720-891-1663

Security News Update for Week Ending August 2, 2024

On the eve of final negotiations at the UN for a long awaited cybercrime treaty, the US says they are focused on ensuring the treaty protects human rights. The US, along with 40 other countries — not including, Surprise, Russia or China — signed off on a statement acknowledging the treaty’s potential to be misused for repression and human rights violations. The tech industry is not happy with the treaty language either. Stay tuned. Credit: The Record

Secure is a great concept. But you have to implement it correctly. Researchers found that hundreds of PC models from vendors like Acer, Dell, HP and others are vulnerable. Why? Because the vendors used sample code and it did not occur to them to change the default key. This is even though the key has strings in it including ‘DO NOT TRUST’ or ‘DO NOT SHIP’. But, time to market is more important than security. The problem requires fixes to PCs shipped as far back as 2012. While it will take hackers hours to weaponize this, do you think vendors plan to patch computers they sold 12 years ago? Credit: The Register

The FTC and Justice Department are suing TikTok for violating the Child Online Privacy Protection Act or COPPA. They say that TikTok allowed, for years, to knowingly let children under 13 use their platform. IN 2019 they paid a $5.7 million fine and were supposed to take steps to prevent kids under 13 from signing up. Fundamentally, while they sort of complied with the law in some cases, they made it exceptionally difficult to take advantage of the law’s provisions. If the feds win, they could fine TikTok $51,744 per violation per day. Even for TikTok, that would hurt. Details at Tech Crunch

I keep saying that the reason that cyber-attacks continue is that it is profitable and very low risk. While law enforcement does take done some criminals, it is a very small percentage. In this case, the Dark Angels gang extracted $75 mil from the company. In this case, they didn’t even bother to deploy ransomware, they just stole the data and threatened to publish it. The payday was verified by blockchain watchers. THIS is why cyber-attacks continue. Credit: The Register

Hackers have figured out a way to impersonate Fortune 50 brands by exploiting a feature in Microsoft 365 and Proofpoint’s email service. The hackers used this feature to send out credit card scams that were actually signed by these companies. This was possible because it was possible for Proofpoint to “trust” Office 365. Proofpoint has fixed the problem, but it is a band-aid until the next time. Credit: Dark Reading

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *