This week in InfoSec  (10:44)

With content liberated from the “today in infosec” twitter account and further afield

18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes.

https://twitter.com/todayininfosec/status/1836495262409175187  

17th September 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would be architected to prevent it from being technically feasible for the company to extract data from customer devices. A day later Google made a similar announcement pertaining to Android.

With iOS 8 Update, Apple Will No Longer Provide User Data to Police

https://twitter.com/todayininfosec/status/1836071319030374437

Rant of the Week  (17:50)

No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom

Buried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that's perhaps far more vast than most people realise, and it desperately needs regulation. 

That's the conclusion the FTC made after spending nearly four years poring over internal data from nine major social media and video streaming corporations in the US.

These internet behemoths are collecting vast amounts of data, both on and off their services, and the handling of such data is "woefully inadequate," particularly around data belonging to children and teenagers, the FTC said. 

Billy Big Balls of the Week (28:06)

LinkedIn started harvesting people's posts for training AI without asking for opt-in

LinkedIn started harvesting user-generated content to train its AI without asking for permission, angering netizens.

Microsoft’s self-help network on Wednesday published a "trust and safety" update in which senior veep and general counsel Blake Lawit revealed LinkedIn's use of people's posts and other data for both training and using its generative AI features.

In doing so, he said the site's privacy policy had been updated. We note this policy links to an FAQ that was updated sometime last week also confirming the automatic collecting of posts for training – meaning it appears LinkedIn started gathering up content for its AI models, and opting in users, well before Lawit’s post and the updated privacy policy advised of the changes today.

Industry News (35:07)  

Over Half of Breached UK Firms Pay Ransom

ICO Acts Against Sky Betting and Gaming Over Cookies

AT&T Agrees $13m FCC Settlement Over Cloud Data Breach

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Google Street View Images Used For Extortion Scams

8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

Western Agencies Warn Risk from Chinese-Controlled Botnet

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Tweet of the Week  (42:39)

https://twitter.com/ProfWoodward/status/1837084678836171089

Come on! Like and bloody well subscribe!