Wednesday, May 26, 2021

Still looking for a copy of that tutorial.

https://www.databreaches.net/nigerian-cybercriminal-gang-targets-texas-unemployment-system/

Nigerian Cybercriminal Gang Targets Texas Unemployment System

Brian New reports:

A Nigerian cybercriminal gang is targeting the Texas unemployment system, according to evidence shared with the CBS 11 I-Team.
A 13-page step-by-step tutorial on how to commit unemployment identity fraud through the Texas Workforce Commission website was discovered in an online closed group chat between members of the cybercriminal organization known as Scattered Canary.

Read more on CBSDFW.





The three pillars of standing?

https://www.databreaches.net/one-employees-accidental-email-leads-to-a-significant-data-breach-ruling-in-federal-appeals-court/

One Employee’s Accidental Email Leads To A Significant Data Breach Ruling in Federal Appeals Court

Jeffrey Csercsevits of Fisher Phillips writes:

A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no indication of misuse or external disclosure. In McMorris v. Carlos Lopez & Associates, LLC, the 2nd Circuit Court of Appeals (hearing cases from New York, Connecticut, and Vermont) determined that the particular plaintiffs at issue did not have standing and that their mere fear of identity theft was insufficient for them to sustain a claim for relief. Importantly, however, the court set forth a three-part framework for how standing could be established in a similar situation.

Read more on JDSupra.





Guidelines for my Computer Security students.

https://www.csoonline.com/article/3619610/best-practices-for-conducting-ethical-and-effective-phishing-tests.html#tk.rss_all

5 best practices for conducting ethical and effective phishing tests

Phishing simulations—or phishing tests—have become a popular feature of cybersecurity training programs in organizations of all sizes. One can see the appeal: phishing tests allow security staff to craft and send emails to employees en masse that are designed to appear as authentic and enticing as the genuine malicious phishing emails that bombard businesses on a regular basis. These typically include lures such as missed delivery notices, invoice payment requests, and celebrity gossip.





An intro for my Computer Security students.

https://www.makeuseof.com/bec-scams/

What Is the Business Email Compromise (BEC) Scam?





Ah man, just when I was learning to spell GDPR…

https://www.politico.eu/article/eu-privacy-laws-chief-architect-calls-for-its-overhaul/

EU privacy law’s chief architect calls for its overhaul

Former EU justice chief Viviane Reding has called for Europe’s data protection rulebook to be revised just three years after it came into force.

The intervention by the Luxembourgish politician, who spearheaded the European Commission’s proposal of the General Data Protection Regulation in 2012, comes as the flagship law celebrates its third anniversary.

Reding, now an opposition MP in the Grand Duchy, told POLITICO that though the GDPR has succeeded in becoming a global privacy standard copied by the likes of Brazil and India, its enforcement was uneven.

… The center-right politician suggested that reform to centralize enforcement of the GDPR could help rein in powerful tech companies.

At present, a patchwork of national and regional regulators are tasked with enforcing the code. But that arrangement is further complicated by the "one-stop-shop," a rule that obliges the regulator where a company is legally established to be the one in charge, leaving Luxembourg and Ireland's data protection authorities responsible for almost all Silicon Valley giants.



(Related) Some new ideas?

https://fpf.org/blog/privacy-trends-four-state-bills-to-watch-that-diverge-from-california-and-washington-models/

PRIVACY TRENDS: FOUR STATE BILLS TO WATCH THAT DIVERGE FROM CALIFORNIA AND WASHINGTON MODELS





India seems to have a very flexible idea of privacy.

https://www.cnbc.com/2021/05/26/whatsapp-reportedly-sues-india-govt-says-new-media-rules-end-privacy.html

WhatsApp reportedly sues Indian government, says new media rules mean an end to privacy

WhatsApp has filed a legal complaint in Delhi against the Indian government seeking to block regulations coming into force on Wednesday that experts say would compel the California-based Facebook unit to break privacy protections, sources said.

The lawsuit, described to Reuters by people familiar with it, asks the Delhi High Court to declare that one of the new rules is a violation of privacy rights in India’s constitution since it requires social media companies to identify the “first originator of information” when authorities demand it.

While the law requires WhatsApp to unmask only people credibly accused of wrongdoing, the company says it cannot do that alone in practice. Because messages are end-to-end encrypted, to comply with the law WhatsApp says it would have break encryption for receivers, as well as “originators,” of messages.





Phrenology as a tuning fork?

https://www.fastcompany.com/90640109/ai-is-being-used-to-profile-people-from-their-head-vibrations

AI is being used to profile people from their head vibrations

Digital video surveillance systems can’t just identify who someone is. They can also work out how someone is feeling and what kind of personality they have. They can even tell how they might behave in the future. And the key to unlocking this information about a person is the movement of their head.

That is the claim made by the company behind the VibraImage artificial intelligence (AI) system. (The term “AI” is used here in a broad sense to refer to digital systems that use algorithms and tools such as automated biometrics and computer vision). You may never have heard of it, but digital tools based on VibraImage are being used across a broad range of applications in Russia, China, Japan and South Korea.

But as I show in my recent research, published in Science, Technology and Society, there is very little reliable, empirical evidence that VibraImage and systems like it are actually effective at what they claim to do.



No comments: