FTC Non-Compete Bans, US Sues Georgia Tech, Microsoft Endpoint Security Summit, and Vulnerabilities

[00:00:02] [SPEAKER_00]: It's Tuesday, August 27th, 2024, and I'm Dave Sobel.

[00:00:05] [SPEAKER_00]: Four things to know today.

[00:00:07] [SPEAKER_00]: A federal judge halts the FTC's non-compete ban, increasing the legal uncertainty over

[00:00:12] [SPEAKER_00]: the nationwide restrictions.

[00:00:14] [SPEAKER_00]: The US government sues Georgia Tech for cybersecurity compliance failures in a high-profile lab

[00:00:21] [SPEAKER_00]: case.

[00:00:22] [SPEAKER_00]: Microsoft's going to host Windows Endpoint Security Summit with CrowdStrike and other

[00:00:41] [SPEAKER_00]: A federal judge in Texas has halted the FTC's nationwide ban on non-compete agreements,

[00:00:48] [SPEAKER_00]: making a national ban increasingly unlikely.

[00:00:51] [SPEAKER_00]: However, many states are enacting laws to limit non-competes with Minnesota, California,

[00:00:56] [SPEAKER_00]: North Dakota, and Oklahoma implementing blanket bans.

[00:01:00] [SPEAKER_00]: The Texas ruling is expected to be appealed alongside similar cases in Florida and Pennsylvania,

[00:01:06] [SPEAKER_00]: which may lead to further legal battles in a Supreme Court skeptical of federal regulatory

[00:01:11] [SPEAKER_00]: power.

[00:01:12] [SPEAKER_00]: Despite the challenges, the FTC may still influence change through softer measures.

[00:01:18] [SPEAKER_00]: Meanwhile, the National Labor Relations Board is examining whether restricted covenants

[00:01:23] [SPEAKER_00]: violate labor laws, which could lead to further legal challenges.

[00:01:27] [SPEAKER_00]: Businesses are advised to use non-competes strategically, focusing on specific employees

[00:01:33] [SPEAKER_00]: rather than blanket policies.

[00:01:36] [SPEAKER_00]: Anist has released a second draft of its digital identity guidelines, enhancing options

[00:01:41] [SPEAKER_00]: for digital identity and untimed fraud measures, including details on mobile driver's

[00:01:46] [SPEAKER_00]: licenses and online pass keys.

[00:01:48] [SPEAKER_00]: The guidelines aim to balance secure online access with in-person verification, incorporating

[00:01:55] [SPEAKER_00]: feedback from various stakeholders.

[00:01:57] [SPEAKER_00]: Comments on the draft are open until October 7th, and Anist is also collaborating with

[00:02:02] [SPEAKER_00]: technology providers to explore mobile driver's license use cases in financial and government

[00:02:08] [SPEAKER_00]: services.

[00:02:10] [SPEAKER_00]: Why do we care?

[00:02:12] [SPEAKER_00]: Non-competes are indeed problematic and should be only deployed strategically.

[00:02:16] [SPEAKER_00]: Senior key leadership?

[00:02:18] [SPEAKER_00]: Yep.

[00:02:19] [SPEAKER_00]: Blanket idea?

[00:02:20] [SPEAKER_00]: Bad idea.

[00:02:21] [SPEAKER_00]: Regardless of how the law shakes out, that's the current reality.

[00:02:26] [SPEAKER_00]: Pass keys remain a solution I'm endorsing, and Anist adopting more guidance should

[00:02:30] [SPEAKER_00]: make it easier for vendors to adopt them.

[00:02:33] [SPEAKER_00]: As IT service providers, it's important to include this on your list of asks.

[00:02:40] [SPEAKER_00]: Today's episode is supported by CoreView.

[00:02:43] [SPEAKER_00]: Your customers need your Microsoft 365 expertise, and CoreView has the only M365 management

[00:02:50] [SPEAKER_00]: platform designed for MSPs.

[00:02:53] [SPEAKER_00]: Manage hundreds of tenants, automate manual tasks and monitor compliance, all while

[00:02:58] [SPEAKER_00]: intelligently comparing to the baseline.

[00:03:00] [SPEAKER_00]: With a no-code control approach, CoreView revolutionizes your Microsoft 365 administration.

[00:03:06] [SPEAKER_00]: This powerful platform enables automatic reporting and remediation, ensuring optimal

[00:03:11] [SPEAKER_00]: performance and security.

[00:03:14] [SPEAKER_00]: The best part?

[00:03:15] [SPEAKER_00]: You achieve this high level of service without the need for a large workforce, allowing

[00:03:19] [SPEAKER_00]: you to focus on growing your business through efficiency.

[00:03:23] [SPEAKER_00]: Want to know more?

[00:03:24] [SPEAKER_00]: Visit coreview.com slash MSP and find out more.

[00:03:31] [SPEAKER_00]: The US government has sued Georgia Tech, alleging fraud related to cybersecurity compliance

[00:03:37] [SPEAKER_00]: failures in a lab run by Dr. Emmanuel Antkostis.

[00:03:42] [SPEAKER_00]: The lawsuit claims that the lab did not follow required security protocols, specifically

[00:03:47] [SPEAKER_00]: by refusing to install antivirus software and submitted invoices for Department of Defense

[00:03:53] [SPEAKER_00]: projects while non-compliant.

[00:03:55] [SPEAKER_00]: Additionally, Georgia Tech reportedly submitted misleading self-assessments of its security

[00:04:01] [SPEAKER_00]: controls.

[00:04:02] [SPEAKER_00]: Here's a key quote from the reporting.

[00:04:04] [SPEAKER_00]: Quote, Georgia Tech admins asked him to comply with the requirement, but according to an

[00:04:09] [SPEAKER_00]: internal 2019 email, Antoniscus wasn't receptive to such a suggestion.

[00:04:15] [SPEAKER_00]: In a follow-up email, Antoniscus himself said that Endpoint Antivirus Agent is a

[00:04:21] [SPEAKER_00]: non-starter.

[00:04:22] [SPEAKER_00]: End quote.

[00:04:24] [SPEAKER_00]: In other charges, Matthew Knott, a 38-year-old from Nashville, was charged for aiding North

[00:04:30] [SPEAKER_00]: Korea in hiring IT workers at US and British companies using stolen identities.

[00:04:36] [SPEAKER_00]: He allegedly operated a laptop farm from his home, facilitating remote work for North

[00:04:41] [SPEAKER_00]: Koreans and laundering money for the regime.

[00:04:44] [SPEAKER_00]: If convicted, he faces up to 20 years in prison for charges including money laundering

[00:04:49] [SPEAKER_00]: and identity theft.

[00:04:51] [SPEAKER_00]: The case is part of a broader investigation into North Korean IT workers posing as

[00:04:56] [SPEAKER_00]: foreign citizens to evade sanctions and fund weapons programs.

[00:05:01] [SPEAKER_00]: And speaking of North Korea, CrowdStrike's 2024 report reveals that North Korean operatives,

[00:05:06] [SPEAKER_00]: under the famous Cheolomia, have infiltrated over 100 US tech firms by posing as job

[00:05:13] [SPEAKER_00]: applicants using stolen identities to gain remote IT positions.

[00:05:17] [SPEAKER_00]: This insider threat enables them to exfiltrate data and funnel salaries into North Korea's

[00:05:23] [SPEAKER_00]: weapons programs.

[00:05:24] [SPEAKER_00]: The report highlights a significant increase in adversaries' use of remote monitoring

[00:05:29] [SPEAKER_00]: tools, indicating a new era in cyber warfare that exploits the vulnerabilities of remote

[00:05:34] [SPEAKER_00]: work environments.

[00:05:35] [SPEAKER_00]: The FBI and DOJ have taken action against these schemes, emphasizing the global scope

[00:05:41] [SPEAKER_00]: of North Korea's operations.

[00:05:44] [SPEAKER_00]: Why do we care?

[00:05:45] [SPEAKER_00]: Everyone knows that one powerful user who refuses to do something.

[00:05:50] [SPEAKER_00]: The US government just said, nope, not with our dollars.

[00:05:55] [SPEAKER_00]: Consequences via the power of the purse.

[00:05:58] [SPEAKER_00]: Include this in your list of reasons for business owners to not place themselves

[00:06:02] [SPEAKER_00]: above the rules.

[00:06:03] [SPEAKER_00]: You could be sued.

[00:06:06] [SPEAKER_00]: This is a growing trend of threats from North Korea and a trend to be watching

[00:06:10] [SPEAKER_00]: for and training your teams about.

[00:06:15] [SPEAKER_00]: Microsoft will host the Windows Endpoint Security Ecosystem Summit on September 10, 2024,

[00:06:21] [SPEAKER_00]: to discuss improvements in Windows security with partners like CrowdStrike following that

[00:06:25] [SPEAKER_00]: recent incident that affected 8.5 million devices.

[00:06:29] [SPEAKER_00]: The summit aims to address kernel access issues, enhance resiliency and establish

[00:06:34] [SPEAKER_00]: best practices for safe deployment.

[00:06:36] [SPEAKER_00]: Microsoft seeks collaboration with security vendors and government representatives to

[00:06:40] [SPEAKER_00]: ensure transparency and develop effective security measures while balancing the interests

[00:06:45] [SPEAKER_00]: of third-party developers and its own security products.

[00:06:50] [SPEAKER_00]: Why do we care?

[00:06:51] [SPEAKER_00]: While we should just judge the output of the summit more than the existence of it,

[00:06:56] [SPEAKER_00]: it's clear that Microsoft is leaning into their security first approach.

[00:07:00] [SPEAKER_00]: The summit underscores the importance of transparency and collaboration between vendors,

[00:07:04] [SPEAKER_00]: customers and government entities.

[00:07:06] [SPEAKER_00]: Businesses should advocate for similar transparency in their interactions with vendors,

[00:07:11] [SPEAKER_00]: ensuring that security issues are promptly addressed and communicated.

[00:07:18] [SPEAKER_00]: There's also a host of vulnerabilities to be aware of.

[00:07:21] [SPEAKER_00]: A vulnerability in Microsoft's Co-Pilot Studio, identified as CVE-2024-38206,

[00:07:29] [SPEAKER_00]: allowed researchers to exploit server-side request forgery to access sensitive cloud data,

[00:07:34] [SPEAKER_00]: potentially affecting multiple tenants.

[00:07:37] [SPEAKER_00]: The flaw enabled authenticated attackers to bypass protections and leak information

[00:07:41] [SPEAKER_00]: from Microsoft's internal infrastructure.

[00:07:43] [SPEAKER_00]: Microsoft has since mitigated the issue, but the incident highlights the risks associated

[00:07:48] [SPEAKER_00]: with the tool's HTTP request feature, which could be abused to gain unauthorized

[00:07:53] [SPEAKER_00]: access to sensitive resources.

[00:07:56] [SPEAKER_00]: A critical configuration vulnerability known as AL-BEAST threatens over 15,000 AWS

[00:08:02] [SPEAKER_00]: applications using Application Load Balancer for authentication,

[00:08:07] [SPEAKER_00]: potentially compromising business resources and data.

[00:08:10] [SPEAKER_00]: The issue arises from inadequate validation of token signatures and misconfigured security groups.

[00:08:17] [SPEAKER_00]: AWS recommends allowing traffic only from trusted sources and implementing signature validation,

[00:08:23] [SPEAKER_00]: while experts emphasize the importance of proper token verification

[00:08:26] [SPEAKER_00]: and using diagnostic tools to prevent such configuration errors.

[00:08:31] [SPEAKER_00]: SolarWinds has issued a critical update for its web help desk product due to hard-coded credentials

[00:08:37] [SPEAKER_00]: that allow remote, unauthenticated attackers to access sensitive data.

[00:08:42] [SPEAKER_00]: The vulnerability, tracked as CVE-2024-28987, received a CVSS severity rating of 9.1,

[00:08:51] [SPEAKER_00]: affecting versions 12.8.3, HF1 and earlier.

[00:08:56] [SPEAKER_00]: Users are urged to install the hotfix to mitigate risks,

[00:09:00] [SPEAKER_00]: especially given the company's client base across various sectors.

[00:09:04] [SPEAKER_00]: This follows a recent critical vulnerability in the same software.

[00:09:09] [SPEAKER_00]: Researchers at Cisco Talos have identified serious vulnerabilities in Microsoft applications

[00:09:14] [SPEAKER_00]: or macOS that could allow attackers to misuse permissions,

[00:09:18] [SPEAKER_00]: enabling them to spy on users or steal sensitive information.

[00:09:22] [SPEAKER_00]: Eight vulnerabilities were found, with Microsoft considering them low-risk,

[00:09:26] [SPEAKER_00]: despite the potential for exploitation without user verification.

[00:09:31] [SPEAKER_00]: While some Microsoft apps have been updated to address these issues,

[00:09:34] [SPEAKER_00]: others like Excel, Outlook, PowerPoint and Word remain vulnerable.

[00:09:39] [SPEAKER_00]: Cisco Talos recommends Apple implement user prompts

[00:09:42] [SPEAKER_00]: for loading third-party plugins to enhance security.

