Social engineering works best on employees who have never heard the
term.
Toyota
Subsidiary Loses $37 Million Due to BEC Scam
… By now, BEC
attacks are common all over the world, and are used
primarily to target finance and accounting departments. In this
case, the BEC scam was simple: a third-party hacker posing as a
business partner of the Toyota subsidiary sent emails to members of
the finance and accounting department, requesting that funds be sent
for payment into a specific bank account controlled by the hacker.
… According to
Colin Bastable, CEO of Lucy Security, Toyota should have been on the
lookout for just such a scam: “This is the third acknowledged
attack on Toyota this year – Australia in February, Japan in March
and now the Zavantem, Belgium European HQ of Toyota Boshoku. Once is
happenstance, twice is co-incidence but three attacks looks like
enemy action.” In fact, says Bastable, “It’s reasonable to
assume that Toyota’s global infrastructure has been compromised to
some extent.
Cheaper than recovery
from zero, but insurance is clearly a positive indicator for hackers.
Stratford
cyberattack costs $75K in bitcoin
The city of Stratford
agreed to pay an attacker more than $75,000 worth of Bitcoin in
exchange for decryption keys to unlock its information systems
following an April cyber attack.
… The city said it
has submitted a cyber insurance claim, which should foot most of the
bill. The city's deductible is $15,000.
The cyber attack
happened on April 14, after an attacker installed malware on six
physical servers and two virtual ones. The city didn't return to
normal business operations until April 29.
… The city said it
has since beefed up its security measures to prevent another attack
from happening. [A very
common reaction. Bob]
Good rules are
enforceable. Not so good rules are wishes.
5
simple rules to make AI a force for good
1.
CREATE AN FDA FOR ALGORITHMS
2.
OPEN UP THE BLACK BOX OF AI FOR ALL TO SEE
3.
VALUE HUMAN WISDOM OVER AI WIZARDRY
4.
MAKE PRIVACY THE DEFAULT
5.
COMPETE BY PROMOTING, NOT INFRINGING, CIVIL RIGHTS
Perspective. What can
we copy?
How
the Air Force has reorganized its cyber staff
The
service announced Sept. 18 a new information warfare focused
organization called 16th
Air Force that
combines cyber, intelligence,
surveillance and reconnaissance,
electronic warfare and information operations.
The
Air Force also recently
rebranded its main communications arm essentially
separating traditional IT functions from cyber warfare under the
deputy chief of staff for ISR.
… While
the service had previously previewed
the document prior
to its official publication, Jamieson provided additional details of
the plan. The document itself is classified, but the Air Force
passed out an unclassified version that fit on a single tri-fold
pamphlet.
The
strategy lays out seven areas the service wants to pursue, including:
- Human capital, meaning the Air Force has to be able to recruit, retain and develop talent in the cyber domain
- Offensive cyber operations
- Defensive cyber operations
- War fighter communications, which includes building a global and resilient command and control grid
- Emerging technology
- ISR for and from cyber operations
- Partnerships
Nothing new beyond
journalist taking note.
Silicon
Valley is terrified of California’s privacy law. Good.
In
a little over three months, California will see the widest-sweeping
state-wide changes to its privacy law in years. California’s
Consumer Privacy Act (CCPA) kicks in on
January 1 and
rolls out sweeping new privacy benefits to the state’s 40 million
residents — and every tech company in Silicon Valley.
California’s
law is similar
to Europe’s GDPR.
It grants
state
consumers a right to know what information companies have on them, a
right to have that information deleted and the right to opt-out of
the sale of that information.
No comments:
Post a Comment