Wednesday, June 02, 2021

Why does this surprise anyone? Russia is looking for access to any infrastructure it can find and then it tests that security. I fear the US is relying on ‘theoretical’ models.

https://news.softpedia.com/news/russian-linked-hacking-group-is-behind-jbs-cyberattack-533097.shtml

Russian-linked Hacking Group is Behind JBS Cyberattack

According to four people familiar with the attack, who were not allowed to speak publicly about it, the cyberattack against JBS SA was carried out by a known Russian-linked hacking group, as Bloomberg notes. The cyber gang is known as REvil or Sodinokibi.





What is timely notice?

https://news.softpedia.com/news/accellion-s-failure-to-warn-rbnz-of-security-flaws-led-to-hack-533099.shtml

Accellion's Failure to Warn RBNZ of Security Flaws Led to Hack

The RBNZ Bank did not adhere to its own use standards and made the situation regarding cyberattack worse

The Reserve Bank of New Zealand was hacked after Accellion failed to post a warning about an actively exploited vulnerability with available patches in its File Transfer Appliance (FTA), according to Itnews.

While Accellion had updates available for its FTA product in December 2020 and was alerted to the vulnerability by security vendor FireEye as early as the 16th of the same month, the RBNZ was not notified of the issue.

KPMG found in a commissioned post-mortem that Accellion's email tool failed to send notices and therefore, the bank was not notified until January 6, 2021.

The theft occurred on Christmas Day 2020, and the RBNZ made the data breach public on January 11, stating that it involved commercial and personally sensitive information.





Everything is a ‘pandemic’ until the next buzzword. “Give us more money and we’ll try to figure out what is happening.”

https://www.bespacific.com/we-are-on-the-cusp-of-a-global-pandemic-driven-by-greed/

We are on the cusp of a global pandemic driven by greed, an avoidably vulnerable digital ecosystem, and an ever-widening criminal enterprise

Testimony of Christopher C. Krebs [Director of the Cybersecurity and Infrastructure Security Agency] Before the Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation U.S. House of Representatives On Responding to Ransomware: Exploring Policy Solutions to a Cybersecurity Crisis – May 5, 2021. Washington:

“…Simply put, ransomware is a business, and business is good. The criminals do the crimes and their victims pay the ransom. Often it seems easier (and seemingly the right thing to do from a fiduciary duty to shareholders perspective) to pay and get the decryption key rather than rebuild the network. There are three problems with this logic: (1) you are doing business with a criminal and expecting them to live up to their side of the bargain. It is not unusual for the decryption key to not work. (2) There is no honor amongst thieves and no guarantee that the actor will not remain embedded in the victim’s network for a return visit later, after all the victim has already painted themselves an easy mark. (3) By paying the ransom, the victim is validating the business model and essentially making a capital contribution to the criminal, allowing them to hire more developers, more customer service, and upgrade delivery infrastructure. And, most worrisome, go on to the next victim. We must address the ransomware business model head on and disrupt the ability of victims to pay ransom. We need to prioritize countering ransomware as a nation. That includes appropriately investing in our government agencies and their ability to investigate, disrupt, and apprehend criminals. We need to do more to understand the ransomware economy and the various players in the market. And at the points where cryptocurrency intersects with the traditional economy, we need to take action to provide more information, more transparency, and comply with the laws that are already on the books. This includes Kiosks, Over the Countertrading desks, and cryptocurrency. Lastly, we don’t know enough about the ransomware economy, as it operates in the shadows. We lack a clear understanding of the scale of the problem, including the number of victims of ransomware the denominator we are trying to improve against….



(Related)

https://threatpost.com/cyber-insurance-ransomware-payments/166580/

Cyber-Insurance Fuels Ransomware Payment Surge

Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic.

In the first half of 2020, ransomware attacks accounted for 41 percent of the total number of filed cyber-insurance claims, according to a Cyber Claims Insurance Report released last year by Coalition.





I suspect that many organizations would not have the answers at their fingertips. What does that say about IT management?

https://www.csoonline.com/article/3619877/17-cyber-insurance-application-questions-youll-need-to-answer.html#tk.rss_all

17 cyber insurance application questions you'll need to answer

Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking.

For many years. the insurance was easily available and review was negligible. The Colonial Pipeline ransomware attack and other recent ransomware incidents have made insurance underwriters ask hard questions about the security of our firms.

Following are some of the questions you'll need to answer when applying for cyber insurance. How would you answer them? Are you doing enough to ensure that you are insurable?





Maybe, just maybe.

https://www.pogowasright.org/colorado-lawmakers-advance-data-privacy-legislation/

Colorado Lawmakers Advance Data Privacy Legislation

Saja Hindi reports:

Social media ads sometimes seem to know a little too much about you — where you shop, the products you buy or what websites you’ve been frequenting.
Big tech companies store this information about consumers, and it’s long been fueling a debate about how to balance data privacy with letting businesses cater to their customers.
Colorado lawmakers decided to tackle the issue again this year with SB21-190, which unanimously passed the Senate last week. If it makes it to Gov. Jared Polis, Colorado would be the third state to pass a data privacy law, following California and Virginia.

Read more on GovernmentTechnology.



(Related) Keeping up with South Africa.

https://www.databreaches.net/za-president-ramaphosa-signs-cyber-crimes-bill-into-law/

ZA: President Ramaphosa signs Cyber Crimes Bill into law

Admire Moyo reports:

The Cyber Crimes Bill, which seeks to bring SA’s cyber security laws in line with the rest of the world, has just been signed into law by president Cyril Ramaphosa.
According to law firm Werksmans Attorneys, this Bill, which is now an Act of Parliament, creates offences for and criminalises, among others, the disclosure of data messages which are harmful.

Read more on ITWeb.





Would this apply to everything you post on social media? Is Clearview correct when it asserts that it can copy all your public pictures for its facial recognition database?

https://www.pogowasright.org/you-have-no-reasonable-expectation-of-privacy-in-a-sent-text-message-court/

You have no reasonable expectation of privacy in a sent text message — Court

From FourthAmendment.com, an excerpt from the opinion in Commonwealth v. Delgado-Rivera, 2021 Mass. LEXIS 341 (June 1, 2021):

The record here, and the relinquishment of control it represents, is important because “the Fourth Amendment does not protect items that a defendant ‘knowingly exposes to the public.’” Dunning, 312 F.3d at 531, citing United States v. Miller, 425 U.S. 435, 442, 96 S. Ct. 1619, 48 L. Ed. 2d 71 (1976). The judge sought to distinguish between communications that have been shared with a particular individual, such as the intended recipient, and communications that are released “more generally … [in a way] in which [they] can be discovered by members of the public or police or anyone else.” This distinction is not persuasive. “It is well settled that when an individual reveals private information to another, [the individual] assumes the risk that his [or her] confidant will reveal that information,” frustrating the sender’s original expectation of privacy and, in effect, making this once-private information subject to disclosure without a violation of the sender’s constitutional rights. United States v. Jacobsen, 466 U.S. 109, 117, 104 S. Ct. 1652, 80 L. Ed. 2D 85 (1984). In the circumstances here, Delgado-Rivera assumed the risk that the communications he shared with Garcia-Castaneda might be made accessible to others, including law enforcement, through Garcia-Castaneda and his devices. See Alinovi v. Worcester Sch. Comm., 777 F.2d 776, 784 (1st Cir. 1985), cert. denied, 479 U.S. 816, 107 S. Ct. 72, 93 L. Ed. 2d 29 (1986).

Read more about the opinion and its rationale on FourthAmendment.com

[From the article:

Delgado-Rivera had no reasonable expectation of privacy under the Fourth Amendment in the text messages at issue because, once they were delivered, Garcia-Castaneda, as the recipient, gained “full control of whether to share or disseminate the sender’s message.” Id. at 56. The technology used by Delgado-Rivera to communicate with Garcia-Castaneda effectively facilitated this transfer of control.





We must have trust, trust me.

https://www.jdsupra.com/legalnews/nist-issues-draft-report-on-trust-and-4303122/

NIST Issues Draft Report On Trust And Artificial Intelligence

The National Institute of Standards and Technology (NIST) has issued a draft report on Trust and Artificial Intelligence.

If the AI system has a high level of technical trustworthiness, and the values of the trustworthiness characteristics are perceived to be good enough for the context of use, and especially the risk inherent in that context, then the likelihood of AI user trust increases.

Read the full report.





Another Trump enterprise failure.

https://www.cnbc.com/2021/06/02/trump-blog-page-shuts-down-for-good.html

Trump blog page shuts down for good



(Related) An Amazon failure?

https://www.wsj.com/articles/amazon-faced-75-000-arbitration-demands-now-it-says-fine-sue-us-11622547000?mod=djemalertNEWS

Amazon Faced 75,000 Arbitration Demands. Now It Says: Fine, Sue Us

The retail giant is no longer steering customers away from the court system, as companies scramble to find ways to avoid lawyers who file mass-arbitration claims





If we were still facing months of Covid isolation this might work.

https://www.freetech4teachers.com/2021/06/read-and-transcribe-walt-whitmans.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

Read and Transcribe Walt Whitman's Notebooks and Diaries

A few years ago the Library of Congress launched a crowd sourcing project called Crowd. The purpose of the project is to enlist the help of the public to transcribe thousands of primary source documents that are housed by and have been scanned by the Library of Congress. Over the years there have been collections of documents from the American Civil War, papers from the American Revolution, presidential papers, documents about suffrage, and documents about the integration of Major League Baseball. Currently, the LOC is seeking help transcribing a collection of Walt Whitman's notes and diaries.

Anyone can participate in the LOC's Crowd project to transcribe documents in the Walt Whitman collection of notes and diaries. To get started simply go to the collection and choose a document. Your chosen document will appear on the left side of the screen and a field for writing your transcription appears on the right side of the screen. After you have completed your transcription it is submitted for peer review. A demonstration of the process is included in the video



No comments: