Welcome reader to your Sunday CybersecurityHQ report.

Headlines

● TikTok faces €345 million (nearly $370 million) in fines stemming from the European Union’s General Data Protection Regulation. The violations are related to the way the company handles children’s data. The fine is the result of a two-year investigation that found various ways that the popular video-sharing app breaks rules set around children’s privacy. TikTok released a statement that disagreed with the investigation’s findings.

Among the alleged violations was the ability for adults who were not verified as guardians or parents to directly pair their account with a minor’s, meaning they could direct message children over the age of 16. There are also issues with default settings and how the registration process encourages users to select less private options.

● Google agrees to pay out $93 million in a California location-privacy lawsuit settlement. The state of California claims that Google knowingly lied to users about the ongoing collection of location information even after users opted out. The tech giant used workarounds to collect the exact same location data and sell it to advertisers.

Over the past year, Google has paid out multiple settlements ranging from tens of millions to hundreds of millions of dollars — all in privacy-related lawsuits. These payments do not admit wrongdoing on the part of the company.

● Microsoft claims that Iranian nation-state actors are responsible for password spray attacks affecting thousands of organizations worldwide. The Microsoft Threat Intelligence team says Iran’s hacking efforts focus on entities in the satellite, defense, and pharmaceutical sectors.

The team also highlighted the fact that the attacks, which were carried out between February and July 2023, took place during times that line up with “an Iranian pattern of life.” The attacks, collectively named Peach Sandstorm, used various tools, including AzureHound and ROADtools.

Long Read

Artificial intelligence (AI) could become an incredible ally in cybersecurity, just as it poses an unprecedented threat. In a new write-up in Forbes by Paul Bedi, the risks and benefits of AI for cybersecurity are compared. For instance, certain large language models (LLMs), like OpenAI’s popular ChatGPT, can rapidly retool malware strains and develop new decryption applications. This creates a wave of challenges for those looking to protect their data and systems.

However, the ability to generate new tools and solutions fast can prove a major weapon in the fight for cybersecurity. As long as experts in the field stay proactive, they can leverage LLMs to keep up with new threats.

Cybersecurity Career Opportunities

• Security Engineer

  • Check Point Software Technologies Ltd

  • Full-time

  • Salt Lake City, UT, US

• Director of Data Privacy

  • Kirkland & Ellis

  • Full-time

  • Chicago, IL, US

• Product Marketing Manager

  • Avalor Security

  • Full-time

  • Remote (United States)

For the latest openings in cyber security careers, check CybersecurityHQ.