FBI director Christopher Wray has told Congress he is "extremely" concerned about TikTok's ability to spy on U.S. citizens. Wray also expressed concern about China's control over the algorithm that shows content for U.S. users. More: - According to Wray, China has collected more data about U.S. citizens than any other country in the world.
- What makes this even more worrisome is that Chinese companies have to comply with every request that the government has, or they face severe financial and legal consequences.
- Cyberattacks cost businesses $1.2B in 2021, a figure that is expected to grow as the trend of cyberattacks becomes even more common.
Zoom Out: - TikTok has been a source of controversy for a long time. Former president Trump wanted to ban the app altogether during his administration. He then reportedly proposed that Microsoft buy the U.S. operations of ByteDance, the parent company of TikTok, but a deal was ultimately not finalized.
- TikTok has been banned in India since early 2021. The government cited security as the main reason behind the decision.
| |
The Biden-Harris administration has released a statement on its accomplishments regarding the cybersecurity industry so far, highlighting 7,000 new cybersecurity jobs created. These jobs were created from the earn-while-you-learn apprenticeship program. More: - The government program named The Sprint expanded the number of Registered Apprenticeship opportunities. The program was able to offer 7,000 people a chance to get hired after completing these apprenticeships. Out of the 7,000 individuals, 1,000 of them were hired in the private sector. Out of these employees, 42% are people of color, while 32% are women.
- These figures represent a 15% increase in the representation of people of color compared to previous years.
- Some of the organizations where the apprentices were hired are IBM, NPower, CompTIA, and the Department of Defense.
- As a result of this program, companies such as McDonald's, Cisco, CompTIA, etc., have either expanded or opened entirely new cybersecurity apprenticeship programs and have donated funds for cybersecurity training.
| |
 A message from SECURITY COMPASS So how can security teams influence developers to focus on security issues without getting in their way? We had an incredible discussion with a panel of security experts from Tricentis, Reddit, and the Royal Bank of Canada on how we can all improve application security training. By watching this webinar you will learn: -
How to influence developers to secure code rather than pushing mandates around AppSec practices. -
What developers want from application security training -
Practical advice on leveling up developer security awareness & improving secure coding skills -
How to sustain developer training (with so many changing jobs) Start watching on-demand here
| |
A severe Spotify security flaw that has a 9.8 CVSS score has been tracked by researchers. The security flaw may be used to take advantage of a critical sandbox escape in vm2. More: - The security flaw was found in Backstage, a tool that is published by Spotify and is one of the most popular open-source platforms for building developer portals.
- Backstage is used to unify infrastructure tools, functions, and documentation so that companies can have an easier time accessing their data.
- The flaw may have been exploited over 500 times, enabling hackers to remotely execute arbitrary code and gain control over a system.
- After tracking the flaw, research company Oxeye reported this vulnerability via Spotify’s bug bounty program, which reportedly patched it in version 1.5.1.
| |
Bishop Fox, a cybersecurity company working with 26% of the Fortune 100, has raised a $129M Series B. The company has tripled its annual recurring revenue. More: - Bishop Fox offers different services such as application security, cloud security, network security, IoT security, etc.
- The company claims to work with 26% of the Fortune 100 companies, including names such as Google, Amazon, Zoom, Coinbase, Sonos, John Deere, etc. Over 16,000 projects have been completed by the Bishop Fox team.
- Westcap led the $46M funding round, taking the amount the company has raised to a total of $129M.
- The 20-year-old company aims to boost its presence in Europe, North America, and South America.
| |
 A message from OUTSYSTEMS Discover How the Future Develops with Low-Code IT teams are investing in low-code platforms to accelerate their digital journey and evolve legacy applications to a modern stack. But, ‘regular’ low-code is not enough. You need high-performance low-code: powerful, innovative, and future-proof. Access the OutSystems Low-Code Academy today to discover: -
Strategy. How do I build a high-performance development team? -
Direction. What can we accomplish with high-performance low-code? -
Validation. Which low-code platform is right for my team? Access the low-code academy today. Start Learning
| |
User data could have been breached through a newly reported Zendesk security flaw. The vulnerability could have allowed hackers to access email addresses, conversations, comments, etc. More: - The company has stated that no customer data has been exploited by hackers because this flaw, along with a few others, was fixed within days of being reported by Varonis Threat Labs, a research company.
- Varonis Threat Labs was able to find the vulnerability by spotting multiple nested encodings in the code. According to the company, the more code written by different teams, the bigger the chances are that one of them makes a mistake and leaves possible security flaws open for threat actors.
- The list of user email addresses and names was vulnerable to an SQL injection attack, something that could lead to data extraction and further deployment of malicious payloads.
- The company confirmed that the security flaws have been patched by Zendesk and that, so far, no customer complaints have been recorded.
| |
Quick Hits: - Apis Cor holds the current Guinness World Record for the largest 3D-printed building on Earth. Invest in the future of construction.*
- Europol has announced the arrest of 59 scammers who used e-commerce scams to trick shoppers into compromising their financial information.
- Chinese hacker group Billbug is the main suspect believed to be behind a cyberattack on a certification organization in Asia.
- The healthcare industry may be the target of imminent cybersecurity attacks that use Venus ransomware as a threat vector, according to a new report.
- K-12 in the U.S. are at risk of being breached by threat actors due to their lack of funding and training, a new study shows.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
Powerful. Proven. Built for Devs. See how high-performance low-code is different. | |
