The CyberWire Daily Briefing
"FTC issues report on online surveillance and privacy concerns."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 22 September 2024, 1335 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/181
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 09.20.24
Summary
At a glance.
- FTC issues report on online surveillance and privacy concerns.
- Ukraine bans Telegram use for government and military personnel.
- Threat actor claims to have stolen seven terabytes of data from India's largest health insurer.
- FTC issues report on online surveillance and privacy concerns.
- Ukraine bans Telegram use for government and military personnel.
- Threat actor claims to have stolen seven terabytes of data from India's largest health insurer.
FTC issues report on online surveillance and privacy concerns.
The US Federal Trade Commission (FTC) has published a staff report alleging that major social media platforms and streaming services have "engaged in vast surveillance of consumers in order to monetize their personal information while failing to adequately protect users online, especially children and teens." The report cites Amazon (owner of Twitch), Facebook (now Meta), YouTube, Twitter (now X), Snap, ByteDance (owner of TikTok), Discord, Reddit, and WhatsApp.
The FTC states, "The report found that the companies collected and could indefinitely retain troves of data, including information from data brokers, and about both users and non-users of their platforms. The staff report further highlights that many companies engaged in broad data sharing that raises serious concerns regarding the adequacy of the companies’ data handling controls and oversight. In particular, the staff report noted that the companies’ data collection, minimization, and retention practices were 'woefully inadequate.' In addition, the staff report found that some companies did not delete all user data in response to user deletion requests."
The report concludes with recommendations for policymakers and companies, calling for "federal privacy legislation to fill the gap in privacy protections provided by COPPA for teens over the age of 13."
Next-Gen Container Security: Why Cloud Context MattersAttackers are able to automate their reconnaissance and other tactics due to the uniformity of cloud providers’ APIs and architectures, executing attacks in less than 10 minutes. Organizations need to rethink their approach to container security and workload protection or risk being outpaced by these attacks. Read the blog to learn why cloud context is absolutely critical to protecting your organizations’ assets and mitigating risk.
The US Federal Trade Commission (FTC) has published a staff report alleging that major social media platforms and streaming services have "engaged in vast surveillance of consumers in order to monetize their personal information while failing to adequately protect users online, especially children and teens." The report cites Amazon (owner of Twitch), Facebook (now Meta), YouTube, Twitter (now X), Snap, ByteDance (owner of TikTok), Discord, Reddit, and WhatsApp.
The FTC states, "The report found that the companies collected and could indefinitely retain troves of data, including information from data brokers, and about both users and non-users of their platforms. The staff report further highlights that many companies engaged in broad data sharing that raises serious concerns regarding the adequacy of the companies’ data handling controls and oversight. In particular, the staff report noted that the companies’ data collection, minimization, and retention practices were 'woefully inadequate.' In addition, the staff report found that some companies did not delete all user data in response to user deletion requests."
The report concludes with recommendations for policymakers and companies, calling for "federal privacy legislation to fill the gap in privacy protections provided by COPPA for teens over the age of 13."
Attackers are able to automate their reconnaissance and other tactics due to the uniformity of cloud providers’ APIs and architectures, executing attacks in less than 10 minutes. Organizations need to rethink their approach to container security and workload protection or risk being outpaced by these attacks. Read the blog to learn why cloud context is absolutely critical to protecting your organizations’ assets and mitigating risk.
Ukraine bans Telegram use for government and military personnel.
Ukraine’s National Security and Defense Council (NSDC) has banned the use of the Telegram app on official devices used by Ukrainian government officials, military personnel, and employees working at critical infrastructure facilities, the Record reports. The NSDC cited national security concerns, saying it has "grounded information" that Russian intelligence can use the app to spread malware and gather information to assist with missile strikes, Radio Free Europe/Radio Liberty reports.
The Record notes that Telegram is the primary means of sharing news for most Ukrainians. The ban doesn't affect personal devices or people who use the app in their official duties.
