European authorities warned FIFA World Cup attendees against downloading the official tournament app named Hayya as well as the healthcare app Ehteraz. The two apps may collect location data without permission. More: - Hayya is the official tournament app that will be used as a fan ID, as a holder for digital tickets, as a reference point for information on games, etc.
- Ehteraz is an app that users may have to download if they have to visit healthcare facilities in Qatar.
- Organizations such as the Norwegian Data Protection Authority, the German BfDI, and the premier French privacy authority have all warned against these two apps.
- According to them, these apps collect data such as someone's location, who they've called, when they've called them, and can even prevent the phone from going into sleep mode.
- This is considerably more data than they claim to collect.
- The Norwegian Data Protection Authority went as far as recommending its citizens take two different phones with them to Qatar so that they download the apps on the backup phone.
- If they cannot have a second phone with them, the authority has recommended that Norwegians back up all of their data, erase their devices, download the apps, and then delete them as soon as they are done visiting the country.
Zoom Out: - The 2022 Qatar FIFA World Cup has been a source of controversy ever since the country won the bid to host the world's most popular sporting event. Qatar has been accused by international human rights organizations of violating human rights during the construction of the stadiums the teams will play in, but also for possibly using corruption to win the bid in the first place.
- This story has become the theme of a recently released Netflix documentary named FIFA Uncovered.
| |
The NSA has opened its office for visitors and private sector employees with no guards securing the location as part of a new concept being implemented by the agency. 75% of the building space is unclassified. More: - The office is officially known as the Cybersecurity Collaboration Center.
- This 36,000-square-foot building is being used by field experts who work in the private sector to create collaboration opportunities with the agency.
- Private sector employees stated that this is the first time such an initiative has proven to be so efficient.
- The credit for this efficiency could be given to the openness NSA members have in terms of sharing ideas with the private sector, which in turn provides endpoint information that the agency might not have.
- NSA has been a historically secretive federal agency, but according to officials from the agency, this new openness is part of a vision that aims to improve the collaboration between all security actors in the U.S. so that the greater community benefits in the end.
- The CCC was conceived by White House cyber official Anne Neuberger in 2019.
| |
 A message from SECURITY COMPASS So how can security teams influence developers to focus on security issues without getting in their way? We had an incredible discussion with a panel of security experts from Tricentis, Reddit, and the Royal Bank of Canada on how we can all improve application security training. By watching this webinar you will learn: -
How to influence developers to secure code rather than pushing mandates around AppSec practices. -
What developers want from application security training -
Practical advice on leveling up developer security awareness & improving secure coding skills -
How to sustain developer training (with so many changing jobs) Start watching on-demand here
| |
Iran-backed hackers managed to breach the federal government's security system with Log4Shell and mine crypto in the process. The breach is believed to have happened in February 2022. More: - The unspecified threat actor used a flaw in VMWare Horizon Server that is tracked as CVE-2021-44228 to gain access to federal networks. After staying under the radar for a week, the group moved laterally to steal sensitive information.
- CISA tracked the malware by using an intrusion detection tool named EINSTEIN.
- The agency was able to pinpoint the malicious activity to the following IP addresses:
- 51.89.181[.]64
- 182.54.217[.]2
- According to CISA's statement, organizations that still use outdated Log4j versions should assume that they have been breached at this point and update their systems as quickly as possible.
Zoom Out: - Log4Shell is a new malware variant that was tracked in 2021. The malware has already been used many times to breach targets, mostly in the U.S.
- In February 2022, Iranian hackers gained access to a U.S. aerospace company and the computer systems of a municipal government using this malware.
| |
Nokia has stated that contrary to popular belief, 5G technology will make cyberattacks more common. Four years after 5G technology was widely released, 7 in 10 companies are reporting cyberattacks. More: - Nokia is one of the largest 5G technology manufacturers in Europe.
- According to the Finnish company, companies that use 5G technology have failed to automate manual tasks. As a result, this has led to employees wasting productivity hours with manual tasks that take time away from security and overall efficiency-related tasks.
- More than 4 in 10 respondents in a survey stated that their security staff spends 40% of their time dealing with tasks that could have been automated earlier but were not.
- According to this same survey, the majority of companies have experienced at least one breach in the last 12 months, while one-third of the companies have experienced eight or more breaches.
- This concern was expressed by CISA back in May of this year. The agency released a five-step plan for organizations that they could use to evaluate their 5G security level.
| |
 A message from DELL Tech Savings Keep Coming! Dell's Black Friday deals are here to help you from client systems to infrastructure hardware. We have your startup covered with the best scalable technology. Our most powerful 13-inch XPS laptop is up to twice as powerful as before* in the same size. It features 12th Gen Intel® Core™ processors and the latest battery technology, providing long battery life in a lightweight design—all for a stunning combination of speed, performance, and premium mobility. Plus, dual fans are now larger, providing up to 55% more airflow* and in turn, enabling a more powerful system in the same size without increasing noise or temperature. Inside members can save up to 50% off on Dell orders when connected to a Startup Advisor. For more information go to www.dell.com/inside or contact us at startups@dell.com. Claim your discount
| |
Yakoa has raised a $4.8M funding round to help artists detect NFT fraud. The company aims to be soon compatible with every blockchain. More: - Yakoa offers tools that are able to detect three categories of forgery: Direct, Partial, and Stylistic.
- Yakoa is currently used to scan for NFT IP fraud in blockchains such as Ethereum, Solana, Avalanche, Polygon, Tezos, Fantom, EOS, Cardano, Starknet, Celo, Palm, etc.
- The funding round was led by Collab+Currency, Volt Capital, and Brevan Howard Digital, with participation from Data Community Fund, Alliance DAO, Uniswap Labs Ventures, Orange DAO, Time Zero Capital, gmjp, Sunset Ventures, and FAST by GETTYLAB.
| |
Quick Hits: - Apis Cor holds the current Guinness World Record for the largest 3D-printed building on Earth. Invest in the future of construction.*
- The Ukrainian cybersecurity agency has tracked a new hacking campaign that breaches victims' VPN accounts to access and encrypt networked resources.
- Google is set to roll out the initial Privacy Sandbox Beta to Android 13 mobile devices in early 2023.
- A new report by Cybereson claims that four out of 10 companies reduce their cybersecurity staff during holidays by as much as 70%.
- Ostra Cybersecurity has raised a $3.5M A round led by Rally Ventures. The Minnesota-based company offers 24/7 threat protection services for small and medium-sized businesses.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| |
