Friday, July 23, 2021

What are your customers worth?

https://threatpost.com/kaseya-universal-decryptor-revil-ransomware/168070/

Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.

The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator (VSA) platform, affected Kaseya customers in 22 countries using the on-premises version of the platform – many of which are managed service providers (MSPs) who use VSA to manage the networks of other businesses. In addition to the 60 direct customers, around 1,500 downstream customers of those MSPs were also affected.

In the wake of the attacks, the REvil gang (aka Sodinokibi) demanded $70 million for a universal public decryption key that will remediate all impacted victims – a price that one researcher said was eventually lowered to $50 million.

Late on Thursday afternoon, the vendor announced via its rolling advisory on the incident that it had obtained the decryptor “through a third party.” It’s unclear if the ransom was indeed paid.





Are any ‘targets’ off limits?

https://www.bbc.com/news/technology-57922664

Pegasus spyware seller: Blame our customers, not us, for hacking

The maker of powerful spy software allegedly used to hack the phones of innocent people says blaming the company is like "criticising a car manufacturer when a drunk driver crashes".

NSO Group is facing international criticism, after reporters obtained a list of alleged potential targets for spyware, including activists, politicians and journalists.

The Israeli company says its software is intended for use against criminals and terrorists and made available to only military, law enforcement and intelligence agencies from countries with good human-rights records.

But a consortium of news organisations, led by French media outlet Forbidden Stories, has published dozens of stories based around the list, including allegations French President Emmanuel Macron's number was on it and may have been targeted.





Something seems a bit off here… Closed in 2017 and no one noticed?

https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn

A Defunct Video Hosting Site Is Flooding Normal Websites With Hardcore Porn

As pointed out by Twitter user @dox_gay, hardcore porn is now embedded on the pages of the Huffington Post, New York magazine, The Washington Post, and a host of other websites. This is because a porn site called 5 Star Porn HD bought the domain for Vidme, a brief YouTube competitor founded in 2014 and shuttered in 2017. Its Twitter account is still up, but the domain lapsed.





Anything with a value will be hacked/counterfeited. (Especially “proof” that you are healthy or law abiding.)

https://www.databreaches.net/german-pharmacies-stop-issuing-covid-vaccine-passes-after-security-breach/

German pharmacies stop issuing COVID vaccine passes after security breach

Madeline Chambers reports:

German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets, the industry association said on Thursday, the latest blow to the inoculation drive.
Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them.

Read more on Reuters.





Privacy history.

https://www.pogowasright.org/the-past-present-and-future-of-us-privacy-law/

The Past, Present and Future of US Privacy Law

From WilmerHale:

In this article published by the Seton Hall Law Review (Vol. 51: Iss. 5, Article 5), Kirk Nahra discusses the history of privacy law, the current privacy structure, and what to expect for the future.
Excerpt: Modern United States privacy law is roughly twenty years old. Even though still in its relative infancy, privacy law is now everywhere. As part of this evolution, the legal structure for protecting privacy in appropriate ways is one of the defining debates of our society today, with no signs of slowing down in the foreseeable future. As we look toward a potential national privacy law, what are the governing principles and key issues for this future law?
Read the full article.





This is true as long as you do not know what the data can tell you. Once you learn that, new data should be placed in a structure (organized) to make extracting that know information stream faster. But you need the unstructured to find even more new things. Looks like you need two sets of data!

https://venturebeat.com/2021/07/22/why-unstructured-data-is-the-future-of-data-management/

Why unstructured data is the future of data management

All the sessions from Transform 2021 are available on-demand now. Watch now.

Enterprises are increasingly relying on unstructured data for regulatory, analytic, and decision-making purposes. Unstructured data will power analytics, machine learning, and business intelligence.

According to the latest figures from research firm ITC, the volume of unstructured data is set to grow from 33 zettabytes in 2018 to 175 zettabytes, or 175 billion terabytes, by 2025. There has to be some kind of data management so organizations have the right kind of data available at the right time. Krishna Subramanian, president and COO of Komprise, a data management software provider, sat down with VentureBeat to discuss the business benefits and challenges associated with unstructured data.





Beware the tool user rather than the tool?

https://science.sciencemag.org/content/373/6552/284

Beware explanations from AI in health care

Artificial intelligence and machine learning (AI/ML) algorithms are increasingly developed in health care for diagnosis and treatment of a variety of medical conditions (1). However, despite the technical prowess of such systems, their adoption has been challenging, and whether and how much they will actually improve health care remains to be seen. A central reason for this is that the effectiveness of AI/ML-based medical devices depends largely on the behavioral characteristics of its users, who, for example, are often vulnerable to well-documented biases or algorithmic aversion (2). Many stakeholders increasingly identify the so-called black-box nature of predictive algorithms as the core source of users' skepticism, lack of trust, and slow uptake (3, 4). As a result, lawmakers have been moving in the direction of requiring the availability of explanations for black-box algorithmic decisions (5). Indeed, a near-consensus is emerging in favor of explainable AI/ML among academics, governments, and civil society groups. Many are drawn to this approach to harness the accuracy benefits of noninterpretable AI/ML such as deep learning or neural nets while also supporting transparency, trust, and adoption. We argue that this consensus, at least as applied to health care, both overstates the benefits and undercounts the drawbacks of requiring black-box algorithms to be explainable.





Because free is good?

https://www.makeuseof.com/want-windows-11-for-free-heres-what-you-need/

Want Windows 11 for Free? Here's What You Need



No comments: