Following a class action lawsuit led by Norfolk County Council over the effect of an alleged cover-up by Apple’s boss about iPhone demand in China, Apple has agreed to pay £385m to settle the lawsuit.

The lawsuit related to comments by Apple’s CEO, Tim Cook, to investors back in 2018 where he told them there was “sales pressure” in some countries but not in China, thereby indicating demand for iPhones there was normal. However, two months later (January 2019), Apple cited China-US tensions as a reason for downgrading its quarterly revenue forecast, which resulted in a sharp fall in Apple’s share price. The lawsuit, led by Norfolk County Council (and including a group of Apple investors) therefore alleged that that they had been falsely reassured by Mr Cook’s comments, lost money because of this, and Mr Cook had been covering up the company’s knowledge about lower demand for iPhones in China.

Following Apple’s agreement to settle the lawsuit, a statement by the Norfolk Pension Fund said it was “very proud of this recovery for investors” and that it’s willing to take “decisive action to recover losses when our participants’ investments are harmed by fraud”.

Billionaire hedge-fund manager, Bill Ackman’s Pershing Square Capital Management company has warned of the risks posed by recent Facebook ads impersonating Mr Ackman as part of an imposter fraud scam.

Mr Ackman’s company says it has already discovered 90 different versions of the advert which lures people into clicking on the ad by using Mr Ackman’s photo and identity (celeb-bait) and promising unrealistic investment returns. The intention of the adverts, placed by cyber criminals, is to steal the money of investors who fall victim the scam.

Facebook has described trying to stop such ads (more appear as soon as others are reported and taken down) like being like a game of “whack-a-mole”. Mr Ackman joins a long line of celebrities whose identities have been used by scammers. The general advice is that if an ad seems too good to be true or uses a celebrity to grab your attention, double-check before you click or buy anything.

Italian firm IronLev has claimed to have completed the first-ever magnetic levitation (maglev) test on an existing train track.

Energy Saving Potential 

The use of maglev technology for trains is particularly valuable because, if scaled up, it has the potential to reduce costs and energy usage as the industry seeks more efficient systems. This is because, unlike traditional trains that rely on wheels and rails (thereby creating significant friction), the idea of maglev trains is to levitate the train above the tracks using powerful magnets. The absence of physical contact with the track eliminates the wear and tear on tracks and wheels, leading to lower maintenance costs.

Also, the reduced friction means maglev trains require less energy to achieve and maintain high speeds, making them more energy efficient. Extra energy savings may also come from the trains’ streamlined design (minimising air resistance). Other benefits of maglev for trains are reduced noise and vibration for those living near train tracks.

Test Video 

Recently, at the LetExpo2024 trade fair in the Veneto region, Italian company Ironlev (from Treviso) showcased a video of its apparently successful maglev test on a conventional train track. The video showed a one-ton prototype traveling at a speed of 70 km/h (43 mph) over a two-kilometre stretch of line in the hinterland of Venice.

A First 

Massimo Bergamasco, director of the Institute of Mechanical Intelligence at the Scuola Superiore Sant’Anna in Pisa, said: “The test carried out by IronLev represents the first and only case of magnetic levitation applied to an existing railway track without requiring the modification or integration of accessory elements.” 

IronLev’s Chairperson, Adriano Girotto, also highlighted how Ironlev’s ability to create a workable new solution that uses existing infrastructure is an improvement on many of the mostly ad hoc stabs at achieving maglev train travel by others. Mr Girotto said: “Some of our competitors have carried out tests on specific tracks built to accommodate a magnetic levitation vehicle. We have demonstrated that our vehicle can levitate on an existing track.” 

Already Used In China, Korea, and Japan 

Although Ironlev can claim a first for magnetic levitation being applied to an existing railway track without needing modifications, maglev trains are already in use in China, South Korea, and Japan, albeit in very small numbers. Also, a maglev train was run in Germany just after the fall of the Berlin Wall.

Other Applications Of Maglev By Ironlev 

Interestingly, Ironlev is already finding other practical uses for its maglev technology, e.g. to move heavy windows, for elevators, and to transport loads within industrial settings.

What Does This Mean For Your Organisation? 

Although only successful in a test so far, Ironlev’s maglev technology shows great promise in many key areas. For example, if rolled out at scale, not only could it help the rail industry to decarbonise, save energy, and meet targets, but it may also improve performance and lessen the impact on homes close to railway.

Ironlev’s technology’s apparent success is rooted in its ability to solve two of the key challenges that have been holding back maglev railways up until now, i.e. it costs less than previous efforts and it can run on existing infrastructure without the need for costly, complicated, and time-consuming modifications. Also, as Ironlev has pointed out, its maglev technology can be leveraged in other areas, such as for elevators, thereby promising many other possible opportunities in different industries.

Although still at the testing stage, Ironlev’s system shows how existing technology can be modified to overcome a major challenge, thereby enabling that technology to evolve and benefit not just a whole industry, but our pressing collective need to decarbonise.

Windows allows users to customise or switch between different power plans based on their current needs, balancing performance with energy consumption. This is especially useful for laptop users who may need to maximise battery life or require full performance during intensive tasks. Here’s how works:

– Right-click on the battery icon in the taskbar and select Power Options, or search for “Edit Power Plan” in the Start menu.

– Here, you can switch between pre-defined plans such as Balanced, Power saver, or High performance.

– Customise these plans or create your own by modifying settings like screen brightness, sleep timers, and processor power management.

A recent US congressional vote means that TikTok and its parent company’s alleged ties with the Chinese Communist Party must be severed within six months or the popular TikTok app must be sold, thereby banning it in the US.

The Vote  

The unanimous Energy and Commerce Committee vote (50-0) in favour of forcing TikTok’s parent company ByteDance to divest itself or sell the app could see 170 million American users no longer able to use TikTok. There is now a wait to see whether the US Senate approves the measure before it becomes law. The stated purpose of the bill (as it stands) is to “protect the national security of the United States from the threat posed by foreign adversary controlled applications.” 

Chinese Links 

The worries that ByteDance’s links to the Chinese state make TikTok’s usage in the US a threat to national security date back to the Trump presidency. Back in 2020, (then) President Donald Trump tried to ban the app but was blocked by the courts. It was part of a wider trade and political war with China which is still carrying on. Other apps with links to China banned by Trump in 2021, for example, included the Ant Group’s Alipay mobile payment app, QQ Wallet, WeChat Pay, CamScanner, SHAREit, Tencent QQ, VMate (published by Alibaba Group subsidiary UCWeb), and Beijing Kingsoft Office Software’s WPS Office.

Bans In Many Countries 

The ban on TikTok was extended to number of other institutions and countries including:

– The European Commission, the UK government (and the BBC), the US government banned the TikTok app from staff devices, to protect sensitive personal data, increase cybersecurity, protect against misinformation, and to protect national security.

– In June 2020, India banned TikTok and around 300 other Chinese apps from government devices.

– In 2023, the TikTok app was banned from government devices in Australia and Canada.

– Other countries with a government device TikTok ban also include Taiwan, Ireland, Denmark, and Belgium.

Many may also remember how, in March last year, the CEO of TikTok, Shou Chew, had to appear before the House Energy and Commerce Committee in the US to discuss concerns about TikTok’s consumer privacy, data security practices, its impact on children, and the app’s alleged links to China.

This Time 

This time, however, rather than facing just a government device ban, TikTok is facing a whole country ban. Worse than that, it’s the country with TikTok’s largest audience, with estimates ranging around 113.3 million to 116.5 million users.

The stark choice facing ByteDance is to now either sell the TikTok app within 6 months (thereby severing alleged links with the Chinese state) or face removal from mobile app stores in the US, effectively wiping out its biggest audience, threatening the app itself.

What Would A Ban Mean? 

Looking at the broader picture, Banning TikTok in the US completely could have a significant impact on several fronts, given the app’s massive user base and economic influence in the country. Some of the potential effects could include :

– Massive user impact (businesses and home users). With millions of active users in the US, a ban would abruptly cut off access for a large community of creators and viewers. It would affect the way people consume and create short-form video content, potentially shifting these users to alternative platforms.

– A blow to the creator economy. Many US-based content creators rely on TikTok for income through brand partnerships, sponsored content, and the app’s creator fund. A ban could disrupt this economy, affecting the livelihood of thousands of influencers and content creators.

– A significant effect on market competition and innovation. For example, TikTok’s absence could create a vacuum in the social media landscape, encouraging competitors like Instagram Reels, YouTube Shorts, and Snapchat to fill the gap. This could lead to innovations within these platforms as they vie for the TikTok audience.

– Trouble for advertisers (brands). Brands that leverage TikTok for marketing and customer engagement would need to pivot their strategies to other channels. This could reshape digital marketing trends and impact the effectiveness of social media campaigns.

– More regulations. Heightened awareness and concerns over data privacy and security issues related to social media, could lead to more stringent regulations and policies affecting all platforms, not just TikTok.

– Effects on international relations. Given the geopolitical tensions underlying concerns about TikTok’s Chinese ownership, a ban could have diplomatic repercussions, influencing US-China relations (making them even worse) and possibly affecting American companies operating in China. Some commentators have already suggested we are witnessing a kind of ‘cold war’ with China now anyway, with the US restricting things like microchips and other components in a bid to perhaps stifle the growth of what it sees as a more powerful and growing economy.

– Legal and political ramifications. Implementing a ban would likely involve legal challenges and a complex regulatory process. It could set a precedent for how the U.S. government addresses concerns about foreign-owned technology companies in the future.

All in all, therefore, the impact of a TikTok ban in the US would extend well beyond the app itself, affecting the social media ecosystem, the digital economy, and even international relations. However, the specific outcomes would depend on a variety of factors, including how such a ban is implemented and the response from users, creators, businesses, and other stakeholders.

User Revolt Reported In The US 

Not surprisingly, there have been reports in the US of congressmen being inundated with calls from TikTok users objecting to a ban. It’s also been reported that TikTok encouraged its users to call their representative to vote against the measure.

Criticisms 

The vote and proposed ban have led to other criticisms, including that from The American Civil Liberties Union (ACLU) which pointed to the app’s value to many Americans for information and communication, and describing the ban as a “cheap” political point scoring measure in an election year.

What Does TikTok Say? 

TikTok has said (on the ‘X’ platform) that it amounts to “an outright ban” and that “This legislation will trample the First Amendment rights of 170 million Americans and deprive 5 million small businesses of a platform they rely on to grow and create jobs”. 

What Does This Mean For Your Business? 

The potential total ban of TikTok in the US represents a pivotal moment not only for the app’s parent company (ByteDance) but also for a broad spectrum of stakeholders ranging from individual creators to large corporations. For ByteDance, the forced sale or severance of its largest international market could significantly impact its valuation, strategic direction, and global influence.

The loss of the US market (TikTok’s largest) would not only diminish its advertising revenue but could also deter potential investors and partners concerned about the platform’s stability and future growth prospects.

For businesses and creators that rely on TikTok, the ramifications could be profound. The US, for example, is home to a significant creator economy where individuals and businesses leverage TikTok for brand building, audience engagement, and revenue generation. A ban would necessitate a strategic move to alternative platforms, which may not offer the same level of engagement or demographic reach as TikTok. This could disrupt marketing strategies, content distribution plans, and income streams for countless users.

The competition within the social media landscape would most likely intensify in the wake of a TikTok ban. Rivals such as Instagram Reels, YouTube Shorts, and Snapchat stand to gain the most, absorbing TikTok’s displaced user base – the US may not be too unhappy about US-based company apps taking TikTok’s place. This shift could spark a wave of innovation as platforms vie to capture and retain these new audiences, potentially reshaping the social media ecosystem.

From a broader economic perspective, a TikTok ban could have ripple effects beyond well the tech industry. The platform has become an integral part of digital marketing strategies for many businesses of all sizes. The disruption to these strategies could have downstream effects on sales, customer engagement, and brand loyalty across various sectors.

Also, the ban could bring about stricter regulatory scrutiny over social media platforms, leading to increased compliance costs and operational challenges. This heightened regulatory environment could stifle innovation and deter investment in the tech sector, impacting the wider economy.

The implications of a US-wide TikTok ban could, therefore, extend way beyond the app itself, affecting the livelihoods of creators, the strategies of businesses, the dynamics of social media competition, and the broader digital and national economies. Stakeholders will now, most likely, closely monitor developments and prepare should the worst happen. TikTok has held firm and denied any Chinese state links before. Nevertheless, the US is making a powerful statement with the unanimous vote and bill proposing a possible total ban which reflects the strength of resolve now in the US. It also reflects their willingness to pile-on the pressure in what is also a political battle with what they consider as a major rival.

In this second article of the “DMARC Diligence” series, we shift our focus towards securing non-sending or “forgotten” domains and outline a strategy for their protection through DMARC implementation.

Recap Of Part 1 

You may remember that in part one of this DMARC Due Diligence series of articles we laid the groundwork by exploring the essentials of the email authentication protocols SPF, DKIM, and DMARC. We learned how these mechanisms work in tandem to validate email sources, ensuring that only authenticated emails reach their intended destinations. The primary takeaway was the importance of implementing these protocols to shield email communications from the prevalent threats of phishing and spoofing attacks.

