Saturday, May 30, 2020


Forward to your Computer Security team. Registration required.
Evolving Tactics, Techniques, and Procedures in the Ransomware Landscape
According to a report from Group-IB, Remote Desktop Protocol (RDP) was the common point of intrusion for ransomware in 2019. Vulnerable Windows RDP ports were abused in 70-80% of all ransomware attacks in 2019 to gain an initial foothold.
The report also highlighted that exploit kits, external remote services, spear-phishing attachments, and valid accounts are other attack techniques used by ransomware operators to gain access to victims’ computers.
More advanced ransomware actors rely on supply-chain compromise, exploiting unpatched vulnerabilities in public-facing applications, and compromising managed service providers (MSPs) to obtain access to valuable targets.




For anyone dealing with risk.
CISA Releases New Cyber Essentials Toolkit
As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits. This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness.
Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.




On the face of it...
Facial Recognition Challenged by French Administrative Court
In a decision (French only) dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up, on an experimental basis, a facial recognition mechanism in two high schools in order to (i) better control and speed up entry of students into the high schools and (ii) control access to premises of occasional visitors.
This decision is important as this is the first administrative court decision in France about facial recognition. Since the GDPR entered into force, it is also the first French administrative court decision relating to data protection not based on a deliberation issued by the French Data Protection Authority (CNIL), which was already quite uncommon before GDPR’s entry into force.




Would we recognize free speech if we saw it?
Twitter and Reddit File Legal Brief Opposing Trump Admin’s Social Media Registration Requirement
Two of the country’s largest online communities backed a legal challenge to the Trump administration’s rule requiring nearly all U.S. visa applicants to register all of their social media handles and usernames with the federal government, claiming that the requirement violates the First Amendment of the U.S. Constitution.
In an amicus brief submitted Thursday in the U.S. District Court for the District of Columbia, Twitter, Reddit and the Internet Association threw their support behind a lawsuit filed against the U.S. State Department by the Knight First Amendment Institute, the Brennan Center for Justice, and Simpson Thacher & Bartlett LLP on behalf of Doc Society and International Documentary Association, two documentary film organizations.
The rule at the center of the controversy, which went into effect last year compels, more than 14 million annual U.S. visa applicants to disclose all social media handles that they’ve used on any of 20 platforms – including Twitter and Reddit — in the last five years.
According to the platforms, depriving users of anonymity on these sites the government would effectively be chilling their constitutionally protected right to free speech.




Should I argue with Harvard?
Law profs: 'China was largely right' on internet 'speech control'
The Atlantic article from Harvard Law School professor Jack Goldsmith and University of Arizona law professor Andrew Keane Woods comes during a time when U.S. students are more likely to view China favorably, even as Chinese infiltration of America deepens. The piece, titled, "Internet Speech Will Never Go Back to Normal," includes the subtitle, "In the debate over freedom versus control of the global network, China was largely correct, and the U.S. was wrong."
Significant monitoring and speech control are inevitable components of a mature and flourishing internet, and governments must play a large role in these practices to ensure that the internet is compatible with a society’s norms and values," the professors write. [Just like we do with newspapers? Bob]




Perspective.
The Problem with Heroes
For any leader, the ongoing presence of heroes is both a cause for celebration and a reason for deep concern, because it indicates a failure of the wider system, writes Wharton adjunct professor of management Gregory P. Shea in this opinion piece.




Most of my international students are from countries south and east of Europe.
FPF Releases New Report on GDPR Guidance for US Higher Education Institutions
Today, FPF released The General Data Protection Regulation: Analysis and Guidance for US Higher Education Institutions by Senior Counsel Dr. Gabriela Zanfir-Fortuna. The new report contains analysis and guidance to assist United States-based higher education institutions and their edtech service providers in assessing their compliance with the European Union’s General Data Protection Regulation (GDPR).



No comments: