Wednesday, March 31, 2021

Sounds like a really nasty one. Which idiot listened to the lawyers?

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source — we’ll call him Adam — spoke on condition of anonymity for fear of retribution by Ubiquiti.

It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”

Ubiquiti has not responded to repeated requests for comment.

According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. Ubiquiti’s breach disclosure, he wrote, was “downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack.”





This must have come up during the acquisition of ABT? I wonder how their contract handles this?

https://www.databreaches.net/fl-school-officials-investigate-possible-breach-involving-firm-they-never-used/

FL: School officials investigate possible breach involving firm they never used

John Henderson reports:

Alachua County school officials are investigating whether students’ personal information was compromised after a data breach in a computer system connected to school meal programs.
The district notified families of school children Monday that a letter sent out recently by PCS Revenue Control Systems Inc. — a company that handles computer services for reduced lunch programs — is legitimate.

We’ve been seeing a number of these notifications, as reported elsewhere on this site. But in this case, school officials note that they never had a contract with PCS Revenue Control.

Although our district has not used PCS Revenue Control Systems, we did use a company called Advanced Business Technologies (ABT) that was later taken over by PCS,” the letter said. “Our contract with ABT to gather information for families applying for free or reduced-price meals ended in 2016.”

So it seems that PCS got the district’s data when it acquired ABT, even though there was never a direct contract with PCS.

School district officials report they are having trouble getting in touch with PCS.





Governments (and the military they fund) are always behind the curve.

https://www.c4isrnet.com/artificial-intelligence/2021/03/30/jaic-director-pentagons-biggest-competitive-threat-obsolescence/

JAIC director: Pentagon’s biggest competitive threat? Obsolescence

The Pentagon’s top artificial intelligence official warned Tuesday that the department’s biggest competitive threat is obsolescence.

The biggest competitive threat is our own obsolescence,” said Lt. Gen. Michael Groen, director of the Joint Artificial Intelligence Center. “I could walk out into the parking lot of the Pentagon, turn on my iPhone and join a data-driven, completely integrated environment. I can get whatever services I want. I can review, I can find, I can research. I can do it all at my fingertips. I can’t do any of that on a defense network.”

We can’t operate that way. We can’t win that way. We can’t be competitive in that way,” he said during the Potomac Officers Club AI Summit.





Some interesting questions!

https://www.nextgov.com/emerging-tech/2021/03/regulators-want-know-how-financial-institutions-use-ai-and-how-theyre-mitigating-risks/173016/

Regulators Want to Know How Financial Institutions Use AI and How They’re Mitigating Risks

The financial sector is using forms of AI—including machine learning and natural language processing—to automate rote tasks and spot trends humans might miss. But new technologies always carry inherent risks, and AI has those same issues, as well as a host of its own.

On Wednesday, the Board of Governors of the Federal Reserve System, the Bureau of Consumer Financial Protection, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Office of the Comptroller of the Currency will publish a request for information in the Federal Register seeking feedback on AI uses and risk management in the financial sector.





Every little bit helps.

https://www.cpomagazine.com/data-privacy/keeping-up-with-privacy-legislation-easier-said-than-done/

Keeping Up with Privacy Legislation: Easier Said than Done

The privacy landscape has shifted dramatically over the past 12 months. From new hurdles including international data transfers to more than 20 new laws for COVID-19 regulatory requirements and living adjustments, privacy practitioners have a range of unprecedented new challenges to address. Legislation was introduced in 2020 to address the collection and use of biometric or facial recognition data by commercial entities. The outbreak of COVID-19 also led to the creation of new laws for regulating the protection of employee privacy. While the CCPA is one of the most well-known, in 2020 other states have also adopted their own privacy laws and requirements for businesses to implement and maintain reasonable security measures.

The following highlights significant data privacy developments:



(Related)

https://www.pogowasright.org/colorado-introduces-a-comprehensive-consumer-privacy-bill/

Colorado Introduces a Comprehensive Consumer Privacy Bill

Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write:

Colorado recently become the latest state to consider a comprehensive consumer privacy law. On March 19, 2021, Colorado State Senators Rodriguez and Lundeen introduced SB 21-190, entitled “an Act Concerning additional protection of data relating to personal privacy”. Following California’s bold example of the California Consumer Privacy Act (“CCPA”) effective since January 2020, Virginia recently passed its own robust privacy law, the Consumer Data Protection Act (“CDPA”), and New York, as well as other states, like Florida, appear poised to follow suit. Furthermore, California is expanding protections provided by the CCPA, with the California Privacy Rights Act (CPRA) – approved by California voters under Proposition 24 in the November election.

Read more on Workplace Privacy, Data Management & Sec





And at appropriate (most suggestible) times, the device will whisper ads to our sleeping brains?

https://www.bespacific.com/in-bed-with-google-sleep-sensing-feature-prompts-privacy-worries/

In bed with Google: Sleep Sensing feature prompts privacy worries

CNET – The search giant already knows what you’re doing for much of your waking life.Google wants you to take its latest gadget with you into the bedroom. The marquee feature on the search giant’s new Nest Hub, a smart display released on Tuesday, is a tool called Sleep Sensing that tracks a person’s sleeping patterns by measuring motion and noise at their bedside. It can record when you fall asleep and wake up or how long it takes you to get to sleep. It knows if your slumber is interrupted during the night and how fast you’re breathing while asleep. It’s by no means the first sleep tracker to hit the market. But some privacy experts worry specifically about Google’s push into sleep data because of the company’s shaky track record when it comes to user privacy. The focus on sleep tracking underscores an uncomfortable reality about Google’s size and ubiquity. The tech giant already collects vast amounts of data about people in their waking lives: what they search for online, what videos they watch on YouTube and where they’ve traveled, from location data gathered through an Android phone or Google Maps. Now the company is zeroing in on the other half of people’s lives — what they’re doing when they’re not awake…”





A great idea few will ever use?

https://fortune.com/2021/03/30/humans-are-plagued-by-hidden-biases-a-i-can-help/

Humans are plagued by hidden biases. A.I. can help.

There are a lot of stories about A.I. systems picking up the human biases lurking in the data used to train them. But can A.I. also help humans uncover their own unconscious biases?

That’s what Apoorv Agarwal and Omar Haroun think. They are the co-founders of New York-based startup Text IQ. The company’s natural language processing software is primarily used by large businesses to keep track of personal identifying information in their datasets. It helps ensure companies don’t accidentally disclose this personal information in violation of legal requirements or compliance policies. Its software is also useful in cases when a company suffers a data breach and has to inform people whose personal identifying information may have been compromised.

But not too long ago, Agarwal and Haroun went through “unconscious bias training” of the kind that many company HR departments have instituted as part of their diversity and inclusion efforts. And the pair suddenly had a brainwave: they could turn Text IQ’s systems into a tool to help their customers with unconscious bias.





Think of this as a ‘feel good’ piece, written by the Terminator.

https://www.newyorker.com/culture/annals-of-inquiry/why-computers-wont-make-themselves-smarter

Why Computers Won’t Make Themselves Smarter

We fear and yearn for “the singularity.” But it will probably never come.





Perspective.

https://www.theverge.com/2021/3/30/22358005/volvo-aurora-autonomous-truck-partnership?scrolla=5eb6d68b7fedc32c19ef33b4

Volvo and Aurora team up on fully autonomous trucks for North America

Aurora has been testing its “Aurora Driver” hardware and software stack in its test fleet of minivans and Class 8 trucks in the Dallas-Fort Worth area since last year. Unlike its rivals, which are largely focused on robotaxi applications, the company has said that its first commercial service will be in trucking “where the market is largest today, the unit economics are best, and the level of service requirements is most accommodating.”





Tools.

https://www.theverge.com/2021/3/30/22358088/google-stack-ai-document-scanner-app-android-release-announce

Google’s Area 120 incubator releases a powerful AI document scanner for Android

Google’s Area 120, an internal incubator program for experimental projects, is releasing a new app today called Stack that borrows the technology underlying the search giant’s powerful DocAI enterprise tool for document analysis. The end result is a consumer document scanner app for Android that Google says vastly improves over your average mobile scanner by auto-categorizing documents into the titular stacks and enabling full text search through the contents of the documents and not just the title.

https://play.google.com/store/apps/details?id=com.area120.paperwork&hl=en_US&gl=US





Resources.

https://www.bespacific.com/guide-to-education-and-academic-resources-2021/

Guide to Education and Academic Resources 2021

Via LLRX Education and Academic Resources 2021 Marcus P. Zillmans guide comprises an extensive listing of resources and sites for students, researchers, teachers, infopros and parents, on multiple study areas. Sourced from academic, public, private, association and corporate sectors, the subject matters include: distance learning; MOOCs, lecture guides and study notes, study skill resources, online tutoring and homework help, free e-learning videos, scholarship resources and PhD, Dissertation, thesis, and academic writing resources.



No comments: