How To Drive Value with Security Data – The Full Talk

Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data to manage their infrastructure and protect their assets and information. The solution vendors have initially named the space log management and then security information and event management (SIEM). We have then seen new solutions pop up in adjacent spaces with adjacent use-cases; user and entity behavior analytics (UEBA) and security orchestration, automation, and response (SOAR) platforms became add-ons for SIEMs. As of late, extended detection and response (XDR) has been used by some vendors to try and regain some of the lost users that have been getting increasingly frustrated with their SIEM solutions and the cost associated for not the return that was hoped for.

Patch Released for 7-Year-Old Privilege Escalation Bug In Linux Service Polkit

Long-time Slashdot reader wildstoo writes: In a blog post on Thursday, GitHub security researcher Kevin Backhouse announced that Polkit, a Linux system service included in several modern Linux distros that provides an organized way for non-privileged processes to communicate with privileged ones, has been harbouring a major security bug for seven years.

The bug, assigned (CVE-2021-3560) allows a non-privileged user to gain administrative shell access with a handful of standard command line tools. The bug was fixed on June 3, 2021 in a coordinated disclosure.

Microsoft’s GitHub Releases ‘Visual Studio Code’ Extension Allowing Editing Without Cloning Repositories

A new extension for Microsoft’s code-editing tool, Visual Studio Code, “allows you to open, edit, and commit back to source-control repos without having to clone them on your local machine,” explains a new video.

A Microsoft blog post calls it “a new experience that we’ve been building in partnership with our friends at GitHub to enable working with source code repositories quickly and safely inside VS Code.” In VS Code, we’ve offered integrated support for Git from the very beginning, and we’ve been supporting many other source control management (SCM) providers through extensions. This has allowed developers to clone and work with repositories directly within VS Code.

McDonalds Faces Potential Class Action Lawsuit Over Automated Drive-Thru

McDonald’s equiped 10 of its restaurants in Chicago with automated speech-recognition for their drive-through windows. Now they’re facing a potential class-action lawsuit. Long-time Slashdot reader KindMind shares this report from the Register: McDonald’s has been accused of illegally collecting and processing customers’ voice recordings without their consent in the U.S. state of Illinois… The state has some of the strictest data privacy laws; its Biometric Information Privacy Act (BIPA) states: “No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information.” unless it receives written consent.

Shannon Carpenter, a resident of Illinois, sued [PDF] McDonald’s in April on behalf of himself and all other affected state residents. He claimed the fast-chow biz has broken BIPA by not obtaining written consent from its customers to collect and process their voice data, nor has it explained in its privacy policy how or if the data is stored or deleted. His lawsuit also stated that McDonald’s has been experimenting with AI software taking orders at its drive thrus since last year.

The rapid hard-tech emergence

Garrett Winther is a partner and program director at HAX, SOSV’s venture program for hard tech. An engineer by training, venture builder by trade, he is bringing hard-tech ventures to life at SOSV, IDEO and MIT.

Building the Framework for a Successful SOC 2 Audit

Although it’s incredibly helpful to go through a checklist when ensuring SOC 2 compliance, don’t forget that SOC is ultimately about giving customers what they paid for and keeping them safe. With this in mind while you’re building your company, a good place to start is by defining your commitments to customers and users as well as system requirements that will help you meet those commitments. These overarching commitments will turn into the pillars that your SOC 2 audit will be built around.