WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Qualcomm Fighting Misinformation With Photo Validation Tool

    Qualcomm Fighting Misinformation With Photo Validation Tool

    Qualcomm is the latest company to tackle misinformation, announcing a tool designed to ensure the validity of photos and videos.

    Shallowfakes (photos manipulated through traditional means) and deepfakes (photos manipulated with AI) are a growing concern for researchers, tech giants, security experts and politicians. A single photo or videos manipulated to portray someone in a compromising position, or saying something inflammatory, can have profound repercussions.

    Qualcomm is the latest company to tackle the problem, teaming up with Truepic. Most digital images contain metadata, such as the time the photo was taken and the location where it was taken. Normally, this metadata is relatively easy to edit and change, either via the camera’s settings or with a third-party application after the picture is taken. Truepic’s software makes it harder to modify the metadata, thereby protecting the integrity of the media.

    Qualcomm plans to embed Truepic’s software in its smartphone chips. According to NBC News, “the feature enables a ‘secure’ photo capture mode within a device’s native camera app to sit alongside other modes such as portrait, slow motion and time-lapse. The mode allows users to take a photo that has a digital signature to prove its provenance, including the pixels that were captured in the original image and where and when the photo was taken.”

    By partnering with Qualcomm, one of the largest smartphone chipmakers, this deal is a huge win for Truepic. Thanks to Qualcomm’s reach, the technology will hopefully have a meaningful impact in the fight against shallow and deepfakes.

  • Zoom End-to-End Encryption Rolling Out Next Week

    Zoom End-to-End Encryption Rolling Out Next Week

    Zoom has announced it will be rolling out end-to-end encryption (E2EE) beginning next week.

    Zoom quickly became the de facto standard for remote work and distance learning during the coronavirus pandemic. Unfortunately, the company made a number of security missteps early on, leading to a 90-day moratorium on new features as the company focused on security.

    One of those issues revolved around E2EE. The company’s early marketing made it appear as if it offered E2EE when, in fact, it did not. The company later announced definitive plans to implement E2EE, although only for paid accounts. After feedback and criticism, the company reversed course, announcing its intention to bring E2EE to all users.

    Those plans are coming to fruition, with the company implementing the first phase of its E2EE plans next week:

    We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days. Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.

    CEO Eric S. Yuan highlighted the benefits of E2EE, both to customers and the Zoom platform:

    End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world. This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.

    Once enabled, users will know their meetings are encrypted with E2EE by looking at the green shield icon in the upper left corner. The normal checkmark, indicating GCM encryption, will be replaced by a padlock.

  • US Joins International Call For Encryption Backdoors

    US Joins International Call For Encryption Backdoors

    Once again, the US is calling for weakened encryption, along with the Five Eyes, Japan and India.

    The Five Eyes is a group of nations that cooperate on intelligence, comprised of the US, UK, Australia, New Zealand and Canada. The extent of the Five Eyes’ spying was brought to the public’s attention as a result of Edward Snowden’s leaks.

    In an international statement, the Five Eyes, along with Japan and India, have once again called on companies to achieve the impossible.

    The statement beings with the following statement supporting strong encryption:

    We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.

    The next part of the statement, however, directly contradicts the opening remark:

    Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:

    • Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
    • Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
    • Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

    As has been pointed out repeatedly at WPN, what the international statement calls for is not theoretically, practically or scientifically possible. Encryption is based on mathematics. For encryption to be “strong,” it must be based on a sound mathematical implementation.

    The minute a backdoor is created, that strength vanishes. There is simply no way to simultaneously have strong encryption combined with a method to defeat that encryption. No matter how well intentioned such a backdoor may be, any such method would ultimately weaken encryption for everyone—including those, as the statement highlights, whose very lives depend on secure, encrypted communication.

    This is one of the reasons that, as previously reported, secure messaging app Signal has already said it would not be able to continue operating in the US should legislation be passed enforcing encryption backdoors. For perspective, Signal is used by congressional staff and the military, specifically because it is so secure.

