$23 Million YouTube Royalties Scam

Read Time:1 Minute, 8 Second

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught.

No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud.

While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before. YouTube’s Content ID system, meant to help creators, has been weaponized by bad faith actors in order to make money off content that isn’t theirs. While some false claims are just mistakes caused by automated systems, the MediaMuv case is a perfect example of how fraudsters are also purposefully taking advantage of digital copyright rules.

YouTube attempts to be cautious with who it provides CMS and Content ID tool access because of how powerful these systems are. As a result, independent creators and artists cannot check for these false copyright claims nor do they have the power to directly act on them. They need to go through a digital rights management company that does have access. And it seems like thieves are doing the same, falsifying documents to gain access to these YouTube tools through these third parties that are “trusted” with these tools by YouTube.

Read More

Everything you need to know about the new features in VSS & MVP

Read Time:3 Minute, 34 Second

This blog was written by an independent guest blogger.

Since AT&T launched its Vulnerability Scanning Service (VSS) in 2012, in partnership with DDI/HelpSystems, over 30 million devices have been scanned. The VSS provides vulnerability management services that help organizations identify vulnerabilities on their network and manage their swift remediation. Similarly, the AT&T Managed Vulnerability Program (MVP), launched in late 2020, allows organizations to assess their network without hiring IT professionals. Both services are designed to simplify vulnerability management and improve clients’ security posture.

Loyal clients who have trusted these services for years will be pleased to learn of the new features that have been added in June 2022. These include:

Improvements to business groups
Enhancements to reporting
Credentials validation  

These new features allow IT administrators to perform scans remotely, receive real-time reports on system vulnerabilities detected, and report them to third-party vendors for further action.

Improvements to business groups

The first significant upgrade in this release was the enhancement of business groups for data segmentation. This improves an organization’s ability to restrict asset visibility by group membership. Previously, data segmentation was done only by IP definition. While functional for limiting access, it lacked flexibility.

Business groups allow organizations to create logical breakouts of asset ownership to follow the principle of least privilege. Business groups can be restricted by office locations or more granular by departmental or team. Additionally, business group members can now be dynamically assigned. Assets within predefined criteria will be added to business groups as they are discovered via scans. With this solution, individual users will only have access to the assets and results that are relevant to their work without being able to see assets and data outside of their permissions. This closes a security gap from insider threats or stolen credentials, decreasing the overall threat landscape.

Enhanced reporting

Reporting is one of the core functionalities of any vulnerability management solution. These recent reporting upgrades have added significant quality of life and streamlining functionality to make reporting even easier for organizations.

Previous incarnations of the solution had reporting as a manual process that users executed on-demand. While this met the needs of most organizations, it was still an additional step that had to be completed. Our latest release has both scheduled and completion-triggered reporting to automate this common task. With scheduled reporting, your organization can set the filters ahead of time and then define a set cadence such as weekly or monthly to generate a report. With completion-triggered reporting, organizations can select a preferred report or reports to be auto-generated when a scan finishes, removing an additional step for users.

In addition to automatic report generation, organizations can now select to have reports emailed to them on completion. This functionality is not enabled by default, and organizations must opt-in specifically to have it available to them. To increase the security of this process, we will also be adding a passwording capability in the next release to ensure that even misaddressed reports are not accessible to those without appropriate access.

Authenticated credential validation

Credential management can be challenging. A simple typo could derail anticipated scan results and delay the identification or validation of vulnerabilities.

With our new credential testing feature, a user can immediately test whether the credentials entered into the system are valid or not. This feature is built right into the process of adding new authentication credentials for scanning. In addition to identifying the use of a set of credentials globally for the account, users can now check the validity of the credentials before utilizing them in an authenticated scan. One more way to improve time to accurate results.

Gaining the advantage

AT&T has two solutions to allow you to take advantage of these new features, AT&T Vulnerability Scanning Service and AT&T Managed Vulnerability Program. VSS enables organizations to rapidly evaluate their infrastructure and generate actionable reports to meet security and compliance needs. MVP is a full-service solution that includes vulnerability management, asset discovery, threat hunting, and malware detection to create a comprehensive security solution.

Contact us today to learn more about how VSS and MVP can help your organization protect itself from vulnerabilities without the hassle and overhead.

Read More

Top 5 security risks of Open RAN

Read Time:48 Second

When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN — a radio access network. From the cell tower, the signal is then routed to a fiber or wireless backhaul connection to the core network. RANs

RANs are proprietary to each equipment manufacturer. Open RAN, on the other hand, allows for interoperability that allows service providers to use non-proprietary subcomponents from a choice of vendors. That adds complexity to the network and changes the risk landscape for wireless communications.

What is RAN and Open RAN?

With 4G, the RAN signal was based for the first time on the Internet Protocol (IP). Previously, it used circuit-based networks, where phone calls and text messages traveled on dedicated circuits. RAN has also evolved to support video and audio streaming, and more types of devices, including vehicles and drones.

To read this article in full, please click here

Read More

3 ways China’s access to TikTok data is a security risk

Read Time:34 Second

The short-video platform TikTok has come under fire in recent months. Both lawmakers and citizens in the U.S. have questioned its data collection practices and potential ties to the Chinese state. The concerns have deepened after Buzzfeed published a report saying that data of some American users had been repeatedly accessed from China.

TikTok’s parent company, Beijing-based ByteDance, denied that it shared information with the Chinese government and announced that it had migrated its U.S. user traffic to servers operated by Oracle. Still, it was not enough to clear the air, and security and privacy experts continued to be worried.

To read this article in full, please click here

Read More