Here, in Part Two of the three-part series, we take a look at some key issues around securing non-sending or “forgotten” domains.

The Risk Of Non-Sending Domains 

Businesses often accumulate multiple domain names, yet routinely only a select few which are actively used for emails. This leaves a number of domains essentially dormant, with no emails being sent from them. These can be referred to as non-sending or “forgotten” domains.

However, their existence and registration on servers mean that even if they are dormant/forgotten, they’re still viable for exploitation and make ideal targets for cybercriminals to conduct spoofing and phishing attacks under the guise of your reputable name.

How Big Is The Problem? 

The problem of dormant or forgotten domains and their exploitation for email spoofing is significant and aligns with broader issues of email server misconfiguration and domain spoofing that impact businesses globally. For example, a KnowBe4 study (which used a domain spoof test) discovered that 82 per cent of email servers are misconfigured, thereby potentially enabling domain spoofing. Domain spoofing extends beyond email to include website spoofing, where fraudsters profit from the reputation of reputable domains, costing advertisers up to $1 million in lost revenue per month.

Recent Examples  

Examples of non-sending or “forgotten” domains being exploited by cyber-criminals include:

– As reported by Krebs back in 2020, attackers exploiting an authentication weakness at GoDaddy (the world’s largest domain name registrar) by using legitimate but inactive domains to distribute malware, including a potent strain of ransomware named Gand Crab. Despite efforts to fix the vulnerability and clean up affected domains, new campaigns exploiting these dormant domains emerged, thereby highlighting the ongoing challenge of securing unused domains against cyber exploitation.

– Just this month, Cyber Security Company, Guardio Labs reported uncovering what they referred to as a major “SubdoMailing” campaign which involved the hijacking of 8,000+ trusted domains to send millions of spam and malicious phishing emails daily. The big brands whose subdomains they reported were being exploited in the campaign included MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay.

The DMARC Solution For Non-Sending/Forgotten Domains 

As highlighted in the previous article in this series, DMARC offers a way to authenticate mail and specify how unauthenticated emails should be treated. However, its real power lies in its ability to be applied to all your domains, active or dormant. This means that by configuring DMARC records for your non-sending domains, you can effectively seal off a potential backdoor for attackers, preventing them from masquerading as your business in malicious campaigns.

Step-by-Step DMARC Implementation For Non-Sending Domains 

With this in mind, here’s an example of a step-by-step strategy for businesses with multiple domains for using DMARC to close the backdoor vulnerability that non-sending/forgotten domains provide:

– Conduct a comprehensive domain audit to identify all the domains your business owns. Next, distinguish between those used for sending emails and those that are not.

– For your non-sending domains, establish DMARC records in the DNS with an initial policy of p=none. This monitoring mode allows you to collect data on how these domains might be exploited without impacting legitimate email traffic.

– Analyse DMARC reports. Regularly reviewing the DMARC reports to identify unauthorised usage of your non-sending domains can provide insights to guide you in tightening the DMARC policy to more restrictive settings (p=quarantine or p=reject), effectively blocking malicious emails.

– Ongoing vigilance. With the cyber threat landscape perpetually evolving, getting into the habit of continually monitoring your DMARC reports and adjusting your policies as needed can help maintain robust protection against emerging threats.

What Does This Mean For Your Business? 

Acknowledging and securing your non-sending/forgotten domains with DMARC is now not just a technical safeguard but is now an essential strategy in fortifying your business’s cybersecurity posture. With email fraud now rampant, overlooking these domains could leave your business susceptible to cyberattacks, compromising your integrity and the trust you’ve built with your clients and partners.

Also, as regulations around data protection become increasingly stringent, ensuring that all your domains are shielded with DMARC demonstrates a proactive stance on cybersecurity. This not only helps compliance with laws like GDPR but also positions your business as a trustworthy and secure entity in the digital marketplace.

The protection of non-sending domains via DMARC implementation, therefore, is a crucial step in closing the security gaps within your business’s digital domain strategy.

Next Week…

Next week, in the last of this three-article series, we’ll be focusing on a detailed step-by-step guide for DMARC implementation, the crucial role of monitoring and reporting for effective DMARC management, strategies for optimising DMARC policies, and preparing for future email security challenges. The hope is that this series will provide UK businesses with insights into maximising email security, enhancing brand protection, and ensuring compliance with evolving regulations.