PSB Monthly News

We made the decision to put a pause on posting news for the time being, so we can focus on creating more courses, blog posts, books, infographics, and other products and services helpful to organizations, and the general public. When we resume posting news, we will put an alert on the home page. Thank you!

November 2022

Breaches and Security Incidents

• Find Out if You're Eligible to Receive Money From T-Mobile's $350 Million Data Breach Settlement. T-Mobile has identified 76 million Americans whose information was compromised in the 2021 cyberattack.

  Nov 4 2022

  https://www.cnet.com/personal-finance/t-mobiles-350-million-data-breach-settlement-see-if-youre-eligible-for-a-payment/

• Find Out if You're Eligible to Receive Money From T-Mobile's $350 Million Data Breach Settlement. T-Mobile has identified 76 million Americans whose information was compromised in the 2021 cyberattack.

  Nov 4 2022

  https://www.cnet.com/personal-finance/t-mobiles-350-million-data-breach-settlement-see-if-youre-eligible-for-a-payment/

Critical Infrastructure

• November Declared Critical Infrastructure Security and Resilience Month by Whitehouse

  Nov 3 2022

  https://www.hipaanswers.com/november-declared-critical-infrastructure-security-and-resilience-month-by-whitehouse%EF%BF%BC/

Education Sector: Schools and Students

• This School Took Away Smartphones. The Kids Don’t Mind. Here’s what happened when a Massachusetts school decided smartphones were splintering its community.

  Nov 5 2022

  https://www.wsj.com/articles/this-school-took-away-smartphones-the-kids-dont-mind-11667614444?st=94v7jnzfsxm85ug&reflink=share_mobilewebshare

Internet of Things (IoT) Tech (See expanded coverage in the PSB page dedicated to IoT tech)

• The Unintended Consequences of Apple’s Fertility Tech. The company says the Apple Watch’s ovulation-tracking tech isn’t birth control. But the public doesn’t necessarily know how to use that information safely.

  Nov 2 2022

  https://www.wired.com/story/apple-watch-fertility-features-not-birth-control/

Laws, Regulations, and Legal Sanctions

• Kanye West can't sell 'White Lives Matter' shirts because two Black men own the trademark. Ramses Ja and Quinton Ward, hosts of racial justice radio show Civic Cipher, are legal owners of trademark.

  Nov 3 2022

  https://6abc.com/kanye-west-news-ye-white-lives-matter-civic-cipher/12412792/

• We speak to the two Black DJs who bought ‘White Lives Matter’. The hosts of Civic Cipher have obtained the trademark for the controversial slogan, ruining the rapper’s plans to monetise racial hatred

  Nov 3 2022

  https://www.dazeddigital.com/music/article/57370/1/white-lives-matter-two-black-djs-civic-cipher-trademark-kanye-west

Personal, Sensitive and Other Data

• Close up of young man hand using smart phone at night showing data sharing of mobile apps. Your Favorite Apps May Be ‘Sharing’ Way More of Your Data Than They Let On

  Nov 4 2022

  https://www.cpomagazine.com/data-privacy/your-favorite-apps-may-be-sharing-way-more-of-your-data-than-they-let-on/

Social Media

• Twitter Rolls Out Blue Check Marks for Paying Customers. Elon Musk on Saturday made his first big change for users of the social media platform

  Nov 5 2022

  https://www.wsj.com/articles/twitter-rolls-out-blue-check-marks-for-paying-customers-11667681496?st=b8bi1gmblrpq7x4&reflink=share_mobilewebshare

• Security News This Week: TikTok Admits Staff in China Can Access Europeans’ Data. Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

  Nov 5 2022

  https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/

• FCC commissioner urges US to ban TikTok

  Nov 2 2022

  https://6abc.com/fcc-commissioner-says-us-should-ban-tiktok-report/12405762/

Surveillance

• Surveillance 'existential' danger of tech: Signal boss

  Nov 5 2022

  https://today.rtl.lu/news/business-and-tech/a/1988243.html

• Unverify Me, Daddy. Elon Musk’s plan to make users pay for verification won’t turn it into a status symbol. It’ll just ruin the blue check’s appeal.

  Nov 3 2022

  https://www.wired.com/story/twitter-elon-musk-verification/

Technologies: New and Evolving

• Web inventor Tim Berners-Lee wants us to ‘ignore’ Web3: ‘Web3 is not the web at all’

  Nov 4 2022

  https://www.cnbc.com/2022/11/04/web-inventor-tim-berners-lee-wants-us-to-ignore-web3.html

October 2022

Breaches and Security Incidents

• Millions of MyDeal users have data sold online after breach

  Oct 18 2022

  https://www.techradar.com/news/over-2-million-mydeal-users-have-had-their-data-sold-online-after-a-breach

Education Sector: Schools and Students

• FTC Brings Action Against Ed Tech Provider Chegg for Careless Security that Exposed Personal Data of Millions of Customers. FTC order against Chegg will require company to shore up its security against data breaches, and delete unnecessary data.

  Oct 31 2022

  https://www.ftc.gov/news-events/news/press-releases/2022/10/ftc-brings-action-against-ed-tech-provider-chegg-careless-security-exposed-personal-data-millions

Hacking and Cybercrime

• Medibank, Optus, Woolworths data hacks show how a 'decade of anti-security policy' is putting Australia at risk, experts say

  Oct 20 2022

  https://www.abc.net.au/news/2022-10-21/medibank-optus-data-hack/101558932

Laws, Regulations, and Legal Sanctions

• Seagate denies it illegally sold hard drives to Huawei. While shedding 1 in 12 staff as demand for storage nosedives.

  Oct 26 2022

  https://www.theregister.com/2022/10/26/seagate_layoffs_huawei/

• Last-Minute Proposed Changes Could Weaken Landmark CA Privacy Rules, Consumer Watchdog Calls on Commission to Tighten Rules in New Report Outlining Regulations

  Oct 25 2022

  https://www.yahoo.com/now/last-minute-proposed-changes-could-183100296.html

• Unpacked: How retailers can keep up with CPRA and other data privacy laws

  Oct 25 2022

  https://www.modernretail.co/marketing/unpacked-how-retailers-can-keep-up-with-cpra-and-other-data-privacy-laws/

• Colorado Consumer Privacy Rules Add to Looming Business Mandates

  Oct 21 2022

  https://news.bloomberglaw.com/privacy-and-data-security/colorado-consumer-privacy-rules-add-to-looming-business-mandates

Personal, Sensitive and Other Data

• India: Commercial Exploitation Of Personal Data – Through The Looking Glass

  Oct 31 2022

  https://www.mondaq.com/india/privacy-protection/1245096/commercial-exploitation-of-personal-data-through-the-looking-glass

• If your phone needs fixing, make sure your secrets are safe first. It happens to the best of us, but don’t take it in for repairs until your personal data is secure.

  Oct 31 2022

  https://www.washingtonpost.com/technology/2022/10/31/phone-repair-data-privacy/

• Chegg's Data Security Practices Draw Regulatory Action

  Oct 31 2022

  https://www.yahoo.com/video/cheggs-data-security-practices-draw-182116951.html

• You can probably sell your client database

  Oct 28 2022

  https://www.travelweekly.com/Mark-Pestronk/You-can-probably-sell-your-client-database

• US data transfers

  Oct 28 2022

  https://www.dentons.com/en/insights/articles/2022/october/28/us-data-transfers

• Does Netflix track your personal data? We take a look at the information Netflix is collecting about you, and why.

  Oct 27 2022

  https://www.choice.com.au/consumers-and-data/data-collection-and-use/how-your-data-is-used/articles/does-netflix-track-your-personal-data-and-information

• Ed Sheeran hacker sold star's stolen songs on the dark web. Adrian Kwiatkowski also stole tracks from American rapper Lil Uzi Vert and made £131,000 from selling them on the dark web.

  Oct 21 2022

  https://www.hulldailymail.co.uk/whats-on/music-nightlife/ed-sheeran-hacker-sold-stars-7732532

• Here's How to Protect Your Data From Invasive Android App Permissions. You're putting your data at risk whenever you grant your Android apps more permissions than they need. Manage Android app permissions to protect your data.

  Oct 17 2022

  https://www.cnet.com/tech/services-and-software/heres-how-to-protect-your-data-from-invasive-android-app-permissions/

Social Media

• Elon Musk has bought Twitter and fired its top executives

  Oct 27 2022

  https://ksltv.com/509864/elon-musk-has-bought-twitter-and-fired-its-top-executives/

September 2022

HIPAA and Healthcare

Insider Threat and Selling Health Data to Russia

We are including multiple reports about the same incident to provide a diversity of views, opinions, and more comprehensive facts about the case. Notice the first report below is the one from the U.S. Department of Justice that announced this news:

• Major in the United States Army and a Maryland Doctor Facing Federal Indictment for Allegedly Providing Confidential Health Information to a Purported Russian Representative to Assist Russia Related to the Conflict In Ukraine.

  U.S. Department of Justice News release

  Sept 29 2022

  https://www.justice.gov/usao-md/pr/major-united-states-army-and-maryland-doctor-facing-federal-indictment-allegedly

• US army major and wife charged for leaking health data to Russia: Report

  Sept 29 2022

  https://www.msn.com/en-in/news/world/us-army-major-and-wife-charged-for-leaking-health-data-to-russia-report/ar-AA12oYrq?ocid=EMMX

• Two Doctors Allegedly Tried To Leak Military Medical Records To Russia. Jamie Lee Henry and Anna Gabrielian face up to 10 years in prison if convicted

  Sept 29 2022

  https://www.buzzfeednews.com/article/juliareinstein/army-doctor-wife-russia-charges

• Johns Hopkins and Army doctor charged as would-be Russian spies. An Army major and her Russian-speaking spouse tried to steal medical records to help the Russian war effort, according to the indictment.

  Sept 29 2022

  https://www.courthousenews.com/johns-hopkins-and-army-doctor-charged-as-would-be-russian-spies/

• US Army doctor and anesthesiologist charged with conspiring to provide US military medical records to Russian government

  Sept 29 2022

  https://www.cnn.com/2022/09/29/politics/us-army-doctor-anesthesiologist-russian-government-medical-records

• Ukraine-Russia war: US army doctor and wife charged with Russia spying

  Sept 29 2022

  https://www.bbc.com/news/world-us-canada-63079868

• US couple charged in alleged plot to leak military health data to Russia. DoJ indictment alleges that former army major and his wife wanted to help the Russian government after it invaded Ukraine

  Sept 29 2022

  https://www.theguardian.com/us-news/2022/sep/29/us-couple-charged-russia-leak-healthcare-data

• Maryland Couple Indicted For Illegal Disclosure of American Health Information to Russia

  Sept 29 2022

  https://www.lawfareblog.com/maryland-couple-indicted-illegal-disclosure-american-health-information-russia

• U.S. says ex-Army major and wife tried to leak military health data to Russia

  Sept 29 2022

  https://www.reuters.com/world/us/us-charges-ex-army-major-his-wife-over-alleged-plot-leak-military-health-data-2022-09-29/

• Hopkins anesthesiologist, Army Major spouse conspired to offer medical records to Russia: federal indictment

  Sept 29 2022

  https://www.cbsnews.com/baltimore/news/hopkins-anesthesiologist-army-major-spouse-conspired-to-offer-medical-records-to-russia-federal-indictment/

• An Army major's wife had them read up on how to be a Soviet spy so they could leak sensitive US military medical info to Russia, prosecutors say

  Sept 29 2022

  https://www.businessinsider.com/army-major-study-soviet-spy-leaking-military-medical-information-russia-2022-9

• Army major, wife charged in plot to give medical records to Russia

  Sept 29 2022

  https://nypost.com/2022/09/29/us-army-major-wife-charged-with-plotting-to-hand-over-medical-records-to-russia/

• US charges ex-Army major and his wife over alleged plot to leak military health data to Russia (Update)

  Sept 29 2022

  https://cyprus-mail.com/2022/09/29/us-charges-ex-army-major-and-his-wife-over-alleged-plot-to-leak-military-health-data-to-russia/

• FBI ARRESTS PRO-RUSSIAN “PATRIOT HACKERS” FROM COLORADO AND MARYLAND

  Sept 29 2022

  https://www.flyingpenguin.com/?p=41419

• GAO Calls on OCR to Educate Patients on Telehealth Security, Privacy Risks. GAO’s review of Medicare telehealth services delivered during the pandemic revealed some gaps in telehealth security and privacy communications.

