Curated news for professionals, and the general public, about topics that are helpful for them to know, and that can help to prevent security incidents and privacy breaches not only at work, but also away from work!
NEW: View our Log4J news here: https://privacysecuritybrainiacs.com/resources/news/Log4J/.
View our IoT news here: https://privacysecuritybrainiacs.com/resources/news/IoT/.
The AI Placed You at the Crime Scene, but You Weren’t There
This week, we talk about the limitations of using facial recognition technology to identify suspected criminals.
March 18 2022
Russia's Killer Drone in Ukraine Raises Fears About AI in Warfare
The maker of the lethal drone claims that it can identify targets using artificial intelligence.
March 17 2022
Locked-Out Account Users Wrestle With Two-Factor Authentication. Two-factor authentication aims to keep hackers out of online accounts. It sometimes keeps their rightful owners out too.
March 9 2022
Breached! Why Data Security Law Fails and How to Improve It (Chapter 1) by Daniel J. Solove, Woodrow Hartzog :: SSRN
The importance of building in security during software development
March 14 2022
https://www.helpnetsecurity.com/2022/03/14/breaches-vulnerable-application/?web_view=true
How Investors Can Keep Crypto Assets Safe
It’s too easy to lose everything. Here’s a guide to where—and how—to store digital currencies, NFTs and more.
March 18 2022
Sandy Hook and the Troubling Psychology of Conspiracy Theories. Deniers of the school shooting gathered in a private Facebook group. Their posts lend a window into how and why cruel rumors take off.
March 11 2022
https://www.wired.com/story/sandy-hook-psychology-conspiracy-theories
Sept 21 2020
Who's who in the cybercriminal underground
Cybercriminal groups are specializing as malware developers, initial access brokers, ransomware-as-a-service providers, data brokers, and other roles.
March 14 2022
https://www.csoonline.com/article/3653353/whos-who-in-the-cybercriminal-underground.html
Insurance industry braces for soaring payouts from war in Ukraine
Aviation underwriters fear biggest loss event in sector’s history
March 16, 2022
https://www.ft.com/content/e62df5f9-1716-4220-b583-91ba24d4cfb2
FTC Takes Action Against CafePress for Data Breach Cover Up
Commission orders e-commerce platform to bolster data security and provide redress to small businesses
March 15 2022
Employment law still has roots in the Middle Ages. That’s terrible for workers.
March 17 2022
https://www.washingtonpost.com/outlook/2022/03/17/labor-law-middle-ages-wisconsin/
Weaponized Dirty Pipe Exploit In Action: Introduction
March 10 2022
https://www.spyderbat.com/post/weaponized-dirty-pipe-exploit-in-action
Why National Security Is a Shared Burden Between the State and the Private Sector
Plus, how geopolitical competition between the West and China could bring about the ‘splinternet.’
March 17 2022
https://current.thedispatch.com/p/why-national-security-is-a-shared
March 16 2022
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
March 16 2022
https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html
The day of techno independence. China's plan to no longer depend on the West
Fri, March 11, 2022
https://es-us.finanzas.yahoo.com/news/d%c3%ada-tecnoindependencia-plan-china-depender-031400516.html
March 10 2022
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs. Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.
March 8 2022
This sneaky type of phishing is growing fast because hackers are seeing big paydays. Researchers warn about an increase in conversation hijacking emails, where hackers abuse accounts of people you trust to send you phishing links and malware.
March 16 2022
February 25 2022
The ‘s First Ransomware Monetary Penalty Notice: Key Takeaways
March 15 2022
Feb 25 2022
The Original Hybrid Workers Can Teach Us How to Do It Right. Over 50 years ago, they trialed “part-time telecommuting.” The pandemic-driven model has problems, but early adopters think they can be fixed.
Feb 28 2022
Virginia lawmakers OK lifting ban on facial technology use
March 10 2022
https://apnews.com/article/technology-virginia-crime-legislature-f3f2af850745911014b950d951c3c464
What's the Most Dangerous Emerging Technology?
Feb 21 2022
https://gizmodo.com/whats-the-most-dangerous-emerging-technology-1847957403
Woman Catches Bumble Catfish After Seeing His Texts
Feb 27 2022
https://www.intheknow.com/post/woman-catches-bumble-catfish/
Signing up with a cloud provider? Don't forget to set an exit plan
It’s not simply about getting easy permission to go when it's time to part ways; it’s about IT making sure any decisions don’t complicate that eventual departure.
