Curated news for professionals, and the general public, about topics that are helpful for them to know, and that can help to prevent security incidents and privacy breaches not only at work, but also away from work!
NEW: View our Log4J news here: https://privacysecuritybrainiacs.com/resources/news/Log4J/.
View our IoT news here: https://privacysecuritybrainiacs.com/resources/news/IoT/.
View news stories featuring Privacy & Security Brainiacs here: https://privacysecuritybrainiacs.com/resources/news/PSB-in-the-news/.
Turkish Airline Exposes Flight and Crew Info in 6.5TB Leak
A low-cost Turkish airline accidentally leaked personal information of flight crew alongside source code and flight data after misconfiguring an AWS bucket, it has emerged.
InfoSecurity Magazine
May 31 2022
https://www.infosecurity-magazine.com/news/turkish-airline-exposes-flight
Tech giants pledge $30M to boost open source software security
Carly Page. Tech Crunch.
May 16 2022
https://techcrunch.com/2022/05/16/white-house-open-source-security/
GitHub users will be required to use two-factor authentication by 2023
By the end of 2023, the widely used code repository will require contributors to utilize two-factor authentication.
May 4 2022
https://www.protocol.com/bulletins/github-open-source-software-security
Verizon 2022 DBIR Data Breach Investigations Report
May, 2022
10 Biggest Data Breaches in Finance
Edward Kost, UpGuard
May 30, 2022
https://www.upguard.com/blog/biggest-data-breaches-financial-services
50k customers caught up in Spirit Super phishing attack
Data possibly compromised after attacker overcame MFA.
Australia: IT News
May 30 2022
https://www.itnews.com.au/news/50k-customers-caught-up-in-spirit-super-phishing-attack-580647
FBI heads to Brooks County to investigate cyber attack
According to county officials, if they cannot recover the online documents then it will be a lengthy process to re-enter that data by hand.
3 News. Corpus Christi, TX.
May 26 2022
7 data breach reporting rules banks need to understand
Carter Pape. American Banker.
May 19 2022
https://www.americanbanker.com/list/7-data-breach-reporting-rules-banks-need-to-understand
The real cost of a data breach in 2022
Katie Yahnke. Field Effect.
May 3 2022
Twitter has in recent years has begun periodically requiring phone number checks for "account security." What users have not always been aware of is that these items have been added in to Twitter's internal personalized advertising system.
CPO Magazine
MAY 31 2022
Cyberattack downs Regina Public Schools' computer systems
District has not said whether any private information — if any — has been exposed
Alexander Quon · CBC News
May 26 2022
https://www.cbc.ca/news/canada/saskatchewan/regina-public-schools-cyber-attack-1.6467451
Hacker Steals $1.4 Million in NFTs From Collector In One Sweep
The scammer “hacked a father of three children under 6-years-old and a wife, and took all their hard earned money for the past 38 years accrued in a few minutes," the victim said.
Vice.
May 25 2022
Massive CPS data breach exposes records of 560,000 students, employees
The staff and student information was exposed after a CPS vendor was targeted in a ransomware attack on Dec. 1, the district said.
Nader Issa, Lauren FitzPatrick. Chicago Sun Times.
May 20 2022
Nikkei becomes latest major news outlet hit with ransomware
The Record.
May 20 2022
Lauren Kitces and Colleen Theresa Brown. Sidley Austin LLP.
April 6 2022
Data privacy, security top challenges for cloud implementation
Security Magazine
April 12 2022
Solving data privacy challenges starts with people-centric security
Organizations should focus on the people layer with the same meticulousness as they approach the network, endpoints and applications
Lucia Milică. Security Info Watch.
April 28 2022
Colorado AG Issues Guidance on Data Security Best Practices
Natasha G. Kohne, Michelle A. Reed & Melissa D. Whitaker. Akin Gump.
April 5 2022
The importance of data privacy in your organization.
Data privacy must be backed by strong cybersecurity practices
Frédéric Rivain. Tech Radar.
April 07 2022
https://www.techradar.com/features/the-importance-of-data-privacy-in-your-organization
Cyber Protections Helping To Curb Ransoms, Report Says
Heal Security.
April 7 2022
https://healsecurity.com/cyber-protections-helping-to-curb-ransoms-report-says/
Trends in privacy & data security: Looking back at 2021 and ahead to 2022
Thomson Reuters Institute
April 7 2022
The AI Placed You at the Crime Scene, but You Weren’t There
This week, we talk about the limitations of using facial recognition technology to identify suspected criminals.
March 18 2022
Russia's Killer Drone in Ukraine Raises Fears About AI in Warfare
The maker of the lethal drone claims that it can identify targets using artificial intelligence.
March 17 2022
Locked-Out Account Users Wrestle With Two-Factor Authentication. Two-factor authentication aims to keep hackers out of online accounts. It sometimes keeps their rightful owners out too.
March 9 2022
Breached! Why Data Security Law Fails and How to Improve It (Chapter 1) by Daniel J. Solove, Woodrow Hartzog :: SSRN
The importance of building in security during software development
March 14 2022
https://www.helpnetsecurity.com/2022/03/14/breaches-vulnerable-application/?web_view=true
Privacy coins are surging. Will regulatory pressure stall their stellar run? Many privacy coin developers are convinced that all the necessary mechanisms to regulate AECs are already in place.
March 27 2022
How Investors Can Keep Crypto Assets Safe
It’s too easy to lose everything. Here’s a guide to where—and how—to store digital currencies, NFTs and more.
March 18 2022
ICE Conducted Sweeping Surveillance Of Money Transfers Sent To And From The US, A Senator Says. Sen. Ron Wyden is seeking an investigation into whether the program, which obtained about 6 million records from people in several Southwest states, was constitutional.
March 8 2022
https://www.buzzfeednews.com/article/hamedaleaziz/ice-western-union-records-wyden
Sandy Hook and the Troubling Psychology of Conspiracy Theories. Deniers of the school shooting gathered in a private Facebook group. Their posts lend a window into how and why cruel rumors take off.
March 11 2022
https://www.wired.com/story/sandy-hook-psychology-conspiracy-theories
Sept 21 2020
Who's who in the cybercriminal underground
Cybercriminal groups are specializing as malware developers, initial access brokers, ransomware-as-a-service providers, data brokers, and other roles.
March 14 2022
https://www.csoonline.com/article/3653353/whos-who-in-the-cybercriminal-underground.html
Insurance industry braces for soaring payouts from war in Ukraine
Aviation underwriters fear biggest loss event in sector’s history
March 16, 2022
https://www.ft.com/content/e62df5f9-1716-4220-b583-91ba24d4cfb2
A Paranoid Person’s Guide to Preparing for Digital Danger. Russia’s attack may have you wondering what will happen if the conflict spills into cyberthreats beyond Ukraine’s borders. Here’s what you can do to ease your mind.
March 5 2022
https://www.nytimes.com/2022/03/05/your-money/cybersecurity-tips.html
Cybersecurity should be treated an Environmental, Social, and Corporate Governance (ESG) issue. Here's why | World Economic Forum
March 1 2022
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of three investigations and one matter before an Administration Law Judge related to compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Two of these cases are part of OCR’s HIPAA Right of Access Initiative, bringing the total number of these enforcement actions to twenty-seven since the initiative began. OCR created this initiative to support individuals' right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The other enforcement actions result from healthcare providers impermissibly disclosing their patients’ protected health information (PHI).
March 28 2022
Employment law still has roots in the Middle Ages. That’s terrible for workers.
March 17 2022
https://www.washingtonpost.com/outlook/2022/03/17/labor-law-middle-ages-wisconsin/
FTC Takes Action Against CafePress for Data Breach Cover Up
Commission orders e-commerce platform to bolster data security and provide redress to small businesses
March 15 2022
Italy slaps almost $22m fine on US facial recognition firm. Italy's privacy watchdog said that, despite Clearview's assertions to contrary, firm had allowed tracking of Italian citizens.
March 9 2022
https://www.thenews.com.pk/latest/940004-italy-fines-us-facial-recognition-firm
Weaponized Dirty Pipe Exploit In Action: Introduction
March 10 2022
https://www.spyderbat.com/post/weaponized-dirty-pipe-exploit-in-action
Why National Security Is a Shared Burden Between the State and the Private Sector
Plus, how geopolitical competition between the West and China could bring about the ‘splinternet.’
March 17 2022
https://current.thedispatch.com/p/why-national-security-is-a-shared
March 16 2022
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
March 16 2022
https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html
The day of techno independence. China's plan to no longer depend on the West
Fri, March 11, 2022
https://es-us.finanzas.yahoo.com/news/d%c3%ada-tecnoindependencia-plan-china-depender-031400516.html
March 10 2022
China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds
MAR 9 2022
Internet Backbone Giant Lumen Shuns .RU
March 8, 2022
https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/
Chinese hackers breached six state governments, researchers say
March 8 2022
China Hacked at Least 6 U.S. State Government Networks. A threat actor with longstanding ties to the Chinese government has targeted half a dozen state governments, research from cybersecurity giant Mandiant shows.
March 8 2022
https://gizmodo.com/china-hacked-at-least-6-u-s-state-government-networks-1848621916
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
MAR 08 2022
https://www.mandiant.com/resources/apt41-us-state-governments
How to Tell News Fact from Fiction, Even During a War. People have been sharing information about the war in Ukraine on social media without verifying it. News-literacy tactics taught in school can benefit many of us
March 5 2022
https://www.wsj.com/articles/how-to-spot-fake-news-even-during-a-war-11646434626?mod=djemfamtech
How Lapsus$, Okta attacker, typically preys on insiders
March 25 2022
Okta Says It 'Should Have Moved More Swiftly' Over Breach. Lapsus$ Gained Access to a Sitel Support Engineer's Computer Via Remote Hosting
March 24 2022
https://www.bankinfosecurity.com/okta-should-have-moved-more-swiftly-over-breach-a-18782
Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud
March 24, 2022
Okta says hackers were able to view customer data. Those customers have some big questions. The fallout from the "embarrassing" incident was somewhat limited, but there was a sizable gap in time between discovery and acknowledgment.
March 23 2022
https://www.protocol.com/bulletins/okta-hacked-customer-data
Microsoft and Okta detail the impact of recent Lapsus$ attacks. Okta said the attack only affected around 2.5 percent of its clients.
March 23 2022
https://www.engadget.com/microsoft-okta-detail-lapsus-attacks-114008836.html
Okta denies security incident as Lapsus$ group goes on a spree. The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.
March 22 2022
https://www.cybersecuritydive.com/news/okta-lapsus-breach-claims/620807/
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
March 22 2022
NHS urges orgs to apply security update for Okta Client RCE bug
February 25, 2022
Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover. New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials.
February 9 2022
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs. Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.
March 8 2022
This sneaky type of phishing is growing fast because hackers are seeing big paydays. Researchers warn about an increase in conversation hijacking emails, where hackers abuse accounts of people you trust to send you phishing links and malware.
March 16 2022
NACD Borad Talk. Eight Questions to Frame Data Privacy Discussions in the Boardroom
March 9 2022
https://blog.nacdonline.org/posts/questions-data-privacy-boardroom
February 25 2022
The ‘s First Ransomware Monetary Penalty Notice: Key Takeaways
March 15 2022
Feb 25 2022
The Original Hybrid Workers Can Teach Us How to Do It Right. Over 50 years ago, they trialed “part-time telecommuting.” The pandemic-driven model has problems, but early adopters think they can be fixed.
Feb 28 2022
Virginia lawmakers OK lifting ban on facial technology use
March 10 2022
https://apnews.com/article/technology-virginia-crime-legislature-f3f2af850745911014b950d951c3c464
Publishers will need closer ties to their audiences
Feb 23 2022
https://therebooting.substack.com/p/end-of-an-era-of-ad-targeting?s=r
What's the Most Dangerous Emerging Technology?
Feb 21 2022
https://gizmodo.com/whats-the-most-dangerous-emerging-technology-1847957403
Woman Catches Bumble Catfish After Seeing His Texts
Feb 27 2022
https://www.intheknow.com/post/woman-catches-bumble-catfish/
Signing up with a cloud provider? Don't forget to set an exit plan
It’s not simply about getting easy permission to go when it's time to part ways; it’s about IT making sure any decisions don’t complicate that eventual departure.
Feb 22 2022
https://www.computerworld.com/article/3650673/signing-up-with-a-cloud-provider-dont-forget-to-set-an-exit-plan.html?fbclid=IwAR3X-SUarw62Pjr21_ewBhllq2K8axoeQEFBSpc7qy5Pc32olWU4rcKt5K0
Hackers Sell Backdoors Into A $2 Billion Nonprofit, A Californian Hospital, And Michigan Government
Feb 23 2022
https://www.forbes.com/sites/thomasbrewster/2022/02/23/hackers-sell-access-to-a-2-billion-nonprofit-a-californian-hospital-and-michigan-government
Feb 2022
https://www.privacycompany.eu/blogpost-en/new-dpia-for-the-dutch-government-and-universities-on-microsoft-teams-onedrive-and-sharepoint-online
You’ll Never Believe It But Hillary Clinton Did Not, In Fact, Spy on Trump’s White House
Feb 15 2022
https://www.vanityfair.com/news/2022/02/donald-trump-hillary-clinton-white-house-spying
Facebook Is Going Up Against Russia
FEB 26, 2022
https://slate.com/technology/2022/02/russia-facebook-throttle-information-warfare.html
Anonymous hacked the Russian Defense Ministry and is targeting Russian companies
February 26, 2022
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine
February 26, 2022
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
Russian Government Websites Are Currently Down
The reasons for the outage are unclear at this point, but there have been similar disruptions attributed to the Russian government in recent weeks.
Feb 24 2022
https://www-vice-com.cdn.ampproject.org/c/s/www.vice.com/amp/en/article/bvnpnv/russian-government-websites-are-currently-down
Biden: ‘Prepared to Respond’ if Russia Pursues Cyberattacks Against US
Feb 24 2022
https://www.nextgov.com/cybersecurity/2022/02/biden-prepared-respond-if-russia-pursues-cyberattacks-against-us/362401/
Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack
Feb 22 2022
https://thehackernews.com/2022/02/chinese-hackers-target-taiwans.html
Feb 25 2022
https://finance.yahoo.com/news/death-offices-rise-remote-could-163146706.html
Can Data Breaches Be GOOD For Some Corporate Brands?
Jan 31 2022
The administration wants to prevent an attack on water supplies
Jan 27 2022
Regional Cyber Conflicts Could Lead to Infrastructure Attacks in 2022
Jan 25 2022
Improving cyber insurance doesn't have to be hard. Cyber policies have become a sort of Frankenstein monster, with coverages pieced together to address a growing set of property and liability risks.
Jan 28 2022
https://www.propertycasualty360.com/2022/01/28/improving-cyber-insurance-doesnt-have-to-be-hard/
CyberCube’s CEO Explains Why You Should Expect Cyber Insurance Markets to Continue to Be Difficult Over the Next Year. A hard cyber market may be the "new normal'" but greater usage of alternative risk transfer and capital flow mechanisms may soften the future landscape.
Jan 26 2022
Iowa Governor Reynolds Declares January 28 Iowa Data Privacy Day. 2022 marks the 14th consecutive year of declaration in Iowa
Jan 28 2022
Data Privacy Week – 20 Data Privacy Tips
Jan 24 2022
https://ewfblog.com/dataprivacyweek20dataprivacytips-bylynnterwoerds/
What is the quantum apocalypse and should we be scared?
Jan 27 2022
Quantum Apocalypse. Experts are warning that quantum computers could eventually overpower conventional encryption methods, a potentially dangerous fate for humanity that they’re evocatively dubbing the “quantum apocalypse.”
Jan 27 2022
https://futurism.com/the-byte/experts-warn-quantum-computing-apocalypse
A Former Hacker’s Guide to Boosting Your Online Security. More stolen personal data is available online than ever before. A man who once ran a website that prosecutors called the Amazon of stolen identity information offers his tips on the best ways to protect your data.
Jan 27 2022
https://www.propublica.org/article/a-former-hackers-guide-to-boosting-your-online-security
Request for Information: Electronic Prior Authorization Standards, Implementation Specifications, and Certification Criteria
Jan 24 2022
REWE International $9M GDPR fine a lesson in managing subsidiary risk
Jan 25 2022
Proposed State Privacy Law Update
Jan 24 2022
https://www.bytebacklaw.com/2022/01/proposed-state-privacy-law-update-jan-24-2022/
NY Fines Vision Benefits Firm $600,000 for 2020 Breach. Email Compromise Affected 2.1 Million Individuals Nationwide.
Jan 24 2022
https://www.healthcareinfosecurity.com/ny-fines-vision-benefits-firm-600000-for-2020-breach-a-18368
Country's biggest double glazing installer Safestyle UK is hit by a cyber attack as spies warn of a threat from Russian hackers linked to fears of military action against Ukraine. Safestyle UK were targeted in a ransomware attack with hackers looking for cash. It comes as cyber experts warn of Russian hacker threat over tensions in Ukraine
Jan 28 2022
HOW THE MARINE CORPS USES IT TO DEFEAT EVOLVING THREATS
JAN 28 2022
NIST PRIVACY: The NIST Privacy Engineering Program’s mission is ENGINEERING supporting the development of trustworthy information systems by creating guidelines and tools to protect individuals’ privacy PROGRAM In Action
Jan 28 2022
https://www.nist.gov/system/files/documents/2022/01/25/Privacy-Framework-2-Year-Infographic.pdf
Maturing the Privacy Impact Assessment. Privacy Impact Assessments (PIAs) have not changed dramatically over the past 20 years or so, or at least the approach to them hasn’t.
Jan 28 2022
https://nnovation.com/maturing-the-privacy-impact-assessment/
His son's school was hacked. Then the ransomware gang called him at home.
Jan 25 2022
https://news.yahoo.com/ransomware-hackers-tactic-calling-directly-110440401.html
Report: Hackers Can Flip Votes in Georgia's Voting System. According to a confidential report, hackers can alter votes by taking control of Georgia's voting system touchscreens. Despite the reported vulnerability, state election officials are staying relatively mum.
Jan 27 2022
https://www.govtech.com/security/report-hackers-can-flip-votes-in-georgias-voting-system
The app is a major source of raw location data for a multibillion-dollar industry that buys, packages, and sells people’s movements
December 6, 2021
Dec 1 2021
Directive would place agency in charge of setting policy for intelligence gleaned from social-media and commercial-data troves
Dec 10 2021
https://www.wsj.com/articles/defense-intelligence-agency-expected-to-lead-militarys-use-of-open-source-data-11639142686?st=07h3yx7rqvj3qyk&reflink=desktopwebshare_permalink
Federal program faces elimination because local agencies aren’t submitting statistics
Dec 9, 2021
Dec 1, 2021
UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers
Logging hours manually may be only recourse
Dec 15, 2021
This company was hit with ransomware, but didn't have to pay up. Here's how they did it
Cyber criminals demanded $15 million for a decryption key and sent threatening messages to staff -but this company recovered its network without paying hackers a thing.
Dec 17, 2021
Changes come a day before CEO testifies before Congress about the app’s impact on young people
Dec 7 2021
DECEMBER 3, 2021
Dec 3 2021
https://www.scmagazine.com/perspective/cybercrime/tis-the-season-of-e-retailers-and-cybercrime
December 6, 2021
https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2020-incident-based-data
Is the hybrid work going to change work as we know it? What does this mean for our future?
December 6, 2021
FBI Sting Exposes Defense Contractor’s Espionage After FSO and ISO Identified an Insider Threat
Dec 17, 2021
Dec 2 2021
DECEMBER 6, 2021
https://www.cpomagazine.com/cyber-security/5-defenses-for-5-ransomware-root-causes
DECEMBER 6, 2021
Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs.
Dec 7 2021
https://www.nytimes.com/2021/12/07/travel/biometrics-airports-security.html
DECEMBER 2ND, 2021
https://semiengineering.com/building-a-more-secure-u-s-microelectronic-design-infrastructure/
07 DEC 2021
Dec 3, 2021
https://www.zuckermanlaw.com/ftc_whistleblower_act/
Software in connected devices has little oversight. As more objects come online, that problem will snowball.
Nov 18 2021
https://www.washingtonpost.com/technology/2021/11/18/smart-home-security/
An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.
Nov. 5, 2021
https://www.wired.com/story/drone-attack-power-substation-threat/
Safety feature is also planned for Apple Watches expected in 2022, according to company documents
Nov 1, 2021
Doug Field, who left Apple for Ford in September, talks about automation, Detroit vs. Silicon Valley and the way that custom subscriptions will remake the auto industry
Nov 4 2021
More than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.
November 16, 2021
https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021
An independent cybersecurity researcher discovered a wearable device data breach that exposed the records of 61 million Apple and Fitbit users.
September 16, 2021
March 10, 2021
Nov. 5, 2021
https://californianewstimes.com/soaring-cost-of-cyber-protection-lifts-commercial-insurers/582355/
Portugal: New Law Allows Medically Assisted Procreation Through Postmortem Insemination
Nov 12, 2021
The app hurts sleep, work, relationships or parenting for about 12.5% of users, who reported they felt Facebook was more of a problem than other social media.
Nov. 5, 2021
Rising share prices in the sector reflect investors’ thirst for revenue growth above other metrics
Nov 5, 2021
November 03, 2021
8 Most Common Types of Malware Attacks
Oct 21 2021
Oct 1, 2021
https://www.kitploit.com/2021/10/certify-active-directory-certificate.html
Oct 6, 2021
Oct 9, 2021
https://www.wired.com/story/how-to-enable-tpm-secure-boot-for-windows-11/
Oct 8, 2021
Oct 7, 2021
Oct 13, 2021
https://securityaffairs.co/wordpress/123297/hacking/anti-phishing-technique.html
Oct 15, 2021
Oct 18, 2021
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/
Oct 19, 2021
https://www.techradar.com/news/icloud-hacker-stole-intimate-photos-from-hundreds-of-apple-customers
Oct 25, 2021
Oct 5, 2021
https://www.cmu.edu/news/stories/archives/2021/october/sei-cybersecurity-webcast-series.html
Oct 7, 2021
https://www.cnet.com/tech/cybersecurity-awareness-month-time-for-a-cybersafety-check/
When a Tesla employee was offered $500,000 by a cyber criminal gang to install malware on the company’s Gigafactory network last year, it indicated a new and emerging threat.
Oct 6, 2021
28 October 2021
Civil Action No.: 1:21-md-03010-PKC
Oct 22, 2021
https://storage.courtlistener.com/recap/gov.uscourts.nysd.564903/gov.uscourts.nysd.564903.152.0.pdf
Unsealed court documents say the search giant sought help from Apple, Facebook and Microsoft to "find areas of alignment."
Oct 22, 2021
https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834
Oct 22, 2021
https://www.nytimes.com/2021/10/22/technology/google-privacy-lawsuit.html
Oct. 1, 2021
https://www.jdsupra.com/legalnews/quebec-adopts-new-law-to-modernize-6487558/
Oct 7, 2021.
Oct 22, 2021
Oct 24, 2021
Oct 26, 2021
Oct 18, 2021
https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/
Oct 31, 2021
https://www.pandasecurity.com/en/mediacenter/security/what-is-killware/
Oct 22, 2021
Oct, 2021
NOTE: With quotes by Privacy & Security Brainiacs CEO, Rebecca Herold
https://issuu.com/luckbox/docs/2111-luckbox-issuu/s/13746870
Oct 4, 2021
https://fox59.com/news/johnson-memorial-health-relying-on-old-school-methods-following-cyber-attack/
Oct 06, 2021
Oct 6, 2021
https://www.rtoinsider.com/articles/28799-quarter-energy-sector-vulnerable-ransomware-report
Oct 6, 2021
https://statescoop.com/ransomware-allen-texas-school-district-email-parents/
Oct 19, 2021,
https://finance.yahoo.com/news/spycloud-report-organizations-unprepared-ransomware-100500069.htm
Oct 16, 2021
https://au.pcmag.com/mobile-apps/85338/what-is-clubhouse-the-invite-only-chat-app-explained
The safety of our digital world has reached a pivotal moment.
Oct 6, 2021
Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals
Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms
Sept 1, 2021
This WhatsApp security flaw could have let hackers access all your chats. Although WhatsApp says the exploitation of the vulnerability was only theoretical
Sept 2, 2021
OWASP shakes up web app threat categories with release of draft Top 10. The Top 10 list is a widely used guide to modern web application security threats
Sept 9, 2021 The Top 10 list is a widely used guide to modern web application security threats
Application Security a Growing Priority Among Security Pros. A Dark Reading survey finds most IT and security managers would rather wait to deploy applications than risk security flaws.
Sept 10, 2021
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Sept 15, 2021
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html
CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms.
Sept 17, 2021
Apple responds to security researcher who found multiple iOS 15 zero-day flaws [U]
Sept 27, 2021
https://9to5mac.com/2021/09/27/security-researcher-claims-3-zero-day-flaws-ios-15/
Beware! Employees of popular apps have access to your data
September 05, 2021
Sept 17, 2021
https://www.theregister.com/2021/09/17/google_app_permissions_android/
Crypto Hacks Highlight Need for More Cybersecurity
September 1, 2021
Cryptocurrency: The New Favorite for Cyber Crimes
Sept 1, 2021
https://www.mygreatlearning.com/blog/cryptocurrency-the-new-favorite-for-cyber-crimes/
No Technology is “Completely Secure”…Even the Beloved (by Many) Bitcoin!
Sept 7, 2021
https://www.linkedin.com/pulse/technology-completely-secureeven-beloved-many-bitcoin-rebecca-herold/
Japanese Crypto Exchange Robbed of $100,000,000
Sept 8, 2021
U.S. Treasury sanctions crypto exchange Suex over ransomware transactions
Sept 21, 2021
Regulating Big Tech. China outlaws cryptocurrency transactions. Russian markets and US sanctions. Approaches to resiliency.
Sept 24, 2021
Crypto Cybersecurity. How Safe Are Your Assets. DailyCoin Investigated
Sept 27, 2021
Senators aim to increase oversight of cryptocurrency mining with new bill
Sept 27, 2021
What is Cryptomining and how can it affect Cybersecurity?
Sept 28, 2021
How Hackers Use Our Brains Against Us
Cybercriminals take advantage of the unconscious processes that we all use to make decision making more efficient. Blame it on our ‘lizard brains.’
Sept 7, 2021
The Latest Cybersecurity Threat: Pay Us or We Release the Data
These attacks are a lot more complicated—and potentially more costly
Sept 7, 2021
Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
Chief security adviser Roger Halbheer says best protection is to 'get off AD FS'
Sept 28, 2021
https://www.theregister.com/2021/09/28/active_directory_foggyweb_malware/
Sept 9, 2021
How Cyber Liability Insurance Can Rescue A Small Business
Sept 10, 2021
https://www.forbes.com/advisor/business-insurance/cyber-liability-insurance/
Insurance Coverage for Cyberattacks?
Sept 13, 2021
https://www.jdsupra.com/legalnews/insurance-coverage-for-cyberattacks-1619600/
Cyber insurance may not be making companies more secure
Sept 14, 2021
Coalition Raises $205M to Combine Cyber Insurance, Security Tools
Sept 28, 2021
Microsoft and At-Bay partner to offer data-driven cyber insurance coverage
Sept 29, 2021
https://finance.yahoo.com/news/microsoft-bay-partner-offer-data-160000007.html
Microsoft warns of a Windows zero-day security hole that is being actively exploited
Sept 9, 2021
Do you own an iPhone or iPad? Update your Apple devices right now.
