Meta has fired numerous employees because they got into users' Instagram and Facebook accounts. The event happened last year, according to a report by Wall Street Journal. More: - Security guards at the Meta facilities were given a special tool that enabled them to reset passwords for users who forgot their account details or were locked out of their accounts.
- The tool created a network of abusers who would ask for thousands of dollars in exchange for opening the accounts.
- These security guards would ask for payment in Bitcoin with the hope that they would avoid being caught.
- Meta, which calls the tool Online Operations, gave limited access to this tool, hoping that cases like this would be avoided, but the plan backfired.
- The social media giant has stated that such actions pose a clear violation of its terms of service.
| |
Twitter is likely getting ready to launch end-to-end encrypted DMs. Researchers believe that Twitter's source code and a tweet reply by Elon Musk to a researcher show an imminent launch. More: - If the claims are true, it will make the second time that the company has attempted to bring this feature to its users. A previously failed attempt named "Secret Conversation" was reported to have begun in 2018 but was quickly shut down for unspecified reasons.
- Jane Manchun Wong, a mobile researcher, tweeted a picture of Twitter's source code that seemed to show a number generated through encryption keys designated for a specific user and said that encrypted DMs might likely be launched soon.
- Elon Musk, who recently became the new owner of the social media giant, hinted with a wink emoji, seemingly confirming that end-to-end encrypted DMs are coming soon.
- Musk has previously stated that the feature is a must for the app.
- End-to-End encryption is used by messaging apps such as Signal, WhatsApp, iMessage, Viber, Element/Matrix, Tox, Keybase, XMPP, etc.
- Twitter has been previously involved in privacy scandals, as several employees confessed to having access to user DMs and reading them at their own will. The company has also been breached by hackers who later managed to read users' direct messages.
| |
 A message from SECURITY COMPASS Security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. This interactive report examines the maturity and approaches of application security training for software developers. It emphasizes the frustrations developers experience with current eLearning options and organizational views on its effectiveness. Key takeaways from the study include: - 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security-related topics regularly - once or twice a week (54%) or daily (21%).
- The best time to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time-consuming activity they perform.
To view the full “2022 DevSecOps Perspectives on AppSec Training” research report and learn more. Click here
| |
Microsoft has released a statement that warns of hackers compromising Multi-Factor Authentication tokens. The relatively new type of attack does not require advanced technical skills. More: - This hacking method revolves around Oauth 2.0 identification token, a platform that has been attacked numerous times by multiple threat actors. When authentication systems, such as Azure, issue a token, it contains information like username, source IP address, MFA, and more.
- Since MFA theft has been tracked as a practice only for the last three years, most companies and institutions do not have security protocols set in place to detect and stop such hacking campaigns.
- Most of the victims targeted by this type of attack are businesses. Hackers send them phishing links and capture their valid authentication token, later using it to sign in. This practice is known as business email compromise.
- The IT giant also mentioned other threat vectors, such as pass-the-cookie. This threat vector is able to extract a unique browser cookie that is given to a user who successfully signs in. After extracting it, it is able to store it and use it on a separate device.
| |
The European Central Bank has joined the Gaia-X Data Project, a cloud initiative that aims to build Europe's digital independence. The platform will enable safe data transfer among European countries. More: - By using the standards set by Gaia-X, the members benefit from having access to a wide array of digital tools that they can use interoperably, depending on their needs.
- Members can choose to analyze their data with one tool, store it with another, and develop it with a completely different tool than the ones used for analyzing and storage.
- European countries aim to use the technology to safely transfer data between them, as mistrust from international cybersecurity actors has reached an all-time high.
- Gaia-X develops common standards that can be used as a reference point for data storage and transfer from European countries. These standards will be in line with the European legislation that is already in place.
- The Gaia-X Association for Data is a non-profit organization with more than 350 members.
- The ECB will pay a membership fee to join Gaia-X.
Zoom Out: - European diplomats were shocked to learn earlier this year that they had been the targets of a successful cyberespionage campaign.
- Foreign actors had used Pegasus, the famous spyware created by Israeli company NSO Group.
- Some of the spied diplomats included the PM of Spain, European Parliament members, members of civil movements, opposition party leaders, etc.
- The scandal caused the head of NSO Group to resign. He was not the only official to quit, however, as the directors of the intelligence services of Greece and Spain resigned too.
| |
 A message from DELL Tech Savings Keep Coming! Dell's Black Friday deals are here to help you from client systems to infrastructure hardware. We have your startup covered with the best scalable technology. Our most powerful 13-inch XPS laptop is up to twice as powerful as before* in the same size. It features 12th Gen Intel® Core™ processors and the latest battery technology, providing long battery life in a lightweight design—all for a stunning combination of speed, performance, and premium mobility. Plus, dual fans are now larger, providing up to 55% more airflow* and in turn, enabling a more powerful system in the same size without increasing noise or temperature. Inside members can save up to 50% off on Dell orders when connected to a Startup Advisor. For more information go to www.dell.com/inside or contact us at startups@dell.com. Claim your discount
| |
Dell Technologies has launched a new cloud protection software product. Dell wants to be the sole vendor for enterprise cloud services, as 85% of enterprises say they want to reduce the number of vendors they use. More: - Cyberattacks are 48% of all enterprise disaster cases so far this year, up from 38% in 2021. Dell wants to tackle this issue by adding another software product to its data security suite, named The Dell PowerProtect Data Manager Appliance.
- Dell claims that its solution is going to be differentiated through four main features:
- Deployment in under 30 minutes,
- 12TB to 96TB of storage,
- VMware integration, and
- built-in cloud capabilities.
- The package uses Artificial Intelligence to sort the best defense tools for the specific needs that clients may have while consistently backing up the data stored through an automated sequence.
- Dell also announced that it has now expanded its data-protection solution to include Google Cloud, in addition to Amazon Web Services and Microsoft Azure which the company has supported for a longer time.
| |
Quick Hits: - Apis Cor holds the current Guinness World Record for the largest 3D-printed building on Earth. Invest in the future of construction.*
- The Pentagon is likely to hold on to most of the authorities it was granted by the Trump administration in 2018, as a lawsuit regarding the case has concluded.
- Verification system company Atlassian has patched security flaws tracked as CVE-2022-43781 and CVE-2022-43782. The flaws affected Bitbucket Server, Data Center, and overall protocols used by the company.
- Cyberattacks against the healthcare industry have cost the world economy $92B since 2018, according to a report.
- Python developers are being attacked by malware known as W4SP Stealer. The malware steals login credentials for Discord, crypto wallets, credit cards, etc.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| |