Feb 22 2022
https://www.computerworld.com/article/3650673/signing-up-with-a-cloud-provider-dont-forget-to-set-an-exit-plan.html?fbclid=IwAR3X-SUarw62Pjr21_ewBhllq2K8axoeQEFBSpc7qy5Pc32olWU4rcKt5K0
Hackers Sell Backdoors Into A $2 Billion Nonprofit, A Californian Hospital, And Michigan Government
Feb 23 2022
https://www.forbes.com/sites/thomasbrewster/2022/02/23/hackers-sell-access-to-a-2-billion-nonprofit-a-californian-hospital-and-michigan-government
Feb 2022
https://www.privacycompany.eu/blogpost-en/new-dpia-for-the-dutch-government-and-universities-on-microsoft-teams-onedrive-and-sharepoint-online
You’ll Never Believe It But Hillary Clinton Did Not, In Fact, Spy on Trump’s White House
Feb 15 2022
https://www.vanityfair.com/news/2022/02/donald-trump-hillary-clinton-white-house-spying
Facebook Is Going Up Against Russia
FEB 26, 2022
https://slate.com/technology/2022/02/russia-facebook-throttle-information-warfare.html
Anonymous hacked the Russian Defense Ministry and is targeting Russian companies
February 26, 2022
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine
February 26, 2022
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
Russian Government Websites Are Currently Down
The reasons for the outage are unclear at this point, but there have been similar disruptions attributed to the Russian government in recent weeks.
Feb 24 2022
https://www-vice-com.cdn.ampproject.org/c/s/www.vice.com/amp/en/article/bvnpnv/russian-government-websites-are-currently-down
Biden: ‘Prepared to Respond’ if Russia Pursues Cyberattacks Against US
Feb 24 2022
https://www.nextgov.com/cybersecurity/2022/02/biden-prepared-respond-if-russia-pursues-cyberattacks-against-us/362401/
Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack
Feb 22 2022
https://thehackernews.com/2022/02/chinese-hackers-target-taiwans.html
Feb 25 2022
https://finance.yahoo.com/news/death-offices-rise-remote-could-163146706.html
Can Data Breaches Be GOOD For Some Corporate Brands?
Jan 31 2022
The administration wants to prevent an attack on water supplies
Jan 27 2022
Regional Cyber Conflicts Could Lead to Infrastructure Attacks in 2022
Jan 25 2022
Improving cyber insurance doesn't have to be hard. Cyber policies have become a sort of Frankenstein monster, with coverages pieced together to address a growing set of property and liability risks.
Jan 28 2022
https://www.propertycasualty360.com/2022/01/28/improving-cyber-insurance-doesnt-have-to-be-hard/
CyberCube’s CEO Explains Why You Should Expect Cyber Insurance Markets to Continue to Be Difficult Over the Next Year. A hard cyber market may be the "new normal'" but greater usage of alternative risk transfer and capital flow mechanisms may soften the future landscape.
Jan 26 2022
Iowa Governor Reynolds Declares January 28 Iowa Data Privacy Day. 2022 marks the 14th consecutive year of declaration in Iowa
Jan 28 2022
Data Privacy Week – 20 Data Privacy Tips
Jan 24 2022
https://ewfblog.com/dataprivacyweek20dataprivacytips-bylynnterwoerds/
What is the quantum apocalypse and should we be scared?
Jan 27 2022
Quantum Apocalypse. Experts are warning that quantum computers could eventually overpower conventional encryption methods, a potentially dangerous fate for humanity that they’re evocatively dubbing the “quantum apocalypse.”
Jan 27 2022
https://futurism.com/the-byte/experts-warn-quantum-computing-apocalypse
A Former Hacker’s Guide to Boosting Your Online Security. More stolen personal data is available online than ever before. A man who once ran a website that prosecutors called the Amazon of stolen identity information offers his tips on the best ways to protect your data.
Jan 27 2022
https://www.propublica.org/article/a-former-hackers-guide-to-boosting-your-online-security
Request for Information: Electronic Prior Authorization Standards, Implementation Specifications, and Certification Criteria
Jan 24 2022
REWE International $9M GDPR fine a lesson in managing subsidiary risk
Jan 25 2022
Proposed State Privacy Law Update
Jan 24 2022
https://www.bytebacklaw.com/2022/01/proposed-state-privacy-law-update-jan-24-2022/
NY Fines Vision Benefits Firm $600,000 for 2020 Breach. Email Compromise Affected 2.1 Million Individuals Nationwide.
