The former president’s continued rejection of the election results has triggered actions that not only threaten the conclusion of his time in office but also create vulnerabilities for the incoming administration.

In a notable act of reprisal, Donald Trump dismissed Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency (CISA), following Krebs’s statement that there was “no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised.” This statement directly opposed the unsubstantiated claims made by the former president alleging that the election was stolen by Democrats. The resulting disruption at CISA has led to the departure of several key leaders – some resigning and others being removed – and the prospective next leader is facing potential obstacles due to concerns regarding their security clearance.

Up until recently, President-elect Biden’s transition team experienced delays in cybersecurity preparations because the outgoing administration declined to initiate the legal process providing the incoming team with access to government resources, including vital cybersecurity safeguards. This has left the next president vulnerable to continuing cyberattacks while simultaneously being denied access to classified intelligence detailing those threats.

Concurrently, as President Biden assembles his administration, the technology sector is preparing for a shift in governmental approach. However, significant challenges related to antitrust concerns, data privacy issues, and net neutrality are expected to persist. The technology industry’s attempts at superficial public relations efforts will likely not shield them from scrutiny under the Biden administration, regardless of their preference.

Here’s more from the week.

THE BIG PICTURE

Apple and Facebook clash over privacy — once more

Apple and Facebook are once again engaged in a dispute concerning privacy, with each company positioning itself as the greater advocate for user protection. In a communication addressed to a privacy advocacy organization, Apple announced that its new feature designed to limit tracking will be implemented in the coming year. This feature will empower users to opt out of in-app tracking, a change anticipated to significantly impact the online advertising sector and companies that collect user data.

When presented with a clear choice regarding tracking, the majority of users are predicted to choose to disable it.

Apple’s statement directly criticized Facebook for demonstrating a “lack of concern for user privacy.” Facebook, which generated over 98% of its worldwide revenue through advertising in the previous year, responded by asserting that Apple is “leveraging its dominant position in the market to prioritize its own data collection practices, while simultaneously creating obstacles for competitors to utilize the same data.”

Facebook’s claim holds some validity. Apple is projected to earn $11 billion from advertising by 2025. However, the company has generally been recognized as having stronger privacy standards compared to its competitors. It is important to note that Apple’s business model is centered around hardware sales, unlike Facebook and Google, which rely on data sales. This distinction presents its own challenges for Apple, such as addressing human rights concerns in China.

This recent letter from Apple follows a similar statement made two years prior by chief executive Tim Cook, in which he initially criticized Facebook’s data collection methods.

Google discovered seven actively exploited vulnerabilities, but is withholding details

Over the last month, Google’s specialized security team, Project Zero, has identified a series of previously unknown security flaws—referred to as “zero-day” vulnerabilities, as developers have no prior warning to create a fix. These vulnerabilities affected Windows computers, iPhones, Android devices, Windows users, and those utilizing the Chrome browser. These weaknesses are currently being exploited by malicious actors, and Vice News reported that the flaws appear connected, indicating a coordinated campaign or the involvement of a single hacking group.

Despite this, Google is declining to provide further information about these attacks. The identities of the hackers, their targets, and the nature of their objectives remain unknown. Releasing this information could assist potential victims in safeguarding themselves. Currently, it is only known that the attacks are “targeted” in nature and are unrelated to the recent election.

The sophistication required to launch attacks across multiple applications and platforms demonstrates a high level of technical expertise. While uncommon, such cross-platform attacks are not unprecedented. Last year, hackers exploited two zero-day vulnerabilities in Firefox against employees of Coinbase, likely in an attempt to steal cryptocurrency. A separate set of zero-days was used to target Uighur Muslims, presumably at the direction of the Chinese government. The differing motivations behind these attacks have puzzled security experts.

MOVERS AND SHAKERS

Twitter has appointed Peiter Zatko, widely known as Mudge, to lead its cybersecurity efforts. In his new role as head of security, Zatko will directly report to Twitter’s CEO, Jack Dorsey. This recruitment follows several significant security events experienced by the company, including a security breach where unauthorized users compromised prominent accounts to promote a cryptocurrency fraud, along with several other security vulnerabilities and instances of Saudi Arabian spies accessing data belonging to vocal critics of the kingdom.

Reuters reports that Zatko’s responsibilities will encompass a comprehensive review of “information security, site integrity, physical security, platform integrity – which extends to addressing abuse and manipulation on the platform – and engineering.” Essentially, his scope covers all critical areas. Zatko’s prior experience includes positions at Stripe, Google, and DARPA, the research and development arm of the U.S. government. However, he is most recognized for his involvement with Cult of the Dead Cow, a well-known hacking collective from the 1990s that developed Windows hacking tools, prompting Microsoft to prioritize security improvements.

Zatko represents the newest addition to Twitter’s cybersecurity team, joining Rinki Sethi, who began her position as chief information security officer in September.

$ECURITY $TARTUPS

Leading cybersecurity firm Cisco has acquired container security specialist Banzai Cloud for an amount that has not been publicly revealed. Established in Budapest in 2017, the company created a platform centered around Kubernetes, assisting organizations and businesses in the development and implementation of applications designed for cloud environments. Cisco communicated through a blog post that this acquisition will strengthen its initiatives in the cloud computing space.

Furthermore, Abnormal Security has secured $50 million in Series B funding to address the growing problem of fraudulent business email practices. The company, created by Evan Reiser and Sanjay Jeyakumar, notably lacks female representation on its leadership webpage, displaying only a generic stock image of a woman. When questioned about this, Ted Liao of Abnormal Security stated that approximately one-third of the company’s workforce is female and that they are “actively working to extend this diversity to our leadership positions.” This level of representation is marginally sufficient for a very early-stage startup, but is questionable for a company that has been operating for a couple of years.

Confidential information can be sent via Signal and WhatsApp to +1 646-755-8849.