Friday, July 12, 2019


Coming soon to a college near me?
Hackers target Monroe College with ransomware, demand $2 million in bitcoin
Monroe College is “under cyberattack” by hackers who demanded approximately $2 million in bitcoin, police and school officials said Thursday.
The school’s computer programs were hacked around 6:45 a.m. Wednesday by a group that got in through ransomware and halted the system, cops said.
The hackers sent a message demanding that the university, which has a location on Jerome Avenue in Kingsbridge Heights, send 170 bitcoin — the equivalent of $2 million — in order to have its system restored.
Read more on the New York Post.




There should be an easy-to-follow procedure for building a database…
K12 Inc. Data Breach Opens Doors to Students' Personal Information
A K12 Inc. company database that included information for 19,000 students was available for anyone with an internet connection to see for at least a week, according to a report from Comparitech, which describes itself as a pro-consumer organization that offers security services.
It's not clear that anyone with ill intentions accessed the information during the data exposure, which lasted from June 23 until July 1.




Worth noting.
Incident Response is Changing, Here’s Why and How
Every year Ponemon reports on the relationship between how quickly an organization can identify and contain a breach and the financial consequences. The 2018 Ponemon Cost of a Data Breach Study found that the average total cost of a data breach has now reached $3.86 million and the chance of recurrence is 28%. Mean times to identify and contain have continued to creep up and are now at 197 days and 69 days respectively. To reverse these trends and better protect themselves from future attacks, organizations need to shift from a reactive approach to incident response to a proactive incident readiness mindset.
Fortunately, organizations are recognizing this and taking action. Nearly half of the respondents to the Cisco 2019 CISO Benchmark Study say they are focusing on time to remediate as a key indicator to measure their security posture, up from 30% last year.




Good on them, but I doubt they will keep their pledge.
U.S. Mayors Pledge Not to Give in to Ransomware Demands
The United States Conference of Mayors has promised that its members will “stand united” against paying ransoms in case their systems are hit by ransomware.
The organization represents over 1,400 mayors from U.S. cities with a population of at least 30,000. At its 87th annual meeting, members adopted many resolutions, including a couple on cybersecurity. One of them is related to ransomware attacks targeted at local governments.
The Conference of Mayors has admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only “encourages continued attacks on other government systems, as perpetrators financially benefit.”
In an effort to disincentivize these attacks, the organization’s members have vowed not to pay ransoms in the event of a cyberattack.
The mayors have also urged Congress to pass the State Cyber Resiliency Act, which would provide grants to state and local governments to help support the development and implementation of cyber resiliency plans.




Dilbert explains the role of a Computer Security manager.




Let’s see how well this works.
Facebook Will Now Show You How To Opt Out Of Targeted Ads
The new tool tells you how an ad was targeted and which third-party agency or data broker was used. It also links to pages to opt out.




GDPR requires you to protect paper too.
Just days after proudly announcing its first fine under the GDPR, the Romanian Data Protection Authority has done it again: World Trade Center Bucharest S.A. must pay 15,000 euro for breaching the provisions of Art. 32 para. (4) GDPR corroborated with Art. 32 paras. (1) and (2) GDPR.
What happened: according to the official statement posted on the website of the Romanian Authority, a paper-printed list, used in order to check the clients who were having breakfast at the hotel owned by the controller, was photographed by persons outside the company and subsequently published online, thus leading to a data breach which affected 46 persons.


(Related) Is they is or is they ain’t covered?
German Supervisory Authorities Issue Guidance on Data Subject Rights
On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to verify the identity of data subjects exercising their data protection rights under the GDPR. The guidance is directed at public bodies, but is also helpful for private entities.
According to the guidance, the controller may only request the provision of additional information if it has “reasonable doubts” about the data subject’s identity.




The US has no strategy. No surprise there. The full report (PDF) is 188 pages.
New Report on the Regulation of Artificial Intelligence
Everybody seems to be talking about artificial intelligence (AI). Some people laud its possibilities, whereas others envisage nightmare scenarios where robots take over. But what is AI exactly and how are countries dealing with it? The Oxford Dictionary defines AI as “the theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.” In a recently published report, “Regulation of Artificial Intelligence,” the Law Library of Congress looks at the emerging regulatory and policy landscape surrounding AI, including guidelines, ethics codes, and actions by and statements from governments and their agencies, in jurisdictions around the world. An international part deals with approaches that United Nations agencies and regional organizations have taken towards AI. The country surveys look at various legal issues, including data protection and privacy, transparency, human oversight, surveillance, public administration and services, autonomous vehicles, and lethal autonomous weapons systems (LAWS). However, the most advanced regulations were found in the area of autonomous vehicles, in particular for the testing of such vehicles. The report includes three maps on national AI strategies, a country’s position on LAWS, and the testing of autonomous vehicles. As the regulation of AI is still in its early stages and constantly evolving, this report offers a snapshot of the legal situation at the time the report was written (January 2019). Updates will be provided on the Global Legal Monitor (GLM) website..”




More and bigger (faster) computers. What else is new?
Facebook VP: AI has a compute dependency problem
Examples of systems less reliant on compute for innovative breakthroughs include Pluribus, an AI system developed by Facebook AI Research and Carnegie Mellon University and introduced today, that can take on world-class poker players. In an article in Science, researchers said Pluribus only required $150 in cloud computing to train.
The end of Moore’s Law means the compute needed to create the most advanced AI is going up.
In fact, Pesenti cited an OpenAI analysi that found the compute necessary to create state-of-the-art systems has gone up 10 times each year since 2012.
He believes bias typically comes from data sets, rather than the creators of AI systems. [Should we train AI to recognize biased datasets? (Hint: Hell yes!)]




We haven’t figured it out yet.
Asia’s AI agenda: The ethics of AI
… This report, the fourth in our “Asia’s AI agenda” series, combines an Asia-wide executive survey with expert interviews from industry, government, and academia, and takes the pulse of public and private actors in the AI ethics debate in the region.
Here are the key findings of the report:
  • AI will be a major growth driver for Asia in the coming decade.
  • Biases within AI tools are potentially dangerous for Asia—but biases about AI’s use in Asia could be even more so.
  • Asian governments are building institutional capacity and frameworks to increase AI governance—but have yet to develop regulations.
  • Asian respondents are engaged in AI ethics discussions and see a constructive role for governments.
  • AI-driven unemployment narratives are counterbalanced by the potential to enhance and augment human work.
The first part of this series, “The ecosystem,” explores Asian governments’ plans for leadership in AI. The second, “AI for business,” examines how businesses are creating strategies for deploying the technology. The third, “AI and human capital,” looks at how executives in Asia Pacific are preparing for the automation of job roles.




It’s not a tariff! US probably will retaliate with a tariff. Can you name any French firm that takes in 25 million Euros in the US? (Napoleon made strange laws.)
France passes tax on tech giants despite US threats
… Any digital company with revenue of more than €750m ($850m; £670m) - of which at least €25m is generated in France - would be subject to the levy.
It will be retroactively applied from early 2019, and is expected to raise about €400m this year.




Perspective. How will this impact Facebook’s cryptocurrency?
Jamie Redman reports:
An IRS slideshow created by James Daniels, IRS-CI cyber crimes program manager, describes some concerning methods IRS agents should use to crack down on crypto-using tax evaders. The slide follows the IRS’ recently announcing tax guidelines on cryptocurrencies, which will contain rules about the tax treatment of digital assets and forks. Even though the new tax guidelines haven’t been issued to the public, IRS agents who enforce the tax laws have have had no problems prosecuting bitcoin users for tax evasion. Agent Daniels’ recently published slide gives a lot of detail on how agents should combat crypto tax evaders by using a variety of investigation methods. Within the 181-page document, there are thorough descriptions of what a cryptocurrency is and chronicled paragraphs on assets like ripple (XRP) and bitcoin cash (BCH). The report discusses a myriad of digital currencies including BTC, XMR, BCH, XLM, XRP, and LTC. Daniels’ descriptive study even calls certain hardware wallet users “fanboys.”
Read more on Activist Post.




Could explain a lot…
Compiling a Federal Legislative History: A Beginner’s Guide




Worth mentioning to my students.
YouTube is launching educational playlists that won’t include algorithmic recommendations
YouTube is introducing a new education feature called Learning Playlists that will offer dedicated landing pages for educational videos on a variety of topics, including math, science, music, and language. The playlists will have organizational features, like chapters around key concepts, ordered from beginner to advanced lessons. The pages will also be notably free from recommended videos, letting viewers focus on their lessons without distractions.



No comments: