Why
does this surprise anyone? Russia is looking for access to any
infrastructure it can find and then it tests that security. I fear
the US is relying on ‘theoretical’ models.
https://news.softpedia.com/news/russian-linked-hacking-group-is-behind-jbs-cyberattack-533097.shtml
Russian-linked
Hacking Group is Behind JBS Cyberattack
According
to four people familiar with the attack, who were not allowed to
speak publicly about it, the cyberattack
against
JBS SA was carried out by a known Russian-linked hacking group, as
Bloomberg
notes.
The cyber gang is known as REvil or Sodinokibi.
What
is timely notice?
https://news.softpedia.com/news/accellion-s-failure-to-warn-rbnz-of-security-flaws-led-to-hack-533099.shtml
Accellion's
Failure to Warn RBNZ of Security Flaws Led to Hack
The
RBNZ Bank did not adhere to its own use standards and made the
situation regarding cyberattack worse
The
Reserve Bank of New Zealand was hacked
after
Accellion failed to post a warning about an actively exploited
vulnerability with available patches in its File Transfer Appliance
(FTA), according to Itnews.
While
Accellion had updates available for its FTA product in December 2020
and was alerted to the vulnerability by security vendor FireEye as
early as the 16th of the same month, the RBNZ was not notified of the
issue.
KPMG
found in a commissioned post-mortem that Accellion's email tool
failed to send notices and therefore, the bank was not notified until
January 6, 2021.
The
theft occurred on Christmas Day 2020, and the RBNZ made the data
breach public on January 11, stating that it involved commercial and
personally sensitive information.
Everything
is a ‘pandemic’ until the next buzzword. “Give us more money
and we’ll try to figure out what is happening.”
https://www.bespacific.com/we-are-on-the-cusp-of-a-global-pandemic-driven-by-greed/
We
are on the cusp of a global pandemic driven by greed, an avoidably
vulnerable digital ecosystem, and an ever-widening criminal
enterprise
Testimony
of Christopher C. Krebs [Director
of the Cybersecurity
and Infrastructure Security Agency]
Before the Committee on Homeland Security Subcommittee on
Cybersecurity, Infrastructure Protection, & Innovation U.S. House
of Representatives On Responding to Ransomware: Exploring Policy
Solutions to a Cybersecurity Crisis – May 5, 2021. Washington:
“…Simply
put, ransomware
is
a business, and business is good. The criminals do the crimes and
their victims pay the ransom.
Often it seems easier (and seemingly the right thing to do from a
fiduciary duty to shareholders perspective) to pay and get the
decryption key rather than rebuild the network. There are three
problems with this logic: (1) you are doing business with a criminal
and expecting them to live up to their side of the bargain. It is
not unusual for the decryption key to not work. (2) There is no
honor amongst thieves and no guarantee that the actor will not remain
embedded in the victim’s network for a return visit later, after
all the victim has already painted themselves an easy mark. (3) By
paying the ransom,
the
victim is validating the business model and essentially making a
capital contribution to the criminal, allowing them to hire more
developers, more customer service, and upgrade delivery
infrastructure. And, most worrisome, go on to the next victim. We
must address the ransomware
business
model head on and disrupt the ability of victims to pay ransom.
We
need to prioritize countering ransomware
as
a nation. That includes appropriately investing in our government
agencies and their ability to investigate, disrupt, and apprehend
criminals. We need to do more to understand the ransomware
economy
and the various players in the market. And at the points where
cryptocurrency intersects with the traditional economy, we need to
take action to provide more information, more transparency, and
comply with the laws that are already on the books. This includes
Kiosks, Over the Countertrading desks, and cryptocurrency. Lastly,
we don’t know enough about the ransomware
economy, as it operates in the shadows. We lack a clear
understanding of the scale of the problem, including the number of
victims of
ransomware –
the
denominator we are trying to improve against….
(Related)
https://threatpost.com/cyber-insurance-ransomware-payments/166580/
Cyber-Insurance
Fuels Ransomware Payment Surge
Ransomware
victims are increasingly falling back on their cyber-insurance
providers to pay the ransom when they’re hit with an extortion
cyberattack. But security researchers warn that this approach can
quickly become problematic.
In
the first half of 2020, ransomware attacks accounted for 41 percent
of the total number of filed cyber-insurance claims, according to a
Cyber Claims Insurance Report released last year by Coalition.
I
suspect that many organizations would not have the answers at their
fingertips. What does that say about IT management?
https://www.csoonline.com/article/3619877/17-cyber-insurance-application-questions-youll-need-to-answer.html#tk.rss_all
17
cyber insurance application questions you'll need to answer
Recent
high-profile security incidents have tightened requirements to
qualify for cyber insurance. These are the tougher questions
insurance carriers are now asking.
… For
many years. the insurance was easily available and review was
negligible. The Colonial
Pipeline ransomware attack and
other recent ransomware
incidents
have made insurance underwriters ask hard questions about the
security of our firms.
Following
are some of the questions you'll need to answer when applying for
cyber insurance. How would you answer them? Are you doing enough to
ensure that you are insurable?
Maybe,
just maybe.
https://www.pogowasright.org/colorado-lawmakers-advance-data-privacy-legislation/
Colorado
Lawmakers Advance Data Privacy Legislation
Saja
Hindi reports:
Social media ads sometimes seem to know a
little too much about you — where you shop, the products you buy or
what websites you’ve been frequenting.
Big tech companies store this information
about consumers, and it’s long been fueling a debate about how to
balance data privacy with letting businesses cater to their
customers.
Colorado lawmakers decided to tackle the
issue again this year with SB21-190, which unanimously passed the
Senate last week. If it makes it to Gov. Jared Polis, Colorado would
be the third state to pass a data privacy law, following California
and Virginia.
Read
more on GovernmentTechnology.
(Related)
Keeping up with South Africa.
https://www.databreaches.net/za-president-ramaphosa-signs-cyber-crimes-bill-into-law/
ZA:
President Ramaphosa signs Cyber Crimes Bill into law
Admire
Moyo reports:
The
Cyber Crimes Bill, which seeks to bring SA’s cyber security laws in
line with the rest of the world, has just been signed into law by
president Cyril Ramaphosa.
According
to law firm Werksmans Attorneys, this Bill, which is now an Act of
Parliament, creates offences for and criminalises, among others, the
disclosure of data messages which are harmful.
Read
more on ITWeb.
Would
this apply to everything you post on social media? Is Clearview
correct when it asserts that it can copy all your public pictures
for its facial recognition database?
https://www.pogowasright.org/you-have-no-reasonable-expectation-of-privacy-in-a-sent-text-message-court/
You
have no reasonable expectation of privacy in a sent text message —
Court
From
FourthAmendment.com, an excerpt from the opinion in Commonwealth
v. Delgado-Rivera,
2021 Mass. LEXIS 341 (June 1, 2021):
The record here, and the relinquishment
of control it represents, is important because “the
Fourth Amendment does not protect items that a defendant ‘knowingly
exposes to the public.’” Dunning, 312 F.3d at 531,
citing United States v. Miller, 425 U.S. 435, 442, 96 S. Ct. 1619, 48
L. Ed. 2d 71 (1976). The judge sought to distinguish between
communications that have been shared with a particular individual,
such as the intended recipient, and communications that are released
“more generally … [in a way] in which [they] can be discovered by
members of the public or police or anyone else.” This distinction
is not persuasive. “It is well settled that when an individual
reveals private information to another, [the individual] assumes the
risk that his [or her] confidant will reveal that information,”
frustrating the sender’s original expectation of privacy and, in
effect, making this once-private information subject to disclosure
without a violation of the sender’s constitutional rights. United
States v. Jacobsen, 466 U.S. 109, 117, 104 S. Ct. 1652, 80 L. Ed. 2D
85 (1984). In the circumstances here, Delgado-Rivera assumed the
risk that the communications he shared with Garcia-Castaneda might be
made accessible to others, including law enforcement, through
Garcia-Castaneda and his devices. See Alinovi v. Worcester Sch.
Comm., 777 F.2d 776, 784 (1st Cir. 1985), cert. denied, 479 U.S. 816,
107 S. Ct. 72, 93 L. Ed. 2d 29 (1986).
Read
more about the opinion and its rationale on FourthAmendment.com
[From
the article:
Delgado-Rivera
had no reasonable expectation of privacy under the Fourth Amendment
in the text messages at issue because, once they were delivered,
Garcia-Castaneda, as the recipient, gained “full control of whether
to share or disseminate the sender’s message.” Id. at 56. The
technology used by Delgado-Rivera to communicate with
Garcia-Castaneda effectively facilitated this transfer of control.
We
must have trust, trust me.
https://www.jdsupra.com/legalnews/nist-issues-draft-report-on-trust-and-4303122/
NIST
Issues Draft Report On Trust And Artificial Intelligence
The
National Institute of Standards and Technology (NIST) has issued a
draft report on Trust and Artificial Intelligence.
“If
the AI system has a high level of technical trustworthiness, and the
values of the trustworthiness characteristics are perceived to be
good enough for the context of use, and especially the risk inherent
in that context, then the likelihood of AI user trust increases.
Read
the full report.
Another
Trump enterprise failure.
https://www.cnbc.com/2021/06/02/trump-blog-page-shuts-down-for-good.html
Trump
blog page shuts down for good
(Related)
An Amazon failure?
https://www.wsj.com/articles/amazon-faced-75-000-arbitration-demands-now-it-says-fine-sue-us-11622547000?mod=djemalertNEWS
Amazon
Faced 75,000 Arbitration Demands. Now It Says: Fine, Sue Us
The
retail giant is no longer steering customers away from the court
system, as companies scramble to find ways to avoid lawyers who file
mass-arbitration claims
If
we were still facing months of Covid isolation this might work.
https://www.freetech4teachers.com/2021/06/read-and-transcribe-walt-whitmans.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)
Read
and Transcribe Walt Whitman's Notebooks and Diaries
A
few years ago the Library of Congress launched a crowd sourcing
project called Crowd.
The purpose of the project is to enlist the help of the public to
transcribe thousands of primary source documents that are housed by
and have been scanned by the Library of Congress. Over the years
there have been collections of documents from the American Civil War,
papers from the American Revolution, presidential papers, documents
about suffrage, and documents about the integration of Major League
Baseball. Currently, the LOC is seeking help transcribing a
collection of Walt
Whitman's notes and diaries.
Anyone
can participate in the LOC's Crowd project to transcribe documents in
the Walt Whitman collection of notes and diaries. To get started
simply go to the collection and choose a document. Your chosen
document will appear on the left side of the screen and a field for
writing your transcription appears on the right side of the screen.
After you have completed your transcription it is submitted for peer
review. A demonstration of the process is included in the
video