Jan 24 2022
https://www.healthcareinfosecurity.com/ny-fines-vision-benefits-firm-600000-for-2020-breach-a-18368
Country's biggest double glazing installer Safestyle UK is hit by a cyber attack as spies warn of a threat from Russian hackers linked to fears of military action against Ukraine. Safestyle UK were targeted in a ransomware attack with hackers looking for cash. It comes as cyber experts warn of Russian hacker threat over tensions in Ukraine
Jan 28 2022
HOW THE MARINE CORPS USES IT TO DEFEAT EVOLVING THREATS
JAN 28 2022
NIST PRIVACY: The NIST Privacy Engineering Program’s mission is ENGINEERING supporting the development of trustworthy information systems by creating guidelines and tools to protect individuals’ privacy PROGRAM In Action
Jan 28 2022
https://www.nist.gov/system/files/documents/2022/01/25/Privacy-Framework-2-Year-Infographic.pdf
Maturing the Privacy Impact Assessment. Privacy Impact Assessments (PIAs) have not changed dramatically over the past 20 years or so, or at least the approach to them hasn’t.
Jan 28 2022
https://nnovation.com/maturing-the-privacy-impact-assessment/
His son's school was hacked. Then the ransomware gang called him at home.
Jan 25 2022
https://news.yahoo.com/ransomware-hackers-tactic-calling-directly-110440401.html
Report: Hackers Can Flip Votes in Georgia's Voting System. According to a confidential report, hackers can alter votes by taking control of Georgia's voting system touchscreens. Despite the reported vulnerability, state election officials are staying relatively mum.
Jan 27 2022
https://www.govtech.com/security/report-hackers-can-flip-votes-in-georgias-voting-system
The app is a major source of raw location data for a multibillion-dollar industry that buys, packages, and sells people’s movements
December 6, 2021
Dec 1 2021
Directive would place agency in charge of setting policy for intelligence gleaned from social-media and commercial-data troves
Dec 10 2021
https://www.wsj.com/articles/defense-intelligence-agency-expected-to-lead-militarys-use-of-open-source-data-11639142686?st=07h3yx7rqvj3qyk&reflink=desktopwebshare_permalink
Federal program faces elimination because local agencies aren’t submitting statistics
Dec 9, 2021
Dec 1, 2021
UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers
Logging hours manually may be only recourse
Dec 15, 2021
This company was hit with ransomware, but didn't have to pay up. Here's how they did it
Cyber criminals demanded $15 million for a decryption key and sent threatening messages to staff -but this company recovered its network without paying hackers a thing.
Dec 17, 2021
Changes come a day before CEO testifies before Congress about the app’s impact on young people
Dec 7 2021
DECEMBER 3, 2021
Dec 3 2021
https://www.scmagazine.com/perspective/cybercrime/tis-the-season-of-e-retailers-and-cybercrime
December 6, 2021
https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2020-incident-based-data
Is the hybrid work going to change work as we know it? What does this mean for our future?
December 6, 2021
FBI Sting Exposes Defense Contractor’s Espionage After FSO and ISO Identified an Insider Threat
Dec 17, 2021
Dec 2 2021
DECEMBER 6, 2021
https://www.cpomagazine.com/cyber-security/5-defenses-for-5-ransomware-root-causes
DECEMBER 6, 2021
Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs.
Dec 7 2021
https://www.nytimes.com/2021/12/07/travel/biometrics-airports-security.html
DECEMBER 2ND, 2021
https://semiengineering.com/building-a-more-secure-u-s-microelectronic-design-infrastructure/
07 DEC 2021
Dec 3, 2021
https://www.zuckermanlaw.com/ftc_whistleblower_act/
Software in connected devices has little oversight. As more objects come online, that problem will snowball.
Nov 18 2021
https://www.washingtonpost.com/technology/2021/11/18/smart-home-security/
An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.
Nov. 5, 2021
https://www.wired.com/story/drone-attack-power-substation-threat/
Safety feature is also planned for Apple Watches expected in 2022, according to company documents
Nov 1, 2021
Doug Field, who left Apple for Ford in September, talks about automation, Detroit vs. Silicon Valley and the way that custom subscriptions will remake the auto industry
Nov 4 2021
More than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.
November 16, 2021
https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021
An independent cybersecurity researcher discovered a wearable device data breach that exposed the records of 61 million Apple and Fitbit users.
September 16, 2021
March 10, 2021
Nov. 5, 2021
https://californianewstimes.com/soaring-cost-of-cyber-protection-lifts-commercial-insurers/582355/
Portugal: New Law Allows Medically Assisted Procreation Through Postmortem Insemination
Nov 12, 2021
The app hurts sleep, work, relationships or parenting for about 12.5% of users, who reported they felt Facebook was more of a problem than other social media.
Nov. 5, 2021
Rising share prices in the sector reflect investors’ thirst for revenue growth above other metrics
Nov 5, 2021
November 03, 2021
8 Most Common Types of Malware Attacks
Oct 21 2021
Oct 1, 2021
https://www.kitploit.com/2021/10/certify-active-directory-certificate.html
Oct 6, 2021
Oct 9, 2021
https://www.wired.com/story/how-to-enable-tpm-secure-boot-for-windows-11/
Oct 8, 2021
Oct 7, 2021
Oct 13, 2021
https://securityaffairs.co/wordpress/123297/hacking/anti-phishing-technique.html
Oct 15, 2021
Oct 18, 2021
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/
Oct 19, 2021
https://www.techradar.com/news/icloud-hacker-stole-intimate-photos-from-hundreds-of-apple-customers
Oct 25, 2021
Oct 5, 2021
https://www.cmu.edu/news/stories/archives/2021/october/sei-cybersecurity-webcast-series.html
Oct 7, 2021
https://www.cnet.com/tech/cybersecurity-awareness-month-time-for-a-cybersafety-check/
When a Tesla employee was offered $500,000 by a cyber criminal gang to install malware on the company’s Gigafactory network last year, it indicated a new and emerging threat.
Oct 6, 2021
28 October 2021
Civil Action No.: 1:21-md-03010-PKC
Oct 22, 2021
https://storage.courtlistener.com/recap/gov.uscourts.nysd.564903/gov.uscourts.nysd.564903.152.0.pdf
Unsealed court documents say the search giant sought help from Apple, Facebook and Microsoft to "find areas of alignment."
Oct 22, 2021
https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834
Oct 22, 2021
https://www.nytimes.com/2021/10/22/technology/google-privacy-lawsuit.html
Oct. 1, 2021
https://www.jdsupra.com/legalnews/quebec-adopts-new-law-to-modernize-6487558/
Oct 7, 2021.
Oct 22, 2021
Oct 24, 2021
Oct 26, 2021
Oct 18, 2021
https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/
Oct 31, 2021
https://www.pandasecurity.com/en/mediacenter/security/what-is-killware/
Oct 22, 2021
Oct, 2021
NOTE: With quotes by Privacy & Security Brainiacs CEO, Rebecca Herold
https://issuu.com/luckbox/docs/2111-luckbox-issuu/s/13746870
Oct 4, 2021
https://fox59.com/news/johnson-memorial-health-relying-on-old-school-methods-following-cyber-attack/
Oct 06, 2021
Oct 6, 2021
https://www.rtoinsider.com/articles/28799-quarter-energy-sector-vulnerable-ransomware-report
Oct 6, 2021
https://statescoop.com/ransomware-allen-texas-school-district-email-parents/
Oct 19, 2021,
https://finance.yahoo.com/news/spycloud-report-organizations-unprepared-ransomware-100500069.htm
Oct 16, 2021
https://au.pcmag.com/mobile-apps/85338/what-is-clubhouse-the-invite-only-chat-app-explained
The safety of our digital world has reached a pivotal moment.
Oct 6, 2021
Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals
Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms
Sept 1, 2021
This WhatsApp security flaw could have let hackers access all your chats. Although WhatsApp says the exploitation of the vulnerability was only theoretical
Sept 2, 2021
OWASP shakes up web app threat categories with release of draft Top 10. The Top 10 list is a widely used guide to modern web application security threats
Sept 9, 2021 The Top 10 list is a widely used guide to modern web application security threats
Application Security a Growing Priority Among Security Pros. A Dark Reading survey finds most IT and security managers would rather wait to deploy applications than risk security flaws.
Sept 10, 2021
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Sept 15, 2021
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html
CISA urges patching a Zoho password manager. A crackdown on coin-mining? Maximizing engagement helped troll farms.
Sept 17, 2021
Apple responds to security researcher who found multiple iOS 15 zero-day flaws [U]
Sept 27, 2021
https://9to5mac.com/2021/09/27/security-researcher-claims-3-zero-day-flaws-ios-15/
Beware! Employees of popular apps have access to your data
September 05, 2021
Sept 17, 2021
https://www.theregister.com/2021/09/17/google_app_permissions_android/
Crypto Hacks Highlight Need for More Cybersecurity
September 1, 2021
Cryptocurrency: The New Favorite for Cyber Crimes
Sept 1, 2021
https://www.mygreatlearning.com/blog/cryptocurrency-the-new-favorite-for-cyber-crimes/
No Technology is “Completely Secure”…Even the Beloved (by Many) Bitcoin!
Sept 7, 2021
https://www.linkedin.com/pulse/technology-completely-secureeven-beloved-many-bitcoin-rebecca-herold/
Japanese Crypto Exchange Robbed of $100,000,000
Sept 8, 2021
U.S. Treasury sanctions crypto exchange Suex over ransomware transactions
Sept 21, 2021
Regulating Big Tech. China outlaws cryptocurrency transactions. Russian markets and US sanctions. Approaches to resiliency.
Sept 24, 2021
Crypto Cybersecurity. How Safe Are Your Assets. DailyCoin Investigated
Sept 27, 2021
Senators aim to increase oversight of cryptocurrency mining with new bill
Sept 27, 2021
What is Cryptomining and how can it affect Cybersecurity?
Sept 28, 2021
How Hackers Use Our Brains Against Us
Cybercriminals take advantage of the unconscious processes that we all use to make decision making more efficient. Blame it on our ‘lizard brains.’
Sept 7, 2021
The Latest Cybersecurity Threat: Pay Us or We Release the Data
These attacks are a lot more complicated—and potentially more costly
Sept 7, 2021
Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
Chief security adviser Roger Halbheer says best protection is to 'get off AD FS'
Sept 28, 2021
https://www.theregister.com/2021/09/28/active_directory_foggyweb_malware/
Sept 9, 2021
How Cyber Liability Insurance Can Rescue A Small Business
Sept 10, 2021
https://www.forbes.com/advisor/business-insurance/cyber-liability-insurance/
Insurance Coverage for Cyberattacks?
Sept 13, 2021
https://www.jdsupra.com/legalnews/insurance-coverage-for-cyberattacks-1619600/
Cyber insurance may not be making companies more secure
Sept 14, 2021
Coalition Raises $205M to Combine Cyber Insurance, Security Tools
Sept 28, 2021
Microsoft and At-Bay partner to offer data-driven cyber insurance coverage
Sept 29, 2021
https://finance.yahoo.com/news/microsoft-bay-partner-offer-data-160000007.html
Microsoft warns of a Windows zero-day security hole that is being actively exploited
Sept 9, 2021
Do you own an iPhone or iPad? Update your Apple devices right now.
Sept 13, 2021
Apple issues urgent iPhone software update to address critical spyware vulnerability
Sept 14, 2021
https://www.cnn.com/2021/09/13/tech/apple-iphone-spyware-vulnerability-fix/index.html
5th September 2021
https://www.bbc.com/future/article/20210903-how-covid-19-could-finally-be-the-end-of-the-fax-machine
Wells Fargo Fined $250 Million for Problems in Its Mortgage Business: The OCC said lender has failed to fix issues first identified in 2018
Sept 9, 2021
A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room: If you're worried about privacy, it might be time to cover up your front door's peephole.
Sept 8, 2021
https://gizmodo.com/a-single-laser-fired-through-a-keyhole-can-expose-every-1847638281
Ransomware gang threatens to leak data if victim contacts FBI, police
Sept 7, 2021
U.S. to Target Crypto Ransomware Payments With Sanctions: Biden administration hopes to disrupt digital finance infrastructure that facilitates ransomware cyberattacks, a threat traced to Russia
Sept 17, 2021
Energy, utility sectors feel ‘most exposed’ to cybersecurity threats, survey finds.
Companies in the utilities and energy sector feel the most exposed to cyberthreats, according to 40% of Beazley respondents. There have been a number of attacks in that space, including a ransomware attack in May that forced Colonial Pipeline to shut down the largest refined products pipeline system in the United States. The company made a payment of roughly $4.4 million in bitcoin ransom to aid a swift recovery.
Sept 20, 2021
https://www.utilitydive.com/news/beazley-cyber-insurance-technology-risk/606836/
Facebook Says Its Rules Apply to All. Company Documents Reveal a Secret Elite That’s Exempt. A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse
Sept 13, 2021
Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts
Sept 25, 2021
https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/
Facebook Is Making Camera Glasses, Ha Ha Oh No
Ray-Ban Stories can take photos and videos with a touch of a button and send them to your phone.Sept 9, 2021
https://www.buzzfeednews.com/article/katienotopoulos/facebook-is-making-camera-glasses-ha-ha-oh-no
Facebook’s Effort to Attract Preteens Goes Beyond Instagram Kids, Documents Show: It has investigated how to engage young users in response to competition from Snapchat, TikTok; ‘Exploring playdates as a growth lever’
Sept. 28, 2021
Is Complacency the Biggest Cyber Threat?
Sept 1, 2021
https://www.infosecurity-magazine.com/blogs/complacency-biggest-cyber-threat/
IT security starts with knowing your assets: Asia-Pacific
A new, well-organized breed of hacker and the fast-evolving nature of technology are forcing organizations to consider multiple ways of minimizing threat exposure.
Sept 8, 2021
Many employees working from home see cybersecurity as a hindrance: Report
Sept 10, 2021
Sept 17, 2021
What Are The Cybersecurity Threats With Work-From-Home?
Sept 21, 2021
How CISOs Can Improve Security in the New Normal
Sept 23, 2021
https://www.bankinfosecurity.com/blogs/covid-19s-positive-impact-on-cybersecurity-p-3114
3 Cybersecurity Lessons for Working-From-Home as Enterprises Prepare for New Hybrid Era
Sept 28, 2021
US Senators Are Concerned About Amazon Storing Palm Signatures in the Cloud. How exactly is Amazon ensuring our biometric data never leaks?
August 13, 2021
Fake Covid Vaccination Cards Are on the Rise in the U.S., Europe – WSJ
August 7, 2021
Hospitals try to stamp down COVID-19 misinformation as it grows globally: 6 things to know
August 24th, 2021
Microsoft catches hackers using Morse Code to help cover their tracks.
August 12
Peterborough, N.H. Loses $2.3 Million To Cyber Criminals. “Town officials say the theft came in two parts. First, thieves posed as local school district staff, using forged documents and email accounts to access a million-dollar transfer from the town to the district. The town says it then notified the U.S. Secret Service and a cyber security consulting firm through its liability coverage. Several weeks later, thieves used the same approach to steal a payment intended for contractors working on the Main Street Bridge project.”
August 23, 2021
https://www.nhpr.org/nh-news/2021-08-23/peterborough-nh-loses-2-3-million-to-cyber-criminals
Attack on AWS S3 via SSRF. “This article is based on a true incident that happened with Capital One, where almost 106 million customer accounts were breached. Paige Thompson was accused of the following incident. We are going to understand how the attack happened and where the vulnerability resides so that you can find and report similar in your next voyage to safely secure the firms.”
August 24, 2021
https://sagartiwari1220.medium.com/attack-on-aws-s3-via-ssrf-c047c3a7edde
Cyber Attacks on IoT Devices Are Growing at Alarming Rates [Encryption Digest 64]
August 6, 2021
Can A.I. Outwit Your Buying Habits? In a bid to fight inflation, more firms are turning to computerized pricing. Will it affect customer loyalty?
August 26, 2021
https://www.kornferry.com/insights/this-week-in-leadership/can-ai-outwit-your-buying-habits?
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
Software supply chains and security - will the Software Bill of Materials approach work?
August 3, 2021
August 5, 2021
The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity! With special guest Chris Blask, inventor of the Digital Bill of Materials (DBOMs).
Data Security & Privacy with the Privacy Professor
August 7, 2021
Sensitive government data could be another casualty of Afghan pullout. “The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government's highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls. But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.”
August 17, 2021
German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”
Aug 23, 2021
Reddit User Agreement, Privacy Policy, and Premium and Virtual Goods Agreement were updated.
They will take effect “after September 12.”
https://www.redditinc.com/policies/user-agreement
https://www.redditinc.com/policies/privacy-policy
https://www.redditinc.com/policies/premium-and-virtual-goods-agreement
US, Singapore Sign Cybersecurity Agreements. Nations Agree to Collaborate on Information Sharing, Training
August 23, 2021
https://www.bankinfosecurity.com/us-singapore-sign-cybersecurity-agreements-a-17349?
Russian Disinformation Targets Vaccines and the Biden Administration. A new campaign appears to be spreading falsehoods about the potential for forced inoculations against Covid-19.
August 5, 2021
Homeland Security warns of potential conspiracy theory-fueled violence in August.
August 9, 2021
Facebook pulls down fake accounts that spread COVID-19 vaccine disinformation. The social network says the operation was based in Russia and posted about the AstraZeneca and Pfizer COVID-19 vaccines.
August 10, 2021
Enhanced Drug Distribution Security at the Package Level Under the Drug Supply Chain Security Act; Draft Guidance for Industry; Availability; Extension of Comment Period. A Notice by the Food and Drug Administration. FDA is extending the comment period for the notice of availability published on June 4, 2021 (86 FR 30053).
August 3, 2021
Industry, FDA Advance Drug Supply-Chain Security Plan
August 4, 2021
https://www.dcatvci.org/7262-industry-fda-advance-drug-supply-chain-security-plan
John Deere privacy notice. No date on the notice.
???
U.S. FTC says Facebook misused privacy decree to shut down ad research.
August 5, 2021
https://finance.yahoo.com/news/u-ftc-says-facebook-misused-011828449.html
WhatsApp privacy policy: The controversy so for alarming the need of data protection law in India
August 9, 2021
Uber asked contractor to allow video surveillance in employee homes, bedrooms. Employee contract lets company install video cameras in personal spaces.
August 9, 2021
Accenture report shows volume of cyber-intrusion activity globally jumped 125%. The security company found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.
August 4, 2021
https://www.zdnet.com/article/volume-of-cyber-intrusion-activity-globally-jumped-125-accenture/
Accenture says Lockbit ransomware attack caused 'no impact'. The IT giant was listed on Lockbit's leak website, and the group said the data came from an "insider", but there was 'no impact' on operations or clients.
August 11, 2021
Ransomware: These four rising gangs could be your next major cybersecurity threat. Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues to plague businesses.
August 25, 2021
Kaseya ransomware attack sets off race to hack service providers -researchers
August 3, 2021
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware
August 3, 2021
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Ransomware is a growing threat: US companies and infrastructure providers need to be ready
August 4, 2021
August 4, 2021
https://www.cnn.com/2021/08/04/politics/neuberger-ransomware-blackmatter/index.html
Joplin: City computer shutdown was ransomware attack
August 5, 2021
Joplin, Missouri, says cybersecurity incident was due to ransomware. Small and mid-sized city government agencies being increasingly targeted.
August 5, 2021
https://www.koamnewsnow.com/joplin-says-cybersecurity-incident-was-due-to-ransomware/
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats. Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure
August 5, 2021
CISA launches new initiative to combat ransomware
August 5, 2021
https://fcw.com/articles/2021/08/05/cisa-jcdc-ransomware-cyber.aspx?m=1
August 6, 2021
https://www.cutimes.com/2021/08/06/7-steps-to-prevent-ransomware/?slreturn=20210707153755
Ransomware payments surge by 82%. Latest Unit 42 figures confirm the ransomware crisis continues to intensify, with the rise of quadruple extortion
August 9, 2021
https://www.strategic-risk-europe.com/home/ransomware-payments-surge-by-82/1438419.article
Hackers reportedly threaten to leak data from Gigabyte ransomware attack. They reportedly claim to have 112GB of AMD, Intel, and other documents.
August 9, 2021
Big Tech Is Coming to Small-Town America, But There's a Catch. "The drive in these big tech companies is to get the workers off their books and have someone [contracted] managing, hiring and firing them."
August 4, 2021
Cyber Security and the Digital Supply Chain!
August 1, 2021
https://supplychaingamechanger.com/cyber-security-and-the-digital-supply-chain/
5 Key Questions When Evaluating Software Supply Chain Security. Knowing what to ask a potential supplier can minimize risks associated with third-party software vulnerabilities and breaches.
August 2, 2021
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
August 2, 2021
Five Developments in ICT Supply Chain Security in July
August 3, 2021
https://www.rstreet.org/2021/08/03/five-developments-in-ict-supply-chain-security-in-july/
Supply chain attacks are getting worse, and you are not ready for them. EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough.
August 3, 2021
https://www.zdnet.com/article/supply-chain-attacks-are-getting-worse-and-you-are-not-ready-for-them/
Supply Chain Security: “The Government is Not Going to Fix This”
August 4, 2021
https://duo.com/decipher/supply-chain-security-the-government-is-not-going-to-fix-this
Supply Chain Security – Not As Easy As it Looks
August 6, 2021
https://securityboulevard.com/2021/08/supply-chain-security-not-as-easy-as-it-looks/
11 Tactics to Prevent Supply Chain Attacks (Highly Effective)
August 7, 2021
https://www.upguard.com/blog/how-to-prevent-supply-chain-attacks
200 Cybersecurity Influencers On Twitter Making a Difference in 2021. Our CEO, Rebecca Herold, is on the list! From Perimeter 81. “We’ve compiled the largest list of cybersecurity influencers on Twitter to date. 200 amazing and inspiring people that are making the interconnected world a safer place. The list includes hackers, journalists, founders, service providers, and industry thought leaders from all across the globe.”
August 2, 2021
https://www.perimeter81.com/blog/people-in-cyber/200-cybersecurity-influencers-twitter?
Crypto mining scams targeting tens of thousands of victims using hundreds of android apps. “Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps.”
July 7, 2021
Google requires app developers to use 2FA — boosting Android security. “Google is introducing two new measures to improve security on the Play Store, requiring Android app developers to use two-factor authentication (2FA) and additional identification requirements.”
July 7, 2021
https://www.laptopmag.com/news/google-requires-app-developers-to-use-2fa-boosting-android-security
Reduce open source software risks in your supply chain
July 12, 2021
https://securityboulevard.com/2021/07/reduce-open-source-software-risks-in-your-supply-chain/
Ring beefs up security for its video devices and apps. End-to-end video encryption is finally getting a full rollout, along with a handful of other security measures.
July 13, 2021
https://www.cnet.com/home/security/ring-beefs-up-security-for-its-video-devices-and-apps/
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet. Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
July 14, 2021
https://threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/
The Android apps on your phone each have 39 security vulnerabilities on average. And it's not just games, but important stuff like banking and payment apps.
