Google is set to pay a $391.5M settlement after the Attorney General's office found out that the company illegally tracked the location of Android users. Google will have to implement new changes to make its settings easier to understand. More: - Michigan Attorney General Dana Nessel stated that "Google's privacy practices have gone unchecked for too long" and that she is "glad Michigan citizens will benefit from this settlement."
- This is the largest multistate attorney general privacy settlement in the history of the U.S., as Michigan will receive close to $12M from the settlement. The investigation was a result of the cooperation of 40 attorney general offices from states such as Arkansas, Florida, Illinois, Louisiana, New Jersey, North Carolina, etc.
- The attorneys general opened the Google investigation following a 2018 Associated Press article that claimed Google recorded movements even when users explicitly chose against it.
- When users turned Location History off in Web & App Activity, a separate account setting was automatically turned on once users set up a Google account.
- This feature affected all Android phone users since 2014.
Zoom Out: - Only three weeks ago, Google was hit with a $113M fine by India after the country's regulating authority claimed that the company forced apps to use its own third-party payment solution, something that is considered an anti-competitive practice.
| |
Sobeys, the second-largest supermarket chain in Canada, has been hit by a cyberattack. The unknown threat actor likely used Black Basta Ransomware. More: - Sobeys stated that its supermarket chains had not been functioning properly since the attack, but the company was able to recover the network of its pharmacy chain.
- According to reports, the cyberattack shut down the computers that employees in the retail giant use. POS points, however, were still functioning even after the attack.
- Sobeys has 134,000 employees and 1,500 locations in all 10 provinces under brands such as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, and Lawtons Drugs.
- The company reported the attack last week, but details were only released a few days ago.
- While the threat actor responsible for the hacking campaign has not been tracked yet, researchers believe Russia-backed Fin7 may stand behind it. Black Basta Ransomware has managed to breach over 100 targets in less than 10 months since it has been tracked.
Zoom Out: - Back in August of this year, Maple Leaf Foods was also hit by a cyberattack. The company was unable to restore its system for a number of days after the attack, forcing the company to complete certain tasks manually.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Our role-based, language-specific, secure developer training meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. We offer over 49 courses covering topics including: ● Defending AWS, .NET, Angular, Java, and more ● DevSecOps Fundamentals and DevSecOps for Managers ● Defending Containers, Kubernetes, Docker ● Secure Software Requirements, Design, Testing Explore language-specific, role-based, (ISC)² accredited secure developer training. Visit our page to browse our curriculum, try a free course, or speak to the team. Browse our curriculum
| |
The EU and NATO have published a new EU-led proposal that says the war in Ukraine should serve as a sign to strengthen the European cybersecurity and overall security infrastructure. More: - The European Commission stated that there should be cybersecurity measures implemented that would successfully manage to protect key frontline workers, such as doctors, nurses, police, soldiers, etc., from hackers.
- This demographic has been a consistently targeted group by threat actors who aim to hack entire institutions, such as hospitals and police stations, by infecting a single employee in those institutions.
- Cybersecurity certification standards were also mentioned as a factor that should be improved.
- NATO Secretary General Jans Stoltenberg stated that the NATO alliance should invest more money, have more expertise, and collaborate more. According to him, cyberattacks are able to cause war-like situations even if two militaries are not battling with each other, making it a delicate vector that needs to be addressed properly.
Zoom Out: - The EU has been the subject of a number of cybersecurity controversies.
- A few months ago, it was revealed that many European politicians, EU parliament members, ministers, and even prime ministers were spied on by a third party using the Pegasus spyware.
- The latter is software designed by Israeli cybersecurity company NSO Group.
- The news caused the top EU privacy watchdog to call for its full ban.
| |
Scooter-sharing company Whoosh has confirmed that it has been hacked, as 7.2 million users have had their data leaked. Whoosh is the largest urban mobility company in Russia. More: - While the company had previously claimed that it had thwarted an attempted cyberattack, Whoosh has now confirmed that recent data leaks posted on internet forums belong to its users.
- Hackers have posted private data for more than 7.2 million Whoosh customers. This data includes email addresses, credit cards, phone numbers, first names, etc. Regarding credit card information, almost 2 million of the 7.2 million users are victims of credit card info leakage.
- Besides the users, the hackers also have managed to steal Whoosh's property, such as promo codes, claiming that they possess more than 3 million codes that they could use for free.
- The unknown threat actor who is selling the information said that they would sell it to a maximum of five buyers for $4,200 per person.
| |
 A message from DEEL Prepare for your next business move with Deel's International Hiring and Compliance Guide Deel’s simplified a whole planet’s worth of information. It’s time you got your hands on our international compliance handbook where you’ll learn about: - Attracting global talent
- Labor laws to consider when hiring
- Processing international payroll on time
- Staying compliant with employment & tax laws abroad
With 150+ countries right at your fingertips, growing your team with Deel is easier than ever. Download your guide 
| |
Trinity Cyber has raised a $26.7M debt funding round led by an undisclosed investor. The company, which counts Intel as a previous backer, aims to help companies minimize false positives, which make up 45% of all security alerts. More: - It separates its products into two main categories: TC:File and TC:Edge.
- TC:File is a subscription-based API solution that helps companies protect their systems against infected malware that aims to infect files.
- On the other hand, TC:Edge automates incident response, eliminates false positives, removes workloads from customers, and adds Zero Trust to Internet Access. The software is used to replace, improve, and implement security infrastructure processes.
- The company has worked with clients such as AT&T, F5, vmware, gigamon, optiv, etc.
- Trinity Cyber is based in Washington, D.C.
| |
Quick Hits: - Apis Cor holds the current Guinness World Record for the largest 3D-printed building on Earth. Invest in the future of construction.*
- A subgroup of China-backed threat actor APT41 has been tracked. This subgroup was named Earth Longzhi and has been active since 2020, while its latest campaign is targeting Ukrainian institutions using Cobalt strike loaders.
- The NSA has released a security recommendation that instructs organizations on how to protect from memory safety flaws. This category of bugs represents 70% of all cases.
- A new malware that exploits weak log-in credentials has been tracked. The tool, named KmsdBot, is used primarily in cryptocurrency mining campaigns, the automotive industry, gaming, etc.
- Red Points, a Spanish startup that helps brands prevent counterfeiting, piracy, and digital impersonators, has raised a $20M growth round led by European VC IRIS.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
With 150+ countries right at your fingertips, growing your team with Deel is easier than ever. | |
