For
better phishing you need better bait.
https://www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer-in-password-theft-account-takeovers/?&web_view=true
This
worm phishing campaign is a game-changer in password theft, account
takeovers
… "The
phishing emails were being sent as replies to genuine emails,"
the researcher explained. "Emails exchanged between our people
and our suppliers, our customers, and even internally between
colleagues."
This
is how it worked: once one email account was compromised, the
credentials for the account were sent to a remote bot. The bot would
then sign into the account and analyze emails sent within the past
several days.
"For
each unique email chain it found, it replied to the most recent email
with a link to a phishing page to capture credentials," Hays
said. "The wording was generic enough to fit almost any
scenario and the link to a 'document' didn't feel out of place."
All
waiting for a command to go active?
https://www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/?&web_view=true
These
hackers have spent months hiding out in company networks undetected
A
cyber-espionage campaign is using new malware to infiltrate targets
around the world including organisations in media, finance,
construction and engineering.
Detailed
by cybersecurity
company Symantec,
the attacks against organisations in the US, Japan, Taiwan and China
are being conduced with the aim of stealing information and have been
linked to an espionage group known as Palmerworm – aka BlackTech –
which has a history of campaigns going back to 2013.
A
(very) little more detail.
https://krebsonsecurity.com/2020/09/whos-behind-mondays-14-state-911-outage/
Who’s
Behind Monday’s 14-State 911 Outage?
Emergency
911 systems were down for more than an hour on Monday in towns and
cities across 14 U.S. states. The outages led many news outlets to
speculate the problem was related to Microsoft‘s Azure web services
platform, which also was struggling with a widespread outage at the
time. However, multiple sources tell KrebsOnSecurity the 911 issues
stemmed from some kind of technical snafu involving Intrado and
Lumen, two companies that together handle 911 calls for a broad swath
of the United States.
On
the afternoon of Monday, Sept. 28, several states including Arizona,
California, Colorado,
Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North
Carolina, North Dakota, Ohio, Pennsylvania and Washington reported
911 outages in various cities and localities.
For
your consideration (and planning?)
https://www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes/?&web_view=true
Microsoft:
Some ransomware attacks take less than 45 minutes
… While
Microsoft unceremoniously retired the old SIR reports back in 2018,
the OS maker appears to have realized its mistake, and has brought it
back today, rebranded as the new Microsoft
Digital Defense Report.
(Related)
More on ransomware.
https://www.schneier.com/blog/archives/2020/09/negotiating-with-ransomware-gangs.html
Negotiating
with Ransomware Gangs
Really
interesting conversation
with
someone who negotiates with ransomware gangs:
Probably
impossible to control…
https://www.insideprivacy.com/data-privacy/edpb-publishes-draft-guidelines-on-the-targeting-of-social-media-users/
EDPB
Publishes Draft Guidelines on the Targeting of Social Media Users
On
7 September 2020, the European Data Protection Board (“EDPB”)
adopted draft guidelines
on
the targeting of social media users (the “Guidelines”).
The
Guidelines aim to clarify the roles and responsibilities of social
media providers and “targeters”
with regard to the processing of personal data for the purposes of
targeting social media users.
Targeting
services allow natural or legal persons (i.e.,
targeters)
to communicate specific messages to the users of social media in
order to advance commercial, political or other interests. The
Guidelines state that the mechanisms social media providers can use
to target users, as well as the underlying processing activities, may
pose significant risks to users, including loss of control over their
personal data, discrimination and exclusion as a result of targeting
on the basis of special categories of personal data, and manipulation
through misinformation. The Guidelines also raise specific concerns
in relation to children.
On
the slippery slope? “We what everything and we’ll keep it
forever.”
https://www.bespacific.com/collection-and-use-of-biometrics-by-u-s-citizenship-and-immigration-services/
Collection
and Use of Biometrics by U.S. Citizenship and Immigration Services
EFF
–
“On
September 11, 2020, the Department of Homeland Security (DHS)
announced
its
intention to significantly expand both the number of people required
to submit biometrics during routine immigration applications and the
types of biometrics that individuals must surrender. This new rule
will apply to immigrants and U.S. citizens alike, and to people of
all ages, including, for the first time, children under the age of
14. It would nearly double the number of people from whom DHS would
collect biometrics each year, to more than six million. The
biometrics DHS plans to collect include palm prints, voice prints,
iris scans, facial imaging, and even DNA—which are far more
invasive than DHS’s current biometric collection of fingerprints,
photographs, and signatures. (For an incisive summary of the
proposed changes, click here.)…”
(Related)
Privacy
of biometric data in DHS hands in doubt, inspector general says
Dean
DeChiaro reports:
An
inspector general’s report is casting doubt on the Department of
Homeland Security’s ability to protect its massive repository of
personal data from hackers amid a push by the Trump administration to
vastly expand its collection of biometrics through the use of facial
recognition and other tools.
The
report, released by the DHS inspector general’s office on Sept. 23,
found that U.S. Customs and Border Protection failed to protect a
collection of 184,000 facial images of cross-border travelers prior
to a massive data breach last year. At least 19 of the images, which
were collected through a pilot program at the Anzalduas Port of Entry
in Texas, were later posted on the dark web.
Read
more on Roll
Call.
Perhaps
a guide for future laws?
https://www.cpomagazine.com/data-protection/early-results-indicate-half-of-ccpa-data-subject-requests-are-made-to-stop-sale-of-personal-information/
Early
Results Indicate Half of CCPA Data Subject Requests Are Made to Stop
Sale of Personal Information
The
California Consumer Privacy Act (CCPA) went active at the start of
2020, and data from the first half of its first year indicates that
state residents are primarily using it to opt out of the sale of
personal information. Nearly 50% of data subject requests are made
for that purpose, compared to 31% for data deletion and 21% for
access to collected personal information.
Conducted
by privacy management firm DataGrail, the Mid-Year
CCPA Trends Report 2020 is
meant to provide insights to organizations on patterns of data
subject requests (DSRs) that they can expect under the new law.
An
interesting podcast.
https://www.technologyreview.com/2020/09/29/1008933/how-ai-will-revolutionize-manufacturing/
How
AI will revolutionize manufacturing
Ask
Stefan Jockusch what a factory might look like in 10 or 20 years, and
the answer might leave you at a crossroads between fascination and
bewilderment. Jockusch is vice president for strategy at Siemens
Digital Industries Software, which develops applications that
simulate the conception, design, and manufacture of products like
cell phones or smart watches. His vision of a smart factory is abuzz
with “independent, moving” robots. But they don’t stop at
making one or three or five things. No—this factory is
“self-organizing.”
Free
is good. (Also free webinars)
https://www.geospatialworld.net/news/2020-prepare-ai-conference-now-free-for-all/
2020
Prepare.ai Conference now free for all
3rd-Annual
St. Louis-based AI & Tech Conference featuring nationally-known
thought-leaders across multiple disciplines will now be free and open
to all.
[Register
here: https://prepare.ai/
It can’t hurt and may attract students who learn
best this way.
https://www.govtech.com/civic/Comic-Book-Bridges-Gap-Around-Education-in-AI-Ethics.html
Comic Book
Bridges Gap Around Education in AI, Ethics
The Data,
Responsibly project, based out of New York University, has taken its
research on responsible data management and expanded it to improve
messaging around what it means to collect and use data ethically.
You
can find this AI comic and future comics here.
For my researchers.
https://www.freetech4teachers.com/2020/09/internet-archive-scholar-academic.html
Internet
Archive Scholar - An Academic Version of the Internet Archive
The
Internet Archive warehouses
all kinds of fantastic materials (and some not-so-fantastic) that can
be useful to teachers and students. The trouble with it is the
organization is a little clunky for research purposes. Even if you
limit the scope of your search to webpages and text you can still
spend a lot of time weeding out material that isn't academic in
nature. That could be changing now that Internet
Archive Scholar is
on the horizon.
Internet
Archive Scholar is
a new project from the Internet Archive. It is focused
on providing access to academic articles and journals from the 18th
Century through today.
Internet Archive Scholar is very new. It's so new that it's labeled
as being "in alpha" and when you visit it there is a
message warning you that there may be several bugs and that it has
not been "officially announced." None-the-less, I gave it
a try and made a video about it. Here's
my video overview of Internet Archive Scholar.
As
I mentioned in the video above, Internet Archive Scholar has the
potential to be a good alternative and or complement to Google
Scholar. Like Google Scholar, Internet Archive Scholar could provide
high school and college students with some good resources to consult
that they would not find through a Google or Bing search.