Tuesday, July 20, 2021

Reiterate until repetition becomes redundant.

https://www.cpomagazine.com/cyber-security/what-to-do-when-your-organization-become-the-victim-of-a-phishing-attack/

What To Do When Your Organization Become the Victim of a Phishing Attack

Detecting and preventing all the various types of threats known and unknown is nearly impossible. What needs to happen when a company, device or person is victimized? Here are steps that can help mitigate the damage.



(Related)

https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.

In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar, chief technology officer at Emsisoft. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”





Perhaps there are a few ‘innocent’ people left in the world.

https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance

Huge data leak shatters the lie that the innocent need not fear surveillance

Billions of people are inseparable from their phones. Their devices are within reach – and earshot – for almost every daily experience, from the most mundane to the most intimate.

Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.

Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.

NSO rejects this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”.

Yet in the coming days the Guardian will be revealing the identities of many innocent people who have been identified as candidates for possible surveillance by NSO clients in a massive leak of data.

Without forensics on their devices, we cannot know whether governments successfully targeted these people. But the presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals and opponents.



(Related)

https://techcrunch.com/2021/07/19/toolkit-nso-pegasus-iphone-android/

This tool tells you if NSO’s Pegasus spyware targeted your phone

The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.





At least, a way to start a privacy conversation.

https://www.pcmag.com/picks/essential-apps-for-protecting-your-privacy-online

11 Essential Apps for Protecting Your Privacy Online





A privacy tool!

https://www.theverge.com/2021/7/20/22576352/duckduckgo-email-protection-privacy-trackers-apple-alternative?scrolla=5eb6d68b7fedc32c19ef33b4

DuckDuckGo launches new Email Protection service to remove trackers

The company’s new Email Protection feature gives users a free “@duck.com” email address, which will forward emails to your regular inbox after analyzing their contents for trackers and stripping any away. DuckDuckGo is also extending this feature with unique, disposable forwarding addresses, which can be generated easily in DuckDuckGo’s mobile browser or through desktop browser extensions.

The personal DuckDuckGo email is meant to be given out to friends and contacts you know, while the disposable addresses are better served when signing up for free trials, newsletters, or anywhere you suspect might sell your email address. If the email address is compromised, you can easily deactivate it.





Anything worth stealing?

https://www.pogowasright.org/50-state-survey-of-health-care-information-privacy-laws/

50-State Survey of Health Care Information Privacy Laws

Seyfarth Shaw LLP has made a resource freely available:

Seyfarth is pleased to provide you with our 50-State Survey of Health Care Information Privacy Laws.
The world continues to struggle with the impacts of the COVID-19 pandemic, and pressures mount on health care organizations to properly share personal health information. While resources abound on how federal rules such as HIPAA may apply to sharing personal health information, there appear few such resources on how state privacy laws apply. Meanwhile, the challenge to maintain compliance, avoid data breaches, and make decisions on what (or should) be shared with others remains ever-present and more acute than ever. For that purpose, we have created this resource to better assist you and your business identify and mitigate potential issue areas. Download a copy of the Survey here.





The argument continues. Will we wind up with a new definition of “public?”

https://www.pogowasright.org/clearviews-face-surveillance-still-has-no-first-amendment-defense/

Clearview’s Face Surveillance Still Has No First Amendment Defense

A commentary by Adam Schwartz on EFF last week begins:

Clearview AI extracts faceprints from billions of people, without their consent, and uses these faceprints to help police identify suspects. This does grave harm to privacy, free speech, information security, and racial justice. It also violates the Illinois Biometric Information Privacy Act (BIPA ), which prohibits a company from collecting a person’s biometric information without first obtaining their opt-in consent.
Clearview now faces many BIPA lawsuits. One was brought by the ACLU and ACLU of Illinois in state court. Many others were filed against the company in federal courts across the country, and then consolidated into one federal courtroom in Chicago. In both Illinois and federal court, Clearview argues that the First Amendment bars these BIPA claims.

Read more on EFF.





Alternative AI?

https://theconversation.com/artificial-intelligence-governments-see-huge-business-potential-but-ignore-the-downsides-164645

Artificial intelligence: governments see huge business potential, but ignore the downsides

Many governments are increasingly approaching artificial intelligence with an almost religious zeal. By 2018 at least 22 countries around the world, and also the EU, had launched grand national strategies for making AI part of their business development, while many more had announced ethical frameworks for how it should be allowed to develop. The EU documents more than 290 AI policy initiatives in individual EU member states between 2016 and 2020.

The latest is Ireland, which has just announced its national AI strategy, “AI – Here for Good. It aims to become “an international leader in using AI to benefit our economy and society, through a people-centred, ethical approach to its development, adoption and use”.



(Related)

https://www.bespacific.com/artificial-intelligence-an-accountability-framework-for-federal-agencies-and-other-entities/

Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities

Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities GAO-21-519SP Published: Jun 30, 2021. As a nation, we have yet to grasp the full benefits or unwanted effects of artificial intelligence. AI is widely used, but how do we know it’s working appropriately? This report identifies key accountability practices—centered around the principles of governance, data, performance, and monitoring—to help federal agencies and others use AI responsibly. For example, the governance principle calls for users to set clear goals and engage with diverse stakeholders. To develop these practices, we held a forum on AI oversight with experts from government, industry, and nonprofits. We also interviewed federal inspector general officials and AI experts.”





Worth grabbing some bits and pieces.

https://blogs.microsoft.com/ai-for-business/hax-toolkit/

New toolkit aims to help teams create responsible human-AI experiences

Microsoft has released the Human-AI eXperience (HAX) Toolkit, a set of practical tools to help teams strategically create and responsibly implement best practices when creating artificial intelligence technologies that interact with people.

The toolkit comes as AI-infused products and services, such as virtual assistants, route planners, autocomplete, recommendations and reminders, are becoming increasingly popular and useful for many people. But these applications have the potential to do things that aren’t helpful, like misunderstand a voice command or misinterpret an image. In some cases, AI systems can demonstrate disruptive behaviors or even cause harm.

Such negative outcomes are one reason AI developers have pushed for responsible AI guidance. Supporting responsible practices has traditionally focused on improving algorithms and models, but there is a critical need to also make responsible AI resources accessible to the practitioners who design the applications people use. The HAX Toolkit provides practical tools that translate human-AI interaction knowledge into actionable guidance.





Tools & Techniques.

https://www.makeuseof.com/free-teleprompter-apps-read-scripts-shooting-videos-hosting-webinars/

5 Free Teleprompter Apps to Read Scripts While Shooting Videos or Hosting Webinars



No comments: