Security News for the Week Ending October 20, 2023
Regulators, Insurers and Customers All Going After Progress SW
In Progress Software’s 10-Q, it reported that the SEC is going after them due to the MOVEit breach; also a slew of lawsuits in multiple countries. They are also cooperating various privacy regulators. The only winners are the lawyers. Credit: The Register
Twitter Usage Still Down Worldwide; TikTok Usage Up
I would say that the government’s efforts to cast TikTok as a Villain is not working. Global web traffic to Twitter was down 14% in September. Twitter’s US traffic was down 19%. Facebook’s traffic was down 10%, so this is not a Twitter problem alone. Instagram’s traffic was down 3.7%, but TikTok’s global traffic was UP 22.8%. You are going to have to draw your own conclusions, but I suspect that this is not the news that Zuckerberg or Musk was looking for. Credit: Cybernews
Microsoft Extends Purview Audit Log Retention After July Breach
After Microsoft’s embarrassing failure in July where both corporate and government emails were compromised, Microsoft agreed to provide free access to formerly paid Microsoft Purview features. Now they are saying that Purview audit log retention will increase from 90 days to 180 days for standard (free) users and 1 year for paid users. After CISA broke their arm and beat them over the head with it, they also agreed to increase the events Purview logs, with more logs coming in December. If you have not investigated Purview, you should. Credit: Bleeping Computer
Emailed Bomb Threats – What Do You Do?
In an effort to cause fear, panic and destabilize the country, foreign agents emailed schools and kindergartens 900 emailed bomb threats on Friday and 1,500 bomb threats were received Sunday night. The Lithuanians are working with law enforcement but the email accounts seem to be linked to Russian-speaking Telegram accounts. So, what do you do? This is very low tech and could happen anywhere. If you ignore them and one is real, you have a big problem. You should have a plan and communicate to employees what to do if they get an email like that. Credit: Baltic Times
Deepfake Porn is Out of Control
The number of NON-CONSENSUAL deepfake porn videos is out of control according to research shared with Wired. Close to 250,000 deepfake videos have been uploaded just to the top 35 websites alone. In the first 9 months of this year, 113,000 were uploaded to these sites, compared to 73,000 for all of last year. Basically this is double rate from last year. Almost all of this traffic is of women. While a lot of this traffic is of faked celebrities, there is significant low volume traffic of ordinary individuals from high school students to your coworkers. Free or inexpensive AI tools will only escalate this trend and, for the average person, there is almost no way to get the content taken down and kept down. The psychological effect on these victims is significant and there is no fix in site. While search engines may remove specific links assuming the victim knows that information, there is nothing to stop the harasser from just uploading the digital content somewhere else. Credit: Wired