Scammers scare iPhone users into paying to unlock
not-really-locked Safari
… "One of our
users alerted us to this campaign, and said he had lost control of Safari on
his iPhone," Andrew Blaich, a Lookout security researcher, said in a
Tuesday interview. "He said, 'I
can't use my browser anymore.'"
The criminal campaign, Blaich and two colleagues reported
in a Monday post to Lookout's blog,
exploited a bug in how Safari displayed JavaScript pop-ups. When the browser reached a malicious site
implanted with the attack code, the browser went into an endless loop of
dialogs that refused to close no matter who many times "OK" was
tapped. The result: Safari was unusable.
At the same time, the attack showed a message, purportedly
from a law enforcement agency, demanding payment to unlock the browser for, in
one instance at least, simply steering to a URL that suggested the site's
content was pornographic. Payment was to
be made by texting a £100 ($125) iTunes gift card code to a designated number.
Blaich stressed that the attack was as much scam as scare:
To regain control of Safari, all
one had to do was head to Settings, tap Safari, then Clear History and Website
Data.
"This was a scareware attack, where [the attackers]
were trying to get people to not think
and just pay," said Blaich.
Those phony tax refunds must be costing the state money
too.
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger
of Winston Strawn LLP write:
With little fanfare, Virginia
recently amended its data breach notification law, requiring
employers and payroll service providers to notify the Virginia Attorney General
if they are subject to a W2 phishing scam. More specifically, the law requires that they
notify the Virginia AG if they discover “unauthorized access and acquisition of
unencrypted computerized data containing a taxpayer identification number in
combination with the income tax withhold for an individual” if there is
compromise to the data and it will cause identity theft or fraud. This requirement is the first of its kind, and
will be effective July 1, 2017.
Read more on Lexology.
The US may not get around to this for a few years. Say, one Presidential term.
Jenny David reports:
Companies doing business in
Israel will soon face mandatory data security and data breach notification
requirements under regulations recently
cleared by lawmakers.
The data security and breach
notice had been governed by voluntary guidelines issued in 2012 by the
country’s privacy regulator, the Israeli Law, Information and Technology
Authority (ILITA). Companies that didn’t
implement measures when the voluntary guidelines were issued, including data
breach notification, will have difficulty coming into compliance when the new
regulations take full effect in 12 months, lawyers said.
Read more on Bloomberg BNA.
Just keeps growing the job market for my Computer Security
students.
1.4 Billion Records Compromised in 2016: Report
Nearly 1.4 billion records
were compromised in 2016 as a result of roughly 1,800 data breaches, according
to Gemalto’s latest Breach Level Index report.
The company said the number of compromised records
increased by 86 percent compared to the previous
year. The report also shows
that more than 1,000 incidents, or 59 percent of the total, involved theft of
identity information, while nearly 30 percent involved financial and account
data.
Data collected by Gemalto shows that 68 percent of data
breaches were the work of malicious external hackers, while 19 percent of
incidents were classified as accidental leaks. Malicious insiders accounted for 9 percent of
breaches.
For a full summary of data breach incidents by industry,
source, type and geographic region, download the 2016
Breach Level Index Report
Download the infographic here.
Can we wait for AI to learn on the job?
It doesn’t take a tremendous amount of training to begin a
job as a cashier at McDonald’s. Even on
their first day, most new cashiers are good enough. And they improve as they serve more customers
… We don’t often
think of it, but the same is true of commercial airline pilots.
… The difference
between cashiers and pilots in what constitutes “good enough” is based on
tolerance for error. Obviously, our
tolerance is much lower for pilots.
… The same is true
of machines that learn.
Artificial intelligence (AI) applications are based on generating predictions. Unlike traditionally programmed computer
algorithms, designed to take data and follow a specified path to produce an
outcome, machine learning, the most common approach to AI these days, involves
algorithms evolving through various learning processes. A machine is given data, including outcomes,
it finds associations, and then, based on those associations, it takes new data
it has never seen before and predicts an outcome.
A resource for Privacy, Ethics, and Artificial
Intelligence.
European Data Protection Supervisor – New Website
by Sabrina
I. Pacifici on Mar 28, 2017
“Our website has undergone quite a makeover!
With new features and drop down menus,
we present you our new look website to share information about who we are and
what we do. Read how the EDPS is
organised under the About EDPS section; for detailed information on our data
protection work, Ethics, IPEN, Big Data and more, go to our Data Protection
section. Look in our Press &
Publications section for our newsletter, blog, press releases, press kit and
speeches. Happy browsing!”
I’d really like to see a full accounting of this. As I understand it, employees created fake
accounts and got paid for each one. Then
they cancelled the fake accounts, costing Wells Fargo again. It seems there was no income to match against
all this outgo. Now they have to pay
fines and settle lawsuits. A good
auditing department would have been far cheaper.
Wells Fargo Reaches $110 Million Fake Accounts Settlement
Wells Fargo & Co. reached a $110 million
settlement with customers nationwide over claims its employees set up
fraudulent accounts to boost their own pay, a deal that moves the bank another
step toward closing the books on last year’s scandal.
Revelations that Wells Fargo employees may have opened
more than 2 million deposit and credit-card accounts without customers’
permission has prompted sweeping changes at the San Francisco-based lender. The bank eliminated a system of sales targets
that regulators said encouraged workers to create fake accounts. It also fired or demoted five people who had
served as senior managers in the consumer business.
Wells Fargo agreed six months ago to pay $185 million in
fines and penalties as part of a settlement with federal regulators and the Los
Angeles city attorney’s office.
Broader implications for ISPs?
… According to the
RIAA, Cloudflare should stop offering its services to all MP3Skull websites,
arguing that the CDN provider was “in active concert or participation” with the
pirates.
Cloudflare disagreed and countered that the DMCA protects
it from liability for the copyright infringements of its customers, limiting
the scope of anti-piracy injunctions.
… After hearing
the arguments from both sides, the court has now ruled against Cloudflare’s
DMCA defense, opening the door for an injunction against the CDN provider
itself.
Should I assume these are the Brits who did not vote to
leave the EU?
Estonia e-residency applications from U.K. surge as Britain
prepares to trigger Brexit talks
If there’s a silver lining to the looming start of the
contentious Brexit process, it can be found in the Eastern European country of
Estonia.
The country, which two years ago launched
a program to allow anyone to apply for digital residency, said this week that
it has seen a surge of applications from people living in the U.K. over the
past several months. And it’s expecting
that pace to accelerate again, with the U.K. government expected on
Wednesday to announce it has taken the steps to officially trigger the start of
talks for it withdraw from the European Union.
For my Spreadsheet students.
Calculating the right amount of tax is important. It can
also be difficult. With that in mind,
I’ve tracked down two Excel tax calculators to ensure you don’t miss a single
penny.
I’ve made every effort to ensure these tax calculators
work as they should — and they do — but your taxes are your responsibility. We’re just helping you on the way.
For the toolkit.
Install it on your thumb drive.
… occasionally you
find an app so ordinary that it feels lost among the crowd of shiny new tools. But give AutoSaver a chance to impress you because it’s
all about that everyday productivity.
… AutoSaver
automatically saves your work in any file or tool you’re using according
to a pre-set interval (minimum is one minute).
There
are two other good things about this app:
- It’s a tiny freeware download of 21 KB.
- It’s a portable app that you don’t need to install.
This is why Wally is my role model.
No comments:
Post a Comment