her full backing.

Lam said she was “only paying attention to the current pandemic situation”, denying the move was a political decision to hobble the opposition, while Beijing welcomed the postponement as “necessary, reasonable and legal”.

Before Lam’s announcement, a group of 22 lawmakers had issued a statement accusing the government of using the outbreak as an excuse to postpone the vote.

The decision comes a day after officials disqualified a dozen opposition candidates, including prominent pro-democracy activist Joshua Wong, from running in the elections.

‘Who is she trying to fool?’

The city of 7.5 million people has seen a surge in coronavirus infections since the beginning of July. Hong Kong had registered some 3,100 infections as of Thursday, more than double the tally at the start of the month.

Government critics, however, say Hong Kong has so far been able to largely contain the outbreak and point out to the more than 40 countries that have held elections in recent months despite facing a far worse outbreak than Hong Kong.

In November last year, the opposition camp secured a landslide victory in district council elections, riding on support for an anti-government protest movement triggered by a now-shelved bill that would have allowed people to be sent to mainland China for trial.

“The political parties associated with Beijing … have been saying for quite a number of weeks that they don’t think that the election should be held because they are afraid that they would lose,” said Emily Lau, chairperson of the International Affairs Committee of the Democratic Party, dismissing Lam’s justification for delaying the vote on health grounds.

“Who is she trying to fool?” Lau told Al Jazeera. “I think it’s quite laughable.”

National security law

The elections for Hong Kong’s Legislative Council, known as LegCo, were scheduled for September 6.

Only half of the 70 seats are directly elected by Hong Kong people, with 30 chosen by special interest groups who are mostly pro-Beijing and the remaining five seats occupied by popularly-elected district councillors. 

The highly anticipated vote would have been the first since Beijing imposed a controversial national security law imposed on the former British colony last month stipulated that candidates who violated it would be barred from running.

Critics say the law is an attempt by China to curb dissent in Hong Kong, ushering a crackdown that spells the end of the Chinese-ruled city’s high degree of autonomy. 

The Chinese and Hong Kong governments say the law will not undermine Hong Kong’s freedoms and is necessary to preserve order and prosperity after months of often-violent anti-government protests last year.

On Thursday, 12 pro-democracy candidates were barred from running in the elections for not complying with the city’s constitution or pledging allegiance to the local and national governments.

“Beyond any doubt, this is the most scandalous election ever in Hong Kong history,” Wong told reporters earlier on Friday. “I wish to emphasise that no reasonable man would think that this election ban is not politically driven,” he said.

“Beijing has staged multiple acts to prevent the opposition bloc from taking the majority in the Hong Kong legislature.”

Later on Friday, the US criticised the postponement of the vote and the disqualification of opposition candidates.

“This action undermines the democratic processes and freedoms that underpin Hong Kong’s prosperity,” the White House said in a statement.

SOURCE:
Al Jazeera and news agencies

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.

Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network connection at any given point in time.

But since measuring the time taken to execute cryptographic algorithms is crucial to carrying out a timing attack and consequently leak information, the jitter on the network path from the attacker to the server can make it impractical to successfully exploit timing side-channels that rely on a small difference in execution time.

The new method, called Timeless Timing Attacks (TTAs) by researchers from DistriNet Research Group and New York University Abu Dhabi, instead leverages multiplexing of network protocols and concurrent execution by applications, thus making the attacks immune to network conditions.

“These concurrency-based timing attacks infer a relative timing difference by analyzing the order in which responses are returned, and thus do not rely on any absolute timing information,” the researchers said.

Using HTTP/2’s Request Multiplexing to Reduce Jitter

Unlike the typical timing-based attacks, wherein the execution times are measured independently and sequentially, the latest technique attempts to extract information from the order and the relative timing difference between two concurrently executed requests without relying on any timing information.

To do so, a bad actor initiates a pair of HTTP/2 requests to the victim server either directly or using a cross-site — such as a malicious advertisement or tricking the victim into visiting an attacker-controlled web page — to launch requests to the server via JavaScript code.

The server returns a result that contains the difference in response time between the second request and the first. The TTA, then, works by taking into account whether this difference is positive or negative, where positive indicates that the processing time of the first request takes less time than processing the second request.

“On web servers hosted over HTTP/2, we find that a timing difference as small as 100ns can be accurately inferred from the response order of approximately 40,000 request-pairs,” the researchers noted.

“The smallest timing difference that we could observe in a traditional timing attack over the Internet was 10μs, 100 times higher than our concurrency-based attack.”

A limitation of this approach is that attacks aimed at servers using HTTP/1.1 cannot exploit the protocol to coalesce multiple requests in a single network packet, thereby requiring that a concurrent timing attack be performed using multiple connections instead of sending all requests over the same connection.

This stems from HTTP/1.1’s use of head-of-line (HOL) blocking, which causes all requests over the same connection to be handled sequentially, whereas HTTP/2 addresses this issue through request multiplexing.

Currently, 37.46% of all desktop websites are served over HTTP/2, a number that increases further to 54.04% for sites that support HTTPS. Although this makes a huge number of websites susceptible to TTAs, the researchers note that many of them rely on content delivery networks (CDN), such as Cloudflare, which still uses HTTP/1.1 for connections between the CDN and the origin site.

Tor Onion Service and Wi-Fi EAP-PWD Vulnerable

But in a twist, the researchers found that concurrency-based timing attacks can also be deployed against Tor onion services, including those that only support HTTP/1.1, allowing an attacker to create two Tor connections to a particular onion service, and then simultaneously send a request on each of the connections to measure a timing difference of 1μs.

That’s not all. The EAP-PWD authentication method, which uses a shared password between the server and supplicant when connecting to Wi-Fi networks, is rendered vulnerable to dictionary attacks by exploiting a timing leak in the Dragonfly handshake protocol to reveal the information about the password itself.

Although timing attacks can be countered by ensuring constant-time execution, it’s easier said than done, especially for applications that rely on third-party components. Alternatively, the researchers suggest adding a random delay to incoming requests and ensure that different requests are not combined in a single packet.

This is not the first time remote timing attacks have been employed to leak sensitive information. Researchers have previously demonstrated it’s possible to exploit cache side-channels to sniff out SSH passwords from Intel CPU cache (NetCAT) and even achieve Spectre-like speculative execution over a network connection (NetSpectre).

“Since the NetSpectre attacks target applications above the network layer, an attacker could, in theory, leverage our concurrency-based timing attacks to improve the timing accuracy,” the researchers said.

The findings will be presented at the USENIX Security Symposium later this year. The researchers have also published a Python-based tool to test HTTP/2 servers for TTA vulnerabilities.

• Spain reported a second day of 1,000-plus coronavirus infections, the highest since the nation lifted its lockdown in June.

• Libya’s United Nations-recognised government in Tripoli announced it will impose a full lockdown in areas of the country it controls, after a rise in COVID-19 cases.

• Over 17.2 million people around the world have been diagnosed with the new coronavirus. More than 10 million patients have recovered, and at least 671,000 have died, according to data from Johns Hopkins University.

Here are the latest updates:

04:35 GMT – Philippines extends restrictions

Philippine President Rodrigo Duterte extended quarantine restrictions in the capital Manila, limiting movements of the elderly and children, and the operations of businesses from restaurants to gyms, until mid-August.

“My plea is to endure some more. Many have been infected,” Duterte said in a televised address.

Duterte promised free vaccines if they became available by late this year, prioritising first the poor and then the middle class, police and military personnel. The Philippines will be given precedence by China in vaccine distribution, he said.

04:03 GMT – Australia’s Victoria flags new steps to control surge in cases

Australia’s Victoria state recorded its second-highest day of new coronavirus infections, as the state’s Premier Daniel Andrews flagged the prospect of more rigorous steps to contain the spread of the disease.

Victoria reported 627 new infections on Friday, down from a record of 723 new infections on Thursday.

“It is clear to all of us that these numbers are still far too high,” Andrews told reporters. “It may well be the case…that we need to take further steps. The data will tell us, the experts will tell us, what and if any next steps need to be.”

03:20 GMT – Hong Kong logs new high of 149 cases

Hong Kong reported a new daily record of coronavirus cases, logging 149 additional infections at the end of Thursday.

Amid the rise in cases, authorities reversed a ban on indoor dining, along restaurants to operate under limited hours and with limited capacity. Businesses such as bars, karaoke bars and amusement parks remain temporarily closed, and public gatherings are restricted to two people.

People have lunch at a mall in Hong Kong after the government banned dine-in services [Tyrone Siu/ Reuters]

03:01 GMT – China tightens travel rules for Xinjiang capital

China tightened travel restrictions in Urumqi, the capital of Xinjiang, requiring people arriving in the city from regions deemed to have high infection risks to undergo a two-week quarantine.

Others arriving from less risky areas most show proof of good health. Locals “in principle” must stay in the city or show proof of health to be allowed to leave.

Since mid-July, the Xinjiang outbreak centered in Urumqi has seen more than 600 cases of illness, including 112 new ones reported on Friday.

2:49 GMT – Brazil first lady tests positive

Brazil’s first lady Michelle Bolsonaro tested positive for the new coronavirus, the government announced on Thursday, five days after her husband Jair Bolsonaro said he had recovered from his COVID-19 infection.

The 38-year-old first lady “is in good health and will follow all established protocols,” the president’s office said.

Brazil’s President Jair Bolsonaro with his wife Michelle Bolsonaro in Brasilia, Brazil, on March 6, 2020 [File: Adriano Machado/ Reuters]

2:42 GMT – China’s factory recovery accelerates in July

China’s factory activity expanded in July for the fifth month in a row and at a faster pace, beating analyst expectations despite disruptions from floods and a resurgence in coronavirus cases around the world.

The official manufacturing Purchasing Manager’s Index (PMI) rose to 51.1 in July from June’s 50.9, official data showed on Friday, marking the highest reading since March.

Analysts had expected it to slow to 50.7. The 50-point mark separates growth from contraction on a monthly basis.

02:14 GMT – More than 3 million Chileans seek to withdraw pensions

Long lines formed outside Pension Fund Administrators offices in Chile’s capital, Santiago, and the websites of several fund managers collapsed as Chileans sought to take advantage of a new law allowing citizens to tap into retirement savings amid the coronavirus pandemic.

The emergency measure, which came into effect on Thursday, allows those with savings to withdraw up to 10 percent of their pensions.

In a statement, Chile’s Superintendent of Pensions said 3,024,347 people had asked to withdraw their share by 5pm local time.

Opinion polls indicate nearly nine out of every 10 Chileans planned to tap their funds, with most saying they would use the money to pay for basic goods and services.

People wear face masks while queueing to enter a branch of the pension funds office to start the procedure to withdraw up to a ten percent of their deposits in Santiago, on July 30, 2020 [Martin Bernetti/ AFP]

01:53 GMT – US epicentre shifts toward Midwestern states

Coronavirus infections appear to be picking up in mid-western United States, the coordinator of the White House Coronavirus Task Force said, as the state of Ohio reported a record day of cases and Wisconsin’s governor mandated the use of masks.

The coronavirus outbreak is “moving up” into Ohio, Kentucky, Tennessee, Missouri, Kansas and Nebraska from the south “because of vacations and other reasons of travel,” Deborah Birx told Fox News.

01:19 GMT – Iran prison officials’ pleas for virus help ‘ignored’  

Iran’s government ignored repeated requests from senior prison officials for help in containing coronavirus in the country’s overcrowded jails, according to Amnesty International.

The rights group said it reviewed copies of four letters to the health ministry signed by officials at Iran’s Prisons Organization, “raising the alarm over serious shortages of protective equipment, disinfectant products, and essential medical devices”.

The ministry “failed to respond, and Iran’s prisons remain catastrophically unequipped for outbreaks”, Amnesty said. 

Leaked official documents obtained by Amnesty International reveal the Iranian government ignored repeated pleas by senior officials responsible for managing Iran’s prisons for additional resources to control #COVID19 spread & treat infected prisoners. https://t.co/7GF6ajrfT7

— Amnesty Iran (@AmnestyIran) July 30, 2020

00:50 GMT – Vietnam reports 45 new cases

Vietnam’s health ministry reported 45 new coronavirus infections linked to a recent outbreak in the central city of Da Nang, marking the highest daily increase since the first cases emerged in the country in late January.

The new patients, with ages ranging from 27 to 87, are linked to four hospitals and a hotel in Da Nang. Total infections since the virus resurfaced have reached 93, the ministry said in a statement.

Vietnam has registered 509 cases of the virus in total, with no deaths. The country had recorded 100 days without a locally transmitted case before the re-emergence of the virus.

00:42 GMT – Brazil’s Bolsonaro says he has ‘mould’ in lungs

Brazilian President Jair Bolsonaro said he was taking antibiotics for an infection that left him feeling weak, chuckling in an online video about “mould” in his lungs, having spent weeks in isolation after catching the new coronavirus.

“I just did a blood test. I was feeling kind of weak yesterday. They found a bit of infection also. Now I’m on antibiotics,” Bolsonaro said in a livestream video, without elaborating on the infection.

“After 20 days indoors, I have other problems. I have mould in my lungs,” he said, referring to nearly three weeks he spent at the official presidential residence.

He tested positive for the coronavirus on July 7 and then negative last Saturday.

00:05 GMT – Botswana reinstates lockdown in capital

Botswana’s capital city Gaborone has returned to a two-week lockdown to stem its latest surge in coronavirus infections.

Under new rules for the capital and surrounding areas, only essential workers would be able to leave home for work, with others only able to leave the house to buy groceries. All gatherings will be banned and hotels, restaurants, gyms and schools will close.

“During the course of the week the disease has taken an unprecedented turn, which now required we place the greater Gaborone region under lockdown to enable our containment measures to take hold,” Kereng Masupu, coordinator of the COVID-19 task force team, said in a televised briefing.

Hello and welcome to Al Jazeera’s continuing coverage of the coronavirus pandemic. I’m Zaheena Rasheed in Male, Maldives. 

You can find all the key developments from yesterday, July 20, here.

Coronavirus infections appear to be picking up in the United States’s Midwest as Americans travel around the country for the summer, while the surge in the South shows signs of abating, the coordinator of the White House Coronavirus Task Force said on Thursday.

The coronavirus outbreak is “moving up” into Kentucky, Tennessee, Ohio, Missouri, Kansas and Nebraska from the south “because of vacations and other reasons of travel,” Deborah Birx told Fox News.

Florida reported a record increase in new COVID-19 deaths for a third day in a row on Thursday, with 252 fatalities in the last 24 hours, according to the state health department.

Florida also reported 9,446 new cases, bringing its total infections to more than 450,000, the second highest in the country behind California. Florida’s total death toll rose to 6,333, the eighth highest in the nation, according to Johns Hopkins University.

Hospital shortages

More than 50 hospitals in Florida have run out of intensive care unit (ICU) beds as the state struggles under the pressure of the pandemic, the Agency for Health Care Administration (AHCA) said on Wednesday.

Miami-Dade and Broward, the two most populous counties, reported being at capacity in their ICUs.

AHCA data shows only 1,000 open ICU beds are available across Florida, just over 16 percent of the state’s total number of ICU beds.

Florida was one of the first states to begin reopening its economy amid the pandemic and now it finds itself the new epicentre of the virus.

Due to the spike in cases, the Miami area school district, the nation’s fourth-largest district, said students would not return to classrooms when the new academic year begins in a few weeks.

Florida was among six states on Wednesday that reported single-day records for coronavirus deaths. California, Idaho, North Carolina, Texas and South Dakota also had their biggest one-day spikes in coronavirus fatalities since the pandemic started. California, Florida and Texas are the three most populous states and where about a quarter of all US residents live.

One person in the US died about every minute from COVID-19 on Wednesday as the national death toll surpassed 150,000, the highest in the world. Deaths are rising at the fastest rate since early June. 

Nationally, COVID-19 deaths have risen for three weeks in a row while the number of new cases week-over-week recently fell for the first time since June.

SOURCE:
Al Jazeera and news agencies

Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users’ private information or perform malicious actions on behalf of the targeted accounts.

According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid’s Android and web applications could allow the theft of users’ authentication tokens, users IDs, and other sensitive information such as email addresses, preferences, sexual orientation, and other private data.

After Check Point researchers responsibly shared their findings with OkCupid, the Match Group-owned company fixed the issues, stating, “not a single user was impacted by the potential vulnerability.”

The Chain of Flaws

The flaws were identified as part of reverse engineering of OkCupid’s Android app version 40.3.1, which was released on April 29 earlier this year. Since then, there have been 15 updates to the app with the most recent version (43.3.2) hitting Google Play Store yesterday.

Check Point said OkCupid’s use of deep links could enable a bad actor to send a custom link defined in the app’s manifest file to open a browser window with JavaScript enabled. Any such request was found to return the users’ cookies.

The researchers also uncovered a separate flaw in OkCupid’s settings functionality that makes it vulnerable to an XSS attack by injecting malicious JavaScript code using the “section” parameter as follows: “https://ift.tt/39IMjz8;

The aforementioned XSS attack can be augmented further by loading a JavaScript payload from an attacker-controlled server to steal authentication tokens, profile information, and user preferences, and transmit the amassed data back to the server.

“Users’ cookies are sent to the [OkCupid] server since the XSS payload is executed in the context of the application’s WebView,” the researchers said, outlining their method to capture the token information. “The server responds with a vast JSON containing the users’ id and the authentication token.”

Once in possession of the user ID and the token, an adversary can send a request to the “https://ift.tt/33bjidY; endpoint to fetch all the information associated with the victim’s profile (email address, sexual orientation, height, family status, and other personal preferences) as well as carry out actions on behalf of the compromised individual, such as send messages and change profile data.

However, a full account hijack is not possible as the cookies are protected with HTTPOnly, mitigating the risk of a client-side script accessing the protected cookie.

