Subject: Microsoft’s anti competitive behavior weakens its customers’ cybersecurity
Source: Federal News Network
https://federalnewsnetwork.com/commentary/2024/11/microsofts-anticompetitive-behavior-weakens-its-customers-cybersecurity/
“I just don’t trust what you’re saying.” That was how Rep. Carlos Giminez (R-Fla.) captured the general sentiment when the House Homeland Security Committee questioned Microsoft Vice Chairman and President Brad Smith on the company’s “cascade of security failures.” During the high-profile hearing, real answers were few and far between.
It was a surprising spotlight on a company that has flown under the radar for decades. Many might recall the “Browser Wars” of the 1990s when Microsoft illegally leveraged its dominance in desktop operating systems to gain a foothold in internet browsers. As scrutiny of the company’s cyber practices heats up on Capitol Hill, more are realizing that Microsoft is using that same playbook today — but even they don’t recognize to what extent.
Disguised as the invisible tech behemoth, Microsoft is leveraging its dominant position in desktop operating and productivity software to lock customers in the cloud. It’s a new take on the same problem, but now customers’ security is threatened. When Microsoft software is vulnerable, the global impact is almost incalculable.
In the weeks following the House Homeland Security hearing, the European Commission (EC) charged Microsoft with antitrust violations for tying Teams with Office 365 and Microsoft 365 as part of an investigation that has been ongoing since 2023. The EC is also probing Microsoft for preventing customers from using competitors’ services, including cybersecurity solutions like identity and access management software.
Global regulators have begun to take notice of the impact of Microsoft’s licensing practices. It is now time for U.S. regulators to do the same: to examine Microsoft’s behavior more closely, listen to customers’ and providers’ experiences, and outline the impact on choice and competition in the cloudstack. Only then will the picture become clear — they just cannot trust what Microsoft is saying.
Source: MakeUseOf
https://www.bespacific.com/use-these-4-apps-and-tools-to-detect-phishing-emails/MakeUseOf
“Phishing emails are no longer exclusively sent by Nigerian princes needing financial assistance. Scammers are now tech-savvy criminals who leverage state-of-the-art tools to con their victims. But it’s not like they’re the only ones with an arsenal of tools to pull from. Most phishing emails will send you attached files and links or try to send you to a website. How do you know if these files, links, and websites are secure? One way to find out is to run them through VirusTotal’s malware scanner. When run through the free VirusTotal detection, 70+ antivirus scanners and URL/domain blocklisting services will analyze your file, link, or website. Once run through the scanner, you’ll be provided results from the antivirus scanners, indicating whether the link, file, or domain you input is deemed to be clean or some form of malware. For example, this VirusTotal scan for 17ebook.com shows that several sites consider this malicious, malware, or phishing, so you should probably avoid it…”
Source: Malwarebytes Blog
https://www.malwarebytes.com/blog/news/2024/11/tiktok-ordered-to-close-canada-offices-following-national-security-review
The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. Canada’s Minister of Innovation, Science and Industry stated:
As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.”
This does not mean Canadians will no longer have access to the popular social media platform. It just means the Chinese owned company will have to close its Canadian operations located in Toronto and Vancouver.
Source: Gizmodo
https://gizmodo.com/beware-of-fake-sites-mimicking-black-friday-deals-researchers-say-2000525936
Cybersecurity researchers say that a scamming group has been operating fake websites advertising Black Friday deals for popular brands in order to steal shoppers’ credit card information and personal details.
In a new report, the firm EclecticIQ says it believes the group behind the phishing websites, which it dubbed SilkSpecter, lures consumers in the U.S. and Europe to websites that mimic real companies with promotions for deals up to 80 percent off.
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts,” EclecticIQ wrote. “The threat actor used fake discounted products as phishing lures to deceive victims into providing their cardholder data … and personally identifiable information.”
Some of the websites run by SilkSpecter include: northfaceblackfriday.shop, wayfareblackfriday.com, llbeanblackfriday.shop, blackfriday-shoe.top, ikea-euonline.com, and dopeblackfriday.shop.
…
EclecticIQ warned that some of the information collected could also be used to target victims with further attacks to compromise multi-factor authentication and breach sensitive accounts.
…
Subject: How and where to report cybercrime: What you need to know
Source: Help Net Security
https://www.helpnetsecurity.com/2024/11/18/how-to-report-cybercrime/
Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including online fraud, identity theft, and other cyber-related offenses.Victims are usually instructed to complete an online form that asks for personal details, a description of the crime, and any collected evidence.While online reporting forms are commonly used, in certain situations, it may be more effective to visit a local police station and report the crime in person, especially for large-scale incidents. This article provides examples from several countries on how reporting cybercrime works. USA – Internet Crime Complaint Center (IC3)…
Source: PA PUC
https://www.puc.pa.gov/press-release/2024/puc-highlights-national-critical-infrastructure-security-and-resilience-month-with-a-focus-on-utility-resilience-and-security-11212024
Resolve to #BeResilient: PUC Urges Utilities, Residents and Businesses to Strengthen Security Against Cyber, Weather and Man-Made Threats
HARRISBURG – As part of National Critical Infrastructure Security and Resilience Month, the Pennsylvania Public Utility Commission (PUC) is emphasizing the essential role of Pennsylvania’s utility infrastructure in maintaining safe, resilient, and reliable services for all residents and businesses. This year’s theme, “Resolve to #BeResilient,” led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), encourages all stakeholders to invest today in readiness, preparing to quickly withstand or recover from potential disruptions.
“Utility systems provide the foundation for our communities, but they face a range of challenges from cyber and physical threats to severe weather,” said PUC Commissioner Ralph V. Yanora. “As we highlight resilience this month, it is important to remember that safeguarding these systems requires a year-round commitment from utilities, government agencies, and the public alike.”
…
Filed under:
Subject: Legislation introduced to address foreign supply chain threats
Source: Homeland Preparedness News
https://homelandprepnews.com/stories/82583-legislation-introduced-to-address-foreign-supply-chain-threats/
Subject: CFPB to Oversee Wallet / Payment Apps
Source: Phone Scoop
https://www.phonescoop.com/articles/article.php?a=23403
Subject: Thieves are using Google Maps to target homes
Source: Android Headlines
https://www.androidheadlines.com/2024/11/thieves-google-maps-target-homes.html
Filed: https://www.androidheadlines.com/category/news
Source: PA PUC
https://www.puc.pa.gov/press-release/2024/puc-highlights-national-critical-infrastructure-security-and-resilience-month-with-a-focus-on-utility-resilience-and-security-11212024
Resolve to #BeResilient: PUC Urges Utilities, Residents and Businesses to Strengthen Security Against Cyber, Weather and Man-Made ThreatsHARRISBURG – As part of National Critical Infrastructure Security and Resilience Month, the Pennsylvania Public Utility Commission (PUC) is emphasizing the essential role of Pennsylvania’s utility infrastructure in maintaining safe, resilient, and reliable services for all residents and businesses. This year’s theme, “Resolve to #BeResilient,” led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), encourages all stakeholders to invest today in readiness, preparing to quickly withstand or recover from potential disruptions.
“Utility systems provide the foundation for our communities, but they face a range of challenges from cyber and physical threats to severe weather,” said PUC Commissioner Ralph V. Yanora. “As we highlight resilience this month, it is important to remember that safeguarding these systems requires a year-round commitment from utilities, government agencies, and the public alike.”
…
Filed under: