Curated news for professionals, and the general public, about topics that are helpful for them to know, and that can help to prevent security incidents and privacy breaches not only at work, but also away from work!
NEW: View our Log4J news here: https://privacysecuritybrainiacs.com/resources/news/Log4J/.
View our IoT news here: https://privacysecuritybrainiacs.com/resources/news/IoT/.
The app is a major source of raw location data for a multibillion-dollar industry that buys, packages, and sells people’s movements
December 6, 2021
Dec 1 2021
Directive would place agency in charge of setting policy for intelligence gleaned from social-media and commercial-data troves
Dec 10 2021
https://www.wsj.com/articles/defense-intelligence-agency-expected-to-lead-militarys-use-of-open-source-data-11639142686?st=07h3yx7rqvj3qyk&reflink=desktopwebshare_permalink
Federal program faces elimination because local agencies aren’t submitting statistics
Dec 9, 2021
Dec 1, 2021
UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers
Logging hours manually may be only recourse
Dec 15, 2021
This company was hit with ransomware, but didn't have to pay up. Here's how they did it
Cyber criminals demanded $15 million for a decryption key and sent threatening messages to staff -but this company recovered its network without paying hackers a thing.
Dec 17, 2021
Changes come a day before CEO testifies before Congress about the app’s impact on young people
Dec 7 2021
DECEMBER 3, 2021
Dec 3 2021
https://www.scmagazine.com/perspective/cybercrime/tis-the-season-of-e-retailers-and-cybercrime
December 6, 2021
https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2020-incident-based-data
Is the hybrid work going to change work as we know it? What does this mean for our future?
December 6, 2021
FBI Sting Exposes Defense Contractor’s Espionage After FSO and ISO Identified an Insider Threat
Dec 17, 2021
Dec 2 2021
DECEMBER 6, 2021
https://www.cpomagazine.com/cyber-security/5-defenses-for-5-ransomware-root-causes
DECEMBER 6, 2021
Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs.
Dec 7 2021
https://www.nytimes.com/2021/12/07/travel/biometrics-airports-security.html
DECEMBER 2ND, 2021
https://semiengineering.com/building-a-more-secure-u-s-microelectronic-design-infrastructure/
07 DEC 2021
Dec 3, 2021
https://www.zuckermanlaw.com/ftc_whistleblower_act/
Software in connected devices has little oversight. As more objects come online, that problem will snowball.
Nov 18 2021
https://www.washingtonpost.com/technology/2021/11/18/smart-home-security/
An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.
Nov. 5, 2021
https://www.wired.com/story/drone-attack-power-substation-threat/
Safety feature is also planned for Apple Watches expected in 2022, according to company documents
Nov 1, 2021
Doug Field, who left Apple for Ford in September, talks about automation, Detroit vs. Silicon Valley and the way that custom subscriptions will remake the auto industry
Nov 4 2021
More than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.
November 16, 2021
https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021
An independent cybersecurity researcher discovered a wearable device data breach that exposed the records of 61 million Apple and Fitbit users.
September 16, 2021
March 10, 2021
Nov. 5, 2021
https://californianewstimes.com/soaring-cost-of-cyber-protection-lifts-commercial-insurers/582355/
Portugal: New Law Allows Medically Assisted Procreation Through Postmortem Insemination
Nov 12, 2021
The app hurts sleep, work, relationships or parenting for about 12.5% of users, who reported they felt Facebook was more of a problem than other social media.
Nov. 5, 2021
Rising share prices in the sector reflect investors’ thirst for revenue growth above other metrics
Nov 5, 2021
November 03, 2021
Oct 1, 2021
https://www.kitploit.com/2021/10/certify-active-directory-certificate.html
Oct 6, 2021
Oct 9, 2021
https://www.wired.com/story/how-to-enable-tpm-secure-boot-for-windows-11/
Oct 8, 2021
Oct 7, 2021
Oct 13, 2021
https://securityaffairs.co/wordpress/123297/hacking/anti-phishing-technique.html
Oct 15, 2021
Oct 18, 2021
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/
Oct 19, 2021
https://www.techradar.com/news/icloud-hacker-stole-intimate-photos-from-hundreds-of-apple-customers
Oct 25, 2021
Oct 5, 2021
https://www.cmu.edu/news/stories/archives/2021/october/sei-cybersecurity-webcast-series.html
Oct 7, 2021
https://www.cnet.com/tech/cybersecurity-awareness-month-time-for-a-cybersafety-check/
When a Tesla employee was offered $500,000 by a cyber criminal gang to install malware on the company’s Gigafactory network last year, it indicated a new and emerging threat.
Oct 6, 2021
28 October 2021
Civil Action No.: 1:21-md-03010-PKC
Oct 22, 2021
https://storage.courtlistener.com/recap/gov.uscourts.nysd.564903/gov.uscourts.nysd.564903.152.0.pdf
Unsealed court documents say the search giant sought help from Apple, Facebook and Microsoft to "find areas of alignment."
Oct 22, 2021
https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834
Oct 22, 2021
https://www.nytimes.com/2021/10/22/technology/google-privacy-lawsuit.html
Oct. 1, 2021
https://www.jdsupra.com/legalnews/quebec-adopts-new-law-to-modernize-6487558/
Oct 7, 2021.
Oct 22, 2021
Oct 24, 2021
Oct 26, 2021
Oct 18, 2021
https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/
Oct 31, 2021
https://www.pandasecurity.com/en/mediacenter/security/what-is-killware/
Oct 22, 2021
Oct, 2021
NOTE: With quotes by Privacy & Security Brainiacs CEO, Rebecca Herold
https://issuu.com/luckbox/docs/2111-luckbox-issuu/s/13746870
Oct 4, 2021
https://fox59.com/news/johnson-memorial-health-relying-on-old-school-methods-following-cyber-attack/
Oct 06, 2021
Oct 6, 2021
https://www.rtoinsider.com/articles/28799-quarter-energy-sector-vulnerable-ransomware-report
Oct 6, 2021
https://statescoop.com/ransomware-allen-texas-school-district-email-parents/
Oct 19, 2021,
https://finance.yahoo.com/news/spycloud-report-organizations-unprepared-ransomware-100500069.htm
Oct 16, 2021
https://au.pcmag.com/mobile-apps/85338/what-is-clubhouse-the-invite-only-chat-app-explained
The safety of our digital world has reached a pivotal moment.
Oct 6, 2021
Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals
Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms
Sept 1, 2021
This WhatsApp security flaw could have let hackers access all your chats. Although WhatsApp says the exploitation of the vulnerability was only theoretical
Sept 2, 2021
OWASP shakes up web app threat categories with release of draft Top 10. The Top 10 list is a widely used guide to modern web application security threats
Sept 9, 2021 The Top 10 list is a widely used guide to modern web application security threats
Application Security a Growing Priority Among Security Pros. A Dark Reading survey finds most IT and security managers would rather wait to deploy applications than risk security flaws.
Sept 10, 2021
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Sept 15, 2021
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html
CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms.
Sept 17, 2021
Apple responds to security researcher who found multiple iOS 15 zero-day flaws [U]
Sept 27, 2021
https://9to5mac.com/2021/09/27/security-researcher-claims-3-zero-day-flaws-ios-15/
Beware! Employees of popular apps have access to your data
September 05, 2021
Sept 17, 2021
https://www.theregister.com/2021/09/17/google_app_permissions_android/
Crypto Hacks Highlight Need for More Cybersecurity
September 1, 2021
Cryptocurrency: The New Favorite for Cyber Crimes
Sept 1, 2021
https://www.mygreatlearning.com/blog/cryptocurrency-the-new-favorite-for-cyber-crimes/
No Technology is “Completely Secure”…Even the Beloved (by Many) Bitcoin!
Sept 7, 2021
https://www.linkedin.com/pulse/technology-completely-secureeven-beloved-many-bitcoin-rebecca-herold/
Japanese Crypto Exchange Robbed of $100,000,000
Sept 8, 2021
U.S. Treasury sanctions crypto exchange Suex over ransomware transactions
Sept 21, 2021
Regulating Big Tech. China outlaws cryptocurrency transactions. Russian markets and US sanctions. Approaches to resiliency.
Sept 24, 2021
Crypto Cybersecurity. How Safe Are Your Assets. DailyCoin Investigated
Sept 27, 2021
Senators aim to increase oversight of cryptocurrency mining with new bill
Sept 27, 2021
What is Cryptomining and how can it affect Cybersecurity?
Sept 28, 2021
How Hackers Use Our Brains Against Us
Cybercriminals take advantage of the unconscious processes that we all use to make decision making more efficient. Blame it on our ‘lizard brains.’
Sept 7, 2021
The Latest Cybersecurity Threat: Pay Us or We Release the Data
These attacks are a lot more complicated—and potentially more costly
Sept 7, 2021
Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
Chief security adviser Roger Halbheer says best protection is to 'get off AD FS'
Sept 28, 2021
https://www.theregister.com/2021/09/28/active_directory_foggyweb_malware/
Sept 9, 2021
How Cyber Liability Insurance Can Rescue A Small Business
Sept 10, 2021
https://www.forbes.com/advisor/business-insurance/cyber-liability-insurance/
Insurance Coverage for Cyberattacks?
Sept 13, 2021
https://www.jdsupra.com/legalnews/insurance-coverage-for-cyberattacks-1619600/
Cyber insurance may not be making companies more secure
Sept 14, 2021
Coalition Raises $205M to Combine Cyber Insurance, Security Tools
Sept 28, 2021
Microsoft and At-Bay partner to offer data-driven cyber insurance coverage
Sept 29, 2021
https://finance.yahoo.com/news/microsoft-bay-partner-offer-data-160000007.html
Microsoft warns of a Windows zero-day security hole that is being actively exploited
Sept 9, 2021
Do you own an iPhone or iPad? Update your Apple devices right now.
Sept 13, 2021
Apple issues urgent iPhone software update to address critical spyware vulnerability
Sept 14, 2021
https://www.cnn.com/2021/09/13/tech/apple-iphone-spyware-vulnerability-fix/index.html
5th September 2021
https://www.bbc.com/future/article/20210903-how-covid-19-could-finally-be-the-end-of-the-fax-machine
Wells Fargo Fined $250 Million for Problems in Its Mortgage Business: The OCC said lender has failed to fix issues first identified in 2018
Sept 9, 2021
A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room: If you're worried about privacy, it might be time to cover up your front door's peephole.
Sept 8, 2021
https://gizmodo.com/a-single-laser-fired-through-a-keyhole-can-expose-every-1847638281
Ransomware gang threatens to leak data if victim contacts FBI, police
Sept 7, 2021
U.S. to Target Crypto Ransomware Payments With Sanctions: Biden administration hopes to disrupt digital finance infrastructure that facilitates ransomware cyberattacks, a threat traced to Russia
Sept 17, 2021
Energy, utility sectors feel ‘most exposed’ to cybersecurity threats, survey finds.
Companies in the utilities and energy sector feel the most exposed to cyberthreats, according to 40% of Beazley respondents. There have been a number of attacks in that space, including a ransomware attack in May that forced Colonial Pipeline to shut down the largest refined products pipeline system in the United States. The company made a payment of roughly $4.4 million in bitcoin ransom to aid a swift recovery.
Sept 20, 2021
https://www.utilitydive.com/news/beazley-cyber-insurance-technology-risk/606836/
Facebook Says Its Rules Apply to All. Company Documents Reveal a Secret Elite That’s Exempt. A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse
Sept 13, 2021
Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts
Sept 25, 2021
https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/
Facebook Is Making Camera Glasses, Ha Ha Oh No
Ray-Ban Stories can take photos and videos with a touch of a button and send them to your phone.Sept 9, 2021
https://www.buzzfeednews.com/article/katienotopoulos/facebook-is-making-camera-glasses-ha-ha-oh-no
Facebook’s Effort to Attract Preteens Goes Beyond Instagram Kids, Documents Show: It has investigated how to engage young users in response to competition from Snapchat, TikTok; ‘Exploring playdates as a growth lever’
Sept. 28, 2021
Is Complacency the Biggest Cyber Threat?
Sept 1, 2021
https://www.infosecurity-magazine.com/blogs/complacency-biggest-cyber-threat/
IT security starts with knowing your assets: Asia-Pacific
A new, well-organized breed of hacker and the fast-evolving nature of technology are forcing organizations to consider multiple ways of minimizing threat exposure.
Sept 8, 2021
Many employees working from home see cybersecurity as a hindrance: Report
Sept 10, 2021
Sept 17, 2021
What Are The Cybersecurity Threats With Work-From-Home?
Sept 21, 2021
How CISOs Can Improve Security in the New Normal
Sept 23, 2021
https://www.bankinfosecurity.com/blogs/covid-19s-positive-impact-on-cybersecurity-p-3114
3 Cybersecurity Lessons for Working-From-Home as Enterprises Prepare for New Hybrid Era
Sept 28, 2021
US Senators Are Concerned About Amazon Storing Palm Signatures in the Cloud. How exactly is Amazon ensuring our biometric data never leaks?
August 13, 2021
Fake Covid Vaccination Cards Are on the Rise in the U.S., Europe – WSJ
August 7, 2021
Hospitals try to stamp down COVID-19 misinformation as it grows globally: 6 things to know
August 24th, 2021
Microsoft catches hackers using Morse Code to help cover their tracks.
August 12
Peterborough, N.H. Loses $2.3 Million To Cyber Criminals. “Town officials say the theft came in two parts. First, thieves posed as local school district staff, using forged documents and email accounts to access a million-dollar transfer from the town to the district. The town says it then notified the U.S. Secret Service and a cyber security consulting firm through its liability coverage. Several weeks later, thieves used the same approach to steal a payment intended for contractors working on the Main Street Bridge project.”
August 23, 2021
https://www.nhpr.org/nh-news/2021-08-23/peterborough-nh-loses-2-3-million-to-cyber-criminals
Attack on AWS S3 via SSRF. “This article is based on a true incident that happened with Capital One, where almost 106 million customer accounts were breached. Paige Thompson was accused of the following incident. We are going to understand how the attack happened and where the vulnerability resides so that you can find and report similar in your next voyage to safely secure the firms.”
August 24, 2021
https://sagartiwari1220.medium.com/attack-on-aws-s3-via-ssrf-c047c3a7edde
Cyber Attacks on IoT Devices Are Growing at Alarming Rates [Encryption Digest 64]
August 6, 2021
Can A.I. Outwit Your Buying Habits? In a bid to fight inflation, more firms are turning to computerized pricing. Will it affect customer loyalty?
August 26, 2021
https://www.kornferry.com/insights/this-week-in-leadership/can-ai-outwit-your-buying-habits?
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
August 5, 2021
The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity! With special guest Chris Blask, inventor of the Digital Bill of Materials (DBOMs).
Data Security & Privacy with the Privacy Professor
August 7, 2021
Sensitive government data could be another casualty of Afghan pullout. “The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government's highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls. But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.”
August 17, 2021
German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”
Aug 23, 2021
Reddit User Agreement, Privacy Policy, and Premium and Virtual Goods Agreement were updated.
They will take effect “after September 12.”
https://www.redditinc.com/policies/user-agreement
https://www.redditinc.com/policies/privacy-policy
https://www.redditinc.com/policies/premium-and-virtual-goods-agreement
US, Singapore Sign Cybersecurity Agreements. Nations Agree to Collaborate on Information Sharing, Training
August 23, 2021
https://www.bankinfosecurity.com/us-singapore-sign-cybersecurity-agreements-a-17349?
Russian Disinformation Targets Vaccines and the Biden Administration. A new campaign appears to be spreading falsehoods about the potential for forced inoculations against Covid-19.
August 5, 2021
Homeland Security warns of potential conspiracy theory-fueled violence in August.
August 9, 2021
Facebook pulls down fake accounts that spread COVID-19 vaccine disinformation. The social network says the operation was based in Russia and posted about the AstraZeneca and Pfizer COVID-19 vaccines.
August 10, 2021
Enhanced Drug Distribution Security at the Package Level Under the Drug Supply Chain Security Act; Draft Guidance for Industry; Availability; Extension of Comment Period. A Notice by the Food and Drug Administration. FDA is extending the comment period for the notice of availability published on June 4, 2021 (86 FR 30053).
August 3, 2021
Industry, FDA Advance Drug Supply-Chain Security Plan
August 4, 2021
https://www.dcatvci.org/7262-industry-fda-advance-drug-supply-chain-security-plan
John Deere privacy notice. No date on the notice.
???
U.S. FTC says Facebook misused privacy decree to shut down ad research.
August 5, 2021
https://finance.yahoo.com/news/u-ftc-says-facebook-misused-011828449.html
WhatsApp privacy policy: The controversy so for alarming the need of data protection law in India
August 9, 2021
Uber asked contractor to allow video surveillance in employee homes, bedrooms. Employee contract lets company install video cameras in personal spaces.
August 9, 2021
Accenture report shows volume of cyber-intrusion activity globally jumped 125%. The security company found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.
August 4, 2021
https://www.zdnet.com/article/volume-of-cyber-intrusion-activity-globally-jumped-125-accenture/
Accenture says Lockbit ransomware attack caused 'no impact'. The IT giant was listed on Lockbit's leak website, and the group said the data came from an "insider", but there was 'no impact' on operations or clients.
August 11, 2021
Ransomware: These four rising gangs could be your next major cybersecurity threat. Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses.