July 20, 2021
10 Tech Experts Share Their Selections For Security-Forward Messaging Apps.
July 20, 2021
Securing UX in Open Banking Apps. “Customer consent is the basis of building trust between a business and a user. The open banking industry won’t be able to reach its predicted size of $43.15 billion by 2026 if customers don’t believe the platforms are trustworthy.”
July 22, 2021
https://securityboulevard.com/2021/07/securing-ux-in-open-banking-apps/
The Physicality Of Data And The Road To Personal Data Ownership.
July 2, 2021.
HIPAA: Controlling Access to ePHI: For Whose Eyes Only? Summer 2021 Cybersecurity Newsletter
July 14, 2021
https://www.hhs.gov/sites/default/files/controlling-access-ephi-newsletter.pdf
50-State Survey of Health Care Information Privacy Laws. From Seyfarth Law Firm.
July 2021.
Almost Two-Thirds Of Firms Are Not In Full Compliance With Privacy Laws.
July 21, 2021
July 30 2021
July 4, 2021
Up to 1500 businesses affected by Kaseya supply chain ransomware attack
July 6, 2021
Bill targets supply chain security training
July 6, 2021
https://homelandprepnews.com/stories/70904-bill-targets-supply-chain-security-training/
REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
July 7, 2021
https://securityintelligence.com/posts/revil-ransomware-kaseya-supply-chain-attack/
Making cities naturally safe from supply chain shocks
July 7, 2021
https://news.nau.edu/nature-supply-chain-shocks/#.YQVyAI5Kg6Y
Non-profit Global Business Alliance launches supply chain subsidiary
July 13, 2021
Senate Panel Approves K-12 Cyber Protection, Supply Chain Security Bills
July 14, 2021
Homeland Security orders pipeline operators to beef up cybersecurity to protect fuel supply chain
July 20, 2021
House E&C Approves Cyber, Supply Chain Bills
July 22, 2021
https://www.meritalk.com/articles/house-ec-approves-cyber-supply-chain-bills/
House task force pushes Pentagon to wean itself off Chinese sources
July 22, 2021
Lack of cyber in Australian supply chain resilience plan has IBM concerned. The federal government on Thursday received the Productivity Commission's final report on vulnerable supply chains, which the likes of IBM hope will contain more focus on 'cyber' than its interim report did.
July 22, 2021
https://www.zdnet.com/article/cyber-is-lacking-in-australias-supply-chain-resilience-plan/
DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says
July 23, 2021
Supply Chain Security Market worth $1,227 million by 2026
July 23, 2021
GitHub boosts supply chain security for Go modules. Go is now one of the most popular programming languages on the platform.
July 23, 2021
https://www.zdnet.com/article/github-boosts-supply-chain-security-for-go-modules/
2021 breaches illustrate cybersecurity as an urgent critical infrastructure priority
July 29, 2021
Why Supply Chain Security Affects Organizations Everywhere?
July 29, 2021
https://techbullion.com/why-supply-chain-security-affects-organizations-everywhere/
July 30, 2021
https://finance.yahoo.com/news/global-supply-chain-security-market-165200192.html
Regulations.gov: Make a difference. Submit your comments and let your voice be heard.
https://www.wired.com/story/voila-cartoonify-face-privacy-security
https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/
Researchers try different approaches to solve problem of amplifying negative stereotypes.
https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible
https://www.bbc.com/news/technology-57122120
https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/
A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life
https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro
Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’
June 16, 2021
https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785
https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi
"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.
https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206
https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk
https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html
Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.
Jun 17, 2021
https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1
Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.
https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii
https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.
https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed
https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks
https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/
The agency spent years running a secure phone network for criminals. So much for “going dark.”
https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/
https://www.bbc.com/news/technology-57504717
ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.
https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems
The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.
https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops
The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress
June 16, 2021
https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink
“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.
“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war
https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html
Experts Say Odd Case Offers Forewarning to Others
https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866
https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505
Bills Address Criminal Penalties, School District Protection and More
June 21, 2021
https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918
SEC: Executives Left in Dark About Vulnerability in File-Sharing System
June 21, 2021
https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912
https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21
https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation
https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/
https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team
https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961
https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/
https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/
https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1
The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?
https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car
June 18, 2021
https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/
Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.
https://www.wired.com/story/dell-firmware-vulnerabilities/
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements
https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html
Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash
JUNE 15 2021
https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7
https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/
https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes
https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence
In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "
Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.
See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion
https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/
https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/
HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021
https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894
https://edps.europa.eu/_en