Lastly, an oversight in the Cross-Origin Resource Sharing (CORS) policy of the API server could have permitted an attacker to craft requests from any origin (e.g. “https://ift.tt/2Dfh0zM) in order to get hold of the user ID and authentication token, and subsequently, use that information to extract profile details and messages using the API’s “profile” and “messages” endpoints.

Remember Ashley Madison Breach and Blackmail Threats?

Although the vulnerabilities were not exploited in the wild, the episode is yet another reminder of how bad actors could have taken advantage of the flaws to threaten victims with black and extortion.

After Ashley Madison, an adult dating service catering to married individuals seeking partners for affairs was hacked in 2015 and information about its 32 million users was posted to the dark web, it led to a rise in phishing and sextortion campaigns, with blackmailers reportedly sending personalized emails to the users, threatening to reveal their membership to friends and family unless they pay money.

“The dire need for privacy and data security becomes far more crucial when so much private and intimate information is being stored, managed and analyzed in an app,” the researchers concluded. “The app and platform was created to bring people together, but of course where people go, criminals will follow, looking for easy pickings.”

• The coronavirus seems to be accelerating in countries across the world with Australia the latest to announce a record number of daily cases – 723.
• The world’s two worst-affected countries – the United States and Brazil – have also reported new highs for coronavirus deaths and cases. In the US the death toll has surpassed 150,000, with Florida, California and Texas among a number of states reporting record daily fatalities.
• Nearly 17 million people around the world have been diagnosed with the new coronavirus. Some 9.9 million patients have recovered, and more than 666,000 have died, according to data from Johns Hopkins University.

Here are the latest updates:

Thursday, July 30

03:30 GMT – ‘Today is not a good day’: Australia reports number of cases

Australia has reported the highest number of confirmed cases since the coronavirus pandemic began.

The state of Victoria is the worst-hit with outbreaks centred around care homes and workplaces in Melbourne and its sprawling suburbs.

State authorities reported 723 new cases on Thursday and 13 deaths.

“Today is not a good day,” Victoria state Premier Dan Andrews said in a statement. 

He noted that while most cases in the state were in Melbourne and the suburbs there had been a “significant jump” in cases in regional communities, which warranted additional measures to curb the disease’s spread. 

Mandatory mask wearing extended across the state from Sunday, and in some areas residents will not be allowed to go to other people’s houses or have visitors to their own home.

Statement from the Premier on changes in regional Victoria.

An accessible version of this statement will be available shortly at https://t.co/l9uPOBKGdq pic.twitter.com/3owwkd6Lx2

— Dan Andrews (@DanielAndrewsMP) July 30, 2020

Internal borders have been closed to help curb the spread of the virus beyond Victoria. The state of Queensland in the northeast earlier announced three new cases – two of the people are thought to have been exposed to the virus in Sydney.

03:20 GMT – Coronavirus situation in PNG worsening

An Australian medical emergencies team has been deployed to Papua New Guinea where the outbreak has deteriorated in recent days.

AFP news agency says the country’s pandemic response centre was closed yesterday after a senior adviser was diagnosed with the virus, and the health minister is also being tested.

The situation in Papua New Guinea is fraught. Cases growing, testing + treatment near capacity. Yesterday the COVID-19 crisis response centre was shut after a senior health advisor tested positive. Around 100 people now being tested including health minister Jelta Wong https://t.co/3CYpJ9z2FA

— Andrew Beatty (@AndrewBeatty) July 30, 2020

02:50 GMT – China expert says virus thrives in colder, humid environments

China’s top epidemiologist has been talking to state media.

Wu Zunyou, chief epidemiologist at the Chinese Center for Disease Control and Prevention, told local journalists the virus seems to like colder, humid environments.  

He pointed to the country’s COVID-19 outbreaks – from the original source in Wuhan – to Beijing and Dalian, which have been traced to seafood markets or seafood companies.

02:40 GMT – Talks over latest US coronavirus relief package stalled as clock ticks

It seems talks between United States congressional leaders and the White House on a next round of coronavirus spending have stalled as the clock ticks down on measures that banned evictions and boosted unemployment benefit payments.

Treasury Secretary Steven Mnuchin has suggested a short-term extension for those programmes, but Democrats have rejected the idea.

Al Jazeera’s William Roberts has been following the negotiations. You can read his story here. 

02:10 GMT – Pelosi to US Congress: Mask up!

US House Speaker Nancy Pelosi says members and staff in the House of Representatives must wear masks while the coronavirus pandemic continues.

The move came after Republican Representative Louie Gohmert, who refused to wear a mask, revealed he had tested positive for COVID-19, leading at least three of his colleagues to say they would self-quarantine.