[00:09:47] [SPEAKER_00]: Why do we care?

[00:09:48] [SPEAKER_00]: Well, tactically note the ones that matter to you.

[00:09:50] [SPEAKER_00]: I did want to highlight that SolarWinds one.

[00:09:54] [SPEAKER_00]: Hard-coded credentials? Really?

[00:09:56] [SPEAKER_00]: Way to make us question your post-breach security.

[00:10:00] [SPEAKER_00]: Disclosure, I'm a shareholder.

[00:10:03] [SPEAKER_00]: The recurring nature of vulnerabilities in vendor products,

[00:10:05] [SPEAKER_00]: seen with Microsoft and SolarWinds,

[00:10:07] [SPEAKER_00]: reinforces the importance of comprehensive vendor assessments

[00:10:10] [SPEAKER_00]: and the need for robust contracts that mandate timely disclosure

[00:10:15] [SPEAKER_00]: and resolution of security issues.

[00:10:19] [SPEAKER_00]: Looking to reach an audience of thousands of MSPs and IT service providers?

[00:10:24] [SPEAKER_00]: Put your ad right here on the Business of Tech

[00:10:27] [SPEAKER_00]: and be on the show that 64% of MSPs report having listened to.

[00:10:32] [SPEAKER_00]: A recurring top 50 tech news podcast,

[00:10:36] [SPEAKER_00]: there are affordable options for you to reach our audience

[00:10:39] [SPEAKER_00]: and we can support any budget.

[00:10:41] [SPEAKER_00]: Podcast listeners are more engaged,

[00:10:43] [SPEAKER_00]: have a higher level of brand retention

[00:10:45] [SPEAKER_00]: and are more willing to listen to ads here than any other avenues.

[00:10:51] [SPEAKER_00]: Want to know more?

[00:10:53] [SPEAKER_00]: There's information at mspradio.com slash engage

[00:10:56] [SPEAKER_00]: including a button to book a time to talk.

[00:11:00] [SPEAKER_00]: I'm looking forward to that discussion.

[00:11:04] [SPEAKER_00]: Thanks for listening.

[00:11:05] [SPEAKER_00]: Today is National Just Because Day.

[00:11:07] [SPEAKER_00]: It's also International Lottery Day,

[00:11:10] [SPEAKER_00]: so apparently just because I should buy a lottery ticket.

[00:11:13] [SPEAKER_00]: Have a question you want answered?

[00:11:14] [SPEAKER_00]: I take those listener questions,

[00:11:16] [SPEAKER_00]: send them in ideally as a voice memo or video to question at mspradio.com.

[00:11:21] [SPEAKER_00]: Catch me tomorrow live at 3 p.m. Eastern on YouTube and LinkedIn.

[00:11:26] [SPEAKER_00]: Jessica Davis joins me for a conversation

[00:11:28] [SPEAKER_00]: about AI and its implications on truth

[00:11:31] [SPEAKER_00]: and why solution providers care.

[00:11:34] [SPEAKER_00]: If you enjoyed the show, share it with a colleague

[00:11:36] [SPEAKER_00]: or post a comment or a thought in YouTube or reach out on LinkedIn.

[00:11:40] [SPEAKER_00]: I'll talk to you again tomorrow.

[00:11:43] [SPEAKER_00]: The Business of Tech is written and produced by me, Dave Sobel,

[00:11:47] [SPEAKER_00]: under ethics guidelines posted at businessof.tech.

[00:11:51] [SPEAKER_00]: If you like the content, please make sure to hit that like button,

[00:11:55] [SPEAKER_00]: follow or subscribe.

[00:11:56] [SPEAKER_00]: It's free and easy and the best way to support the show and help us grow.

[00:12:01] [SPEAKER_00]: You can also check out our Patreon where you can join

[00:12:04] [SPEAKER_00]: the Business of Tech community at patreon.com slash mspradio

[00:12:09] [SPEAKER_00]: or buy our Why Do We Care merch at businessof.tech.

[00:12:14] [SPEAKER_00]: Finally, if you're interested in advertising on the show,

[00:12:17] [SPEAKER_00]: visit mspradio.com slash engage.

[00:12:21] [SPEAKER_00]: Once again, thanks for listening to me.

[00:12:23] [SPEAKER_00]: I'll talk to you again on our next episode of the Business of Tech.

[00:12:30] [SPEAKER_00]: Part of the MSP Radio Network