This week in InfoSec shows that we didn’t always have a clever name for viruses Rant of the Week is a report from the school of the bleeding obvious Billy Big Balls is an example of companies just not giving a toss because there are no consequences Industry News is the latest and greatest news stories from around the world And Tweet of the Week addresses a new fear which was recently unlocked
This week in InfoSec (10:44)
With content liberated from the “today in infosec” twitter account and further afield
18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes.
https://twitter.com/todayininfosec/status/1836495262409175187
17th September 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would be architected to prevent it from being technically feasible for the company to extract data from customer devices. A day later Google made a similar announcement pertaining to Android.
With iOS 8 Update, Apple Will No Longer Provide User Data to Police
https://twitter.com/todayininfosec/status/1836071319030374437
Rant of the Week (17:50)
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom
Buried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that's perhaps far more vast than most people realise, and it desperately needs regulation.
That's the conclusion the FTC made after spending nearly four years poring over internal data from nine major social media and video streaming corporations in the US.
These internet behemoths are collecting vast amounts of data, both on and off their services, and the handling of such data is "woefully inadequate," particularly around data belonging to children and teenagers, the FTC said.
Billy Big Balls of the Week (28:06)
LinkedIn started harvesting people's posts for training AI without asking for opt-in
LinkedIn started harvesting user-generated content to train its AI without asking for permission, angering netizens.
Microsoft’s self-help network on Wednesday published a "trust and safety" update in which senior veep and general counsel Blake Lawit revealed LinkedIn's use of people's posts and other data for both training and using its generative AI features.
In doing so, he said the site's privacy policy had been updated. We note this policy links to an FAQ that was updated sometime last week also confirming the automatic collecting of posts for training – meaning it appears LinkedIn started gathering up content for its AI models, and opting in users, well before Lawit’s post and the updated privacy policy advised of the changes today.
Industry News (35:07)
Over Half of Breached UK Firms Pay Ransom
ICO Acts Against Sky Betting and Gaming Over Cookies
AT&T Agrees $13m FCC Settlement Over Cloud Data Breach
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
Google Street View Images Used For Extortion Scams
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
Western Agencies Warn Risk from Chinese-Controlled Botnet
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
Tweet of the Week (42:39)