Pelosi warned that she had the authority to ask the House sergeant at arms to remove a member from the floor for violating decorum, and “the chair views the failure to wear a mask as a serious breach of decorum.”

Members will be allowed to remove their masks when addressing the chamber.

You can read more on Gohmert’s diagnosis here.

House Speaker Nancy Pelosi has said masks must be worn in Congress and can only be removed when a member is addressing the House [File: Jonathan Ernst/Reuters]

01:50 GMT – Guatemala buries dozens of unidentified COVID-19 fatalities

Guatemalan hospital officials say they’ve had to bury dozens of COVID-19 victims who have never been identified, according to AP news agency.

The agency says workers at one of the country’s largest public hospitals have begun photographing patients who arrive alone and too ill to give their personal details. Those who die without being identified are placed in body bags with transparent windows over their faces in case relatives come looking for them.

Officials says protocols to rapidly bury the dead during a pandemic only make the situation more difficult.

Guatemala has confirmed more than 47,000 confirmed infections and more 1,800 deaths nationwide. 

01:35 GMT – US records a coronavirus death every minute as total surpasses 150,000

Emergency Medical Technicians (EMT) leave with a patient at Hialeah Hospital in Florida, one of the states with the highest number of cases and fatalities [Marco Bello/Reuters]

One person in the United States died about every minute from COVID-19 as the national death toll surpassed 150,000, the highest in the world, according to Reuters.

US coronavirus deaths are rising at their fastest rate in two months and have increased by 10,000 in the past 11 days.

01:20 GMT – Mainland China reports 105 new COVID-19 cases, including 96 in Xinjiang

China has reported 105 new coronavirus cases in the mainland, up from 101 cases a day earlier.

The National Health Commission says 96 of the new cases were confirmed in the far western region of Xinjiang, while five were in the northeastern province of Liaoning, one in Beijing, and three imported cases.

As of the end of Wednesday, mainland China had 84,165 confirmed coronavirus cases, the health authority said on Thursday. The COVID-19 death toll remained at 4,634 [Mark Schiefelbein/AP]

00:45 GMT – Vietnam outbreak that started in Danang continues to grow

Vietnam’s health ministry has reported an additional nine cases of coronavirus, as an outbreak that started in the popular tourist town of Danang continues to expand.

Reuters says some 81,000 people are now in quarantine as a result of the outbreak, which has spread to six cities and provinces in six days. 

Reuters: Vietnam health ministry reports nine more local COVID-19 cases related to Danang virus outbreak

— James Pearson (@pearswick) July 30, 2020

Al Jazeera’s Scott Heidler has also filed this report on the unfolding situation in Vietnam.

00:15 GMT – Australia’s Victoria state to report more than 700 cases, 13 deaths

The local media in Australia is reporting that the state of Victoria, the epicentre of a new wave of coronavirus in the country, will report more than 700 cases and 13 deaths on Thursday morning.

Sorry to say have heard similar things

Today’s #COVID19Vic number could be as high as 723

With a number that high (and 1 in 6 active cases in aged care sector) this could be a grim day. #Staysafe

— Rafael Epstein (@Raf_Epstein) July 29, 2020

#BREAKING: There are reports that Victoria will announce more than 700 cases of coronavirus and 13 deaths in the past 24 hours. #9News pic.twitter.com/nlt2IfPQll

— Nine News Melbourne (@9NewsMelb) July 29, 2020

00:00 GMT – Brazil reports record numbers of coronavirus deaths, cases 

Brazil’s Health Ministry has just confirmed a record of 1,595 daily deaths from coronavirus. Taken on a weekly basis (7,677 this week), deaths are also at their highest since the pandemic began.

The authorities also reported a record number of cases for a single day (69,074), partly as a result of working through a backlog of previously unregistered cases.

Despite the accelerating pandemic, the government of President Jair Bolsonaro has moved to ease restrictions to boost the economy, and on Wednesday said a ban on foreign travellers to the country would be lifted. 

Commuters at a public transport hub in Sao Paolo, one of Brazil’s virus hotspots [Fernando Bizerra/EPA]

Hello and welcome to Al Jazeera’s continuing coverage of the coronavirus pandemic. I’m Kate Mayberry in Kuala Lumpur.

Read all the updates from yesterday (July 29) here. 

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.

Dubbed ‘BootHole‘ and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems.

Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process.

“One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS persistence by disabling Secure Boot or otherwise modifying the boot chain,” the report explained.

GRUB2 Bootloader Vulnerability

Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables—leaving an opportunity for attackers to break the hardware root of trust mechanism.