    What is not clear is whether the officials calling for encryption backdoors understand the underlying principle and are disingenuously claiming otherwise, or whether they truly do not understand how encryption works.

  • Windows 10 May Block Drivers That Are Not Verified

    Windows 10 May Block Drivers That Are Not Verified

    Microsoft unveiled a major change as part of its Patch Tuesday yesterday, indicating some drivers may no longer work.

    Apple and Microsoft have both been increasing the security of their operating systems. A big part of that is digitally signing software to verify its authenticity. With the latest Patch Tuesday, however, Microsoft may be taking it a step further, blocking any drivers that aren’t signed.

    Microsoft outlines the issue under Known Issues:

    When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

    Microsoft goes on to describe the specific issue, as well as what impacted users should do:

     

    This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

    If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

    While potentially annoying, this should help improve the security of Windows 10.

  • IRS Under Investigation For Illegally Tracking Americans via Their Phones

    IRS Under Investigation For Illegally Tracking Americans via Their Phones

    The IRS is under investigation by the US Treasury’s Inspector General for purchasing smartphone data to illegally track Americans.

    The issue began when Senators Ron Wyden and Elizabeth Warren sent a letter to the Inspector General demanding the IRS be investigated. According to the letter, the IRS had been purchasing bulk data from a company named Venntel. The information contained location data from Americans’ phones, based on the various apps they use.

    According to Motherboard, a Wyden aide has said “the IRS wanted to find phones, track where they were at night, use that as a proxy as to where the individual lived, and then use other data sources to try and identify the person. A person who used to work for Venntel previously told Motherboard that Venntel customers can use the tool to see which devices are in a particular house, for instance.”

    As Wyden and Warren’s letter points out, the Supreme Court ruled in 2018 that collecting significant quantities of historical data from phones was covered under the Fourth Amendment, and therefore requires a search warrant. The fact that the IRS obtained no such warrant puts it in legally dubious territory.

    Putting aside the legal ramifications, it’s a safe bet that few Americans would be OK with the IRS tracking where they sleep at night.

  • BlackBerry Launches AI-Powered Blackberry Protect Mobile

    BlackBerry Launches AI-Powered Blackberry Protect Mobile

    BlackBerry has announced BlackBerry Mobile Protect, a mobile threat defense (MTD) solution based on artificial intelligence (AI).

    Once known for industry-leading mobile smartphones, BlackBerry was largely supplanted by Apple’s iPhone and Google Android phones. As a result, the company now focuses primarily on enterprise software, while licensing the rights to create Android phones to third-party companies. One thing BlackBerry has always been known for is first-class security.

    The company’s latest announcement extends the protection of BlackBerry Protect, bringing the same level of security to mobile devices. In particular, the technology leverages AI to provide “security teams with unprecedented visibility into their mobile, desktop, and server endpoints from a single security console, which is critical during a time when remote workers are being targeted with mobile malware and phishing attacks.”

    BlackBerry Protect Mobile is designed to detect attacks before they can be executed. This includes alerting users to dangerous URLs before they open them, as well as warning before a user visits a spoofing website, designed to steal their information.

    “The number of phishing attacks that target mobile users will continue to rise because business is being conducted on mobile devices and users are more susceptible to attacks when viewing and accessing content on the go,” said Billy Ho, Executive Vice President of BlackBerry Spark. “BlackBerry Protect Mobile provides mobile device security integrated into our unified endpoint security (UES) solutions for a simplified approach to identifying and alerting users and administrators to phishing attempts and mobile malware across the enterprise.”

    As mobile threats continue to rise, combined with the need for increased security for remote workers, it’s a safe bet that BlackBerry Mobile Protect will be a big hit for the company.

  • Administration May Restrict Chinese Firm SMIC

    Administration May Restrict Chinese Firm SMIC

    The Trump administration is considering imposing export restrictions on China’s biggest chip maker, SMIC.

    The US has been increasingly targeting Chinese companies, including Huawei, ZTE, TikTok and WeChat, citing national security concerns. Huawei and ZTE have been banned in the US, with TikTok and WeChat facing imminent bans.

    As the trade war heats up, it appears US officials are not slowing down. SMIC is China’s biggest chipmaker, and it appears it is coming under increased scrutiny. According to CNBC, the Department of Defense is analyzing whether it should be placed on the Entity List, a step that would make further restrictions much easier.

    “DoD is currently working with the interagency in assessing available information to determine if SMIC’s actions warrant adding them to the Department of Commerce’s Entity List,” said a DoD spokesperson. “Such an action would ensure that all exports to SMIC would undergo a more comprehensive review.”

    Should the US proceed with this step, it remains to be seen what retaliatory measures the Chinese government may take.

  • Homeland Security Issues Warning On Critical Windows Server Bug

    Homeland Security Issues Warning On Critical Windows Server Bug

    The Department of Homeland Security (DHS) is warning of a Windows Server bug that can give hackers access to any machine on a network.

    Microsoft issued a patch in August that serves as a stopgap measure to prevent the vulnerability from being used. A permanent fix is expected early next year. In the meantime, the vulnerability does not require a hacker to steal authentication information. Instead, a hacker merely has to forge “an authentication token for specific Netlogon functionality,” according to Tom Tervoort, Senior Security Specialist and Ralph Moonen, Technical Director at Secura.

    Once the token is used, an attacker is “able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.” This attack would allow a hacker to take over any computer on the network.

    The vulnerability has been given the highest severity rating, a CVSS score of 10.0. As a result, DHS is giving government offices until 11:59 PM, Monday, September 21 to implement the patch. Needless to say, all other organizations should implement Microsoft’s patch immediately, and be on the lookout for the permanent fix early next year.

  • Oracle/Walmart/TikTok Deal May Be Headed For Another Impasse

    Oracle/Walmart/TikTok Deal May Be Headed For Another Impasse

    The deal to keep TikTok running in the US is headed for another impasse over control of the new company.

    According to TheStreet, TikTok Global will be a new company created to handle operations outside of China. Oracle, along with Walmart, will take a 20% stake in the company. This is a big win for Walmart, as they originally had tried to partner with Microsoft in their failed bid. TikTok’s CEO was insulted by Microsoft describing the social media platform as a security risk, torpedoing Microsoft’s involvement in the company’s future. Walmart, however, was able to avoid the fallout and jump onboard with Oracle’s successful bid.

    Unfortunately for the companies involved, there appears to be some disagreement about who will have majority ownership. President Trump had claimed that TikTok’s ownership would “have nothing to do with any outside land, any outside country. It will have nothing to do with China.”

    ByteDance, on the other hand, has said TikTok Global’s technology, majority ownership and the bulk of its executive board would be based in China. According to International Business Times, however, Trump has vowed to block any deal that leaves the new company under Chinese control.

    It remains to be seen if the involved parties will be able to work out a resolution.

  • Ransomware Results In a Fatality In Germany

    Ransomware Results In a Fatality In Germany

    Ransomware has been a growing issue for years but, in a first, ransomware appears to have caused the death of a hospital patient.

    According to the BBC, a ransomware attack disabled Düsseldorf University Hospital in Germany. A female patient at the hospital was preparing for a life-saving procedure when the ransomware hit, and died when medical personnel were trying to transport her 30km away to the nearest hospital.

    It’s possible the hackers mistakenly targeted the hospital. The BBC quotes local reports saying the hackers were trying to hit another university. Those same reports say the hackers turned over the decryption keys without payment once they realized the hospital had been impacted.

    Whether the attack was intentional or not, authorities are now investigating it as a negligent homicide. Unfortunately, it also appears the attack could have been averted. The hackers used a well-known vulnerability in Citrix VPN software, a vulnerability that organizations had been warned about as early as January. If prosecutors do make their case, the hospital will likely face penalties for ignoring the danger.

    This tragedy should serve as a sobering reminder to companies of all kinds to keep up with security alerts and vulnerabilities, and keep their software and services up-to-date.

  • Senator Blumenthal Demands AT&T Back Off Ad-Based Cellphone Plans

    Senator Blumenthal Demands AT&T Back Off Ad-Based Cellphone Plans

    That didn’t take long; Senator Richard Blumenthal has demanded that AT&T rethink its plans to offer ad-subsidized phone plans.

    As we reported this morning, AT&T CEO John Stankey told Reuters in an interview that the company was looking at offering $5 to $10 off of plans in exchange for displaying ads on the user’s phone. In our report, we raised issues with what we labeled “quite possibly one of the worst, most consumer-unfriendly ideas put forth by a company in recent years.”

    It seems that Senator Blumenthal agrees, slamming the wireless carrier for its plans.

    ”I am alarmed that AT&T’s announcement threatens to create a race to the bottom, trampling over long-held consumers expectations and leaving privacy as a right exclusive to the rich,” wrote Blumenthal in a letter to Stankey.

    Senator Blumenthal also takes issue with AT&T’s plans to monitor and track users across devices, and says that customers should not have to choose between privacy and cost.

    “The prospect of AT&T monitoring consumers’ phone and internet records, matching them across devices and data broker records, and then using that private information to manipulatively target people is outright chilling.

    “AT&T should not hold privacy above consumers’ heads for additional cost. Rather than a benefit, it is clear that AT&T is seeking to legitimize more intrusion into consumers’ lives and more aggressively commoditize subscribers. AT&T’s announcement would create a “pay-for-privacy” standard in the increasingly consolidated phone market, driving prices up for those who want to opt out. You also acknowledge that an ad-supported wireless plan would cross-fertilize its AT&T data broker and ad targeting products, adding to the race to the bottom that exists in the internet ecosystem. In holding out nominal discounts in exchange for the intrusive surveillance and aggressive monetization of private information, AT&T is manipulatively pitting consumers’ welfare and privacy against constrained budgets.”

    Senator Blumenthal has requested a written response by October 18. Given the sweeping implications of AT&T’s proposed action, hopefully this quick pushback will cause them—and any other companies considering such ideas—to reconsider.

  • Instagram Accused of Spying on Users Via Phone Cameras

    Instagram Accused of Spying on Users Via Phone Cameras

    Facebook is being sued over allegations Instagram is spying on users via their phone cameras.

    The lawsuit was filed against Facebook on behalf of Brittany Conditi, a New Jersey Instagram users. The lawsuit alleges that Instagram is accessing the camera even when the app is not being used.

    According to the complaint, Facebook and Instagram are “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” giving them “valuable insights and market research.”

    Facebook has, of course, denied the reports. According to Bloomberg, the company says the issue was caused by a bug that improperly triggered a false notification that the camera was in use.

    Unfortunately for the company, last November its Facebook app was caught opening the camera in the background without permission. Then, as now, Facebook claimed it was an innocent bug that was responsible.

    Facebook either has the worst fortune with bugs that just happen to open the camera without permission, or there may be something to long-standing rumors the company spies on users without permission.

  • DuckDuckGo Experiences Major Growth

    DuckDuckGo Experiences Major Growth

    DuckDuckGo, the privacy-first search engine, is experiencing record growth as customers become more concerned about protecting their privacy.

    According to a company tweet, the search engine touted “a record breaking August,” with some two billion searches, 4 million app/extension installs and an estimated 65 million active users. The company admits it doesn’t have an exact count as a result of the very same privacy that makes the search engine unique.

    Despite DuckDuckGo’s growth, it still has a long way to go before it’s a threat to Google. The search giant currently controls 87.3%, with Bing a distant runner-up at 7.2%. Even Yahoo only has 3.41%. DuckDuckGo brings up fourth place with 1.75%.

    Even so, as customers become more privacy-conscious, DuckDuckGo may soon start moving into third and second place.

  • Proofpoint CEO: Working From Home Changes Face Of Work

    Proofpoint CEO: Working From Home Changes Face Of Work

    “There are huge benefits to collaboration,” says Proofpoint CEO Gary Steele. “However, I do believe fundamentally that this work from home economy that we’re living in is going to change the face of work. You’re going to see a blend. Security leaders and organizations are going to need to figure out how do you defend people when they are sitting at home working from their couch just doing their job and doing it well?”

    New AI/ML Innovations Block Bogus Emails

    One of the big investments for us in this people-centric framework is to help organizations protect the data that people create. We’re giving companies more visibility and more controls to ensure that when you’re sitting in front of your couch and working from home that you’re not treating data in a way that’s going to ultimately hurt the company. For those individuals that are doing something malicious, we’re going to help companies find those malicious individuals.

    We need to block (bogus emails that are supposedly from a trusted source) so that an individual doesn’t actually receive that message (in the first place). That is an impersonation. That’s how we’re applying new innovations in the AI/ML (artificial intelligence & machine learning) space to be able to identify those very sophisticated attacks and block them so that a poor user is not trying to figure out (if it is really) the CEO that asked me to do something that they shouldn’t do.

    Proofpoint CEO Gary Steele: Working From Home Changes Face Of Work
  • TikTok Oracle Deal Approval Imminent

    TikTok Oracle Deal Approval Imminent

    The Financial Times reports that under Oracle’s proposal currently under review by various entities within the US government including Treasury and Homeland Security, TikTok is set to become a standalone US company to satisfy White House conditions. The agreement would keep ByteDance as majority shareholding, with Oracle holding a minority stake. This condition would seem to be at odds with Trump’s mandate for TikTok to become an American owned company to satisfy the terms of his executive order designed to protect the privacy and security of the American public.

    However, President Trump told reporters today that he heard that Oracle and TikTok are “very close to a deal.” He said that a decision on the pending deal will be made “pretty soon.” He noted that he has “high respect” Oracle Chairman Larry Ellison. Ellison is a well-known supporter of President Trump. The trust that the President has with Ellison is likely key to making this deal happen.

    CNBC’s Jim Cramer who has both tech world sources and is friends with Treasury Secretary Steve Mnuchin said this today:

    I think there’s a deal as soon as today. I think that the review is almost complete. They like Oracle. They don’t feel that Oracle has any ties (to China). I think that they are going to get all of TikTok worldwide. They are going to hire 25,000 people in America. Apparently Secretary Mnuchin is very happy about the security concerns. Oracle CEO Safra Catz is saying we are ready. We have a gigantic cloud presence and we are already doing a lot in advertising. This is going to be today or maybe tomorrow.

    There are 55 million users at 79 minutes a day and there are 100 million users per month. It is a prize asset. The reason why the deal is going to be done is because Oracle is a trusted company in the White House. It’s not going to be that Oracle owns it. It is going to be owned by these PE firms, some of it Oracle, and that’s why I think the deal is going to be approved.

    The Wall Street Journal tonight is reporting that the deal may actually include a piece of the TikTok globally as well:

    China’s ByteDance Ltd. would retain a majority ownership stake in its TikTok app as part of a proposal to be reviewed by national-security regulators on Tuesday with an eye toward settling the high-profile deal by a deadline Sunday, according to a person familiar with the situation.

    The proposal includes Oracle Corp. ’s bid to become TikTok’s U.S. technology partner as part of an effort to address the administration’s national-security concerns surrounding the Chinese-owned video-sharing app.

    Source: Wall Street Journal

    “We just got this proposal over the weekend it would be inappropriate for me to comment on it,” said Treasury Secretary Steve Mnuchin yesterday in an impromptu press gathering this afternoon. “It’s going to go through a national security review in the next couple of days and then we’ll be sitting down and reviewing it with the President. But as we’ve said before a condition of any deal is to make sure that we believe that the code is safe, that U.S .citizens personal data is safe, and that the phones are safe. We have a lot of confidence in Oracle so we’ll be reviewing the technical issues with them.”

  • Google Sued For $3 Billion in the UK Over YouTube Privacy

    Google Sued For $3 Billion in the UK Over YouTube Privacy

    Google is being sued for $3 billion in the UK over allegations that YouTube tracks children, violating the UK’s privacy laws.

    Google has been facing ongoing scrutiny over privacy and antitrust concerns, but this latest lawsuit could be one of its most expensive. The lawsuit was brought by Duncan McCann, a father of three. The lawsuit is supported by Foxglove, a tech advocacy group in the UK.

    The lawsuit alleges that YouTube and Google are ignoring UK privacy laws designed to protect children. Instead, according to the lawsuit, YouTube is harvesting data from children watching videos and using that data to target the children with ads specifically designed to influence young minds.

    “We think its unlawful because YouTube processes the data of every child who uses the service – including kids under 13,” writes Foxglove. “They profit from this data, as they are paid by advertisers to place targeted advertising on their YouTube website. They do all this without getting explicit consent from the children’s parents. Under the GDPR and UK law, corporations can’t process the data of kids under 13 *at all* without explicit parental consent. Parents haven’t agreed to the many ways YouTube takes kids’ data.”

    The lawsuit comes as Google is facing other lawsuits claiming it continues to track users even after they opt out. Should McCann win his case, the repercussions for Google and YouTube would be profound.

  • Big Tech: IBM Deploys Face Mask Surveillance System

    Big Tech: IBM Deploys Face Mask Surveillance System

    This may or may not worry you depending on your point of view. IBM has deployed a super intelligent face mask surveillance system for businesses (or government) to discreetly track face mask usage by employees, customers, and anyone who enters a building where their system is installed. The platform will send alerts to the powers that be if anyone is either not wearing a face mask properly or not wearing one at all.

    Presumably, if the tech savvy eye in the sky notices an infraction it will quickly enable management and their enforcement teams to confront the individuals to rectify their face mask violation. How dare they! It will also monitor in real-time crowd density, social distancing, and elevated body temps of those who are entering an establishment.

    IBM Cloud released a video narrated by Ian Smalley (below) that explains how their technology works to enable any business or government to surveil and enforce mask usage:

    Here is a really cool way that Edge Computing is being used to help businesses reopen and operate safely. We know face masks can substantially reduce the transmission of aerosol borne viruses. But sometimes people forget to wear them properly or at all. IBM Edge Application Manager places analytical workloads with Edge enabled cameras that can recognize face masks and determine if they are being worn effectively.

    Since analysis is being performed at the camera the video data and individual privacy are protected. You also avoid the expense of transmitting, storing, or analyzing that image data any further. Alerts are sent every time the camera detects improperly worn or non-existent face masks. Then it sends the aggregated data back to the IBM Maximo Worker Insights platform allowing you to highlight face mask activity in your facilities.

    It’s pretty amazing stuff and that’s only scratching the surface. IBM Application Manager is also using Edge Computing to monitor crowd density, social distancing, and elevated body temps of those who are entering an establishment.

  • Oracle Beats Out Microsoft/Walmart As TikTok’s US Partner

    Oracle Beats Out Microsoft/Walmart As TikTok’s US Partner

    In a surprise move, Oracle has emerged as the frontrunner to be the US partner for TikTok.

    The Trump administration instituted a ban on TikTok that goes into effect mid-September, unless a buyer could be found to take over US operations. Microsoft, partnering with Walmart, emerged as an early prospect before Oracle also threw its name in the mix.

    Before a deal could be finalized, however, the Chinese government changed its export rules governing what technologies could be exported. It’s believed the new rules directly impact the algorithm TikTok uses for recommendations and engagement. As a result, potential buyers had to start looking at alternative ways to make a deal happen.

    According to CBC, ByteDance has rejected Microsoft’s bid in favor of Oracle. None of the involved parties are commenting, so it remains to be seen what a potential deal looks like.

  • WSJ: Microsoft Partners With Startups To Win Cloud War

    WSJ: Microsoft Partners With Startups To Win Cloud War

    According to the Wall Street Journal Microsoft is partnering with tech startups as part of its fierce battle to win the cloud war against Amazon, Google, and others. Microsoft just announced today a global strategic alliance with cloud security startup Abnormal Security. The deal is straight forward. The fast-growing startup moves its platform to Azure and Microsoft will offer Abnormal Security to its huge list of enterprise customers. Amazon has been employing this tactic as well per WSJ.

    In the latest deal with Abnormal Security, Azure customers can purchase Abnormal Security directly via Microsoft co-sell and through the Azure Marketplace. Microsoft says that all purchases count towards enterprise Azure commitments.

    “Microsoft for Startups is committed to helping B2B startups use the Microsoft platform to scale their business quickly and deliver innovative AI-powered solutions to enterprise customers,” said Jeffrey Ma, VP Microsoft for Startups. “Abnormal has hit the ground running, seeing success with Fortune 1000 companies in a short time, and we’re looking forward to joining forces to further accelerate their security solution to our global customers.”

    Evan Reiser, Co-founder and CEO at Abnormal Security said, “When considering the right cloud infrastructure, startups need to look at both the technology platform and the business opportunity. As a cybersecurity company, we were very intrigued with Azure’s inherent security, privacy and AI offerings and as a startup, Microsoft’s go-to-market support and access to the largest enterprises is unmatched. We decided that to be a high-growth company selling to the Fortune 1000, it made business sense to partner with Microsoft and move our business to Azure.”

    “Abnormal’s unparalleled market traction is a testament to incredible value being delivered to their customers and the ability to protect organizations from these cyberattacks that have cost them over $2b. I couldn’t be any more excited to see the accelerated growth with Microsoft co-selling the solution,” said Saam Motamedi, General Partner at Greylock Partners.

    It’s definitely a win-win for Microsoft and startups like Abnormal Security. Microsoft gets a fast growing startup exclusively on its platform and Abnormal Security gets access to Microsoft’s massive connections with enterprise companies.

  • Portland Cracks Down on Facial Recognition

    Portland Cracks Down on Facial Recognition

    Portland has instituted a sweeping ban on facial recognition, the broadest such ban in the US.

    In the wake of privacy concerns, negative publicity, reports of bias and facial recognition being used in legally and ethically questionable ways by companies like Clearview AI, many cities have started rolling out bans. Portland’s ban is the most aggressive however, banning the technology’s use by both the government and businesses.

    The ban does make a distinction between broad facial recognition used for mass surveillance and facial authentication technology. For example, many phones use facial recognition as a security measure. These type of systems are not covered by the ban, as they are not used for broad surveillance.

    The wording of the ban seems to indicate that it is not intended as a permanent solution, but as a stop-gap measure until the technology matures and is better regulated.

    ”Existing methodologies assessing bias in Face Recognition Technologies show progress on their performance,” reads the ordinance. “However, there is still not a formal certification process available to cities that includes the full lifecycle of sensitive information collected from individuals.”

    Similarly, Portland City Council Commissioner Jo Ann Hardesty said:

    “I want to ban this technology until it works as intended. That is my goal.”

  • Google Alters Search Algorithm Ahead of US Election

    Google Alters Search Algorithm Ahead of US Election

    Google is making some major changes to how its search engine operates as the US prepares for the election in November.

    Tech companies have come under fire from both sides of the aisle for alternately doing too much and not enough to combat misinformation, false claims and divisive content. Facebook famously got in major trouble over the Cambridge Analytica scandal, resulting in multiple fines and ongoing scrutiny.

    It appears Google is already taking measures to avoid any scenarios that could put it in the hot seat, by changing how its Autocomplete algorithm works in the weeks leading to the election.

    “We expanded our Autocomplete policies related to elections, and we will remove predictions that could be interpreted as claims for or against any candidate or political party,” writes Pandu Nayak Google Fellow and Vice President, Search. “We will also remove predictions that could be interpreted as a claim about participation in the election—like statements about voting methods, requirements, or the status of voting locations—or the integrity or legitimacy of electoral processes, such as the security of the election. What this means in practice is that predictions like ‘you can vote by phone’ as well as ‘you can’t vote by phone,’ or a prediction that says ‘donate to’ any party or candidate, should not appear in Autocomplete. Whether or not a prediction appears, you can still search for whatever you’d like and find results.”

    The new feature builds on the company’s policy of excluding hateful and inappropriate results from displaying in Autocomplete. It remains to be seen if these measures will have a noticeable impact.