I’ve heard of forensic investigations but never one claiming
psychic powers.
Phishing
scheme gains entry to Oregon Judicial Department emails
A phishing scheme succeeded in breaking into the
email accounts of five Oregon Judicial Department employees, exposing
personal information of more than 6,000 people.
A
forensic team determined that none of the information has been used
in an inappropriate way so far.
… Lemman said originally a private lawyer had
their email account hacked. The hackers gained access to the
lawyer’s address book, and sent an email to workers in the state
court system. That effort gained entry to a Washington County
Circuit Court administrative staffer’s account. The email was then
sent to Judicial Department staff, and five employees took the bait.
Lemman said he didn’t
know if they clicked a link, [Ask!
Bob] but said the five entered their usernames and
passwords, which hackers were able to access.
… Some of the information deemed “private”
by law is also public record, like arrest rosters, he said.
The attackers did not gain access to any of the
department’s internal systems. [Except
email? Bob]
I
bet there was a procedure that did not get followed.
https://blog.knowbe4.com/ai-used-for-social-engineering.-fraudsters-mimic-ceos-voice-in-unusual-cybercrime-case-wsj
AI Used For
Social Engineering. Fraudsters Mimic CEO’s Voice in Unusual
Cybercrime Case
Catherine
Stupp at the Wall Street Journal reported
on
something we have predicted
would
happen in this blog. The article started out with:
"Criminals
used artificial intelligence-based software to impersonate a chief
executive’s voice and demand a fraudulent transfer of €220,000
($243,000) in March in what cybercrime experts described as an
unusual case of artificial intelligence being used in hacking.
"The
CEO of a U.K.-based energy firm thought he was speaking on the phone
with his boss, the chief executive of the firm’s German parent
company, who asked him to send the funds to a Hungarian supplier.
The caller said the request was urgent, directing the executive to
pay within an hour, according to the company’s insurance firm,
Euler Hermes Group SA. Euler Hermes declined to name the victim
companies.
Will
this type of response become common?
Why
Hong Kongers Are Toppling Lampposts
The
most successful surveillance devices are unobtrusive by nature, which
means spotting them is difficult and engaging with them directly can
be surreal.
… The Chinese government is notorious
for its sophisticated surveillance
apparatus, and evading it requires equally
sophisticated tactics. Protesters have been hiding their faces with
surgical masks and umbrellas, using burner cellphones, and paying for
transit in cash. And, for the past month, they’ve also been
cutting
down lampposts with electric saws.
For
my Security Compliance class.
Google, Medical Center Ask Court to Dismiss Privacy Lawsuit
Google and the University of Chicago Medical
Center have filed motions to dismiss a class action lawsuit that
alleges patients' electronic health records were not properly
de-identified by the hospital before they were shared with Google to
support the company's predictive medical data analytics technology
development efforts.
… The
lawsuit
filed
in an Illinois federal court in June by a former medical center
patient notes that HIPAA requires that data shared for research
purposes must
be de-identified by one of two methods. Those methods include the
"expert
determination" method
to determine if risk of de-identification is small and the "safe
harbor" method,
which involves removing a long list of identifiers.
The
lawsuit alleges that while the medical center claims it de-identified
patient records shared with Google, the
data included date stamps of when patients checked in and out of the
hospital, as well as "copious free-text notes."
As
a result, the lawsuit contends, through Google's "prolific data
mining ... [the company] is uniquely able to determine the identity
of almost every medical record released by the university."
… Legal
experts are weighing in on the dispute, seeing merits in the
arguments on both sides.
No comments:
Post a Comment