Sept 13, 2021
Apple issues urgent iPhone software update to address critical spyware vulnerability
Sept 14, 2021
https://www.cnn.com/2021/09/13/tech/apple-iphone-spyware-vulnerability-fix/index.html
5th September 2021
https://www.bbc.com/future/article/20210903-how-covid-19-could-finally-be-the-end-of-the-fax-machine
Wells Fargo Fined $250 Million for Problems in Its Mortgage Business: The OCC said lender has failed to fix issues first identified in 2018
Sept 9, 2021
A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room: If you're worried about privacy, it might be time to cover up your front door's peephole.
Sept 8, 2021
https://gizmodo.com/a-single-laser-fired-through-a-keyhole-can-expose-every-1847638281
Ransomware gang threatens to leak data if victim contacts FBI, police
Sept 7, 2021
U.S. to Target Crypto Ransomware Payments With Sanctions: Biden administration hopes to disrupt digital finance infrastructure that facilitates ransomware cyberattacks, a threat traced to Russia
Sept 17, 2021
Energy, utility sectors feel ‘most exposed’ to cybersecurity threats, survey finds.
Companies in the utilities and energy sector feel the most exposed to cyberthreats, according to 40% of Beazley respondents. There have been a number of attacks in that space, including a ransomware attack in May that forced Colonial Pipeline to shut down the largest refined products pipeline system in the United States. The company made a payment of roughly $4.4 million in bitcoin ransom to aid a swift recovery.
Sept 20, 2021
https://www.utilitydive.com/news/beazley-cyber-insurance-technology-risk/606836/
Facebook Says Its Rules Apply to All. Company Documents Reveal a Secret Elite That’s Exempt. A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse
Sept 13, 2021
Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts
Sept 25, 2021
https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/
Facebook Is Making Camera Glasses, Ha Ha Oh No
Ray-Ban Stories can take photos and videos with a touch of a button and send them to your phone.Sept 9, 2021
https://www.buzzfeednews.com/article/katienotopoulos/facebook-is-making-camera-glasses-ha-ha-oh-no
Facebook’s Effort to Attract Preteens Goes Beyond Instagram Kids, Documents Show: It has investigated how to engage young users in response to competition from Snapchat, TikTok; ‘Exploring playdates as a growth lever’
Sept. 28, 2021
Is Complacency the Biggest Cyber Threat?
Sept 1, 2021
https://www.infosecurity-magazine.com/blogs/complacency-biggest-cyber-threat/
IT security starts with knowing your assets: Asia-Pacific
A new, well-organized breed of hacker and the fast-evolving nature of technology are forcing organizations to consider multiple ways of minimizing threat exposure.
Sept 8, 2021
Many employees working from home see cybersecurity as a hindrance: Report
Sept 10, 2021
Sept 17, 2021
What Are The Cybersecurity Threats With Work-From-Home?
Sept 21, 2021
How CISOs Can Improve Security in the New Normal
Sept 23, 2021
https://www.bankinfosecurity.com/blogs/covid-19s-positive-impact-on-cybersecurity-p-3114
3 Cybersecurity Lessons for Working-From-Home as Enterprises Prepare for New Hybrid Era
Sept 28, 2021
US Senators Are Concerned About Amazon Storing Palm Signatures in the Cloud. How exactly is Amazon ensuring our biometric data never leaks?
August 13, 2021
Fake Covid Vaccination Cards Are on the Rise in the U.S., Europe – WSJ
August 7, 2021
Hospitals try to stamp down COVID-19 misinformation as it grows globally: 6 things to know
August 24th, 2021
Microsoft catches hackers using Morse Code to help cover their tracks.
August 12
Peterborough, N.H. Loses $2.3 Million To Cyber Criminals. “Town officials say the theft came in two parts. First, thieves posed as local school district staff, using forged documents and email accounts to access a million-dollar transfer from the town to the district. The town says it then notified the U.S. Secret Service and a cyber security consulting firm through its liability coverage. Several weeks later, thieves used the same approach to steal a payment intended for contractors working on the Main Street Bridge project.”
August 23, 2021
https://www.nhpr.org/nh-news/2021-08-23/peterborough-nh-loses-2-3-million-to-cyber-criminals
Attack on AWS S3 via SSRF. “This article is based on a true incident that happened with Capital One, where almost 106 million customer accounts were breached. Paige Thompson was accused of the following incident. We are going to understand how the attack happened and where the vulnerability resides so that you can find and report similar in your next voyage to safely secure the firms.”
August 24, 2021
https://sagartiwari1220.medium.com/attack-on-aws-s3-via-ssrf-c047c3a7edde
Cyber Attacks on IoT Devices Are Growing at Alarming Rates [Encryption Digest 64]
August 6, 2021
Can A.I. Outwit Your Buying Habits? In a bid to fight inflation, more firms are turning to computerized pricing. Will it affect customer loyalty?
August 26, 2021
https://www.kornferry.com/insights/this-week-in-leadership/can-ai-outwit-your-buying-habits?
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
August 5, 2021
The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity! With special guest Chris Blask, inventor of the Digital Bill of Materials (DBOMs).
Data Security & Privacy with the Privacy Professor
August 7, 2021
Sensitive government data could be another casualty of Afghan pullout. “The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government's highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls. But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.”
August 17, 2021
German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”
Aug 23, 2021
Reddit User Agreement, Privacy Policy, and Premium and Virtual Goods Agreement were updated.
They will take effect “after September 12.”
https://www.redditinc.com/policies/user-agreement
https://www.redditinc.com/policies/privacy-policy
https://www.redditinc.com/policies/premium-and-virtual-goods-agreement
US, Singapore Sign Cybersecurity Agreements. Nations Agree to Collaborate on Information Sharing, Training
August 23, 2021
https://www.bankinfosecurity.com/us-singapore-sign-cybersecurity-agreements-a-17349?
Russian Disinformation Targets Vaccines and the Biden Administration. A new campaign appears to be spreading falsehoods about the potential for forced inoculations against Covid-19.
August 5, 2021
Homeland Security warns of potential conspiracy theory-fueled violence in August.
August 9, 2021
Facebook pulls down fake accounts that spread COVID-19 vaccine disinformation. The social network says the operation was based in Russia and posted about the AstraZeneca and Pfizer COVID-19 vaccines.
August 10, 2021
Enhanced Drug Distribution Security at the Package Level Under the Drug Supply Chain Security Act; Draft Guidance for Industry; Availability; Extension of Comment Period. A Notice by the Food and Drug Administration. FDA is extending the comment period for the notice of availability published on June 4, 2021 (86 FR 30053).
August 3, 2021
Industry, FDA Advance Drug Supply-Chain Security Plan
August 4, 2021
https://www.dcatvci.org/7262-industry-fda-advance-drug-supply-chain-security-plan
John Deere privacy notice. No date on the notice.
???
U.S. FTC says Facebook misused privacy decree to shut down ad research.
August 5, 2021
https://finance.yahoo.com/news/u-ftc-says-facebook-misused-011828449.html
WhatsApp privacy policy: The controversy so for alarming the need of data protection law in India
August 9, 2021
Uber asked contractor to allow video surveillance in employee homes, bedrooms. Employee contract lets company install video cameras in personal spaces.
August 9, 2021
Accenture report shows volume of cyber-intrusion activity globally jumped 125%. The security company found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.
August 4, 2021
https://www.zdnet.com/article/volume-of-cyber-intrusion-activity-globally-jumped-125-accenture/
Accenture says Lockbit ransomware attack caused 'no impact'. The IT giant was listed on Lockbit's leak website, and the group said the data came from an "insider", but there was 'no impact' on operations or clients.
August 11, 2021
Ransomware: These four rising gangs could be your next major cybersecurity threat. Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses.
August 25, 2021
Kaseya ransomware attack sets off race to hack service providers -researchers
August 3, 2021
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware
August 3, 2021
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Ransomware is a growing threat: US companies and infrastructure providers need to be ready
August 4, 2021
August 4, 2021
https://www.cnn.com/2021/08/04/politics/neuberger-ransomware-blackmatter/index.html
Joplin: City computer shutdown was ransomware attack
August 5, 2021
Joplin, Missouri, says cybersecurity incident was due to ransomware. Small and mid-sized city government agencies being increasingly targeted.
August 5, 2021
https://www.koamnewsnow.com/joplin-says-cybersecurity-incident-was-due-to-ransomware/
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats. Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure
August 5, 2021
CISA launches new initiative to combat ransomware
August 5, 2021
https://fcw.com/articles/2021/08/05/cisa-jcdc-ransomware-cyber.aspx?m=1
August 6, 2021
https://www.cutimes.com/2021/08/06/7-steps-to-prevent-ransomware/?slreturn=20210707153755
Ransomware payments surge by 82%. Latest Unit 42 figures confirm the ransomware crisis continues to intensify, with the rise of quadruple extortion
August 9, 2021
https://www.strategic-risk-europe.com/home/ransomware-payments-surge-by-82/1438419.article
Hackers reportedly threaten to leak data from Gigabyte ransomware attack. They reportedly claim to have 112GB of AMD, Intel, and other documents.
August 9, 2021
Big Tech Is Coming to Small-Town America, But There's a Catch. "The drive in these big tech companies is to get the workers off their books and have someone [contracted] managing, hiring and firing them."
August 4, 2021
Cyber Security and the Digital Supply Chain!
August 1, 2021
https://supplychaingamechanger.com/cyber-security-and-the-digital-supply-chain/
5 Key Questions When Evaluating Software Supply Chain Security. Knowing what to ask a potential supplier can minimize risks associated with third-party software vulnerabilities and breaches.
August 2, 2021
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
August 2, 2021
Five Developments in ICT Supply Chain Security in July
August 3, 2021
https://www.rstreet.org/2021/08/03/five-developments-in-ict-supply-chain-security-in-july/
Supply chain attacks are getting worse, and you are not ready for them. EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough.
August 3, 2021
https://www.zdnet.com/article/supply-chain-attacks-are-getting-worse-and-you-are-not-ready-for-them/
Supply Chain Security: “The Government is Not Going to Fix This”
August 4, 2021
https://duo.com/decipher/supply-chain-security-the-government-is-not-going-to-fix-this
Supply Chain Security – Not As Easy As it Looks
August 6, 2021
https://securityboulevard.com/2021/08/supply-chain-security-not-as-easy-as-it-looks/
11 Tactics to Prevent Supply Chain Attacks (Highly Effective)
August 7, 2021
https://www.upguard.com/blog/how-to-prevent-supply-chain-attacks
200 Cybersecurity Influencers On Twitter Making a Difference in 2021. Our CEO, Rebecca Herold, is on the list! From Perimeter 81. “We’ve compiled the largest list of cybersecurity influencers on Twitter to date. 200 amazing and inspiring people that are making the interconnected world a safer place. The list includes hackers, journalists, founders, service providers, and industry thought leaders from all across the globe.”
August 2, 2021
https://www.perimeter81.com/blog/people-in-cyber/200-cybersecurity-influencers-twitter?
Crypto mining scams targeting tens of thousands of victims using hundreds of android apps. “Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps.”
July 7, 2021
Google requires app developers to use 2FA — boosting Android security. “Google is introducing two new measures to improve security on the Play Store, requiring Android app developers to use two-factor authentication (2FA) and additional identification requirements.”
July 7, 2021
https://www.laptopmag.com/news/google-requires-app-developers-to-use-2fa-boosting-android-security
Reduce open source software risks in your supply chain
July 12, 2021
https://securityboulevard.com/2021/07/reduce-open-source-software-risks-in-your-supply-chain/
Ring beefs up security for its video devices and apps. End-to-end video encryption is finally getting a full rollout, along with a handful of other security measures.
July 13, 2021
https://www.cnet.com/home/security/ring-beefs-up-security-for-its-video-devices-and-apps/
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet. Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
July 14, 2021
https://threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/
The Android apps on your phone each have 39 security vulnerabilities on average. And it's not just games, but important stuff like banking and payment apps.
July 20, 2021
10 Tech Experts Share Their Selections For Security-Forward Messaging Apps.
July 20, 2021
Securing UX in Open Banking Apps. “Customer consent is the basis of building trust between a business and a user. The open banking industry won’t be able to reach its predicted size of $43.15 billion by 2026 if customers don’t believe the platforms are trustworthy.”
July 22, 2021
https://securityboulevard.com/2021/07/securing-ux-in-open-banking-apps/
The Physicality Of Data And The Road To Personal Data Ownership.
July 2, 2021.
HIPAA: Controlling Access to ePHI: For Whose Eyes Only? Summer 2021 Cybersecurity Newsletter
July 14, 2021
https://www.hhs.gov/sites/default/files/controlling-access-ephi-newsletter.pdf
50-State Survey of Health Care Information Privacy Laws. From Seyfarth Law Firm.
July 2021.
Almost Two-Thirds Of Firms Are Not In Full Compliance With Privacy Laws.
July 21, 2021
July 30 2021
July 4, 2021
Up to 1500 businesses affected by Kaseya supply chain ransomware attack
July 6, 2021
Bill targets supply chain security training
July 6, 2021
https://homelandprepnews.com/stories/70904-bill-targets-supply-chain-security-training/
REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
July 7, 2021
https://securityintelligence.com/posts/revil-ransomware-kaseya-supply-chain-attack/
Making cities naturally safe from supply chain shocks
July 7, 2021
https://news.nau.edu/nature-supply-chain-shocks/#.YQVyAI5Kg6Y
Non-profit Global Business Alliance launches supply chain subsidiary
July 13, 2021
Senate Panel Approves K-12 Cyber Protection, Supply Chain Security Bills
July 14, 2021
Homeland Security orders pipeline operators to beef up cybersecurity to protect fuel supply chain
July 20, 2021
House E&C Approves Cyber, Supply Chain Bills
July 22, 2021
https://www.meritalk.com/articles/house-ec-approves-cyber-supply-chain-bills/
House task force pushes Pentagon to wean itself off Chinese sources
July 22, 2021
Lack of cyber in Australian supply chain resilience plan has IBM concerned. The federal government on Thursday received the Productivity Commission's final report on vulnerable supply chains, which the likes of IBM hope will contain more focus on 'cyber' than its interim report did.
July 22, 2021
https://www.zdnet.com/article/cyber-is-lacking-in-australias-supply-chain-resilience-plan/
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
July 23, 2021
Supply Chain Security Market worth $1,227 million by 2026
July 23, 2021
GitHub boosts supply chain security for Go modules. Go is now one of the most popular programming languages on the platform.
July 23, 2021
https://www.zdnet.com/article/github-boosts-supply-chain-security-for-go-modules/
2021 breaches illustrate cybersecurity as an urgent critical infrastructure priority
July 29, 2021
Why Supply Chain Security Affects Organizations Everywhere?
July 29, 2021
https://techbullion.com/why-supply-chain-security-affects-organizations-everywhere/
July 30, 2021
https://finance.yahoo.com/news/global-supply-chain-security-market-165200192.html
Regulations.gov: Make a difference. Submit your comments and let your voice be heard.
https://www.wired.com/story/voila-cartoonify-face-privacy-security
https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/
Researchers try different approaches to solve problem of amplifying negative stereotypes.
https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible
https://www.bbc.com/news/technology-57122120
https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/
A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life
https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro
Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’
June 16, 2021
https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785
https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi
"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.
https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206
https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk
https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html
Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.
Jun 17, 2021
https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1
Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.
https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii
https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.
https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed
https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks
https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/
The agency spent years running a secure phone network for criminals. So much for “going dark.”
https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/
https://www.bbc.com/news/technology-57504717
ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.
https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems
The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.
https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops
The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress
June 16, 2021
https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink
“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.
“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war
https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html
Experts Say Odd Case Offers Forewarning to Others
https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866
https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505
Bills Address Criminal Penalties, School District Protection and More
June 21, 2021
https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918
SEC: Executives Left in Dark About Vulnerability in File-Sharing System
June 21, 2021
https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912
https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21
https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation
https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/
https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team
https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961
https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/
https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/
https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1
The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?
https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car
June 18, 2021
https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/
Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.
https://www.wired.com/story/dell-firmware-vulnerabilities/
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements
https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html
Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash
JUNE 15 2021
https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7
https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/
https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes
https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/
https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/
HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021
https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894
https://edps.europa.eu/_en