 FCC Commissioner Brendan Carr stated that Apple and Google should remove TikTok from their app stores due to national security concerns. While the request does not mean the companies will ban the app, it raises concerns over long-standing questions about TikTok's practices. More: - In a letter sent to Apple and Google, Carr called out TikTok's collecting of browsing history, keystroke patterns, biometric data, draft messages, etc. The commissioner also mentioned cases where TikTok has admitted to breaking privacy laws or settled court cases regarding this aspect.
- While the two companies have not made public statements about this topic yet, TikTok has previously claimed that these privacy concerns are not valid because all of the user information in the United States goes through internet infrastructure owned by U.S. company Oracle.
- While this fact is true, the privacy concerns expressed by Carr are related to the access that TikTok staff has to this data.
Zoom Out: - Former President Donald Trump had expressed similar concerns during his term, even suggesting that Microsoft may acquire the U.S. division of TikTok.
| |
 A new malware variant that is targeting Microsoft servers has been tracked. The malware is being tracked as Session Manager. At least 20 organizations have been breached so far. More: - The attack is believed to have come from the Gelsemium hacker group, known for attacking universities, governments, private companies, etc.
- Gelsemium used a Microsoft Exchange Server flaw to gain unauthorized access. The group specifically used IIS, the Microsoft Web Server tool. IIS is a backdoor that, if abused, enables threat actors to utilize cyber espionage tactics and gain intel on emails, browser history, server information, etc.
- Through a special-purpose tool, Gelsemium was able to send requests to HTTP, mimicking authentic ones. Organizations affected are located in countries such as Argentina, Armenia, China, Djibouti, Equatorial Guinea, Eswatini, Hong Kong, Indonesia, Kenya, Kuwait, Malaysia, Nigeria, Pakistan, Poland, the Russian Federation, Saudi Arabia, Taiwan, Thailand, Turkey, the United Kingdom, and Vietnam.
Zoom Out: - Microsoft Exchange Server has been a target of numerous breaches in the last few months. A flaw in the company's service was breached by Blackcat Ransomware, while Chinese group Hafnium did so later in the year.
- At one point, Exchange Server was attacked by thousands of different cyber attacks.
- The FBI used a court order to clean its files from hacked Microsoft Exchange Servers.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See How
| |
 A former government employee in Canada pleaded guilty to charges stemming from a $40M hack. The hacker was part of the NetWalker hacker group. More: - 34-year-old Sebastien Vachon-Desjardins was arrested in Canada and extradited to the U.S. in March of this year. The Canadian citizen deployed the NetWalker malware to breach hospitals, government agencies, universities, etc. During his arrest, the police seized 719 Bitcoin.
- The U.S. court in Florida officially charged him with conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, etc. The hacker has agreed to cooperate with law enforcement authorities by giving up information and stolen assets.
- Netwalker was able to steal $40M worth of Bitcoin while using an affiliate model for its ransomware-as-a-service.
| |
 A re-surfaced malware named MedusaLocker has been shown to target remote desktop protocols. The warning was made by the FBI, CISA, and other U.S. law authorities. More: - MedusaLocker is ransomware that uses a subscription model to grow its user base. Affiliates who successfully manage to do so keep a percentage of the profit.
- The ransomware itself was first seen deployed in 2019. Medusa first made headlines by being used to attack the healthcare sector, but hackers are now using it to breach other sectors as well.
- The ransomware has a high severity ranking, especially for companies with vulnerable RDP. Phishing is the main threat vector through which hackers are able to penetrate networks.
- Medusa bypasses security protocols by using a Windows tool known as CMSPT.exe, and then it reboots the device in safe mode so that the safety tools are shut down.
- The malware then encrypts all the files in the device, making it difficult for the user to recover them.
- Once the files are encrypted, victims are sent a ransomware note with information such as the amount of money the threat actor is asking for, the email which they should communicate with, etc.
- Law authorities have listed a number of IP addresses that are related to Medusa, while government agencies were recommended to use safe passwords with at least eight characters, use password managers, disable hints, etc.
| |
| A message from ASHCROFT CAPITAL With the housing market the way it is these days, it seems impossible to invest in real estate right now – except for apartments. Why invest in multifamily apartments? Because most investors are looking for passive income or growth opportunities to add to their portfolio but multifamily private placements provide both in one investment. Multifamily allows investors a unique opportunity to collect monthly cash flow (passive income) and participate in the equity (growth) as the property appreciates in value. Here lies the advantages of investing in multifamily private placements: - you don’t have to manage a property
- you don’t have to worry about repairs or renovations
- you don’t even have to find your own deals
However, before you invest in any private placement, you still need to take the time to understand the terms. You can learn how to make informed decisions when investing in real estate by downloading this free Private Offering Guide. Download Now For accredited investors only. The guide is for informational purposes only and is not intended for any other use. Not an offer to sell securities.
| |
 Santander bank claims that there has been an 87% increase in celebrity crypto scams in 2022 compared to the same period last year. The scams are being spread mainly through social media, with users clicking on links and then being contacted by scammers via email, where they are promised to win large amounts of money. More: - Scammers are making their victims download software that supposedly helps them manage cryptocurrency, but in reality, it helps the scammers gain remote access to the victim's device. The users then have their accounts frozen as soon as they deposit funds.
- The average cost of crypto scams rose 65% compared to 2021, with the value reaching over $13,000.
- Compared to Oct.-Dec. 2021, the number of scam cases the bank has dealt with in 2022 has increased by 61%.
Zoom Out: - Flagstar Bank, one of the largest asset management banks in the U.S., had the details of 1.5 million customers stolen due to a hack.
- The FTC previously reported that crypto scammers stole more than $1B during the 2021-2022 period.
| |
Quick Hits: - Assets are getting larger, and end-users have you stuck between the cloud and a hard place. Deliver far beyond user expectations with Cox Edge’s CDN.*
- Google announced new updates for its password manager that aim to improve the security level while also making the user experience easier.
- Microsoft has released a new warning for its users regarding a Linux flaw that threat actors could take advantage of. The bug is being patched by the company, but at the moment, Microsoft is encouraging users to use safe security protocols and be alert.
- A new report claims that the cybersecurity industry will have 3.5 million jobs open five years from now, the same number it has now. This will occur due to the increasingly larger role that cybersecurity is playing in the business industry and the world.
- The SEC has proposed a new set of rules for public companies that aim to make access to information about the cybersecurity practices of those companies easier for potential investors.
- This AI-powered UI test automation tool gives developers an easy way to author self-healing cross-browser tests.*
*This is a sponsored post.
| |
Upcoming events at Inside: - July 20 - The Rise of Metaverse Gaming (Register Here)
- August 17 - Build Your Diversified Portfolio: How To Invest in Bear Markets (Register Here)
- September 14 - Are Electric Cars Worth It? (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| |
