Security News for the Week Ending April 21, 2023

Arkansas Becomes First State to Ban Minors from Social Media Without Parental Permission

It is now illegal for anyone in Arkansas to be on social media without parental permission if they are under 18. Do you think this will actually stop anyone? If you do, I have a bridge in Brooklyn that is for sale. I also doubt it will withstand a court challenge, but I don’t think that is the point. It is red meat for the base. And likely a boon for lawyers and a big expense for Arkansas taxpayers. Also, the bill has more loopholes than the tax code. Credit: Vice

Tennessee Republican Meeting Audio Leaked After Expelling Two Black Democrats

Is it really possible that anyone doesn’t consider that audio of a meeting that they are part of might be recorded. And then leaked for political gain? After Republicans in the Republican controlled Tennessee House voted to expel two black Democratic lawmakers because they disrupted a meeting and did not vote to expel a white lawmaker, they held a meeting to try and figure out how to do damage control – because they were concerned their actions might look racist. Since Tennessee is a “one party state”, meaning anyone who is a party to a conversation can record it without getting anyone else’s permission, no laws were likely broken by making the recording. Now that the recording has come out, they really look racist. Assume you are being surveilled – that is the safe assumption. Credit: Daily Kos

QuaDream, Outed Last Week As Spyware Seller, Shutting Down

As I and others reported last week, Israeli Spyware firm QuaDream was outed as selling spyware similar to NSO Group’s Pegasus but rather than spend tens of millions on a legal defense, they are shutting down and selling their IP to the highest bidder. Credit: Metacurity

When Will Companies Learn?

Capita, one of the world’s largest business process outsourcing firms is based in the UK and even provides services to the government. On April 3rd they announced that they had experienced a cyber incident that prevented access to internal applications and disruption to some services and that there was no evidence of customer, supplier or colleague data having been compromised. On April 8th, the hackers posted some of the data that Capita claimed was not stolen on the hacker’s website. It took until April 20th for the company to admit that data had been stolen. Capita is still spinning things to try and downplay the damage. Researchers say that, among the data stolen was passports, licenses, payment details, floor plans for multiple buildings, employment screenings and employment off information. I understand that Capita understood that if this came out it would be bad for business and that there would likely be multiple lawsuits. Based on what we know now, there were either lying or ignorant. Neither is a good defense. Anticipate multiple lawsuits. Credit: Security Week

Cybersecurity Venture Capital Spending Down in Q1 23

Obviously, if you are trying to raise VC money, this is a problem, but cooling off probably probably helps provide a more rational valuation. Even when cool, investment in cybersecurity in the first quarter alone was still $2.5 billion – not exactly iceberg cold. However, in 4th quarter of last year, it was over $5 billion. That is a lot of money to poor into one sector. Credit: Metacurity

by