To be noted, the grub.cfg file is located in the EFI system partition, and thus, to modify the file, an attacker still needs an initial foothold on the targeted system with admin privileges that would eventually provide the attacker with an additional escalation of privilege and persistence on the device.

Though GRUB2 is the standard bootloader used by most Linux systems, it supports other operating systems, kernels, and hypervisors like XEN as well.

“The buffer overflow allows the attacker to gain arbitrary code execution within the UEFI execution environment, which could be used to run malware, alter the boot process, directly patch the OS kernel, or execute any number of other malicious actions,” researchers said.

Thus, to exploit BootHole flaw on Windows systems, attackers can replace the default bootloaders installed on Windows systems with a vulnerable version of GRUB2 to install the rootkit malware.

“The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority,” the report says.

According to the detailed report researchers shared with The Hacker News, this vulnerability can lead to major consequences, and that’s primarily because the attack allows hackers to execute malicious code even before the operating system boots, making it difficult for security software to detect the presence of malware or remove it.

Besides this, the researcher also added that “the UEFI execution environment does not have Address Space Layout Randomization (ASLR) or Data Execution Prevention (DEP/NX) or other exploit mitigation technologies typically found in modern operating systems, so creating exploits for this kind of vulnerability is significantly easier.”

Just Installing Updates and Patches Wouldn’t Resolve the Issue

Experts at Eclypsium have already contacted related industry entities, including OS vendors and computer manufacturers, to help them patch the issue.

However, it doesn’t appear to be an easy task to patch the issue altogether.

Just installing patches with updated GRUB2 bootloader would not resolve the issue, because attackers can still replace the device’s existing bootloader with the vulnerable version.

According to Eclypsium, even “mitigation will require new bootloaders to be signed and deployed, and vulnerable bootloaders should be revoked to prevent adversaries from using older, vulnerable versions in an attack.”

So, the affected vendors would need first to release the new versions of their bootloader shims to be signed by the Microsoft 3rd Party UEFI CA.

Eventually, the UEFI revocation list (dbx) then also needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.

This multi-stage mitigation process will likely take years for organizations to complete patching.

“However, full deployment of this revocation process will likely be very slow. UEFI-related updates have had a history of making devices unusable, and vendors will need to be very cautious. If the revocation list (dbx) is updated before a given Linux bootloader and shim are updated, then the operating system will not load,” researchers warned.

In an advisory released today, Microsoft acknowledged the issue, informing that it’s “working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability.”

It also recommended users to apply security patches as soon as they are rolled out in the coming weeks.

Besides Microsoft, many popular Linux distributions have also released related advisories explaining the flaw, possible mitigations, and timeline on the upcoming security patches.

Here’s a list for all advisories:

Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions.

Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change vendors.

Fortunately, some vendors continue to provide their offerings in both cloud and on-premise versions.

One such company is Cynet, which allows clients to deploy their EDR and XDR (Extended Detection and Response) solutions in on-premise, cloud, and hybrid cloud delivery models.

Clients can access the solution in any way they see fit now and into the future. This provides an alternative for organizations that do not want to be forced to move into the cloud.

Cloud vs. On-Premise

The cloud vs. on-premise argument continues to rage. Recently, however, it seems that everyone is jumping on the cloud bandwagon⁠—even for security solutions.

There’s no doubt that cloud services have come a long way and now provide several advantages over on-premise solutions, including lower cost, easier updates, and quicker scalability.

Many companies also realize improved security as the cloud provider may employ security measures that are out of reach for an individual company—and of course, cloud apps are accessible anytime from anywhere via almost any device.

However, on-premise solutions still provide much greater control around security, privacy, and regulatory compliance, which is important for many organizations, particularly those in highly regulated industries.

Organizations can work with their cloud providers to develop appropriate controls to attain the levels of security, privacy, and regulatory compliance required.

However, companies remain liable for any lapses. Sometimes, the risks of relying on a third party for critical controls outweigh the other benefits derived from cloud-based delivery.

Basic Microeconomics

So, ultimately, which is better? That’s really up to you to decide. There really isn’t one correct answer that applies to everyone. Every company’s unique circumstances will dictate which route is better.

Unfortunately, many security vendors are abandoning on-premise offerings for their benefit.

For vendors, cloud offerings are far cheaper to maintain, provide far more control, and generally cause fewer headaches than supporting separate software installations across multiple clients.

Because hosting software in the cloud has many advantages, many vendors have decided to sunset their on-premise solutions and move entirely to cloud-only offerings.

But, what if the cloud doesn’t make sense for your particular business?

The short answer is you either have to grudgingly follow your vendor to the cloud or find a new vendor that provides an on-premise solution.

It comes down to basic microeconomics. Suppliers offer the services they hope consumers will buy, but consumers ultimately decide whether or not they want the services being offered.

Fortunately, some vendors understand that many businesses continue to prefer on-premise solutions. There are a variety of reasons, but frankly, the reasons shouldn’t matter. If you want your solutions on-premise, you want your solutions on-premise.

Leading or Following?

One example is the Endpoint Detection and Response (EDR) market, where vendors are now moving to cloud-only offerings. Some large vendors only offer EDR as a cloud-based solution and other are sun-setting their on-premise EDR solutions and will only provide a cloud-based EDR solution.

Vendors that only offer cloud-based EDR solutions hope their clients and prospects either already prefer cloud-based services or can be convinced to forgo their current on-premise architecture for a cloud delivery model.

Other vendors provide multiple deployment models and allow their clients to choose whichever is right for their particular situation.

Cynet is an example of a vendor that offers its EDR and XDR (Extended Detection and Response) solutions in on-premise, cloud, and hybrid cloud delivery models. If a client wants an on-premise solution, the client gets an on-premise solution. Clients that prefer on-premise solutions at this time that decide to migrate to the cloud in the future have a built-in migration route to cloud Cynet’s hybrid delivery model, though.

The choice of delivery model is up to the client and flexible enough to suit the client’s preference now and into the future. Learn more here.

Turkey’s parliament passed a controversial bill that gives the government greater control of social media, sparking concerns about freedom of expression in the country.

Under the new law approved on Wednesday, social media giants such as Facebook and Twitter have to ensure they have local representatives in Turkey and to comply with court orders over the removal of certain content.

Companies could face fines, the blocking of advertisements or have bandwidth slashed by up to 90 percent, essentially blocking access, under the new regulations.

The law, which targets social networks with more than a million unique daily visits, also says servers with Turkish users’ data must be stored in Turkey.

It was submitted by the ruling Justice and Development (AK) Party and its nationalist partner, the National Movement Party (MHP), which have a majority in the parliament.

Human rights groups and the opposition are worried over what they call the erosion of freedom of expression in Turkey, where criminal proceedings for “insulting” President Recep Tayyip Erdogan on social media are common.

They argue that increased control of social media will also limit access to independent or critical information in a country where the news media is in the hands of government-friendly businessmen or controlled by the state.

“Why now?” asked Yaman Akdeniz, professor at Istanbul’s Bilgi University and also a cyber-rights expert.

“While print and broadcast media platforms are already under government control, social networks are relatively free.

“Social networks have become one of the few spaces for free and effective expression in Turkey,” he told the AFP news agency.

Turkey’s Presidential Digital Transformation Office denied news reports alleging it banned messaging applications WhatsApp and Telegram.

“The reports on the banning of messaging applications such as WhatsApp and Telegram in the press and social media do not reflect the truth,” a statement said. “There is absolutely no restriction on the communication practices used by our citizens and public personnel in their daily lives.”

Referring to guidelines it issued on Monday, the agency said the clause regarding the use of foreign messaging applications was only applicable for confidential corporate communication and document sharing.

“With the aforementioned measure, there is no regulation and restrictions on instant messaging applications used by public personnel in personal communications,” the statement added.

‘Social media a lifeline’

Human Rights Watch expressed concerns the law would enable the government to control social media, to get content removed at will and to arbitrarily target individual users.

“Social media is a lifeline for many people who use it to access news, so this law signals a new dark era of online censorship,” Tom Porteous, deputy programme director at the US-based group, said in a statement before the legislation passed.

Ahead of the bill’s passage, a spokesperson for the United Nations High Commissioner for Human Rights said the legislation “would give the state powerful tools for asserting even more control over the media landscape”.

Presidential spokesman Ibrahim Kalin said the bill would not lead to censorship but would establish commercial and legal ties with the social media platforms

Erdogan pledged to tighten government control over social media earlier this month after he said “dark-hearted” users insulted Finance Minister Berat Albayrak and his wife Esra, the president’s daughter, following the birth of their fourth child.

The president has frequently criticised social media despite having a large following. He once compared such platforms to a “murderer’s knife” and said a rise of “immoral acts” online in recent years was due to lack of regulations.

A Turkish court in January lifted a ban on the online encyclopedia Wikipedia after almost three years.

According to Twitter’s latest “transparency report” for the first half of 2019, Turkey ranked number one for seeking content removal, with more than 6,000 requests.