  Sept 29 2022

  https://healthitsecurity.com/news/gao-calls-on-ocr-to-educate-patients-on-telehealth-security-privacy-risks

• Health Care Triage: Issue-Spotting Hospital Activities that May Trigger FDA Regulatory Oversight

  Sept 29 2022

  https://www.jdsupra.com/legalnews/health-care-triage-issue-spotting-6602035/

Personal, Sensitive and Other Data

• How to scrub your phone number and address from Google search. Online stalking and harassment are real threats. Companies are slowly catching up, advocates say.

  Sept 29 2022

  https://www.washingtonpost.com/technology/2022/09/29/remove-google-search-results/

• Proposed “do not sell my data” bill could be key for domestic violence survivors. The Federal Trade Commission notes the lack of a general federal privacy statute to regulate personal data.

  Sept 29 2022

  https://www.kait8.com/2022/09/29/proposed-do-not-sell-my-data-bill-could-be-key-domestic-violence-survivors/

• How to protect personal data when selling MacBook

  Sept 27 2022

  https://infotechlead.com/devices/how-to-protect-personal-data-when-selling-macbook-74677

• Privacy survey shows most people read the T&Cs, would sell their personal data. Are you in the same camp?

  Sept 21 2022

  https://www.techspot.com/news/96046-privacy-survey-shows-most-people-read-tcs-would.html

• Personal data sold from over 1 billion Chinese highlights CCP’s poor security, and it’s increasing (YouTube video)

  Sept 21 2022

  https://www.youtube.com/watch?v=k_miWZESCcE

• To Address Emerging Privacy Issues, Congress Should Consider Comprehensive Legislation

  U.S. Government Accountability Office (GAO)

  Sept 13 2022

  https://www.gao.gov/blog/address-emerging-privacy-issues-congress-should-consider-comprehensive-legislation

• How to Remove Yourself From Data Collection Sites in 2022: Protecting Your Personal Info Online. If you don’t want your personal data to be sold to third-party companies without your approval, you should remove yourself from data collection sites immediately. It may sound difficult and time-consuming, but there are tools to make it easier.

  Sept 12 2022

  https://www.cloudwards.net/remove-yourself-from-data-collection-sites/

• The Most Important Things to Know About Apps That Track Your Location

  Sept 1

  https://time.com/6209991/apps-collecting-personal-data/

August 2022

Personal, Sensitive and Other Data

• Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police

  Aug 31 2022

  https://www.eff.org/deeplinks/2022/08/inside-fog-data-science-secretive-company-selling-mass-surveillance-local-police

• Fog Revealed: A Guided Tour of How Cops Can Browse Your Location Data

  Aug 31 2022

  https://www.eff.org/deeplinks/2022/08/fog-revealed-guided-tour-how-cops-can-browse-your-location-data

May 2022

Applications and Systems Security, Vulnerabilities and Threats

• Turkish Airline Exposes Flight and Crew Info in 6.5TB Leak

  A low-cost Turkish airline accidentally leaked personal information of flight crew alongside source code and flight data after misconfiguring an AWS bucket, it has emerged.

  InfoSecurity Magazine

  May 31 2022

  https://www.infosecurity-magazine.com/news/turkish-airline-exposes-flight

• Tech giants pledge $30M to boost open source software security

  Carly Page. Tech Crunch.

  May 16 2022

  https://techcrunch.com/2022/05/16/white-house-open-source-security/

• GitHub users will be required to use two-factor authentication by 2023

  By the end of 2023, the widely used code repository will require contributors to utilize two-factor authentication.

  May 4 2022

  https://www.protocol.com/bulletins/github-open-source-software-security

Breaches

• Verizon 2022 DBIR Data Breach Investigations Report

  May, 2022

  https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf

• 10 Biggest Data Breaches in Finance

  Edward Kost, UpGuard

  May 30, 2022

  https://www.upguard.com/blog/biggest-data-breaches-financial-services

• 50k customers caught up in Spirit Super phishing attack

  Data possibly compromised after attacker overcame MFA.

  Australia: IT News

  May 30 2022

  https://www.itnews.com.au/news/50k-customers-caught-up-in-spirit-super-phishing-attack-580647

• FBI heads to Brooks County to investigate cyber attack

  According to county officials, if they cannot recover the online documents then it will be a lengthy process to re-enter that data by hand.

  3 News. Corpus Christi, TX.

  May 26 2022

  https://www.kiiitv.com/article/news/local/fbi-heads-to-brooks-county/503-65dd01db-c32d-4f78-9162-7bbe57fc11b0

• 7 data breach reporting rules banks need to understand

  Carter Pape. American Banker.

  May 19 2022

  https://www.americanbanker.com/list/7-data-breach-reporting-rules-banks-need-to-understand

• The real cost of a data breach in 2022

  Katie Yahnke. Field Effect.

  May 3 2022

  https://fieldeffect.com/blog/real-cost-data-breach/

Laws, Regulations, Fines, Penalties, Law Suits

• $150 Million Fine to Twitter Over Privacy Violations; Email and Phone for “Account Security” Used in Targeted Advertising Without User Knowledge

  Twitter has in recent years has begun periodically requiring phone number checks for "account security." What users have not always been aware of is that these items have been added in to Twitter's internal personalized advertising system.

  CPO Magazine

  MAY 31 2022

  https://www.cpomagazine.com/news/

Nation State Attacks, Hacking & Cyberwar

• Cyberattack downs Regina Public Schools' computer systems

  District has not said whether any private information — if any — has been exposed

  Alexander Quon · CBC News

  May 26 2022

  https://www.cbc.ca/news/canada/saskatchewan/regina-public-schools-cyber-attack-1.6467451

• Hacker Steals $1.4 Million in NFTs From Collector In One Sweep

  The scammer “hacked a father of three children under 6-years-old and a wife, and took all their hard earned money for the past 38 years accrued in a few minutes," the victim said.

  Vice.

  May 25 2022

  https://www.vice.com/en/article/pkp7pm/hacker-steals-dollar14-million-in-nfts-from-collector-in-one-sweep

Ransomware

• Massive CPS data breach exposes records of 560,000 students, employees

  The staff and student information was exposed after a CPS vendor was targeted in a ransomware attack on Dec. 1, the district said.

  Nader Issa, Lauren FitzPatrick. Chicago Sun Times.

  May 20 2022

  https://chicago.suntimes.com/education/2022/5/20/23132983/cps-public-schools-data-breach-students-employees-records-battelle-kids

• Nikkei becomes latest major news outlet hit with ransomware

  The Record.

  May 20 2022

  https://therecord.media/nikkei-ransomware-attack-singapore/

April 2022

AI & Machine Learning

• Privacy And Cybersecurity Risks In Transactions – Impacts From Artificial Intelligence And Machine Learning, Addressing Security Incidents And Other Diligence Considerations

  Lauren Kitces and Colleen Theresa Brown. Sidley Austin LLP.

  April 6 2022

  https://www.mondaq.com/unitedstates/privacy-protection/1180030/privacy-and-cybersecurity-risks-in-transactions-impacts-from-artificial-intelligence-and-machine-learning-addressing-security-incidents-and-other-diligence-considerations

Cloud Security & Privacy

• Data privacy, security top challenges for cloud implementation

  Security Magazine

  April 12 2022

  https://www.securitymagazine.com/articles/97409-data-privacy-security-top-challenges-for-cloud-implementation

Education, Training & Awareness

• Solving data privacy challenges starts with people-centric security

  Organizations should focus on the people layer with the same meticulousness as they approach the network, endpoints and applications

  Lucia Milică. Security Info Watch.

  April 28 2022

  https://www.securityinfowatch.com/cybersecurity/information-security/article/21265932/solving-data-privacy-challenges-starts-with-peoplecentric-security

Laws, Regulations & Law Suits

• Colorado AG Issues Guidance on Data Security Best Practices

  Natasha G. Kohne, Michelle A. Reed & Melissa D. Whitaker. Akin Gump.

  April 5 2022

  https://www.akingump.com/en/experience/practices/cybersecurity-privacy-and-data-protection/ag-data-dive/colorado-ag-issues-guidance-on-data-security-best-practices.html

Privacy

• The importance of data privacy in your organization.

  Data privacy must be backed by strong cybersecurity practices

  Frédéric Rivain. Tech Radar.

  April 07 2022

  https://www.techradar.com/features/the-importance-of-data-privacy-in-your-organization

Ransomware

• Cyber Protections Helping To Curb Ransoms, Report Says

  Heal Security.

  April 7 2022

  https://healsecurity.com/cyber-protections-helping-to-curb-ransoms-report-says/

Trends

• Trends in privacy & data security: Looking back at 2021 and ahead to 2022

  Thomson Reuters Institute

  April 7 2022

  https://www.reuters.com/legal/legalindustry/trends-privacy-data-security-looking-back-2021-ahead-2022-2022-04-07/

March 2022

AI & Machine Learning

• The AI Placed You at the Crime Scene, but You Weren’t There

  This week, we talk about the limitations of using facial recognition technology to identify suspected criminals.

  March 18 2022

  https://www.wired.com/story/gadget-lab-podcast-542/?

• Russia's Killer Drone in Ukraine Raises Fears About AI in Warfare

  The maker of the lethal drone claims that it can identify targets using artificial intelligence.

  March 17 2022

  https://www.wired.com/story/ai-drones-russia-ukraine/

Authentication

• Locked-Out Account Users Wrestle With Two-Factor Authentication. Two-factor authentication aims to keep hackers out of online accounts. It sometimes keeps their rightful owners out too.

  March 9 2022

  https://www.wsj.com/articles/locked-out-account-users-wrestle-with-two-factor-authentication-11646864492?st=wox3d93wqwli9hq&reflink=desktopwebshare_permalink

Breaches

• Breached! Why Data Security Law Fails and How to Improve It (Chapter 1) by Daniel J. Solove, Woodrow Hartzog :: SSRN

  https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4043111

• The importance of building in security during software development

  March 14 2022

  https://www.helpnetsecurity.com/2022/03/14/breaches-vulnerable-application/?web_view=true

Bitcoin & Other Cryptocurrency

• Privacy coins are surging. Will regulatory pressure stall their stellar run? Many privacy coin developers are convinced that all the necessary mechanisms to regulate AECs are already in place.

  March 27 2022

  https://cointelegraph.com/news/privacy-coins-are-surging-will-regulatory-pressure-stall-their-stellar-run

• How Investors Can Keep Crypto Assets Safe

  It’s too easy to lose everything. Here’s a guide to where—and how—to store digital currencies, NFTs and more.

  March 18 2022

  https://www.wsj.com/articles/how-investors-can-protect-crypto-assets-11647445341?st=6whemtjgyuo91gt&reflink=desktopwebshare_permalink

• ICE Conducted Sweeping Surveillance Of Money Transfers Sent To And From The US, A Senator Says. Sen. Ron Wyden is seeking an investigation into whether the program, which obtained about 6 million records from people in several Southwest states, was constitutional.

  March 8 2022

  https://www.buzzfeednews.com/article/hamedaleaziz/ice-western-union-records-wyden

Conspiracy Theories, Misinformation, Disinformation

• Sandy Hook and the Troubling Psychology of Conspiracy Theories. Deniers of the school shooting gathered in a private Facebook group. Their posts lend a window into how and why cruel rumors take off.

  March 11 2022

  https://www.wired.com/story/sandy-hook-psychology-conspiracy-theories

Critical Infrastructure

• In Spite Experiencing Some of the Biggest Data Breaches in Recent Years, the Travel Industry Is Still Full of Security Holes

  Sept 21 2020

  https://www.cpomagazine.com/cyber-security/in-spite-experiencing-some-of-the-biggest-data-breaches-in-recent-years-the-travel-industry-is-still-full-of-security-holes

Cyber Crime

• Who's who in the cybercriminal underground

  Cybercriminal groups are specializing as malware developers, initial access brokers, ransomware-as-a-service providers, data brokers, and other roles.

  March 14 2022

  https://www.csoonline.com/article/3653353/whos-who-in-the-cybercriminal-underground.html

Cyber Insurance

• Insurance industry braces for soaring payouts from war in Ukraine

  Aviation underwriters fear biggest loss event in sector’s history

  March 16, 2022

  https://www.ft.com/content/e62df5f9-1716-4220-b583-91ba24d4cfb2

Cybersecurity

• A Paranoid Person’s Guide to Preparing for Digital Danger. Russia’s attack may have you wondering what will happen if the conflict spills into cyberthreats beyond Ukraine’s borders. Here’s what you can do to ease your mind.

  March 5 2022

  https://www.nytimes.com/2022/03/05/your-money/cybersecurity-tips.html

• Cybersecurity should be treated an Environmental, Social, and Corporate Governance (ESG) issue. Here's why | World Economic Forum

  March 1 2022

  https://www.weforum.org/agenda/2022/03/three-reasons-why-cybersecurity-is-a-critical-component-of-esg/

Education

• School kids to be taught advanced cybersecurity skills | The Educator K/12

  March 16 2022

  https://www.theeducatoronline.com/k12/news/school-kids-to-be-taught-advanced-cybersecurity-skills/279824

Laws, Regulations & Law Suits

• The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of three investigations and one matter before an Administration Law Judge related to compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Two of these cases are part of OCR’s HIPAA Right of Access Initiative, bringing the total number of these enforcement actions to twenty-seven since the initiative began. OCR created this initiative to support individuals' right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The other enforcement actions result from healthcare providers impermissibly disclosing their patients’ protected health information (PHI).

  March 28 2022

  https://www.hhs.gov/about/news/2022/03/28/four-hipaa-enforcement-actions-hold-healthcare-providers-accountable-with-compliance.html

• Employment law still has roots in the Middle Ages. That’s terrible for workers.

  March 17 2022

  https://www.washingtonpost.com/outlook/2022/03/17/labor-law-middle-ages-wisconsin/

• FTC Takes Action Against CafePress for Data Breach Cover Up

  Commission orders e-commerce platform to bolster data security and provide redress to small businesses

  March 15 2022

  https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-takes-action-against-cafepress-data-breach-cover

• Italy slaps almost $22m fine on US facial recognition firm. Italy's privacy watchdog said that, despite Clearview's assertions to contrary, firm had allowed tracking of Italian citizens.

  March 9 2022

  https://www.thenews.com.pk/latest/940004-italy-fines-us-facial-recognition-firm

Linux & Similar OS’s Vulnerabilities & News

• Weaponized Dirty Pipe Exploit In Action: Introduction

  March 10 2022

  https://www.spyderbat.com/post/weaponized-dirty-pipe-exploit-in-action

Nation State Attacks, Hacking & Cyberwar

• Why National Security Is a Shared Burden Between the State and the Private Sector

  Plus, how geopolitical competition between the West and China could bring about the ‘splinternet.’

  March 17 2022

  https://current.thedispatch.com/p/why-national-security-is-a-shared

• ODNI assesses potential cyber-attacks from China, Iran, North Korea, Russia on US critical infrastructure sector - Industrial Cyber

  March 16 2022

  https://industrialcyber.co/critical-infrastructure/odni-assesses-potential-cyber-attacks-from-china-iran-north-korea-russia-on-us-critical-infrastructure-sector/

• FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

  March 16 2022

  https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html

• The day of techno independence. China's plan to no longer depend on the West

  Fri, March 11, 2022

  https://es-us.finanzas.yahoo.com/news/d%c3%ada-tecnoindependencia-plan-china-depender-031400516.html

• Conti hackers continue to target US, international organizations, as attacks and IOCs increase - Industrial Cyber

  March 10 2022

  https://industrialcyber.co/cisa/conti-hackers-continue-to-target-us-international-organizations-as-attacks-and-iocs-increase/

• China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds

  MAR 9 2022

  https://www.cnbc.com/2022/03/09/china-state-backed-hackers-compromised-6-us-state-governments-report.html

• Internet Backbone Giant Lumen Shuns .RU

  March 8, 2022

  https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/

• Chinese hackers breached six state governments, researchers say

  March 8 2022

  https://www.washingtonpost.com/politics/2022/03/08/chinese-hackers-breached-six-state-governments-researchers-say/

• China Hacked at Least 6 U.S. State Government Networks. A threat actor with longstanding ties to the Chinese government has targeted half a dozen state governments, research from cybersecurity giant Mandiant shows.

  March 8 2022

  https://gizmodo.com/china-hacked-at-least-6-u-s-state-government-networks-1848621916

• Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments

  MAR 08 2022

  https://www.mandiant.com/resources/apt41-us-state-governments

• How to Tell News Fact from Fiction, Even During a War. People have been sharing information about the war in Ukraine on social media without verifying it. News-literacy tactics taught in school can benefit many of us

  March 5 2022

  https://www.wsj.com/articles/how-to-spot-fake-news-even-during-a-war-11646434626?mod=djemfamtech

Okta

• How Lapsus$, Okta attacker, typically preys on insiders

  March 25 2022

  https://www.scmagazine.com/perspective/breach/how-lapsus-preyed-on-insiders-in-the-okta-breach%EF%BF%BC

• Okta Says It 'Should Have Moved More Swiftly' Over Breach. Lapsus$ Gained Access to a Sitel Support Engineer's Computer Via Remote Hosting

  March 24 2022

  https://www.bankinfosecurity.com/okta-should-have-moved-more-swiftly-over-breach-a-18782

• Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

  March 24, 2022

  https://securityboulevard.com/2022/03/oktas-breach-highlights-risk-of-putting-crown-jewels-in-the-cloud/

• Okta says hackers were able to view customer data. Those customers have some big questions. The fallout from the "embarrassing" incident was somewhat limited, but there was a sizable gap in time between discovery and acknowledgment.

  March 23 2022

  https://www.protocol.com/bulletins/okta-hacked-customer-data

• Microsoft and Okta detail the impact of recent Lapsus$ attacks. Okta said the attack only affected around 2.5 percent of its clients.

  March 23 2022

  https://www.engadget.com/microsoft-okta-detail-lapsus-attacks-114008836.html

• Okta denies security incident as Lapsus$ group goes on a spree. The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.

  March 22 2022

  https://www.cybersecuritydive.com/news/okta-lapsus-breach-claims/620807/

• DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

  March 22 2022

  https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

• NHS urges orgs to apply security update for Okta Client RCE bug

  February 25, 2022

  https://www.bleepingcomputer.com/news/security/nhs-urges-orgs-to-apply-security-update-for-okta-client-rce-bug/

• Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover. New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials.

  February 9 2022

  https://www.darkreading.com/risk/auth0-credential-guard-detects-breached-passwords-to-prevent-account-takeover

Operating Systems

• New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs. Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

  March 8 2022

  https://www.csoonline.com/article/3652525/new-attack-bypasses-hardware-defenses-for-spectre-flaw-in-intel-and-arm-cpus.html

Phishing and Other Social Engineering

• This sneaky type of phishing is growing fast because hackers are seeing big paydays. Researchers warn about an increase in conversation hijacking emails, where hackers abuse accounts of people you trust to send you phishing links and malware.

  March 16 2022

  https://www.zdnet.com/article/this-sneaky-type-of-phishing-is-growing-fast-because-hackers-are-seeing-big-paydays/

Privacy

• NACD Borad Talk. Eight Questions to Frame Data Privacy Discussions in the Boardroom

  March 9 2022

  https://blog.nacdonline.org/posts/questions-data-privacy-boardroom

• The New Rules of Data Privacy

  February 25 2022

  https://hbr.org/2022/02/the-new-rules-of-data-privacy

Ransomware

• The ‘s First Ransomware Monetary Penalty Notice: Key Takeaways

  March 15 2022

  https://www.orrick.com/en/Insights/2022/03/The-ICOs-First-Ransomware-Monetary-Penalty-Notice-Key-Takeaways

• BlackByte Ransomware Group Attacked at Least Three Critical Infrastructure Companies and the San Francisco 49ers

  Feb 25 2022

  https://www.cpomagazine.com/cyber-security/blackbyte-ransomware-group-attacked-at-least-three-critical-infrastructure-companies-and-the-san-francisco-49ers

Remote and Mobile working and WFH

• The Original Hybrid Workers Can Teach Us How to Do It Right. Over 50 years ago, they trialed “part-time telecommuting.” The pandemic-driven model has problems, but early adopters think they can be fixed.

  Feb 28 2022

  https://www.wired.com/story/hybrid-working-original-fix

Surveillance and Facial Recognition

• Virginia lawmakers OK lifting ban on facial technology use

  March 10 2022

  https://apnews.com/article/technology-virginia-crime-legislature-f3f2af850745911014b950d951c3c464

• End of an era of ad targeting

  Publishers will need closer ties to their audiences

  Feb 23 2022

  https://therebooting.substack.com/p/end-of-an-era-of-ad-targeting?s=r

Technology

• What's the Most Dangerous Emerging Technology?

  Feb 21 2022

  https://gizmodo.com/whats-the-most-dangerous-emerging-technology-1847957403

February 2022

Catphishing, phishing and other social engineering

• Woman Catches Bumble Catfish After Seeing His Texts

  Feb 27 2022

  https://www.intheknow.com/post/woman-catches-bumble-catfish/

Cloud Security

• Signing up with a cloud provider? Don't forget to set an exit plan

  It’s not simply about getting easy permission to go when it's time to part ways; it’s about IT making sure any decisions don’t complicate that eventual departure.

  Feb 22 2022

  https://www.computerworld.com/article/3650673/signing-up-with-a-cloud-provider-dont-forget-to-set-an-exit-plan.html?fbclid=IwAR3X-SUarw62Pjr21_ewBhllq2K8axoeQEFBSpc7qy5Pc32olWU4rcKt5K0

Cybercrime and hacking

• Hackers Sell Backdoors Into A $2 Billion Nonprofit, A Californian Hospital, And Michigan Government

  Feb 23 2022

  https://www.forbes.com/sites/thomasbrewster/2022/02/23/hackers-sell-access-to-a-2-billion-nonprofit-a-californian-hospital-and-michigan-government

Laws, regulations, and legal actions

• New DPIA for the Dutch government and universities on Microsoft Teams, OneDrive and SharePoint Online – Blogpost

  Feb 2022

  https://www.privacycompany.eu/blogpost-en/new-dpia-for-the-dutch-government-and-universities-on-microsoft-teams-onedrive-and-sharepoint-online

Misinformation and Conspiracy Theories

• You’ll Never Believe It But Hillary Clinton Did Not, In Fact, Spy on Trump’s White House

  Feb 15 2022

  https://www.vanityfair.com/news/2022/02/donald-trump-hillary-clinton-white-house-spying

Nation-state and War Hacking and Other Actions

• Facebook Is Going Up Against Russia

  FEB 26, 2022

  https://slate.com/technology/2022/02/russia-facebook-throttle-information-warfare.html

• Anonymous hacked the Russian Defense Ministry and is targeting Russian companies

  February 26, 2022

  https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html

• CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

  February 26, 2022

  https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations

• Russian Government Websites Are Currently Down

  The reasons for the outage are unclear at this point, but there have been similar disruptions attributed to the Russian government in recent weeks.

  Feb 24 2022

  https://www-vice-com.cdn.ampproject.org/c/s/www.vice.com/amp/en/article/bvnpnv/russian-government-websites-are-currently-down

• Biden: ‘Prepared to Respond’ if Russia Pursues Cyberattacks Against US

  Feb 24 2022

  https://www.nextgov.com/cybersecurity/2022/02/biden-prepared-respond-if-russia-pursues-cyberattacks-against-us/362401/

• Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack

  Feb 22 2022

  https://thehackernews.com/2022/02/chinese-hackers-target-taiwans.html

Work from Home, Hybrid Work, and Mobile Working

• The death of offices and the rise of remote work could mean someone with your title makes 20x more than you

  Feb 25 2022

  https://finance.yahoo.com/news/death-offices-rise-remote-could-163146706.html

January 2022

Breaches and Incidents

• Can Data Breaches Be GOOD For Some Corporate Brands?

  Jan 31 2022

  https://nationalcybersecuritynews.today/can-data-breaches-be-good-for-some-corporate-brands-malware-ransomware/

Critical Infrastructure

• The administration wants to prevent an attack on water supplies

  Jan 27 2022

  https://www.washingtonpost.com/politics/2022/01/27/administration-wants-prevent-an-attack-water-supplies/

Cyber Attacks and Hacks

• Regional Cyber Conflicts Could Lead to Infrastructure Attacks in 2022

  Jan 25 2022

  https://amp-insurancejournal-com.cdn.ampproject.org/c/s/amp.insurancejournal.com/news/international/2022/01/25/650692.htm

Cyber Insurance

• Improving cyber insurance doesn't have to be hard. Cyber policies have become a sort of Frankenstein monster, with coverages pieced together to address a growing set of property and liability risks.

