Two years ago, the Coalition Against Stalkerware was founded by ten organizations. Today, Avast is one of more than 40 members, which include technology vendors, NGOs, academia, and police organizations from various countries. The goal of the coalition is to put a stop to domestic violence abuse and cyberstalking. In honor of the coalition’s recent second anniversary, I take a look at the international alliance’s ongoing work and achievements to date in this post for Avast’s blog.

The Coalition has lots of useful resources, including a condensed fact sheet for stalkerware survivors. There are guidelines on how to decide if your devices have been compromised or if there are other ways an abusive partner is stalking your digital life. The fact sheet also contains important information on how to remove such software as well as links to organizations that provide additional support.

Last week, the third annual CyberSec&AI Connected was held virtually. There were many sessions that combined academic and industry researchers along with leaders from Avast to explore the intersection of security and privacy and how AI and machine learning (ML) fit into both arenas. The conference strives to deepen the ties between academia and industry and this report for Avast’s blog dives into new and exciting work being done in various fields.

One of the speakers was Dawn Song, a computer science professor at the University of California at Berkeley. She outlined a four-part framework for responsible data use by AI that includes:

• Secure computing platforms, such as the Keystone open source secure processor hardware,
• Federated learning, whereby one’s data stays under their control,
• Differential privacy, using tools such as the Duet programming language and public data sets such as the Enron email collection, and
• Distributed ledgers that can have immutable logs to help guarantee security.

At this year’s Avast Data Summit, an internal event primarily intended for Avastians, a combination of Avast leaders and industry thought leaders gave seminars at the intersection of privacy, data, and security.

Many of the topics presented at the event can help you classify, work with, and better secure your data. Following these suggestions can better protect your customers’ privacy and improve your own corporate security profile.

Companies exist in a changing data landscape. There is an evolving collection of data sources and products that are used to produce reports, management objectives, and guide a variety of corporate initiatives such as improving customer experience and product features. The evolution of data means having a group of data curators who determine how trust relationships are determined and what data gets deleted and what is retained. This landscape was illustrated with the below diagram. I cover three main themes from the event: the importance of returning to security basics, understanding the nature of differential privacy, and how to use better tools to measure and improve your privacy and data governance.

You can read my report from the Summit on Avast’s blog here.

On October 4, Facebook was offline for about six hours due to human error. The company states that “configuration changes on our backbone routers” was the cause. In this post for Avast, I’ll explain what happened and walk through the takeaways for running your own business network. Thanks to two Internet protocols, DNS and BGP, Facebook engineers accidentally took their servers offline and prevented their users of WhatsApp and Instagram from operating their apps as well.

A more technical explanation can be found here on CLoudflare’s blog. This diagram shiows the outage of all three services:

Cybercriminals are expanding their “services” by offering to ban an Instagram user for the low, low price of $60. This was recently reported by Motherboard, whose research showed that anyone on Instagram can harass or censor anyone else. The notion is actually pretty clever, because the same criminals (and their close accomplices) can then offer a “restoration” service to the victim for several thousands of dollars.

Instagram has a support page that walks you through how to protest a disabled or banned account. It isn’t very good. In my post for Avast’s blog, I mention the issues and what you can do to harden your Instagram account.

If you have bought a single sign-on (SSO) product, how do you know that is operating correctly? That seems like a simple question, but answering it isn’t so simple. Configuring the automated sign-ons will require understanding of the authentication protocols they use. You will also need to know how your various applications use these protocols—both on-premises and SaaS—to encode them properly in the SSO portal. It would be nice if you could run an automated testing tool to find out where you slipped up, or where your SSO software is failing. That is the subject of this post. You can read more on How to find the right testing tool for Okta, Auth0, and other SSO solutions on CSOonline here.