Do You Know What Software Is Running in Your Environment?Thousands of companies are unaware of the software lurking in the background on their devices. ThreatLocker® is offering free I.T. security health reports to organizations looking to harden their environment and mitigate the risks of shadow I.T., foreign software, nation-state attacks, and unpatched vulnerabilities. Get your free report today and effortlessly visualize what is occurring within your organization.
Ukraine’s National Security and Defense Council (NSDC) has banned the use of the Telegram app on official devices used by Ukrainian government officials, military personnel, and employees working at critical infrastructure facilities, the Record reports. The NSDC cited national security concerns, saying it has "grounded information" that Russian intelligence can use the app to spread malware and gather information to assist with missile strikes, Radio Free Europe/Radio Liberty reports.
The Record notes that Telegram is the primary means of sharing news for most Ukrainians. The ban doesn't affect personal devices or people who use the app in their official duties.
Thousands of companies are unaware of the software lurking in the background on their devices. ThreatLocker® is offering free I.T. security health reports to organizations looking to harden their environment and mitigate the risks of shadow I.T., foreign software, nation-state attacks, and unpatched vulnerabilities. Get your free report today and effortlessly visualize what is occurring within your organization.
Threat actor claims to have stolen seven terabytes of data from India's largest health insurer.
A threat actor is selling more than seven terabytes of data allegedly stolen from Star Health and Allied Insurance, India’s largest health insurer, Reuters reports. Samples of the data are publicly accessible via Telegram chatbots. Reuters was able to use the chatbots to download "policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses."
The threat actor claims to have obtained 7.24 terabytes of data belonging to over 31 million Star Health customers. Star Health told Reuters it had reported unauthorized access to the authorities, but that its initial assessment detected "no widespread compromise" and that "sensitive customer data remains secure."
A threat actor is selling more than seven terabytes of data allegedly stolen from Star Health and Allied Insurance, India’s largest health insurer, Reuters reports. Samples of the data are publicly accessible via Telegram chatbots. Reuters was able to use the chatbots to download "policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses."
The threat actor claims to have obtained 7.24 terabytes of data belonging to over 31 million Star Health customers. Star Health told Reuters it had reported unauthorized access to the authorities, but that its initial assessment detected "no widespread compromise" and that "sensitive customer data remains secure."
Notes.
Today's issue includes events affecting India, Russia, Ukraine, and the United States.
Sponsored Events2024 DataTribe Challenge (Virtual (for submissions), Sep 9 - 27, 2024) The DataTribe Challenge is a unique startup competition for pre-seed and seed stage cybersecurity and data science startups. It’s a platform for startups to connect with DataTribe, to tighten their pitch, to gain industry exposure, and to make connections with prospective investors and customers.Upcoming Cybersecurity Summits (Multiple locations, Sep 17 - 27, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 9/17 in Atlanta, 9/19 in Wall Street, 9/26 in Columbus and 9/27 in Philadelphia. Learn about the latest threats and solutions from The IRS, U.S. DHS/CISA, Visit Philadelphia & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)HITRUST Collaborate 2024 (Omni Star at The Dallas Cowboys World Headquarters, Oct 1 - 3, 2024) Cybersecurity risk management leaders will cover critical topics, like challenges posed by AI, business resilience in the face of ransomware, the future cybersecurity workforce, and access to cybersecurity insurance. Thought leaders will offer actionable insights to help you fortify your security posture.On-demand webinar - Watch now: Generative AI for Security (Virtual, On-demand, Oct 2 - Sep 30, 2024) How can generative artificial intelligence (AI) enhance your security operations? Watch this webinar from AWS and SANS to get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock. Experts will address key challenges and ethical considerations, then guide you through a hands-on Explore-Develop-Deploy framework while looking at real-world use cases and implementation. Watch now.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting India, Russia, Ukraine, and the United States.
Attacks, Threats, and Vulnerabilities
High-risk vulnerabilities in common enterprise technologies (Rapid7) Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize remediation for these issues on an expedited basis wherever possible.
Protect AI's September 2024 Vulnerability Report (Protect AI) At Protect AI we are taking a proactive approach to identifying and addressing security risks in AI systems, to provide the world with critical intelligence on vulnerabilities and how to fix them.
High-risk vulnerabilities in common enterprise technologies (Rapid7) Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize remediation for these issues on an expedited basis wherever possible.
Protect AI's September 2024 Vulnerability Report (Protect AI) At Protect AI we are taking a proactive approach to identifying and addressing security risks in AI systems, to provide the world with critical intelligence on vulnerabilities and how to fix them.
Trends
Spying on Your Kids: 80% of Parents Track Their Children's Locations and Online Activities [Survey] (All About Cookies) To understand how parents monitor their children in our increasingly digital age, All About Cookies surveyed parents to see how many check up on their kids’ online activity and location.
Spying on Your Kids: 80% of Parents Track Their Children's Locations and Online Activities [Survey] (All About Cookies) To understand how parents monitor their children in our increasingly digital age, All About Cookies surveyed parents to see how many check up on their kids’ online activity and location.
Marketplace
Keeper Security Appoints James Edwards as Senior Director of Engineering (PR Newswire) /PRNewswire/ -- Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, is pleased to announce the appointment of James...
Keeper Security Appoints James Edwards as Senior Director of Engineering (PR Newswire) /PRNewswire/ -- Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, is pleased to announce the appointment of James...
Products, Services, and Solutions
New IT and OT Security Platform Delivers True Cyber Resilience (Forescout) In today’s rapidly evolving industrial landscape – where increasing operational complexity heightens risks – visibility alone is no longer enough. As the lines between IT and OT security blur, your ability to see the whole picture and take control can be the difference between smooth operations and major disruptions.
Strata Writes The Book on Identity Orchestration | Strata.io (Strata.io) Eric Olden, CEO at Strata Identity releases 'Identity Orchestration For Dummies,' the book you need to securely manage IAM in multi-cloud.
Stamus Networks and Array Networks Join Forces to Enhance Network Threat Detection and Response, Drive Cost Efficiency, and Streamline Deployments (Stamus Networks) PRESS RELEASE: Stamus Networks and Array Networks announces product collaborations that unlocks new NDR capabilities for existing programs and new opportunities for organizations that couldn’t previously justify the cost in ultra-high throughput applications.
How RegScale Won the SC Media Excellence Award for Best Compliance Solution (RegScale) Explore how RegScale won the 2024 SC Media Excellence Award for Best Compliance Solution and see why our CCM platform is leading the industry.
Permiso launches Universal Identity Graph to enhance enterprise identity threat detection (SiliconANGLE) Permiso launches Universal Identity Graph to enhance enterprise identity threat detection - SiliconANGLE
Industry EventsFor a complete running list of events, please visit the Event Tracker.
New IT and OT Security Platform Delivers True Cyber Resilience (Forescout) In today’s rapidly evolving industrial landscape – where increasing operational complexity heightens risks – visibility alone is no longer enough. As the lines between IT and OT security blur, your ability to see the whole picture and take control can be the difference between smooth operations and major disruptions.
Strata Writes The Book on Identity Orchestration | Strata.io (Strata.io) Eric Olden, CEO at Strata Identity releases 'Identity Orchestration For Dummies,' the book you need to securely manage IAM in multi-cloud.
Stamus Networks and Array Networks Join Forces to Enhance Network Threat Detection and Response, Drive Cost Efficiency, and Streamline Deployments (Stamus Networks) PRESS RELEASE: Stamus Networks and Array Networks announces product collaborations that unlocks new NDR capabilities for existing programs and new opportunities for organizations that couldn’t previously justify the cost in ultra-high throughput applications.
How RegScale Won the SC Media Excellence Award for Best Compliance Solution (RegScale) Explore how RegScale won the 2024 SC Media Excellence Award for Best Compliance Solution and see why our CCM platform is leading the industry.
Permiso launches Universal Identity Graph to enhance enterprise identity threat detection (SiliconANGLE) Permiso launches Universal Identity Graph to enhance enterprise identity threat detection - SiliconANGLE
For a complete running list of events, please visit the Event Tracker.
