There have been a few security breaches this week. Chief among them include yet another mega breach from AT&T. The telecom giant has lost personal data on virtually all its customers, including phone and messaging information. More details are still emerging.
Meta has suffered yet another setback in its plans to train its AI solutions on user data. Brazil has become the latest country to tell the social media giant to stop. It has also issued daily fines and called out a lack of child protection.
A new report from Cloudflare shows that just 29% of European businesses are well prepared for future cyberattacks. The gated report surveyed over 4,000 European security professionals, yielding some chilling results.
SlashNext has published details on a new phishing kit called FishXProxy. It says that the comprehensive tooling makes it a serious threat and lowers the bar for cybercriminals. Of serious concern is how it is integrated with Cloudflare to make it look authoritative, fool victims and even get SSL Certificates.
Egress
KnowBe4 has completed the acquisition of Egress. The next announced step is for the company to integrate the tools into a single product line. It is something that customers will be keen to find out more about but something Egress has yet to give more details on.
Stu Sjouwerman, CEO of KnowBe4, said, “Human risk management is an essential component of a comprehensive cybersecurity program.
“This acquisition reinforces our ability to fortify global organizations against the ever-increasing amount of human-targeted threats. Today marks an important milestone in the evolution of cybersecurity and the next generation of KnowBe4’s human risk management capabilities.”
Jumpcloud
JumpCloud Inc. has been called a leader in 90 different G2 Summer 2024 Grid Reports. The status is based on over 2,400 reviews from verified G2 users.
JumpCloud earned a Leader badge across eight different categories, including Cloud directory services, Identity and access management (IAM), Mobile device management (MDM), Privileged access management (PAM), Remote support, Single sign-on (SSO), Unified endpoint management (UEM) and User provisioning and governance tools
Micha Hershman, chief marketing officer of JumpCloud, said, “Our top position with more 5-star reviews than any competitor on G2, along with being named a leader in 90 different reports, reflects the deep trust our customers place in us. Their loyalty and satisfaction with our identity solutions drive our success.”
NOYB
Xandr actively fails to comply with GDPR
noyb has filed a GDPR complaint against a subsidiary of Microsoft, Xandr. It is a data broker that collects and uses data gathered from millions of Europeans to sell advertising space. It promotes that marketing as highly targeted, but there is a problem. noyb reports that “although only one ad is ultimately shown to users, all advertisers receive their data. This may include personal details concerning their health, sexuality or political opinions.”
This is about more than the indiscriminate sharing of data. Xandr posts on what noyb calls a hidden website that it never complies with GDPR requests. All requests for access or deletion are denied in a clear breach of Xandr’s compliance requirements.
Massimiliano Gelmi, data protection lawyer at noyb: “Xandr’s business is obviously based on keeping data on millions of Europeans and targeting them. Still, the company admits that it has a 0% response rate to access and erasure requests. It is astonishing that Xandr even publicly illustrates how it breaches the GDPR.”
Consent banner report
noyb has published a report on how organisations handle cookie consent. The Consent Banner Report: Overview of EU and National Guidelines on Dark Patterns is 60 pages long and comprehensive. It points to the location of guidelines on the different National Data Protection websites across the EU. It then takes a deep dive into various issues that still need addressing.
This is an important read for any organisation claiming it is using best practices regarding cookies. It highlights the differences between national authorities and what they require. But that same chart also provides a way to implement every best practice and go beyond what regulators require.
Qualys
A bumper set of blogs this week from Qualys. They cover getting the best from TruRisk, the hidden cyber risk from tech debt, and a look at this week’s Microsoft and Adobe patches.
There is also a blog that addresses upcoming challenges for thousands of organisations. Google has said that from November 1, 2024, Chrome will no longer recognise TLS Certificates issued by Entrust. The blog examines why Google has taken this step and how organisations can detect and manage those certificates.
US Department of Justice
The Justice Department says it led an international operation alongside private sector partners to disrupt a Russian Government-operated social media bot farm. The operation resulted in the seizure of two domains, MLRTR.com and OTANMAIL.com, hosted by Namecheap. It also required X (formerly known as Twitter) to hand over all information related to 968 accounts.
A Joint Cybersecurity Advisory details how several tools were used to Mellorator, an AI-enabled bot farm, was used to disseminate misinformation in several countries. It lists the various components of Mellorator and how they work. It is an interesting insight into how these operations work and will interest cybersecurity professionals.
FBI Director Christopher Wray, said, “Today’s actions represent a first in disrupting a Russian-sponsored Generative AI-enhanced social media bot farm. Russia intended to use this bot farm to disseminate AI-generated foreign disinformation, scaling their work with the assistance of AI to undermine our partners in Ukraine and influence geopolitical narratives favorable to the Russian government.
“The FBI is committed to working with our partners and deploying joint, sequenced operations to strategically disrupt our most dangerous adversaries and their use of cutting-edge technology for nefarious purposes.”
Xalient
Xalient has announced Tom Braisted as the new People & Culture Director. Braisted will be responsible for the Xalient Group’s HR function globally, supporting all aspects of the company’s people initiatives, care, and compliance.
Braisted commented, “Joining Xalient represents a fantastic opportunity. I am eagerly looking forward to collaborating with the talented team here to not just further enhance our People & Culture initiatives but also support the company’s continued growth and success. Moreover, the recent acquisitions present not only a unique challenge but also a significant opportunity to unify and strengthen our global workforce.”
