Saturday, December 08, 2018

Maybe if this warning had come a bit earlier…
North Korea-linked Hackers Target Academic Institutions
A threat group possibly originating from North Korea has been targeting academic institutions since at least May of this year, NetScout’s security researchers reveal.
… The actors behind the attack, however, displayed poor OPSEC, which allowed the researchers to find open web browsers in Korean, English-to-Korean translators, and keyboards switched to Korean.
… Remote Desktop Protocol (RDP) was also used to ensure continuous access. However, because there is no evidence of data theft, the motivation behind the attacks is largely uncertain.


(Related)
Laura Krantz reports:
Hackers stole more than $800,000 from Cape Cod Community College last week when they infiltrated the school’s bank accounts, the school notified its employees Friday.
Several computers in the school’s Nickerson Administration Building were hacked by a phishing scheme that used malware to obtain access to the school’s accounts, according to an e-mail from the school president, John Cox, sent Friday afternoon to school faculty and staff.
Read more on Boston Globe.
[From the article:
The college has replaced all infected hard drives, [Not a normal procedure, were they unable to remove (delete) the malware? Bob] according to the president’s e-mail. It will conduct more cybersecurity training for faculty, staff, and students. Stone, the school spokesman, said the college plans to invest in more sophisticated software to prevent attacks in the future.




I’m guessing that it was either create a procedure like this or Marriott would have to replace them all.
Identity stolen because of the Marriott breach? Come and claim your new passport
… The company on Friday confirmed to The Register that customers who fall victim to fraud as a result of forged passports will be eligible to claim a replacement passport at Marriott's expense.
"As it relates to passports and potential fraud, we are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident," a spokesperson told El Reg.
"If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport."




For my lectures on cryptography…
Back Issues of the NSA's Cryptolog
Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course.
What's new is a nice user interface for the issues, noting highlights and levels of redaction.




A million here, a million there, pretty soon we’re talking real money! Do you suppose this is coming out of someone’s bonus?
Alex Hern reports:
Facebook has been fined €10m (£8.9m) by Italian authorities for misleading users over its data practices.
The two fines issued by Italy’s competition watchdog are some of the largest levied against the social media company for data misuse, dwarfing the £500,000 fine levied by the British Information Commissioner’s Office in September – the maximum that body is able to issue.
The Italian regulator found that Facebook had breached articles 21, 22, 24 and 25 of the country’s consumer code …..
Read more on The Guardian.




Privacy as the Chinese see it.
Barbara Li and Bohua Yao report:
On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments.
Even though, upon reaching final form and taking effect, the Guideline will not be a mandatory regulation, it nonetheless has a key implementing role in relation to the PRC Cyber Security Law (the “CSL”) and the Administrative Measures for the Multi-Level Protection of Information Security (the “Multi-Level Protection Measures”) in respect of protecting information systems and personal information in China.
Read more on Norton Rose Fulbright Data Protection Report.




Are we ready for this future?
Amazon, AI and Medical Records: Do the Benefits Outweigh the Risks?
Last month, Amazon unveiled a service based on AI and machine-learning technology that could comb through patient medical records and extract valuable insights. It was seen as a game changer that could alleviate the administrative burden of doctors, introduce new treatments, empower patients and potentially lower health care costs. But it also carries risks to patient data privacy that calls for appropriate regulation, according to Wharton and other experts.


No comments: