PSB Monthly News

Curated news for professionals, and the general public, about topics that are helpful for them to know, and that can help to prevent security incidents and privacy breaches not only at work, but also away from work!

August 2021 Security, Privacy and Compliance News

Artificial Intelligence (AI) & Machine Learning

Biometrics

COVID-19

Cyber Attacks

DBOMs, SBOMs, CBOMs & Other Types of BOMs

War Impacts on Cybersecurity & Privacy

Social Media

  • German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”

    Aug 23, 2021

    https://www.washingtonpost.com/context/marshall-fund-study-on-facebook-interactions/ee1f6c5a-3697-4959-841f-181be59750fa/?

Privacy Notices / Policies Updates

National and International Cybersecurity & Privacy

Disinformation, Misinformation and Conspiracies

Laws, Legal Compliance & Penalties

Privacy Notices and Policies

Tracking and Surveillance

Ransomware

Tech and Career Trends

Vendor, Third Party and Supply Chain Management

Honors, Recognitions, and Other Callouts to Rebecca Herold and/or Privacy & Security Brainiacs

July 2021 Security, Privacy and Compliance News

Apps

Data Management

IoT Security and Privacy

Laws, Legal Compliance & Penalties

Misinformation

Ransomware

Vendor, Third Party and Supply Chain Management

Useful Links

June 2021 Security, Privacy and Compliance News

Apps

https://www.wired.com/story/voila-cartoonify-face-privacy-security

https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/

Artificial Intelligence (AI) & Machine Learning

Researchers try different approaches to solve problem of amplifying negative stereotypes.

https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible

https://www.bbc.com/news/technology-57122120

https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/

A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life

https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro

Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’

June 16, 2021

https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink

Authentication Security & Privacy

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785

Critical Infrastructure Cybersecurity

https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi

"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.

https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206

Cybercrime, Cyberattacks and Cyber Warfare

https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk

https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html

Data Anonymization, De-Identification, etc.

Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.

Jun 17, 2021

https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1

Data Brokes and related Privacy and Security

Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.

https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii

Data Leaks and Breaches

https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords

Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.

https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed

DBOMs, SBOMs, CBOMs & Other Types of BOMs

https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks

https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf

Disposal Security

  • Physical information security, privacy, and legal news out of Iowa! "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.

  • This is a significant issue that #InformationAssurance practitioners must consider: How #WorkFromHome employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

Encryption

https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/

The agency spent years running a secure phone network for criminals. So much for “going dark.”

https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/

Facial Recognition

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/

https://www.bbc.com/news/technology-57504717

ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.

https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems

The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.

https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops

The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress

June 16, 2021

https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink

Hacking

“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.

“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””

https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war

https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html

Insider Threat

Experts Say Odd Case Offers Forewarning to Others

https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866

IoT Security and Privacy

https://www.nbcnews.com/news/amp/ncna1270941

https://www.washingtonpost.com/politics/2021/06/16/technology-202-amy-klobuchar-gets-personal-smart-speakers/

Smart thermostats can be remotely adjusted during periods of high energy demand.

https://www.dailydot.com/debug/texas-remote-controlled-smart-thermostats

Laws, Legal Compliance & Penalties

https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505

Bills Address Criminal Penalties, School District Protection and More

June 21, 2021

https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918

SEC: Executives Left in Dark About Vulnerability in File-Sharing System

June 21, 2021

https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912

Miscellaneous

https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21

Misinformation

https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation

https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/

https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team

https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961

Ransomware

https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/

https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/

https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1

Software and Firmware Security

The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?

https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car

June 18, 2021

https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/

Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.

https://www.wired.com/story/dell-firmware-vulnerabilities/

https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements

Tracking and Surveillance

https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html

Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash

JUNE 15 2021

https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7

https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/

Voting and Elections Security

https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes

Wearables and Implants

https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence

Work from Home, School from Home & Mobile Computing

  • "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/

https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/

Articles by or including Rebecca

HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021

https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894

Useful Links:

https://edps.europa.eu/_en