Security News

In another week of intense world news, you may have missed these tech stories. Making your Apple devices play nice with OneDrive, a new Excel function and a new way attackers communicate during their campaigns lead the best technology stories TechRepublic had to offer this week.

Sloppy data security at education tech giant Chegg exposed students and workers' personal information not once but four times in various ways over four years, according to the FTC. In response, the American consumer watchdog today ordered the company to better protect data, including encrypting sensitive information, providing multi-factor authentication to users and employees, limiting the amount of personal information it collects and retains, and training staff on security practices. Per an FTC order [PDF], the tech firm also has to notify "Each individual whose unencrypted Social Security number, financial account information, date of birth, user account credentials, or medical information was exposed" within the next 60 days.

Employer demand for cybersecurity professionals continues to strain talent availability, according to new data from CyberSeek. For the 12-month period ending in September 2022, employers listed 769,736 openings for cybersecurity positions or jobs requiring cybersecurity skills.

Chinese president Xi Jinping has opened the 20th Congress of the Chinese Communist Party with a call for the nation he leads to win the race for development of "Core technologies" and to become self-reliant in strategic tech. In his Sunday speech he spoke of innovation being focused on national strategic requirements - therefore led by the State - and linked the development and implementation of information technology to national security.

Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months. The incident disrupted healthcare customers, forcing NHS 111 medical services operators, for example, to revert back to pen and paper as digital services went AWOL, sources told us at the time.

SolarWinds unveils the results of its survey examining the state of the technology job market amid industry-wide labor shortages and hiring challenges. Released to coincide with the eighth-annual IT Pro Day holiday, the survey found despite a potential economic downturn, more than two-thirds of tech and IT professionals surveyed said they're completely confident in their career choices.

An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams. App subdomains to host their scam pages within a single day.

Today's requirements [PDF] stem from US President Joe Biden's cybersecurity executive order from May 2021, which was in response to the SolarWinds disaster and other high-profile software supply chain meddling. This is essentially a guarantee from the vendor that their product meets minimum NIST standards for secure software development.

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.

China will conduct a three month blitz to cleanse the local internet of "Rumors and false information". The nation's Cyberspace Administration last Friday announced the plan, which calls for local tech companies to improve their ability to identify the source of rumors and fake news, then punish account-holders who share it with warnings, bans, and permanent suspensions.