NIBS (credit image/Pixabay/ Ryan McGuire)This week was Infosecurity in London. The conference was busy with AI, the top announcement from virtually every vendor. In other news. Zoho announced a new security solution that sees updates to four different Zoho applications.

SoSafe has appointed Laura Ryan as its first Chief People Officer. Ryan will lead the growing HR function within the company.

Egress

Egress has been named Best Email Security Solution at the SC Europe Awards 2024 for its Intelligent Email Security Suite. The solution calculates a human risk score for each user by integrating various data sources, including Egress’s telemetry for both inbound and outbound security, security awareness training results, and open-source intelligence.

The judges commented: “This solution educates users and helps organisations identify their riskiest users, a feature often missing from email security solutions. It also complements other security products rather than duplicating them.”

FBI

Wul Isaac Chol, 27, of Buffalo, NY, pleaded guilty before U.S. District Judge John L. Sinatra, Jr. to the possession of 15 or more unauthorized access devices with intent to defraud. The charge carries a maximum penalty of 10 years in prison and a fine of $250,000.

The purchases were made through the Genesis Market, where Chol purchased 21 packages of unauthorized access devices. Those packages contained approximately 778 unauthorized access devices. In addition, Chol admits that he obtained $25,164.00 from the New York State Department of Labor without authorization.

Forescout

Forescout has redesigned its channel program, Forescout Envision. It claims that this is the most significant channel expansion to date. Along with a new service provider segment, it has new solution-specific specialisations for managed services partners.

David Creed, Vice President of Worldwide Channel Sales, Forescout. “We have transformed the underpinnings of the Envision program and enablement framework to create an entirely new certification process that reduces the time to market for our partners, no matter their size or geographic location.

“More service providers can get off the sidelines and tap into the training and tools to support scalable cybersecurity service delivery and efficiently drive customer projects forward. The opportunity for systems integrators, consultants and other partner groups to work with Forescout has never been more attractive.”

ManageEngine

ManageEngine has added passwordless, phishing-resistant FIDO2 authentication for enterprise applications in ADSelfService Plus. The new additions make organizations compliant with regulatory standards such as the GDPR, the NIST Cybersecurity Framework, the PCI DSS, the CCPA and the PSD2.

Manikandan Thangaraj, vice president of ManageEngine., said, “FIDO2 authentication helps companies strengthen their grip on identity-first security. It is a secure, user-friendly and cost-effective authentication mechanism helping organizations resist phishing attacks and achieve regulatory compliance.”

NOYB

A bumper week for NOYB as it highlights abuse of children’s data, calls out Meta for yet again trying to circumvent privacy and an Austrian publisher for forcing users to consent to multiple tracking cookies.

Microsoft

NOYB has filed two complaints against Microsoft. Both relate to how the personal data of children using Microsoft 365 Education is treated. On trying to get the personal data of an unnamed child, it became clear that Microsoft is a co-data controller. However, it tries to move all responsibility to schools with limited data access. In doing so, schools are unable to provide access, and Microsoft refuses to assist.

NOYB had an expert go through the various obfuscated privacy policies that Microsoft provides, and they were unable to determine how to obtain data. Maartje de Graaf, data protection lawyer at noyb: “Microsoft provides such vague information that even a qualified lawyer can’t fully understand how the company processes personal data in Microsoft 365 Education. It is almost impossible for children or their parents to uncover the extent of Microsoft’s data collection.”

Children are also forced to accept cookies that they did not consent to. That tracking analyses user behaviour, collects browser data, and is used for advertising. NOYB comments, “Such tracking, which is commonly used for highly-invasive profiling, is apparently carried out without the complainant’s school even knowing.” That the school is not aware of this also questions Microsoft’s assertion that it is not a data controller.

Meta

Meta wants Europeans to accept new changes to its privacy policy so that it can use ALL their data for a new AI project and unspecific other uses. This is not an opt-in change. Instead, Meta has made the change and users have to specifically opt-out. that requires an action by users rather than Meta observing GDPR controls that require opt-in not opt-out.

Additionally, once the data is inside the new Meta AI solution, there is no way for a user to opt-out and have their data removed. This breaches not only GDPR but multiple privacy regulations around the world.

To prevent this from happening, NOYB has asked 11 DPAs to issue emergency injunctions. However, in a not-unexpected twist, it appears that the Irish DPA has, and not for the first time, greenlit this move by Meta without any consent from other DPAs.

Kurier

The Austrian daily newspaper Kurier forces users to consent to Google and other tracking cookies when they visit its website. The move breaches GDPR, something that the Austrian DPA agrees with.

The company behind Kurier has already had one of its other publications, Profil, banned for the same activity. That decision was challenged by the Kurier Media Group but the decision is still in the courts in Austria.

Praxis

A new blog on the Praxis website by Kai Roer gives guidance on how to establish meaningful baselines for human factors. Roer talks about the need for proper baselines, but you cannot set those without knowing what to measure. He says, “I suggest you keep it simple, and that you focus on identifying specific metrics that are most likely to be influenced by the change – directly or indirectly.”

The blog then lists metrics and other sources of information that can help with the baselines. However, Roer also warns about keeping it simple and not overcomplicating it. Too much data is not a good way of measuring human factors.

ThreatHunter

Threathunter.ai and Threater, Inc. have teamed up to offer a free firewall assessment service. This initiative aims to help businesses identify and fix vulnerabilities, providing them with essential protection against ransomware and other cyber threats.

James McMurry, CEO and founder of Threathunter.ai, expressed his concerns about the challenges businesses are facing. “Businesses are under heavy pressure from so many sides, and they are especially vulnerable to ransomware attacks,.

“That’s why we partnered with Brian at Threater, Inc. to come up with a way to do a free firewall assessment. Our goal is to provide a quick and easy way for businesses to identify potential issues and understand how our two companies can help them enhance their cybersecurity posture.”

Security news from the week beginning 27 May 2024

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here