  Jan 28 2022

  https://www.propertycasualty360.com/2022/01/28/improving-cyber-insurance-doesnt-have-to-be-hard/

• CyberCube’s CEO Explains Why You Should Expect Cyber Insurance Markets to Continue to Be Difficult Over the Next Year. A hard cyber market may be the "new normal'" but greater usage of alternative risk transfer and capital flow mechanisms may soften the future landscape.

  Jan 26 2022

  https://riskandinsurance.com/cybercubes-ceo-explains-why-you-should-expect-cyber-insurance-markets-to-continue-to-be-difficult-over-the-next-year/

Data Privacy Day and Data Privacy Week

• Iowa Governor Reynolds Declares January 28 Iowa Data Privacy Day. 2022 marks the 14th consecutive year of declaration in Iowa

  Jan 28 2022

  https://marijuana.einnews.com/pr_news/561704827/iowa-governor-reynolds-declares-january-28-iowa-data-privacy-day

• Data Privacy Week – 20 Data Privacy Tips

  Jan 24 2022

  https://ewfblog.com/dataprivacyweek20dataprivacytips-bylynnterwoerds/

Encryption and Cryptography

• What is the quantum apocalypse and should we be scared?

  Jan 27 2022

  https://www.bbc.com/news/technology-60144498

• Quantum Apocalypse. Experts are warning that quantum computers could eventually overpower conventional encryption methods, a potentially dangerous fate for humanity that they’re evocatively dubbing the “quantum apocalypse.”

  Jan 27 2022

  https://futurism.com/the-byte/experts-warn-quantum-computing-apocalypse

Hacking and Cyber Attacks

• A Former Hacker’s Guide to Boosting Your Online Security. More stolen personal data is available online than ever before. A man who once ran a website that prosecutors called the Amazon of stolen identity information offers his tips on the best ways to protect your data.

  Jan 27 2022

  https://www.propublica.org/article/a-former-hackers-guide-to-boosting-your-online-security

Healthcare

• Request for Information: Electronic Prior Authorization Standards, Implementation Specifications, and Certification Criteria

  Jan 24 2022

  https://insurancenewsnet.com/oarticle/request-for-information-electronic-prior-authorization-standards-implementation-specifications-and-certification-criteria

Laws, Legal Actions, Penalties and Lawsuits

• REWE International $9M GDPR fine a lesson in managing subsidiary risk

  Jan 25 2022

  https://www.complianceweek.com/regulatory-enforcement/rewe-international-9m-gdpr-fine-a-lesson-in-managing-subsidiary-risk/31281.article

• Proposed State Privacy Law Update

  Jan 24 2022

  https://www.bytebacklaw.com/2022/01/proposed-state-privacy-law-update-jan-24-2022/

• NY Fines Vision Benefits Firm $600,000 for 2020 Breach. Email Compromise Affected 2.1 Million Individuals Nationwide.

  Jan 24 2022

  https://www.healthcareinfosecurity.com/ny-fines-vision-benefits-firm-600000-for-2020-breach-a-18368

Manufacturing

• Country's biggest double glazing installer Safestyle UK is hit by a cyber attack as spies warn of a threat from Russian hackers linked to fears of military action against Ukraine. Safestyle UK were targeted in a ransomware attack with hackers looking for cash. It comes as cyber experts warn of Russian hacker threat over tensions in Ukraine

  Jan 28 2022

  https://www.dailymail.co.uk/news/article-10454141/Countrys-biggest-double-glazing-installer-Safestyle-UK-hit-cyber-attack.html

Military

• HOW THE MARINE CORPS USES IT TO DEFEAT EVOLVING THREATS

  JAN 28 2022

  https://www.marines.mil/News/News-Display/Article/2916250/how-the-marine-corps-uses-it-to-defeat-evolving-threats/

Privacy Management, Standards and Frameworks

• NIST PRIVACY: The NIST Privacy Engineering Program’s mission is ENGINEERING supporting the development of trustworthy information systems by creating guidelines and tools to protect individuals’ privacy PROGRAM In Action

  Jan 28 2022

  https://www.nist.gov/system/files/documents/2022/01/25/Privacy-Framework-2-Year-Infographic.pdf

• Maturing the Privacy Impact Assessment. Privacy Impact Assessments (PIAs) have not changed dramatically over the past 20 years or so, or at least the approach to them hasn’t.

  Jan 28 2022

  https://nnovation.com/maturing-the-privacy-impact-assessment/

Ransomware

• His son's school was hacked. Then the ransomware gang called him at home.

  Jan 25 2022

  https://news.yahoo.com/ransomware-hackers-tactic-calling-directly-110440401.html

Voting and Elections

• Report: Hackers Can Flip Votes in Georgia's Voting System. According to a confidential report, hackers can alter votes by taking control of Georgia's voting system touchscreens. Despite the reported vulnerability, state election officials are staying relatively mum.

  Jan 27 2022

  https://www.govtech.com/security/report-hackers-can-flip-votes-in-georgias-voting-system

December 2021 Security, Privacy and Compliance

Apps

• The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users

  The app is a major source of raw location data for a multibillion-dollar industry that buys, packages, and sells people’s movements

  December 6, 2021

  https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user

Government

• CISA names big tech, financial execs and others to Cybersecurity Advisory Committee

  Dec 1 2021

  https://federalnewsnetwork.com/cybersecurity/2021/12/cisa-names-big-tech-financial-execs-and-others-to-cybersecurity-advisory-committee/

• Defense Intelligence Agency Expected to Lead Military’s Use of ‘Open Source’ Data

  Directive would place agency in charge of setting policy for intelligence gleaned from social-media and commercial-data troves

  Dec 10 2021

  https://www.wsj.com/articles/defense-intelligence-agency-expected-to-lead-militarys-use-of-open-source-data-11639142686?st=07h3yx7rqvj3qyk&reflink=desktopwebshare_permalink

• Local Law-Enforcement Agencies Thwart FBI Push to Track Police Use of Force

  Federal program faces elimination because local agencies aren’t submitting statistics

  Dec 9, 2021

  https://www.wsj.com/articles/fbi-monitoring-of-police-use-of-force-founders-on-lack-of-data-11639073896?st=12p6ez9p0ebct65&reflink=desktopwebshare_permalink

• CISA names big tech, financial execs and others to Cybersecurity Advisory Committee

  Dec 1, 2021

  https://federalnewsnetwork.com/cybersecurity/2021/12/cisa-names-big-tech-financial-execs-and-others-to-cybersecurity-advisory-committee/amp/

Hacking

• UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers

  Logging hours manually may be only recourse

  Dec 15, 2021

  https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/ukg-ransomware-disrupts-scheduling-payroll-kronos-private-cloud.aspx

Ransomware

• This company was hit with ransomware, but didn't have to pay up. Here's how they did it

  Cyber criminals demanded $15 million for a decryption key and sent threatening messages to staff -but this company recovered its network without paying hackers a thing.

  Dec 17, 2021

  https://www.zdnet.com/article/this-company-was-hit-with-ransomware-but-didnt-have-to-pay-up-heres-how-they-did-it/

Social Media

• Instagram is touting safety features for teens. Mental health advocates aren’t buying it.

  Changes come a day before CEO testifies before Congress about the app’s impact on young people

  Dec 7 2021

  https://wapo.st/3pyvsau

Compliance, Law, Penalties

• Clearview AI Facing £17 Million Fine From UK ICO Over Violation of Data Protection Laws

  DECEMBER 3, 2021

  https://www.cpomagazine.com/data-privacy/clearview-ai-facing-17-million-fine-from-uk-ico-over-violation-of-data-protection-laws

Cybercrime

• ‘Tis the season of e-retailers and cybercrime

  Dec 3 2021

  https://www.scmagazine.com/perspective/cybercrime/tis-the-season-of-e-retailers-and-cybercrime

• FBI Releases 2020 Incident-Based (NIBRS) Data

  December 6, 2021

  https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2020-incident-based-data

Work from Home and Mobile Working

• The Great Resignation is Quickly Becoming The Great Revolt: 5 Actions Leaders Should Take Now

  Is the hybrid work going to change work as we know it? What does this mean for our future?

  December 6, 2021

  https://www.entrepreneur.com/article/397361

Insider Threat

• FBI Sting Exposes Defense Contractor’s Espionage After FSO and ISO Identified an Insider Threat

  Dec 17, 2021

  https://news.clearancejobs.com/2021/12/17/fbi-sting-exposes-defense-contractors-espionage-after-fso-and-iso-identified-an-insider-threat/

Ransomware

• Ransomware actors steal data of 400K patients from LA Planned Parenthood

  Dec 2 2021

  https://www.scmagazine.com/analysis/breach/ransomware-actors-steal-data-of-400k-patients-from-la-planned-parenthood

• 5 Defenses for 5 Ransomware Root Causes

  DECEMBER 6, 2021

  https://www.cpomagazine.com/cyber-security/5-defenses-for-5-ransomware-root-causes

• US Legislators Look To Stop “Grinch Bots” From Ruining the Holidays

  DECEMBER 6, 2021

  https://www.cpomagazine.com/cyber-security/us-legislators-look-to-stop-grinch-bots-from-ruining-the-holidays

Facial Recognition

• Your Face Is, or Will Be, Your Boarding Pass

  Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs.

  Dec 7 2021

  https://www.nytimes.com/2021/12/07/travel/biometrics-airports-security.html

Engineering

• Building A More Secure U.S. Microelectronic Design Infrastructure

  DECEMBER 2ND, 2021

  https://semiengineering.com/building-a-more-secure-u-s-microelectronic-design-infrastructure/

• Firefox update brings a whole new sort of security sandbox

  07 DEC 2021

  https://nakedsecurity.sophos.com/2021/12/07/firefox-update-brings-a-whole-new-sort-of-security-sandbox/

Cryptocurrency

• Cryptocurrency startup fails to subtract before adding, loses $31m

  06 DEC 2021

  https://nakedsecurity.sophos.com/2021/12/06/cryptocurrency-startup-fails-to-subtract-before-adding-loses-31m/

Laws, Legal Compliance, Judgments & Penalties

• FTC Whistleblower Act Would Reward and Protect Whistleblowing About Data Privacy Misconduct and Other Deceptive Practices

  Dec 3, 2021

  https://www.zuckermanlaw.com/ftc_whistleblower_act/

Nation State Hacking & Espionage

• China’s state-sponsored industrial espionage is part of a larger system

  Dec 9 2021

  https://www.marketplace.org/2021/12/09/chinas-state-sponsored-industrial-espionage-is-part-of-a-larger-system/

November 2021 Security, Privacy and Compliance

Hacking

• Can Smart Home Automation Be Hacked? 7 Simple Tips to Protect Yourself.

  Nov 30 2021

  https://www.diysmarthomesolutions.com/can-smart-home-automation-be-hacked-7-simple-tips-to-protect-yourself/

Vulnerable Software

• Buggy software in off-brand smart home devices is a hacker’s playground

  Software in connected devices has little oversight. As more objects come online, that problem will snowball.

  Nov 18 2021

  https://www.washingtonpost.com/technology/2021/11/18/smart-home-security/

Drones

• A Drone Tried to Disrupt the Power Grid. It Won't Be the Last

  An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.

  Nov. 5, 2021

  https://www.wired.com/story/drone-attack-power-substation-threat/

Smart Cars

• Apple Wants iPhones to Detect Car Crashes, Auto-Dial 911

  Safety feature is also planned for Apple Watches expected in 2022, according to company documents

  Nov 1, 2021

  https://www.wsj.com/articles/apple-wants-iphones-to-detect-car-crashes-auto-dial-911-11635768001?st=1l9t3jno8cs5g9n&reflink=share_mobilewebshare

• WHY YOUR CAR WILL BECOME EVEN MORE LIKE AN IPHONE

  Doug Field, who left Apple for Ford in September, talks about automation, Detroit vs. Silicon Valley and the way that custom subscriptions will remake the auto industry

  Nov 4 2021

  https://www.wsj.com/articles/why-your-car-will-become-even-more-like-an-iphone-11636038092?st=so22q7yc1nev56f&reflink=share_mobilewebshare

Breaches

• The biggest healthcare data breaches of 2021

  More than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.

  November 16, 2021

  https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021

• 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach

  An independent cybersecurity researcher discovered a wearable device data breach that exposed the records of 61 million Apple and Fitbit users.

  September 16, 2021

  https://healthitsecurity.com/news/61m-fitbit-apple-users-had-data-exposed-in-wearable-device-data-breach

• Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

  March 10, 2021

  https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams

Critical Infrastructure Cybersecurity

• Learning from Cyber Incidents: Adapting Aviation Safety Models to Cybersecurity

  Nov 12, 2021

  https://www.belfercenter.org/publication/learning-cyber-incidents-adapting-aviation-safety-models-cybersecurity

Cyber Insurance

• Soaring cost of cyber protection lifts commercial insurers

  Nov. 5, 2021

  https://californianewstimes.com/soaring-cost-of-cyber-protection-lifts-commercial-insurers/582355/

Privacy After Death

• Portugal: New Law Allows Medically Assisted Procreation Through Postmortem Insemination

  Nov 12, 2021

  https://www.loc.gov/item/global-legal-monitor/2021-12-13/portugal-new-law-allows-medically-assisted-procreation-through-postmortem-insemination/

Social Media

• Is Facebook Bad for You? It Is for About 360 Million Users, Company Surveys Suggest

  The app hurts sleep, work, relationships or parenting for about 12.5% of users, who reported they felt Facebook was more of a problem than other social media.

  Nov. 5, 2021

  https://www.wsj.com/articles/facebook-bad-for-you-360-million-users-say-yes-company-documents-facebook-files-11636124681?st=8hohyxrxpl4lqlz&reflink=desktopwebshare_permalink

Tech and Career Trends

• Cybersecurity Companies Are Raking in Millions. Many Don’t Turn Profits.

  Rising share prices in the sector reflect investors’ thirst for revenue growth above other metrics

  Nov 5, 2021

  https://www.wsj.com/articles/cybersecurity-companies-are-raking-in-millions-many-dont-turn-profits-11636104601?st=sbawxyfejlc1jbh&reflink=share_mobilewebshare

Work from Home

• How to secure your work-from-home office ahead of the holidays

November 03, 2021

https://www.wpxi.com/news/top-stories/how-secure-your-work-from-home-office-ahead-holidays/4GRH6PDDVFEI5CNF5RAJPMDTNQ/

October 2021 Security, Privacy and Compliance News

Applications and Systems Security, Vulnerabilities and Threats

• 8 Most Common Types of Malware Attacks

  Oct 21 2021

  https://arcticwolf.com/resources/blog/8-types-of-malware

• Certify - Active Directory Certificate Abuse

  Oct 1, 2021

  https://www.kitploit.com/2021/10/certify-active-directory-certificate.html

• Twitch Gets Gutted: All Source Code Leaked

  Oct 6, 2021

  https://threatpost.com/twitch-source-code-leaked/175359/

• How to Enable TPM and Secure Boot to Install Windows 11. Your computer might be one toggle away from an upgrade to Microsoft's latest desktop operating system version.

  Oct 9, 2021

  https://www.wired.com/story/how-to-enable-tpm-secure-boot-for-windows-11/

Artificial Intelligence (AI),  Machine Learning & Robots

• "60 Minutes" reports on AI technology helping create realistic deep fakes

  Oct 8, 2021

  https://www.cbsnews.com/video/60-minutes-reports-on-ai-technology-helping-create-realistic-deep-fakes/

Cybercrime and Hacking

• 10 Phishing-Related Cybercrime Statistics Every Business Owner Needs to See

  Oct 7, 2021

  https://www.graphus.ai/blog/10-phishing-related-cybercrime-statistics-every-business-owner-needs-to-see

• Crooks use math symbols to evade anti-phishing solutions

  Oct 13, 2021

  https://securityaffairs.co/wordpress/123297/hacking/anti-phishing-technique.html

• Russian cybercrime gang targets finance firms with stealthy macros

  Oct 15, 2021

  https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/

• Hacker steals government ID database for Argentina’s entire population

  Oct 18, 2021

  https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/

• iCloud hacker stole intimate photos from hundreds of Apple customers

  Oct 19, 2021

  https://www.techradar.com/news/icloud-hacker-stole-intimate-photos-from-hundreds-of-apple-customers

• SolarWinds Hackers Continue to Hit Technology Companies, Says Microsoft. Russia-linked group has stepped up attacks, cybersecurity experts say

  Oct 25, 2021

  https://www.wsj.com/articles/microsoft-solarwinds-hackers-continue-to-hit-technology-companies-11635145200?st=9awz83whk0u2mo2&reflink=desktopwebshare_permalink

Cybersecurity Awareness Month October 2021

• SEI Supports Cybersecurity Awareness Month with Webcast Series

  Oct 5, 2021

  https://www.cmu.edu/news/stories/archives/2021/october/sei-cybersecurity-webcast-series.html

• Cybersecurity Awareness Month: Time for your safety check

  Oct 7, 2021

  https://www.cnet.com/tech/cybersecurity-awareness-month-time-for-a-cybersafety-check/

Education Cybersecurity & Privacy

• Audit finds Kansas schools unprepared for a cyberattack. What is the risk?

  Oct 08, 2021

  https://amp-kansascity-com.cdn.ampproject.org/c/s/amp.kansascity.com/news/local/education/article254838942.html

Insider Threat

• Airmic 2021: Beware the cyber insider threat

  When a Tesla employee was offered $500,000 by a cyber criminal gang to install malware on the company’s Gigafactory network last year, it indicated a new and emerging threat.

  Oct 6, 2021

  https://www.strategic-risk-europe.com/home/airmic-2021-beware-the-cyber-insider-threat/1439086.article

Laws, Legal Compliance, Judgments & Penalties

• Canada: Privacy Laws In Canada: To Infinite Fees And Beyond

  28 October 2021

  https://www.mondaq.com/canada/privacy-protection/1125458/privacy-laws-in-canada-to-infinite-fees-and-beyond

• UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK IN RE: GOOGLE DIGITAL ADVERTISING ANTITRUST LITIGATION

  Civil Action No.: 1:21-md-03010-PKC

  Oct 22, 2021

  https://storage.courtlistener.com/recap/gov.uscourts.nysd.564903/gov.uscourts.nysd.564903.152.0.pdf

• Google sought fellow tech giants' help in stalling kids' privacy protections, states allege

  Unsealed court documents say the search giant sought help from Apple, Facebook and Microsoft to "find areas of alignment."

  Oct 22, 2021

  https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834

• Google said it had successfully ‘slowed down’ European privacy rules, according to lawsuit.

  Oct 22, 2021

  https://www.nytimes.com/2021/10/22/technology/google-privacy-lawsuit.html

• Quebec Adopts New Law to Modernize Personal Information Protection

  Oct. 1, 2021

  https://www.jdsupra.com/legalnews/quebec-adopts-new-law-to-modernize-6487558/

• Patient Confidentiality

  Oct 7, 2021.

  https://www.ncbi.nlm.nih.gov/books/NBK519540/

• EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

  Oct 22, 2021

  https://www.goodwinprivacyblog.com/2021/10/22/edpb-to-provide-much-needed-clarification-on-new-eu-sccs-scope-for-importers-subject-to-the-gdpr/

• 'Truly outrageous': Court awards $130,000 judgment in Edmonton revenge porn case

  Oct 24, 2021

  https://edmontonjournal.com/news/local-news/truly-outrageous-court-awards-130000-judgment-in-edmonton-revenge-porn-case

• Quebec’s Bill 64 Introduces New Operational Requirements for Cross-Border Transfers of Personal Information

  Oct 26, 2021

  https://www.mccarthy.ca/en/insights/blogs/techlex/quebecs-bill-64-introduces-new-operational-requirements-cross-border-transfers-personal-information

Killware

• “Killware”: Is it just as bad as it sounds?

  Oct 18, 2021

  https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/

• What is killware?

  Oct 31, 2021

  https://www.pandasecurity.com/en/mediacenter/security/what-is-killware/

• DHS Secretary: “Killware,” Malware Designed To Do Real-World Harm, Poised To Be World’s Next Breakout Cybersecurity Threat

  Oct 22, 2021

  https://www.cpomagazine.com/cyber-security/dhs-secretary-killware-malware-designed-to-do-real-world-harm-poised-to-be-worlds-next-breakout-cybersecurity-threat/

Privacy and Privacy Invasive Tech

• The Crisis in Data Privacy

  Oct, 2021

  NOTE: With quotes by Privacy & Security Brainiacs CEO, Rebecca Herold

  https://issuu.com/luckbox/docs/2111-luckbox-issuu/s/13746870

Ransomware

• Johnson Memorial Health relying on ‘old school’ methods following cyberattack

  Oct 4, 2021

  https://fox59.com/news/johnson-memorial-health-relying-on-old-school-methods-following-cyber-attack/

• S. Energy Sector Is Vulnerable To Ransomware Attacks

  Oct 06, 2021

  https://oilprice.com/Latest-Energy-News/World-News/US-Energy-Sector-Is-Vulnerable-To-Ransomware-Attacks.html

• Quarter of Energy Sector Vulnerable to Ransomware, Report Says. US Electricity, Gas, Oil Companies Surveyed

  Oct 6, 2021

  https://www.rtoinsider.com/articles/28799-quarter-energy-sector-vulnerable-ransomware-report

• Ransomware actor pressures school district by emailing parents

  Oct 6, 2021

  https://statescoop.com/ransomware-allen-texas-school-district-email-parents/

• SpyCloud Report: Organizations Unprepared for Ransomware Attacks Despite Confidence in Cyber Defenses

  Oct 19, 2021,

  https://finance.yahoo.com/news/spycloud-report-organizations-unprepared-ransomware-100500069.htm

Social Media

• What Is Clubhouse? The Audio-Only Chat App Explained. This audio-based app, now open to iOS and Android, is like listening in on someone else's phone call, legally. Here's what you need to know about Clubhouse.

  Oct 16, 2021

  https://au.pcmag.com/mobile-apps/85338/what-is-clubhouse-the-invite-only-chat-app-explained

Supply Chain Security & Privacy

• DOJ to go after government contractors that fail to report breaches

  Oct 6, 2021

  https://thehill.com/policy/cybersecurity/575557-doj-to-go-after-government-contractors-that-fail-to-report-breaches

Work from Home

• Home Working Is Creating Dangers, New Business for Cybersecurity

  The safety of our digital world has reached a pivotal moment.

  Oct 6, 2021

  https://www.bloomberg.com/news/articles/2021-10-06/work-from-home-cybersecurity-risks-create-these-new-dangers-opportunities

September 2021 Security, Privacy and Compliance News

Apps, Vulnerabilities and Threats

• Beijing launches websites for reporting cybersecurity vulnerabilities in systems, apps and smart cars

  Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals

  Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms

  Sept 1, 2021

  https://www.scmp.com/tech/big-tech/article/3147206/beijing-launches-websites-reporting-cybersecurity-vulnerabilities

• This WhatsApp security flaw could have let hackers access all your chats. Although WhatsApp says the exploitation of the vulnerability was only theoretical

  Sept 2, 2021

  https://www.techradar.com/news/this-whatsapp-security-flaw-could-have-let-hackers-access-all-your-chats

• OWASP shakes up web app threat categories with release of draft Top 10. The Top 10 list is a widely used guide to modern web application security threats

  Sept 9, 2021 The Top 10 list is a widely used guide to modern web application security threats

  https://portswigger.net/daily-swig/owasp-shakes-up-web-app-threat-categories-with-release-of-draft-top-10

• Application Security a Growing Priority Among Security Pros. A Dark Reading survey finds most IT and security managers would rather wait to deploy applications than risk security flaws.

  Sept 10, 2021

  https://www.darkreading.com/application-security/application-security-a-growing-priority-among-security-pros

• Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

  Sept 15, 2021

  https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

• CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms.