Events
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
2024 DataTribe Challenge Submission Deadline (Fulton and Virtual, Maryland, USA, Sep 27, 2024) As founders ourselves, we have never liked the feeling of being the entertainment that comes with participating in most pitch competitions. So, in creating the DataTribe Challenge, we have centered it on the North Star of creating a platform that is a valuable use of time for the founders participating. Submit your startup to potentially be selected to be part of a startup competition like no other. The DataTribe Challenge is a unique program to accelerate your cybersecurity startup. Workshop your messaging and meet potential investors and customers. We will pick five finalists to join the program, receive coaching from our team of startup veterans, present at the live event, and benefit from free promotion and press coverage. Finalists share $25,000 in prizes and all will receive the title of DataTribe Challenge Finalist.
Uniting Women in Cyber 2024 (Arlington, Virginia, USA, Oct 1, 2024) The premier networking event to advance diversity in cybersecurity! Join renowned cyber leaders and experts from all walks of life. Uniting Women in Cyber (UWIC) event convenes a powerful and diverse network of cyber leaders and experts to discuss emerging global trends, technological advancements, and workforce development. UWIC is the premier event for professionals, aspiring practitioners and all who are interested in cybersecurity, to meet and network with national leaders in the field. Come and be a part of a vibrant, diverse community to learn, share ideas, and expand your professional network!
HITRUST® Collaborate 2024 (Frisco, Texas, USA, Oct 1 - 3, 2024) HITRUST Collaborate is the most comprehensive information protection and risk management conference for privacy, security, and compliance. The 2.5-day conference includes keynotes, panel discussions, and educational sessions for industry professionals.
Insider Risk Management Program Evaluation & Optimization Training Course (Laurel, Maryland, USA, Oct 2 - 3, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider RIsk Program Manager / Insider Threat Program (ITP) Manager and other key stakeholders that support the program, have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing a program. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. Our student satisfaction levels are in the exceptional range. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
2024 DataTribe Challenge Submission Deadline (Fulton and Virtual, Maryland, USA, Sep 27, 2024) As founders ourselves, we have never liked the feeling of being the entertainment that comes with participating in most pitch competitions. So, in creating the DataTribe Challenge, we have centered it on the North Star of creating a platform that is a valuable use of time for the founders participating. Submit your startup to potentially be selected to be part of a startup competition like no other. The DataTribe Challenge is a unique program to accelerate your cybersecurity startup. Workshop your messaging and meet potential investors and customers. We will pick five finalists to join the program, receive coaching from our team of startup veterans, present at the live event, and benefit from free promotion and press coverage. Finalists share $25,000 in prizes and all will receive the title of DataTribe Challenge Finalist.
Uniting Women in Cyber 2024 (Arlington, Virginia, USA, Oct 1, 2024) The premier networking event to advance diversity in cybersecurity! Join renowned cyber leaders and experts from all walks of life. Uniting Women in Cyber (UWIC) event convenes a powerful and diverse network of cyber leaders and experts to discuss emerging global trends, technological advancements, and workforce development. UWIC is the premier event for professionals, aspiring practitioners and all who are interested in cybersecurity, to meet and network with national leaders in the field. Come and be a part of a vibrant, diverse community to learn, share ideas, and expand your professional network!
HITRUST® Collaborate 2024 (Frisco, Texas, USA, Oct 1 - 3, 2024) HITRUST Collaborate is the most comprehensive information protection and risk management conference for privacy, security, and compliance. The 2.5-day conference includes keynotes, panel discussions, and educational sessions for industry professionals.
Insider Risk Management Program Evaluation & Optimization Training Course (Laurel, Maryland, USA, Oct 2 - 3, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider RIsk Program Manager / Insider Threat Program (ITP) Manager and other key stakeholders that support the program, have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing a program. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. Our student satisfaction levels are in the exceptional range. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
Comments
Post a Comment
Please leave a comment about our recent post.