Forward
to your Computer Security team. Registration required.
Evolving
Tactics, Techniques, and Procedures in the Ransomware Landscape
… According
to a report from Group-IB, Remote Desktop Protocol (RDP) was the
common point of intrusion for ransomware in 2019. Vulnerable Windows
RDP ports were abused in 70-80% of all ransomware attacks in 2019 to
gain an initial foothold.
… The
report also
highlighted
that
exploit kits, external remote services, spear-phishing attachments,
and valid accounts are other attack techniques used by ransomware
operators to gain access to victims’ computers.
More
advanced ransomware actors rely on supply-chain compromise,
exploiting unpatched vulnerabilities in public-facing applications,
and compromising managed service providers (MSPs) to obtain access to
valuable targets.
For
anyone dealing with risk.
CISA
Releases New Cyber Essentials Toolkit
As
a follow-up to the November 2019 release of Cyber Essentials, the
Cybersecurity and Infrastructure Security Agency (CISA) released the
first in a series of six
Cyber Essentials Toolkits. This is a starting point for small
businesses and government agencies to understand and address
cybersecurity risk as they do other risks. CISA’s toolkits will
provide greater detail, insight and resources on each of the Cyber
Essentials’ six “Essential Elements” of a Culture of Cyber
Readiness.
Today’s
launch highlights the first “Essential Element: Yourself, The
Leader” and will be followed each month by a new toolkit to
correspond with each of the six “Essential Elements.” Toolkit 1
focuses on the role of leadership in forging a culture of cyber
readiness in their organization with an emphasis on strategy and
investment.
On
the face of it...
Facial
Recognition Challenged by French Administrative Court
In
a decision
(French
only) dated 27 February 2020, the French Administrative Court of
Marseille invalidated the deliberation of the Provence-Alpes-Côte
d’Azur Regional
Council which allowed to set up, on an experimental basis, a facial
recognition mechanism in two high schools in order to (i) better
control and speed up entry of students into the high schools and (ii)
control access to premises of occasional visitors.
This
decision is important as this is the first
administrative court decision in France about facial recognition.
Since the GDPR entered into force, it is also the first French
administrative court decision relating to data protection not
based on a deliberation issued by the French Data Protection
Authority (CNIL),
which was already quite uncommon before GDPR’s entry into force.
Would
we recognize free speech if we saw it?
Twitter
and Reddit File Legal Brief Opposing Trump Admin’s Social Media
Registration Requirement
Two
of the country’s largest online communities backed a legal
challenge to the Trump administration’s rule requiring nearly all
U.S. visa applicants to register all of their social media handles
and usernames with the federal government, claiming that the
requirement violates the First Amendment of the U.S. Constitution.
In
an amicus brief submitted Thursday in the U.S. District Court for the
District of Columbia, Twitter, Reddit and the Internet Association
threw their support behind a lawsuit filed against the U.S. State
Department by the Knight First Amendment Institute, the Brennan
Center for Justice, and Simpson Thacher & Bartlett LLP on behalf
of Doc Society and International Documentary Association, two
documentary film organizations.
The
rule at the center of the controversy, which went into effect last
year compels, more than 14 million annual U.S. visa applicants to
disclose all social media handles that they’ve used on any of 20
platforms – including Twitter and Reddit — in the last five
years.
According
to the platforms, depriving users of anonymity on these sites the
government would effectively be chilling their constitutionally
protected right to free speech.
Should
I argue with Harvard?
Law
profs: 'China was largely right' on internet 'speech control'
The
Atlantic article
from
Harvard Law School professor Jack
Goldsmith and
University of Arizona law professor Andrew
Keane Woods comes
during a time when U.S. students are more
likely to
view China favorably, even as Chinese
infiltration of
America deepens. The piece, titled, "Internet Speech Will Never
Go Back to Normal," includes the subtitle, "In the debate
over freedom versus control of the global network, China was largely
correct, and the U.S. was wrong."
… Significant
monitoring and speech control are inevitable components of
a mature and flourishing internet, and governments must play a large
role in these practices to ensure that the internet is compatible
with a society’s norms and values," the professors write.
[Just like we do with
newspapers? Bob]
Perspective.
The
Problem with Heroes
For
any leader, the ongoing presence of heroes is both a cause for
celebration and a reason for deep concern, because it indicates a
failure of the wider system, writes Wharton adjunct professor of
management Gregory
P. Shea in
this opinion piece.
Most
of my international students are from countries south and east of Europe.
FPF
Releases New Report on GDPR Guidance for US Higher Education
Institutions
Today,
FPF released The
General Data Protection Regulation: Analysis and Guidance for US
Higher Education Institutions by
Senior Counsel Dr. Gabriela Zanfir-Fortuna. The new report contains
analysis and guidance to assist United States-based higher education
institutions and their edtech service providers in assessing their
compliance with the European Union’s General Data Protection
Regulation (GDPR).