  Sept 17, 2021

  https://thecyberwire.com/newsletters/daily-briefing/10/180

• Apple responds to security researcher who found multiple iOS 15 zero-day flaws [U]

  Sept 27, 2021

  https://9to5mac.com/2021/09/27/security-researcher-claims-3-zero-day-flaws-ios-15/

• Beware! Employees of popular apps have access to your data

   September 05, 2021

  https://www.thehindubusinessline.com/news/variety/beware-employees-of-popular-apps-have-access-to-your-data/article36308663.ece

• Google extends right-to-be-forgotten to app permissions on older Android devices: Software unused after a few months will lose access to sensitive features unless exempted

  Sept 17, 2021

  https://www.theregister.com/2021/09/17/google_app_permissions_android/

Bitcoin and Cryptocurrency

• Crypto Hacks Highlight Need for More Cybersecurity

  September 1, 2021

  https://www.etftrends.com/nasdaq-portfolio-solutions-channel/crypto-hacks-highlight-need-for-more-cybersecurity/

• Cryptocurrency: The New Favorite for Cyber Crimes

  Sept 1, 2021

  https://www.mygreatlearning.com/blog/cryptocurrency-the-new-favorite-for-cyber-crimes/

• No Technology is “Completely Secure”…Even the Beloved (by Many) Bitcoin!

  Sept 7, 2021

  https://www.linkedin.com/pulse/technology-completely-secureeven-beloved-many-bitcoin-rebecca-herold/

• Japanese Crypto Exchange Robbed of $100,000,000

  Sept 8, 2021

  https://www.business2community.com/cybersecurity/japanese-crypto-exchange-robbed-of-100000000-02429852

• U.S. Treasury sanctions crypto exchange Suex over ransomware transactions

  Sept 21, 2021

  https://fortune.com/2021/09/21/us-treasury-sanctions-crypto-exchange-suex-ransomware-transaction-cybersecurity-biden/

• Regulating Big Tech. China outlaws cryptocurrency transactions. Russian markets and US sanctions. Approaches to resiliency.

  Sept 24, 2021

  https://thecyberwire.com/newsletters/policy-briefing/3/185

• Crypto Cybersecurity. How Safe Are Your Assets. DailyCoin Investigated

  Sept 27, 2021

  https://www.investing.com/news/cryptocurrency-news/crypto-cybersecurity-how-safe-are-your-assets-dailycoin-investigated-2627670

• Senators aim to increase oversight of cryptocurrency mining with new bill

  Sept 27, 2021

  https://thehill.com/policy/cybersecurity/574149-senators-aim-to-increase-oversight-of-cryptocurrency-mining-with-new

• What is Cryptomining and how can it affect Cybersecurity?

  Sept 28, 2021

  https://blog.sonicwall.com/en-us/2021/09/cryptojacking-apocalypse-defeating-the-four-horsemen-of-cryptomining/

Cybercrime and Hacking

• How Hackers Use Our Brains Against Us

  Cybercriminals take advantage of the unconscious processes that we all use to make decision making more efficient. Blame it on our ‘lizard brains.’

  Sept 7, 2021

  https://www.wsj.com/articles/how-hackers-use-our-brains-against-us-11631044800?st=8idpqhzennx0i1n&reflink=desktopwebshare_permalink

• The Latest Cybersecurity Threat: Pay Us or We Release the Data

  These attacks are a lot more complicated—and potentially more costly

  Sept 7, 2021

  https://www.wsj.com/articles/cyber-security-threats-11631041568?st=6nt8nl6qcijqwfn&reflink=desktopwebshare_permalink

• Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang

  Chief security adviser Roger Halbheer says best protection is to 'get off AD FS'

  Sept 28, 2021

  https://www.theregister.com/2021/09/28/active_directory_foggyweb_malware/

Cyber Insurance

• RDAI’s new norms on cyber insurance for individuals cover online theft of funds, identity, social media

  Sept 9, 2021

  https://economictimes.indiatimes.com/wealth/insure/irdais-new-norms-on-cyber-insurance-for-individuals-cover-online-theft-of-funds-identity-social-media/articleshow/86067769.cms

• How Cyber Liability Insurance Can Rescue A Small Business

  Sept 10, 2021

  https://www.forbes.com/advisor/business-insurance/cyber-liability-insurance/

• Insurance Coverage for Cyberattacks?

  Sept 13, 2021

  https://www.jdsupra.com/legalnews/insurance-coverage-for-cyberattacks-1619600/

• Cyber insurance may not be making companies more secure

  Sept 14, 2021

  https://www.washingtonpost.com/politics/2021/09/14/cyber-insurance-may-not-be-making-companies-more-secure/

• Coalition Raises $205M to Combine Cyber Insurance, Security Tools

  Sept 28, 2021

  https://www.sdxcentral.com/articles/news/coalition-raises-205m-to-combine-cyber-insurance-security-tools/2021/09/

• Microsoft and At-Bay partner to offer data-driven cyber insurance coverage

  Sept 29, 2021

  https://finance.yahoo.com/news/microsoft-bay-partner-offer-data-160000007.html

Firmware, Hardware and Software Vulnerabilities

• Microsoft warns of a Windows zero-day security hole that is being actively exploited

  Sept 9, 2021

  https://www.tripwire.com/state-of-security/featured/microsoft-warns-actively-exploited-windows-zero-day-security-hole

• Do you own an iPhone or iPad? Update your Apple devices right now.

  Sept 13, 2021

  https://www.usatoday.com/story/tech/2021/09/13/iphone-apple-security-update-pegasus-spyware-mac-ipad/8325086002/

• Apple issues urgent iPhone software update to address critical spyware vulnerability

  Sept 14, 2021

  https://www.cnn.com/2021/09/13/tech/apple-iphone-spyware-vulnerability-fix/index.html

Healthcare

• Major backlogs in processing patient data during the pandemic are forcing the healthcare sector to reassess its relationship with fax machines.

  5th September 2021

  https://www.bbc.com/future/article/20210903-how-covid-19-could-finally-be-the-end-of-the-fax-machine

Insider Threat

• Wells Fargo Fined $250 Million for Problems in Its Mortgage Business: The OCC said lender has failed to fix issues first identified in 2018

  Sept 9, 2021

  https://www.wsj.com/articles/wells-fargo-fined-250-million-for-problems-in-its-mortgage-business-11631223671?st=p76ixkpky9nc2wg&reflink=desktopwebshare_permalink

Privacy Invasive Tech

• A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room: If you're worried about privacy, it might be time to cover up your front door's peephole.

  Sept 8, 2021

  https://gizmodo.com/a-single-laser-fired-through-a-keyhole-can-expose-every-1847638281

Ransomware

• Ransomware gang threatens to leak data if victim contacts FBI, police

  Sept 7, 2021

  https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/

• U.S. to Target Crypto Ransomware Payments With Sanctions: Biden administration hopes to disrupt digital finance infrastructure that facilitates ransomware cyberattacks, a threat traced to Russia

  Sept 17, 2021

  https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336?st=cbo2cvaltmhkop1&reflink=desktopwebshare_permalink

• Energy, utility sectors feel ‘most exposed’ to cybersecurity threats, survey finds.

  Companies in the utilities and energy sector feel the most exposed to cyberthreats, according to 40% of Beazley respondents. There have been a number of attacks in that space, including a ransomware attack in May that forced Colonial Pipeline to shut down the largest refined products pipeline system in the United States. The company made a payment of roughly $4.4 million in bitcoin ransom to aid a swift recovery.

  Sept 20, 2021

  https://www.utilitydive.com/news/beazley-cyber-insurance-technology-risk/606836/

Social Media

• Facebook Says Its Rules Apply to All. Company Documents Reveal a Secret Elite That’s Exempt. A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse

  Sept 13, 2021

  https://www.wsj.com/articles/facebook-files-xcheck-zuckerberg-elite-rules-11631541353?st=q60gtpw9c2n5f6q&reflink=desktopwebshare_permalink

• Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts

  Sept 25, 2021

  https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/

• Facebook Is Making Camera Glasses, Ha Ha Oh No

  Ray-Ban Stories can take photos and videos with a touch of a button and send them to your phone.Sept 9, 2021

  https://www.buzzfeednews.com/article/katienotopoulos/facebook-is-making-camera-glasses-ha-ha-oh-no

  Facebook’s Effort to Attract Preteens Goes Beyond Instagram Kids, Documents Show: It has investigated how to engage young users in response to competition from Snapchat, TikTok; ‘Exploring playdates as a growth lever’

  Sept. 28, 2021

  https://www.wsj.com/articles/facebook-instagram-kids-tweens-attract-11632849667?st=z7i23p6ccjedy02&reflink=desktopwebshare_permalink

Work from Home

• Is Complacency the Biggest Cyber Threat?

  Sept 1, 2021

  https://www.infosecurity-magazine.com/blogs/complacency-biggest-cyber-threat/

• IT security starts with knowing your assets: Asia-Pacific

  A new, well-organized breed of hacker and the fast-evolving nature of technology are forcing organizations to consider multiple ways of minimizing threat exposure.

  Sept 8, 2021

  https://www.technologyreview.com/2021/09/08/1034328/it-security-starts-with-knowing-your-assets-asia-pacific/

• Many employees working from home see cybersecurity as a hindrance: Report

  Sept 10, 2021

  https://www.itworldcanada.com/article/many-employees-working-from-home-see-cybersecurity-as-a-hindrance-report/458160

• Working From Home Brings New Cybersecurity Challenges as Workers Commonly Bypass Inconvenient Measures

  Sept 17, 2021

  https://www.cpomagazine.com/cyber-security/working-from-home-brings-new-cybersecurity-challenges-as-workers-commonly-bypass-inconvenient-measures/

• What Are The Cybersecurity Threats With Work-From-Home?

  Sept 21, 2021

  https://marketscale.com/industries/industrial-iot/what-are-the-cybersecurity-threats-with-work-from-home/

• COVID-19's Positive Impact on Cybersecurity

• How CISOs Can Improve Security in the New Normal

  Sept 23, 2021

  https://www.bankinfosecurity.com/blogs/covid-19s-positive-impact-on-cybersecurity-p-3114

• 3 Cybersecurity Lessons for Working-From-Home as Enterprises Prepare for New Hybrid Era

  Sept 28, 2021

  https://www.cpomagazine.com/cyber-security/3-cybersecurity-lessons-for-working-from-home-as-enterprises-prepare-for-new-hybrid-era/

August 2021 Security, Privacy and Compliance News

Artificial Intelligence (AI) & Machine Learning

• US Senators Are Concerned About Amazon Storing Palm Signatures in the Cloud. How exactly is Amazon ensuring our biometric data never leaks?

  August 13, 2021

  https://www.pcmag.com/news/us-senators-are-concerned-about-amazon-storing-palm-signatures-in-the-cloud

Biometrics

• US Senators Are Concerned About Amazon Storing Palm Signatures in the Cloud

  August 13, 2021

  https://www.pcmag.com/news/us-senators-are-concerned-about-amazon-storing-palm-signatures-in-the-cloud

COVID-19

• Fake Covid Vaccination Cards Are on the Rise in the U.S., Europe – WSJ

  August 7, 2021

  https://www.wsj.com/articles/fake-covid-vaccination-cards-are-on-the-rise-in-the-u-s-europe-11628341203

• Hospitals try to stamp down COVID-19 misinformation as it grows globally: 6 things to know

  August 24th, 2021

  https://www.beckershospitalreview.com/digital-marketing/hospitals-try-to-stamp-down-covid-19-misinformation-as-it-grows-globally-6-things-to-know.html

Cyber Attacks

• Microsoft catches hackers using Morse Code to help cover their tracks.

  August 12

  https://www.cyberscoop.com/morse-code-microsoft-phishing/

• Peterborough, N.H. Loses $2.3 Million To Cyber Criminals. “Town officials say the theft came in two parts. First, thieves posed as local school district staff, using forged documents and email accounts to access a million-dollar transfer from the town to the district. The town says it then notified the U.S. Secret Service and a cyber security consulting firm through its liability coverage. Several weeks later, thieves used the same approach to steal a payment intended for contractors working on the Main Street Bridge project.”

  August 23, 2021

  https://www.nhpr.org/nh-news/2021-08-23/peterborough-nh-loses-2-3-million-to-cyber-criminals

• Attack on AWS S3 via SSRF. “This article is based on a true incident that happened with Capital One, where almost 106 million customer accounts were breached. Paige Thompson was accused of the following incident. We are going to understand how the attack happened and where the vulnerability resides so that you can find and report similar in your next voyage to safely secure the firms.”

  August 24, 2021

  https://sagartiwari1220.medium.com/attack-on-aws-s3-via-ssrf-c047c3a7edde

• Cyber Attacks on IoT Devices Are Growing at Alarming Rates [Encryption Digest 64]

  August 6, 2021

  https://www.venafi.com/blog/cyber-attacks-iot-devices-are-growing-alarming-rates-encryption-digest-64

DBOMs, SBOMs, CBOMs & Other Types of BOMs

• Can A.I. Outwit Your Buying Habits? In a bid to fight inflation, more firms are turning to computerized pricing. Will it affect customer loyalty?

  August 26, 2021

  https://www.kornferry.com/insights/this-week-in-leadership/can-ai-outwit-your-buying-habits?

• Software supply chains and security - will the Software Bill of Materials approach work?

  August 3, 2021

  https://www.computing.co.uk/opinion/4035288/software-supply-chains-security-software-materials-approach

• Software supply chains and security - will the Software Bill of Materials approach work?

  August 3, 2021

  https://www.techinvestornews.com/https://www.techinvestornews.com/Tech-News/Latest-Headlines/software-supply-chains-and-security-will-the-software-bill-of-materials-app

• Black Hat insights: How to shift security-by-design to the right, instead of left, with SBOM, deep audits.

  August 5, 2021

  https://securityboulevard.com/2021/08/black-hat-insights-how-to-shift-security-by-design-to-the-right-instead-of-left-with-sbom-deep-audits/

• The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity! With special guest Chris Blask, inventor of the Digital Bill of Materials (DBOMs).

  Data Security & Privacy with the Privacy Professor

  August 7, 2021

  https://www.voiceamerica.com/episode/132723/the-bom-episode-dboms-sboms-andsupply-chain-cybersecurity

War Impacts on Cybersecurity & Privacy

• Sensitive government data could be another casualty of Afghan pullout. “The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government's highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls. But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.”

  August 17, 2021

  https://www.washingtonpost.com/politics/2021/08/17/cybersecurity-202-sensitive-government-data-could-be-another-casualty-afghan-pullout/

Social Media

• German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”

  Aug 23, 2021

  https://www.washingtonpost.com/context/marshall-fund-study-on-facebook-interactions/ee1f6c5a-3697-4959-841f-181be59750fa/?

Privacy Notices / Policies Updates

• Reddit User Agreement, Privacy Policy, and Premium and Virtual Goods Agreement were updated.

  They will take effect “after September 12.”

  https://www.redditinc.com/policies/user-agreement

  https://www.redditinc.com/policies/privacy-policy

  https://www.redditinc.com/policies/premium-and-virtual-goods-agreement

National and International Cybersecurity & Privacy

• US, Singapore Sign Cybersecurity Agreements. Nations Agree to Collaborate on Information Sharing, Training

  August 23, 2021

  https://www.bankinfosecurity.com/us-singapore-sign-cybersecurity-agreements-a-17349?

Disinformation, Misinformation and Conspiracies

• Russian Disinformation Targets Vaccines and the Biden Administration. A new campaign appears to be spreading falsehoods about the potential for forced inoculations against Covid-19.

  August 5, 2021

  https://www.nytimes.com/2021/08/05/us/politics/covid-vaccines-russian-disinformation.html?smid=em-share

• Homeland Security warns of potential conspiracy theory-fueled violence in August.

  August 9, 2021

  https://www.cnn.com/2021/08/06/politics/homeland-security-warning-political-conspiracy-threat-violence/index.html

• Facebook pulls down fake accounts that spread COVID-19 vaccine disinformation. The social network says the operation was based in Russia and posted about the AstraZeneca and Pfizer COVID-19 vaccines.

  August 10, 2021

  https://www.cnet.com/news/facebook-pulls-down-fake-accounts-that-spread-covid-19-vaccine-disinformation/

Laws, Legal Compliance & Penalties

• Enhanced Drug Distribution Security at the Package Level Under the Drug Supply Chain Security Act; Draft Guidance for Industry; Availability; Extension of Comment Period. A Notice by the Food and Drug Administration. FDA is extending the comment period for the notice of availability published on June 4, 2021 (86 FR 30053).

  August 3, 2021

  https://www.federalregister.gov/documents/2021/08/03/2021-16522/enhanced-drug-distribution-security-at-the-package-level-under-the-drug-supply-chain-security-act

• Industry, FDA Advance Drug Supply-Chain Security Plan

  August 4, 2021

  https://www.dcatvci.org/7262-industry-fda-advance-drug-supply-chain-security-plan

Privacy Notices and Policies

• John Deere privacy notice. No date on the notice.

  ???

  https://www.deere.com/assets/pdfs/common/privacy-and-data/mjd-privacy-notice/mjd-privacy-notice_r2_5.25.18_en_EN.pdf

• U.S. FTC says Facebook misused privacy decree to shut down ad research.

  August 5, 2021

  https://finance.yahoo.com/news/u-ftc-says-facebook-misused-011828449.html

• WhatsApp privacy policy: The controversy so for alarming the need of data protection law in India

  August 9, 2021

  https://www.devdiscourse.com/article/technology/1685916-whatsapp-privacy-policy-the-controversy-so-for-alarming-the-need-of-data-protection-law-in-india

Tracking and Surveillance

• Uber asked contractor to allow video surveillance in employee homes, bedrooms. Employee contract lets company install video cameras in personal spaces.

  August 9, 2021

  https://arstechnica.com/tech-policy/2021/08/uber-asked-contractor-to-allow-video-surveillance-in-employee-homes-bedrooms/

Ransomware

• Accenture report shows volume of cyber-intrusion activity globally jumped 125%. The security company found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.

  August 4, 2021

  https://www.zdnet.com/article/volume-of-cyber-intrusion-activity-globally-jumped-125-accenture/

• Accenture says Lockbit ransomware attack caused 'no impact'. The IT giant was listed on Lockbit's leak website, and the group said the data came from an "insider", but there was 'no impact' on operations or clients.

  August 11, 2021

  https://www.zdnet.com/article/accenture-says-lockbit-ransomware-attack-caused-no-impact-on-operations-or-clients/

• Ransomware: These four rising gangs could be your next major cybersecurity threat. Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses.

  August 25, 2021

  https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

• Kaseya ransomware attack sets off race to hack service providers -researchers

  August 3, 2021

  https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

• A Silicon Valley VC firm with $1.8B in assets was hit by ransomware

  August 3, 2021

  https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/

• Ransomware is a growing threat: US companies and infrastructure providers need to be ready

  August 4, 2021

  https://thehill.com/opinion/cybersecurity/566409-ransomware-is-a-growing-threat-us-companies-and-infrastructure

• White House cyber official says 'commitment' by ransomware gang suggests Biden's warnings are being heard

  August 4, 2021

  https://www.cnn.com/2021/08/04/politics/neuberger-ransomware-blackmatter/index.html

• Joplin: City computer shutdown was ransomware attack

  August 5, 2021

  https://www.theintelligencer.com/news/article/Joplin-City-computer-shutdown-was-ransomware-16367782.php

• Joplin, Missouri, says cybersecurity incident was due to ransomware. Small and mid-sized city government agencies being increasingly targeted.

  August 5, 2021

  https://www.koamnewsnow.com/joplin-says-cybersecurity-incident-was-due-to-ransomware/

• U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats. Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure

  August 5, 2021

  https://www.wsj.com/articles/u-s-taps-amazon-google-microsoft-others-to-help-fight-ransomware-cyber-threats-11628168400?st=5to10pol4fa3rff&reflink=desktopwebshare_permalink

• CISA launches new initiative to combat ransomware

  August 5, 2021

  https://fcw.com/articles/2021/08/05/cisa-jcdc-ransomware-cyber.aspx?m=1

• 7 Steps to Prevent Ransomware. With attacks on the rise, CUs must consider the operational and financial implications of being held hostage by ransomware.

  August 6, 2021

  https://www.cutimes.com/2021/08/06/7-steps-to-prevent-ransomware/?slreturn=20210707153755

• Ransomware payments surge by 82%. Latest Unit 42 figures confirm the ransomware crisis continues to intensify, with the rise of quadruple extortion

  August 9, 2021

  https://www.strategic-risk-europe.com/home/ransomware-payments-surge-by-82/1438419.article

• Hackers reportedly threaten to leak data from Gigabyte ransomware attack. They reportedly claim to have 112GB of AMD, Intel, and other documents.

  August 9, 2021

  https://www.theverge.com/2021/8/9/22616882/gigabyte-technologies-ransomware-attack-data-leak-112-gb-ransomexx

Tech and Career Trends

• Big Tech Is Coming to Small-Town America, But There's a Catch. "The drive in these big tech companies is to get the workers off their books and have someone [contracted] managing, hiring and firing them."

  August 4, 2021

  https://time.com/6085525/big-tech-data-centers/

Vendor, Third Party and Supply Chain Management

• Cyber Security and the Digital Supply Chain!

  August 1, 2021

  https://supplychaingamechanger.com/cyber-security-and-the-digital-supply-chain/

• 5 Key Questions When Evaluating Software Supply Chain Security. Knowing what to ask a potential supplier can minimize risks associated with third-party software vulnerabilities and breaches.

  August 2, 2021

  https://www.darkreading.com/edge-articles/5-key-questions-when-evaluating-software-supply-chain-security

• DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says

  August 2, 2021

  https://ctovision.com/dods-supply-chain-security-should-be-strategic-priority-congressional-task-force-says/

• Five Developments in ICT Supply Chain Security in July

  August 3, 2021

  https://www.rstreet.org/2021/08/03/five-developments-in-ict-supply-chain-security-in-july/

• Supply chain attacks are getting worse, and you are not ready for them. EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough.

  August 3, 2021

  https://www.zdnet.com/article/supply-chain-attacks-are-getting-worse-and-you-are-not-ready-for-them/

• Supply Chain Security: “The Government is Not Going to Fix This”

  August 4, 2021

  https://duo.com/decipher/supply-chain-security-the-government-is-not-going-to-fix-this

• Supply Chain Security – Not As Easy As it Looks

  August 6, 2021

  https://securityboulevard.com/2021/08/supply-chain-security-not-as-easy-as-it-looks/

• 11 Tactics to Prevent Supply Chain Attacks (Highly Effective)

  August 7, 2021

  https://www.upguard.com/blog/how-to-prevent-supply-chain-attacks

Honors, Recognitions, and Other Callouts to Rebecca Herold and/or Privacy & Security Brainiacs

• 200 Cybersecurity Influencers On Twitter Making a Difference in 2021. Our CEO, Rebecca Herold, is on the list! From Perimeter 81. “We’ve compiled the largest list of cybersecurity influencers on Twitter to date. 200 amazing and inspiring people that are making the interconnected world a safer place. The list includes hackers, journalists, founders, service providers, and industry thought leaders from all across the globe.”

  August 2, 2021

  https://www.perimeter81.com/blog/people-in-cyber/200-cybersecurity-influencers-twitter?

July 2021 Security, Privacy and Compliance News

Apps

• Crypto mining scams targeting tens of thousands of victims using hundreds of android apps. “Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps.”

  July 7, 2021

  https://www.securitymagazine.com/articles/95602-crypto-mining-scams-targeting-tens-of-thousands-of-victims-using-hundreds-of-android-apps

• Google requires app developers to use 2FA — boosting Android security. “Google is introducing two new measures to improve security on the Play Store, requiring Android app developers to use two-factor authentication (2FA) and additional identification requirements.”

  July 7, 2021

  https://www.laptopmag.com/news/google-requires-app-developers-to-use-2fa-boosting-android-security

• Reduce open source software risks in your supply chain

  July 12, 2021

  https://securityboulevard.com/2021/07/reduce-open-source-software-risks-in-your-supply-chain/

• Ring beefs up security for its video devices and apps. End-to-end video encryption is finally getting a full rollout, along with a handful of other security measures.

  July 13, 2021

  https://www.cnet.com/home/security/ring-beefs-up-security-for-its-video-devices-and-apps/

• Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet. Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.

  July 14, 2021

  https://threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/

• The Android apps on your phone each have 39 security vulnerabilities on average. And it's not just games, but important stuff like banking and payment apps.

  July 20, 2021

  https://www.zdnet.com/article/the-android-apps-on-your-phone-each-have-39-security-vulnerabilities-on-average/

• 10 Tech Experts Share Their Selections For Security-Forward Messaging Apps.

  July 20, 2021

  https://www.forbes.com/sites/forbestechcouncil/2021/07/20/10-tech-experts-share-their-selections-for-security-forward-messaging-apps/?sh=67052fad11ba

• Securing UX in Open Banking Apps. “Customer consent is the basis of building trust between a business and a user. The open banking industry won’t be able to reach its predicted size of $43.15 billion by 2026 if customers don’t believe the platforms are trustworthy.”

  July 22, 2021

  https://securityboulevard.com/2021/07/securing-ux-in-open-banking-apps/

Data Management

• The Physicality Of Data And The Road To Personal Data Ownership.

  July 2, 2021.

  https://www.forbes.com/sites/forbestechcouncil/2021/07/02/the-physicality-of-data-and-the-road-to-personal-data-ownership/?sh=4bc559671bc0

Laws, Legal Compliance & Penalties

• HIPAA: Controlling Access to ePHI: For Whose Eyes Only? Summer 2021 Cybersecurity Newsletter

  July 14, 2021

  https://www.hhs.gov/sites/default/files/controlling-access-ephi-newsletter.pdf

• 50-State Survey of Health Care Information Privacy Laws. From Seyfarth Law Firm.

  July 2021.

  https://www.seyfarth.com/images/content/7/7/v2/77459/50-State-Survey-of-Health-Care-Information-Privacy-Laws.pdf

• Almost Two-Thirds Of Firms Are Not In Full Compliance With Privacy Laws.

  July 21, 2021

  https://www.mediapost.com/publications/article/365289/data-snails-almost-two-thirds-of-firms-are-not-in.html

Misinformation

• The Technology 202: Chinese disinformation "much more subtle, much more insidious" than Moscow's, former cyber chief warns

  July 30 2021

  https://www.washingtonpost.com/politics/2021/07/30/technology-202-chinese-disinformation-much-more-subtle-much-more-insidious-than-moscow-former-cyber-chief-warns/

Ransomware

• CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack.

  July 4, 2021

  https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

Vendor, Third Party and Supply Chain Management

• Up to 1500 businesses affected by Kaseya supply chain ransomware attack

  July 6, 2021

  https://www.securitymagazine.com/articles/95597-up-to-1500-businesses-affected-by-kaseya-supply-chain-ransomware-attack

• Bill targets supply chain security training

  July 6, 2021

  https://homelandprepnews.com/stories/70904-bill-targets-supply-chain-security-training/

• REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya

  July 7, 2021

  https://securityintelligence.com/posts/revil-ransomware-kaseya-supply-chain-attack/

• Making cities naturally safe from supply chain shocks

  July 7, 2021

  https://news.nau.edu/nature-supply-chain-shocks/#.YQVyAI5Kg6Y

• Non-profit Global Business Alliance launches supply chain subsidiary

  July 13, 2021

  https://www.scmagazine.com/news/legislation/non-profit-global-business-alliance-launches-supply-chain-subsidiary

• Senate Panel Approves K-12 Cyber Protection, Supply Chain Security Bills

  July 14, 2021

  https://www.meritalk.com/articles/senate-panel-approves-k-12-cyber-protection-supply-chain-security-bills/

• Homeland Security orders pipeline operators to beef up cybersecurity to protect fuel supply chain

  July 20, 2021

  https://cdllife.com/2021/homeland-security-orders-pipeline-operators-to-beef-up-cybersecurity-to-protect-fuel-supply-chain/

• House E&C Approves Cyber, Supply Chain Bills

  July 22, 2021

  https://www.meritalk.com/articles/house-ec-approves-cyber-supply-chain-bills/

• House task force pushes Pentagon to wean itself off Chinese sources

  July 22, 2021

  https://federalnewsnetwork.com/defense-main/2021/07/house-task-force-pushes-pentagon-to-wean-itself-of-chinese-sources/

• Lack of cyber in Australian supply chain resilience plan has IBM concerned. The federal government on Thursday received the Productivity Commission's final report on vulnerable supply chains, which the likes of IBM hope will contain more focus on 'cyber' than its interim report did.

  July 22, 2021

  https://www.zdnet.com/article/cyber-is-lacking-in-australias-supply-chain-resilience-plan/

• DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says

  July 23, 2021

  https://www.nextgov.com/cybersecurity/2021/07/dods-supply-chain-security-should-be-strategic-priority-congressional-task-force-says/183997/

• Supply Chain Security Market worth $1,227 million by 2026

  July 23, 2021

  https://www.prnewswire.com/news-releases/supply-chain-security-market-worth-1-227-million-by-2026--exclusive-report-by-marketsandmarkets-301340133.html

• GitHub boosts supply chain security for Go modules. Go is now one of the most popular programming languages on the platform.

  July 23, 2021

  https://www.zdnet.com/article/github-boosts-supply-chain-security-for-go-modules/

• 2021 breaches illustrate cybersecurity as an urgent critical infrastructure priority

  July 29, 2021

  https://federalnewsnetwork.com/commentary/2021/07/2021-breaches-illustrate-cybersecurity-as-an-urgent-critical-infrastructure-priority/

• Why Supply Chain Security Affects Organizations Everywhere?

  July 29, 2021

  https://techbullion.com/why-supply-chain-security-affects-organizations-everywhere/

• The global supply chain security market size is projected to grow from USD 903 million in 2021 to USD 1,227 million by 2026, at a Compound Annual Growth Rate (CAGR) of 6.3%

  July 30, 2021

  https://finance.yahoo.com/news/global-supply-chain-security-market-165200192.html

Useful Links

• Regulations.gov: Make a difference. Submit your comments and let your voice be heard.

  https://www.regulations.gov

June 2021 Security, Privacy and Compliance News

Apps

• What You Should Know About Voilà, the Latest Viral Selfie App. Before you use it to cartoonify your face, consider the risks to your data.

https://www.wired.com/story/voila-cartoonify-face-privacy-security

• Lots of apps use your personal contacts. Few will tell you what they do with them.

https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/

Artificial Intelligence (AI) & Machine Learning

• AI: The efforts to make text-based AI less racist and terrible

Researchers try different approaches to solve problem of amplifying negative stereotypes.

https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible

• AI: Microsoft president: Orwell’s 1984 could happen in 2024

https://www.bbc.com/news/technology-57122120

• ‘Nobody is catching it’: Algorithms used in health care nationwide are rife with bias

https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/

• Experts Doubt Ethical AI Design Will Be Broadly Adopted as the Norm Within the Next Decade

A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life

https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro

• Facebook, Michigan State Develop Deepfake Detection Technique

Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’

June 16, 2021

https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink

Authentication Security & Privacy

• You Might Want to Audit Your LAPS Permissions....

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785

Critical Infrastructure Cybersecurity

• Safe To Drink? Cyber Attacks And The Water Supply: What You Need To Know | A Conversation With Bryson Bort | Your Everyday Cyber With Limor Kessem And Diana Kelley

https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi

• 50,000 security disasters waiting to happen: The problem of America's water supplies

"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.

https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206

Cybercrime, Cyberattacks and Cyber Warfare

• School districts say cyber security attacks are a growing risk

https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk

• Toronto hospital working to restore systems after being struck by cyber attack

https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html

Data Anonymization, De-Identification, etc.

• Researchers flag privacy risks with de-identified health data

Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.

Jun 17, 2021

https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1

Data Brokes and related Privacy and Security

• Inside the Industry That Unmasks People at Scale

Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.

https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii

Data Leaks and Breaches

• Billions of emails and passwords appear in largest data leak ever; consumers should change passwords

https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords

• CVS Health Faces Data Breach,1B Search Records Exposed June 21, 2021

Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.

https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed

DBOMs, SBOMs, CBOMs & Other Types of BOMs

• Supply Chain Security Awareness Part 3: How to Fend Off Supply Chain Risks - June 10, 2021

https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks

• Pathway to an Assured Supply Chain – June 6, 2021

https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf

Disposal Security

• Physical information security, privacy, and legal news out of Iowa! "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.

• This is a significant issue that #InformationAssurance practitioners must consider: How #WorkFromHome employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

Encryption

• The Cybersecurity 202: The Justice Department is racking up wins despite encryption concerns

https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/

• The FBI's Anom Stunt Rattles the Encryption Debate

The agency spent years running a secure phone network for criminals. So much for “going dark.”

https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/

Facial Recognition

• Blog: Information Commissioner’s Opinion addresses privacy concerns on the use of live facial recognition technology in public places. A blog by Elizabeth Denham, UK Information Commissioner

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/

• ICO watchdog 'deeply concerned' over live facial recognition

https://www.bbc.com/news/technology-57504717

• Facial Recognition: Facial Recognition Failures Are Locking People Out of Unemployment Systems

ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.

https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems

• Baltimore May Soon Ban Facial Recognition for Everyone but Cops

The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.

https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops

• Lawmakers Re-Introduce Bill That Would Ban Facial-Recognition Technology

The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress

June 16, 2021

https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink

Hacking

• They Hacked McDonald’s Ice Cream Machines—and Started a Cold War. Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.

“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.

“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””

https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war

• Hacker removes files from New Mexico hospital's computers, exposes 69,000 patients' info

https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html

Insider Threat

• Security Firm COO Charged in Attack on Medical Center

Experts Say Odd Case Offers Forewarning to Others

https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866

Laws, Legal Compliance & Penalties

• Amazon may face $425 million fine over alleged EU privacy violations. Luxembourg’s regulator has proposed what would be the largest ever fine under EU privacy laws.

https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505

• Schrems-II and International data transfers
• https://www.datarainbow.eu/schrems-ii-and-international-data-transfers/ Mid-June 2021
• Lawmakers Unveil Cybersecurity Legislation

Bills Address Criminal Penalties, School District Protection and More

June 21, 2021

https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918

• First American Financial's SEC Breach Settlement: $488,000

SEC: Executives Left in Dark About Vulnerability in File-Sharing System

June 21, 2021

https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912

Miscellaneous

• German firm's air taxi aims to be operational for Paris 2024 Olympics June 21, 2021

https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21

Misinformation

• 5 Ways For Seniors To Protect Themselves From Online Misinformation - June 12, 2021

https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation

• Why Generation Z falls for online misinformation. We can all learn from how today’s young people evaluate truth online. - June 30, 2021

https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/

• Technology companies testing anti-misinformation accuracy prompts developed by MIT research team – June 1, 2021

https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team

• Punitive laws are failing to curb misinformation in Africa. Time for a rethink. June 24, 2021

https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961

Ransomware

• C-suites adapt to ransomware as a cost of doing business

https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/

• Cybereason: 80% of orgs that paid the ransom were hit again

https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/

• Ransomware: Ukraine arrests ransomware gang in global cybercriminal crackdown

https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1

Software and Firmware Security

• How Software Is Eating the Car

The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?

https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car

• Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

June 18, 2021

https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/

• A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable 06.24.2021

Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.

https://www.wired.com/story/dell-firmware-vulnerabilities/

• Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise - June 30, 2021

https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

• Firmware security requires firm supply chain agreements - June 17, 2021

https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements

Tracking and Surveillance

• Genomic Surveillance for SARS-CoV-2 June 17, 2021

https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html

• China’s tech workers pushed to their limits by surveillance software

Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash

JUNE 15 2021

https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7

• Surveillance city: NYPD can use more than 15,000 cameras to track people using facial recognition in Manhattan, Bronx and Brooklyn - 3 June 2021

https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/

Voting and Elections Security

• Ohio Decides to ‘Air Gap’ Votes

https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes

Wearables and Implants

• Skin Displays Will Give Wearables Their Independence. When the display’s on your skin, you can leave your smartphone in your pocket

https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence

Work from Home, School from Home & Mobile Computing

• "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

• Researchers offer advice on how to block WFH employees from downloading pirated software

https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/

• Deloitte tells staff they can work from home forever

https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/

Articles by or including Rebecca

• Standardizing Patient Addresses: Privacy, Security Issues

HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021

https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894

Useful Links:

• Useful Link: EUROPEAN DATA PROTECTION SUPERVISOR

https://edps.europa.eu/_en

We are happy to report that, for the 14th year in a row, through three different governors of two different political parties, we’ve worked with the Iowa Governor’s office annually to support the formal proclamations of Iowa Data Privacy on January 28th! The Iowa holiday is held in conjunction with International Data Privacy Day.