For better phishing you need better bait.
This worm phishing campaign is a game-changer in password theft, account takeovers
… "The phishing emails were being sent as replies to genuine emails," the researcher explained. "Emails exchanged between our people and our suppliers, our customers, and even internally between colleagues."
This is how it worked: once one email account was compromised, the credentials for the account were sent to a remote bot. The bot would then sign into the account and analyze emails sent within the past several days.
"For each unique email chain it found, it replied to the most recent email with a link to a phishing page to capture credentials," Hays said. "The wording was generic enough to fit almost any scenario and the link to a 'document' didn't feel out of place."
All waiting for a command to go active?
These hackers have spent months hiding out in company networks undetected
A cyber-espionage campaign is using new malware to infiltrate targets around the world including organisations in media, finance, construction and engineering.
Detailed by cybersecurity company Symantec, the attacks against organisations in the US, Japan, Taiwan and China are being conduced with the aim of stealing information and have been linked to an espionage group known as Palmerworm – aka BlackTech – which has a history of campaigns going back to 2013.
A (very) little more detail.
https://krebsonsecurity.com/2020/09/whos-behind-mondays-14-state-911-outage/
Who’s Behind Monday’s 14-State 911 Outage?
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.
On the afternoon of Monday, Sept. 28, several states including Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania and Washington reported 911 outages in various cities and localities.
For your consideration (and planning?)
Microsoft: Some ransomware attacks take less than 45 minutes
… While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.
(Related) More on ransomware.
https://www.schneier.com/blog/archives/2020/09/negotiating-with-ransomware-gangs.html
Negotiating with Ransomware Gangs
Really interesting conversation with someone who negotiates with ransomware gangs:
Probably impossible to control…
EDPB Publishes Draft Guidelines on the Targeting of Social Media Users
On 7 September 2020, the European Data Protection Board (“EDPB”) adopted draft guidelines on the targeting of social media users (the “Guidelines”). The Guidelines aim to clarify the roles and responsibilities of social media providers and “targeters” with regard to the processing of personal data for the purposes of targeting social media users.
Targeting services allow natural or legal persons (i.e., targeters) to communicate specific messages to the users of social media in order to advance commercial, political or other interests. The Guidelines state that the mechanisms social media providers can use to target users, as well as the underlying processing activities, may pose significant risks to users, including loss of control over their personal data, discrimination and exclusion as a result of targeting on the basis of special categories of personal data, and manipulation through misinformation. The Guidelines also raise specific concerns in relation to children.
On the slippery slope? “We what everything and we’ll keep it forever.”
Collection and Use of Biometrics by U.S. Citizenship and Immigration Services
EFF – “On September 11, 2020, the Department of Homeland Security (DHS) announced its intention to significantly expand both the number of people required to submit biometrics during routine immigration applications and the types of biometrics that individuals must surrender. This new rule will apply to immigrants and U.S. citizens alike, and to people of all ages, including, for the first time, children under the age of 14. It would nearly double the number of people from whom DHS would collect biometrics each year, to more than six million. The biometrics DHS plans to collect include palm prints, voice prints, iris scans, facial imaging, and even DNA—which are far more invasive than DHS’s current biometric collection of fingerprints, photographs, and signatures. (For an incisive summary of the proposed changes, click here.)…”
(Related)
Privacy of biometric data in DHS hands in doubt, inspector general says
Dean DeChiaro reports:
An inspector general’s report is casting doubt on the Department of Homeland Security’s ability to protect its massive repository of personal data from hackers amid a push by the Trump administration to vastly expand its collection of biometrics through the use of facial recognition and other tools.
The report, released by the DHS inspector general’s office on Sept. 23, found that U.S. Customs and Border Protection failed to protect a collection of 184,000 facial images of cross-border travelers prior to a massive data breach last year. At least 19 of the images, which were collected through a pilot program at the Anzalduas Port of Entry in Texas, were later posted on the dark web.
Read more on Roll Call.
Perhaps a guide for future laws?
Early Results Indicate Half of CCPA Data Subject Requests Are Made to Stop Sale of Personal Information
The California Consumer Privacy Act (CCPA) went active at the start of 2020, and data from the first half of its first year indicates that state residents are primarily using it to opt out of the sale of personal information. Nearly 50% of data subject requests are made for that purpose, compared to 31% for data deletion and 21% for access to collected personal information.
Conducted by privacy management firm DataGrail, the Mid-Year CCPA Trends Report 2020 is meant to provide insights to organizations on patterns of data subject requests (DSRs) that they can expect under the new law.
An interesting podcast.
https://www.technologyreview.com/2020/09/29/1008933/how-ai-will-revolutionize-manufacturing/
How AI will revolutionize manufacturing
Ask Stefan Jockusch what a factory might look like in 10 or 20 years, and the answer might leave you at a crossroads between fascination and bewilderment. Jockusch is vice president for strategy at Siemens Digital Industries Software, which develops applications that simulate the conception, design, and manufacture of products like cell phones or smart watches. His vision of a smart factory is abuzz with “independent, moving” robots. But they don’t stop at making one or three or five things. No—this factory is “self-organizing.”
Free is good. (Also free webinars)
https://www.geospatialworld.net/news/2020-prepare-ai-conference-now-free-for-all/
2020 Prepare.ai Conference now free for all
3rd-Annual St. Louis-based AI & Tech Conference featuring nationally-known thought-leaders across multiple disciplines will now be free and open to all.
[Register here: https://prepare.ai/
It can’t hurt and may attract students who learn best this way.
https://www.govtech.com/civic/Comic-Book-Bridges-Gap-Around-Education-in-AI-Ethics.html
Comic Book Bridges Gap Around Education in AI, Ethics
The Data, Responsibly project, based out of New York University, has taken its research on responsible data management and expanded it to improve messaging around what it means to collect and use data ethically.
You can find this AI comic and future comics here.
For my researchers.
https://www.freetech4teachers.com/2020/09/internet-archive-scholar-academic.html
Internet Archive Scholar - An Academic Version of the Internet Archive
The Internet Archive warehouses all kinds of fantastic materials (and some not-so-fantastic) that can be useful to teachers and students. The trouble with it is the organization is a little clunky for research purposes. Even if you limit the scope of your search to webpages and text you can still spend a lot of time weeding out material that isn't academic in nature. That could be changing now that Internet Archive Scholar is on the horizon.
Internet Archive Scholar is a new project from the Internet Archive. It is focused on providing access to academic articles and journals from the 18th Century through today. Internet Archive Scholar is very new. It's so new that it's labeled as being "in alpha" and when you visit it there is a message warning you that there may be several bugs and that it has not been "officially announced." None-the-less, I gave it a try and made a video about it. Here's my video overview of Internet Archive Scholar.
As I mentioned in the video above, Internet Archive Scholar has the potential to be a good alternative and or complement to Google Scholar. Like Google Scholar, Internet Archive Scholar could provide high school and college students with some good resources to consult that they would not find through a Google or Bing search.
No comments:
Post a Comment