A
friend once told me that the fastest way to get rich would be to
invent a new sin. New hacking techniques work kind of like that.
New
Experian Data Breach Trends Report Highlights New Risks For 2020
With
every passing year, hackers are becoming more sophisticated not just
in the technologies that they use to carry out their attacks, but
also in ways that they spot potential new attack surfaces. That’s
one of the big takeaway trends from Experian’s seventh annual “Data
Breach Industry Forecast 2020,”
which outlines five key data breach trends to keep an eye on over the
next 12 months.
At
the top of the list of new trends is text-based “smishing”
attacks, in which nefarious hackers use SMS text messages to carry
out phishing attacks against unsuspecting users.
Another
trend cited in the Experian data breach trends report, for example,
is the “hacker in the sky” attack involving drones.
some
cybercriminals are experimenting with so-called “deepfake”
technology (a term coined in Reddit online forums in 2017), in which
artificial intelligence (AI) algorithms are used to create false
identities.
An
example of “undue reliance?” Imagine a ransomware attack where
client contact information was blocked…
In
Weekend Outage, Diabetes Monitors Fail to Send Crucial Alerts
For
many parents of children with diabetes, the Dexcom G6 continuous
glucose monitor is a lifesaver. The device tracks their children’s
glucose levels and sends them an alert when their blood sugar climbs
too high or falls too low, allowing them to take quick action to
correct it.
But
around midnight on Friday, Dexcom suffered a mysterious service
outage, leaving thousands of people who rely on the device for
critical information in the dark. Many parents who woke up on
Saturday morning and learned about the outage hours after it began
had to scramble to make sure their children were safe. The affected
service, Dexcom Follow, had been partly restored by Monday morning, a
company spokesman said.
This
may be in the future.
US
Government Will Welcome Ethical Hackers
… According
to the Department of Homeland Security’s Cybersecurity
and Infrastructure Agency (CISA),
the US federal government hasn’t been gracious when presented with
these voluntary reports. Some agencies ignore them, while some
publish officious language on their sites threatening legal action if
anyone tinkers with their systems. That isn’t helpful behaviour,
it says. Now, it wants to change all that.
The
Agency has published a proposed
directive
forcing
agencies to play nicely with voluntary bug reporters. Under the
draft rules, federal agencies would have to provide and monitor clear
channels (an email or web form) through which people could report
security flaws. They would also have to respond and keep researchers
updated on efforts to fix the bugs.
The
rules go beyond basic courtesy, though. Agencies could no longer
publish threatening language discouraging bug hunters. Neither could
they forbid hackers from publishing the bugs after waiting for an
acceptable period.
Because
the US Passport photo won’t serve?
From
Papers, Please!
Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:
To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].
Read
more on Papers,
Please!
“Been
there, screwed that up too.”
If
You’re Reading This Now It’s (Almost) Too Late (and Other GDPR
Lessons)
January
1, 2020 is a landmark day for data privacy in the United States.
It’s the day the biggest state in the union, indeed, the sixth
biggest economy in the entire world, California, will enact its own
piece of privacy-focused regulation, the California Consumer Privacy
Act (or CCPA).
… I
want to address some of the most pervasive in hopes that they’ll
bolster readers’ cases when lobbying their colleagues to get
serious about the CCPA. Because after going through this before with
the GDPR, I feel secure in saying it will represent a significant
challenge for many businesses.
First,
the six month “grace period” from January to July 2020 does not
actually mean that companies can wait until July to ensure they’re
compliant. It does not apply to the private right of action that
consumers can exercise (with a value of up to $750 per consumer per
breach incident). And the California Attorney General will be able to
prosecute retroactively for companies who were in violation during
the first six months – it’s true that the AG is likely to skew
lenient during this period, but there’s nothing to stop them from
taking a hard line if they see a case of gross negligence.
… A
common refrain I hear is “we just did this with the GDPR, so we
don’t need to go back and do it all over again.”