August 25, 2021
Kaseya ransomware attack sets off race to hack service providers -researchers
August 3, 2021
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware
August 3, 2021
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Ransomware is a growing threat: US companies and infrastructure providers need to be ready
August 4, 2021
August 4, 2021
https://www.cnn.com/2021/08/04/politics/neuberger-ransomware-blackmatter/index.html
Joplin: City computer shutdown was ransomware attack
August 5, 2021
Joplin, Missouri, says cybersecurity incident was due to ransomware. Small and mid-sized city government agencies being increasingly targeted.
August 5, 2021
https://www.koamnewsnow.com/joplin-says-cybersecurity-incident-was-due-to-ransomware/
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats. Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure
August 5, 2021
CISA launches new initiative to combat ransomware
August 5, 2021
https://fcw.com/articles/2021/08/05/cisa-jcdc-ransomware-cyber.aspx?m=1
August 6, 2021
https://www.cutimes.com/2021/08/06/7-steps-to-prevent-ransomware/?slreturn=20210707153755
Ransomware payments surge by 82%. Latest Unit 42 figures confirm the ransomware crisis continues to intensify, with the rise of quadruple extortion
August 9, 2021
https://www.strategic-risk-europe.com/home/ransomware-payments-surge-by-82/1438419.article
Hackers reportedly threaten to leak data from Gigabyte ransomware attack. They reportedly claim to have 112GB of AMD, Intel, and other documents.
August 9, 2021
Big Tech Is Coming to Small-Town America, But There's a Catch. "The drive in these big tech companies is to get the workers off their books and have someone [contracted] managing, hiring and firing them."
August 4, 2021
Cyber Security and the Digital Supply Chain!
August 1, 2021
https://supplychaingamechanger.com/cyber-security-and-the-digital-supply-chain/
5 Key Questions When Evaluating Software Supply Chain Security. Knowing what to ask a potential supplier can minimize risks associated with third-party software vulnerabilities and breaches.
August 2, 2021
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
August 2, 2021
Five Developments in ICT Supply Chain Security in July
August 3, 2021
https://www.rstreet.org/2021/08/03/five-developments-in-ict-supply-chain-security-in-july/
Supply chain attacks are getting worse, and you are not ready for them. EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough.
August 3, 2021
https://www.zdnet.com/article/supply-chain-attacks-are-getting-worse-and-you-are-not-ready-for-them/
Supply Chain Security: “The Government is Not Going to Fix This”
August 4, 2021
https://duo.com/decipher/supply-chain-security-the-government-is-not-going-to-fix-this
Supply Chain Security – Not As Easy As it Looks
August 6, 2021
https://securityboulevard.com/2021/08/supply-chain-security-not-as-easy-as-it-looks/
11 Tactics to Prevent Supply Chain Attacks (Highly Effective)
August 7, 2021
https://www.upguard.com/blog/how-to-prevent-supply-chain-attacks
200 Cybersecurity Influencers On Twitter Making a Difference in 2021. Our CEO, Rebecca Herold, is on the list! From Perimeter 81. “We’ve compiled the largest list of cybersecurity influencers on Twitter to date. 200 amazing and inspiring people that are making the interconnected world a safer place. The list includes hackers, journalists, founders, service providers, and industry thought leaders from all across the globe.”
August 2, 2021
https://www.perimeter81.com/blog/people-in-cyber/200-cybersecurity-influencers-twitter?
Crypto mining scams targeting tens of thousands of victims using hundreds of android apps. “Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps.”
July 7, 2021
Google requires app developers to use 2FA — boosting Android security. “Google is introducing two new measures to improve security on the Play Store, requiring Android app developers to use two-factor authentication (2FA) and additional identification requirements.”
July 7, 2021
https://www.laptopmag.com/news/google-requires-app-developers-to-use-2fa-boosting-android-security
Reduce open source software risks in your supply chain
July 12, 2021
https://securityboulevard.com/2021/07/reduce-open-source-software-risks-in-your-supply-chain/
Ring beefs up security for its video devices and apps. End-to-end video encryption is finally getting a full rollout, along with a handful of other security measures.
July 13, 2021
https://www.cnet.com/home/security/ring-beefs-up-security-for-its-video-devices-and-apps/
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet. Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
July 14, 2021
https://threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/
The Android apps on your phone each have 39 security vulnerabilities on average. And it's not just games, but important stuff like banking and payment apps.
July 20, 2021
10 Tech Experts Share Their Selections For Security-Forward Messaging Apps.
July 20, 2021
Securing UX in Open Banking Apps. “Customer consent is the basis of building trust between a business and a user. The open banking industry won’t be able to reach its predicted size of $43.15 billion by 2026 if customers don’t believe the platforms are trustworthy.”
July 22, 2021
https://securityboulevard.com/2021/07/securing-ux-in-open-banking-apps/
The Physicality Of Data And The Road To Personal Data Ownership.
July 2, 2021.
HIPAA: Controlling Access to ePHI: For Whose Eyes Only? Summer 2021 Cybersecurity Newsletter
July 14, 2021
https://www.hhs.gov/sites/default/files/controlling-access-ephi-newsletter.pdf
50-State Survey of Health Care Information Privacy Laws. From Seyfarth Law Firm.
July 2021.
Almost Two-Thirds Of Firms Are Not In Full Compliance With Privacy Laws.
July 21, 2021
July 30 2021
July 4, 2021
Up to 1500 businesses affected by Kaseya supply chain ransomware attack
July 6, 2021
Bill targets supply chain security training
July 6, 2021
https://homelandprepnews.com/stories/70904-bill-targets-supply-chain-security-training/
REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
July 7, 2021
https://securityintelligence.com/posts/revil-ransomware-kaseya-supply-chain-attack/
Making cities naturally safe from supply chain shocks
July 7, 2021
https://news.nau.edu/nature-supply-chain-shocks/#.YQVyAI5Kg6Y
Non-profit Global Business Alliance launches supply chain subsidiary
July 13, 2021
Senate Panel Approves K-12 Cyber Protection, Supply Chain Security Bills
July 14, 2021
Homeland Security orders pipeline operators to beef up cybersecurity to protect fuel supply chain
July 20, 2021
House E&C Approves Cyber, Supply Chain Bills
July 22, 2021
https://www.meritalk.com/articles/house-ec-approves-cyber-supply-chain-bills/
House task force pushes Pentagon to wean itself off Chinese sources
July 22, 2021
Lack of cyber in Australian supply chain resilience plan has IBM concerned. The federal government on Thursday received the Productivity Commission's final report on vulnerable supply chains, which the likes of IBM hope will contain more focus on 'cyber' than its interim report did.
July 22, 2021
https://www.zdnet.com/article/cyber-is-lacking-in-australias-supply-chain-resilience-plan/
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
July 23, 2021
Supply Chain Security Market worth $1,227 million by 2026
July 23, 2021
GitHub boosts supply chain security for Go modules. Go is now one of the most popular programming languages on the platform.
July 23, 2021
https://www.zdnet.com/article/github-boosts-supply-chain-security-for-go-modules/
2021 breaches illustrate cybersecurity as an urgent critical infrastructure priority
July 29, 2021
Why Supply Chain Security Affects Organizations Everywhere?
July 29, 2021
https://techbullion.com/why-supply-chain-security-affects-organizations-everywhere/
July 30, 2021
https://finance.yahoo.com/news/global-supply-chain-security-market-165200192.html
Regulations.gov: Make a difference. Submit your comments and let your voice be heard.
https://www.wired.com/story/voila-cartoonify-face-privacy-security
https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/
Researchers try different approaches to solve problem of amplifying negative stereotypes.
https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible
https://www.bbc.com/news/technology-57122120
https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/
A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life
https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro
Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’
June 16, 2021
https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785
https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi
"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.
https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206
https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk
https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html
Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.
Jun 17, 2021
https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1
Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.
https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii
https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.
https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed
https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks
https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/
The agency spent years running a secure phone network for criminals. So much for “going dark.”
https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/
https://www.bbc.com/news/technology-57504717
ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.
https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems
The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.
https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops
The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress
June 16, 2021
https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink
“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.
“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war
https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html
Experts Say Odd Case Offers Forewarning to Others
https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866
https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505
Bills Address Criminal Penalties, School District Protection and More
June 21, 2021
https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918
SEC: Executives Left in Dark About Vulnerability in File-Sharing System
June 21, 2021
https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912
https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21
https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation
https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/
https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team
https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961
https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/
https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/
https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1
The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?
https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car
June 18, 2021
https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/
Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.
https://www.wired.com/story/dell-firmware-vulnerabilities/
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements
https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html
Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash
JUNE 15 2021
https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7
https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/
https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes
https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/
https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/
HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021
https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894
https://edps.europa.eu/_en