This
is often not true; it’s possible that a business, in preparing for
GDPR, overspec’d so much that they unwittingly attained CCPA
compliance. It’s much more likely that they did enough to scrape
by GDPR, and, for example, dealt only with their European data. Most
legacy businesses with a large footprint aren’t holding European
and US customer data together. Even if they are, there are important
aspects in which the CCPA is even more stringent than the GDPR –
for example, regarding the Right to Equal Service and Prices.
… Lastly,
there’s the dangerous argument that a given business isn’t large
or visible enough to incur regulatory wrath – that if you’re not
a FAANG company the risk of privacy non-compliance is theoretical
rather than practical. A simple look at the GDPR numbers
demonstrates this is false. Enforcement started slow but has picked
up significantly in 2019, as regulatory authorities found their
footing. A running tracker hosted by CMS Law currently shows 86
different entities have been fined under GDPR, ranging from the
world’s biggest companies to small merchants to the mayor of a
small Belgian town.
Privacy
for Twits? Interesting that what CCPA allows may be a violation of
GDPR.
Twitter
makes global changes to comply with privacy laws
Twitter
Inc is updating its global privacy policy to give users more
information about what data advertisers might receive and is
launching a site to provide clarity on its data protection efforts,
the company said on Monday.
… Twitter
also announced on Monday that it is moving the accounts of users
outside of the United States and European Union which were previously
contracted by Twitter International Company in Dublin, Ireland, to
the San Francisco-based Twitter Inc.
The
company said this move would allow it the flexibility to test
different settings and controls with these users, such as additional
opt-in or opt-out privacy preferences, that would likely be
restricted by the General Data Protection Regulation (GDPR), Europe’s
landmark digital privacy law.
“We
want to be able to experiment without immediately running afoul of
the GDPR provisions
… Twitter’s
new privacy site, dubbed the ‘Twitter Privacy Center’ is part of
the company’s efforts to showcase its work on data protection and
will also give users another route to access and download their data.
So
useful we may ignore the risks?
Amazon AI
generates medical records from patient-doctor conversations
The
company says its new software can understand medical jargon and
automatically punctuate text.
Amazon believes its latest Web Services tool will
help doctors spend more time with their patients. The tool, called
Amazon
Transcribe Medical, allows doctors to easily transcribe patient
conversations and add those interactions to someone's medical records
with the help of deep learning software.
… For Amazon, Transcribe Medical is just the
company's latest foray into the lucrative healthcare industry.
Earlier this year, the company announced Amazon
Care, a service that allows employees to take advantage of
virtual doctor consultations and in-home follow-ups. Moving forward,
the issue Amazon is likely to face as it tries to convince both
doctors and their patients to use Transcribe Medical is -- as always
-- related to privacy.
Wood told CNBC
the tool is fully compliant with the federal government's
Health
Insurance Portability and Accountability Act (HIPAA).
Amazon, however, will likely have to go above and beyond the
requirements of the law to satisfy privacy critics. HIPAA doesn't
provide detailed guidance on how healthcare companies should secure
digital patient medical records and hasn't been updated since 2013.
The urgent need for updated legislation was highlighted earlier this
year when a ProPublica
report found that the records of some 5 million
patients in the US were easily accessible with free software. The
company will need to be specific about how any data will be used, and
who has access to it.
One possible view.
The Ethical
Threat of Artificial Intelligence in Practice
How
do clinicians set rules that allow professionals "to make good
use of technology to find patterns in complex data" but also
"stop companies from extracting unethical value from those
data?" asked Raymond Geis, MD.
Geis,
from the American College of Radiology (ACR) Data Science Institute,
is one of the authors of a joint
statement that
addresses the potential for the unethical use of data, the bias
inherent in datasets, and the limits of algorithmic learning, and was
the moderator of a session on the topic at the Radiological Society
of North America (RSNA) 2019 Annual Meeting in Chicago.
1 comment:
Vigora 50mg Tablet MD is a phosphodiesterase-5 inhibitor. This tablet contains sildenafil 50 mg as a functioning fixing. It works by loosening up the blood vessels in your penis, in this way expanding blood flow into the penis on sexual incitement. This assists with accomplishing and keep a hard, erect penis reasonable for sexual action.
Post a Comment