Saturday, July 24, 2021

Something very strange here.

https://www.cnn.com/2021/07/23/tech/kaseya-encryptor-ransomware-victims/

Software company's unveiling of decryption key comes too late for many victims of devastating ransomware attack

On Thursday, the software company Kaseya announced that it could help unlock any of its customers' systems that were still inaccessible following a devastating ransomware attack early this month that took down as many as 1,500 businesses worldwide. But for many victims it was too little, too late.

Kaseya had obtained a decryption key, the company said, that could release any file still locked down by malicious software produced by the criminal gang REvil, which is believed to operate from Eastern Europe or Russia.

For the organizations whose systems were still offline three weeks after the attack, the newfound availability of a decryptor tool offered a sign of hope, especially after REvil mysteriously disappeared from the internet and left many organizations unable to contact the group.

But for many others that have already recovered without Kaseya's help, either by paying off the ransomware gang weeks ago or by painstakingly restoring from backups, the announcement was no help -- and opens a new chapter of scrutiny for Kaseya as it declines to answer questions about how it obtained the key and whether it paid the $70 million ransom demand or another amount.

In order to access the tool, Kaseya is requiring that businesses sign a non-disclosure agreement, according to several cybersecurity experts working with affected companies. While such agreements are not unusual in the industry, they could make it more difficult to understand what happened in the incident's aftermath. Kaseya declined to comment on the non-disclosure agreements.





Still trying to identify that tipping point. (Not just sanctions, all out cyber war.)

https://www.cpomagazine.com/cyber-security/us-intelligence-allies-formally-accuse-chinese-state-backed-hackers-of-the-microsoft-exchange-cyber-attacks-but-stop-short-of-sanctions/

US & Intelligence Allies Formally Accuse Chinese State-Backed Hackers of the Microsoft Exchange Cyber Attacks, but Stop Short of Sanctions

The massive hack of the Microsoft Exchange email server software that took place early this year is estimated to have hit tens of thousands of victims, causing disproportionate chaos for smaller businesses. The Biden administration has formally declared that Chinese state-backed APT groups are to blame. While the attack was not considered a major national security threat (at least not on par with the SolarWinds breach), it was devastating to many American small businesses ill-equipped to respond to cyber attacks of this level of sophistication.





Establishing an absolute minimum. Stop there at your peril.

https://www.databreaches.net/connecticut-enacts-safe-harbor-from-punitive-damages-in-data-breach-cases/

Connecticut Enacts Safe Harbor From Punitive Damages In Data Breach Cases

Jason Gavejian and Joseph Lazzarotti of JacksonLewis write:

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119 ), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity program that meets certain requirements. Cyberattacks are on the rise – think Colonial Pipeline, Kaseya, JBS, and others – with ransomware attacks up 158 percent from 2019-2020 in North America.

Read more on JDSupra.





Should they all be discoverable?

https://www.databreaches.net/convenience-store-chain-cant-shield-investigative-report-on-data-breach-from-discovery-judge-rules/

Convenience Store Chain Can’t Shield Investigative Report on Data Breach From Discovery, Judge Rules

We often hear of firms having their counsel running incident response and contracting of forensics, etc., so that any reports would be protected by work product doctrine as well as attorney-client privilege. But if the attorney doesn’t word the contract carefully, any report may not be covered by the doctrine. We saw that in a Capital One case last year in the Eastern District of Virginia involving a 2019 breach, and now we’re seeing it again over another 2019 case, this time in the Middle District of Pennsylvania.

P.J. Annunzio reports:

A federal judge has ruled that because an investigative report commissioned by Pennsylvania-based convenience store chain Rutter’s in response to a data security breach was not prepared for litigation purposes, it is discoverable.
In a July 22 ruling granting the class action plaintiffs’ motion to compel the document, U.S. Magistrate Chief Judge Karoline Mehalchick of the Middle District of Pennsylvania held that the report done by consultant Kroll Cyber Security for Rutter’s was not covered by attorney-client and work product privilege.

Read more on Law.com.





Not-so-private mail.

https://www.makeuseof.com/what-is-email-tracking-pixel/

What Is An Email Tracking Pixel? How Do Companies Use Them to Access Your Private Data?

Companies have a way of tracking who is opening and reading their email content: the email tracking pixel. Although email tracking pixels fly under the radar for most people, many companies use them to gauge engagement with advertising and marketing campaigns.

So, how does an email tracking pixel work?





Once identified and discontinued as a bad idea, they brought it back. Should be interesting to see how mission creep impacts this system.

https://www.pogowasright.org/englands-nhs-data-sharing-to-third-parties-the-view-from-new-zealand/

England’s NHS data-sharing to third parties: the view from New Zealand

Ephraim Wilson of the NZ Privacy Commissioner’s Office writes:

In 2013, UK Prime Minister David Cameron tried to instigate the sharing of UK National Health Service (“NHS”) patient data to private organisations for a small fee. Despite plans to anonymise the data, the move was sufficiently controversial that the Government had to drop the plan – there were major concerns over transparency and privacy. Eight years later, a similar plan has emerged, this time during the pandemic response of Boris Johnson’s Government.
As part of its General Practitioner Data for Planning and Research Programme (“GPDPR”), the Government is planning to put the GP records of England’s 55 million enrolled patients into a single NHS database which will become available to third-party companies and researchers for a fee. It is an ‘opt-out’ programme, meaning that patients need to fill out a form to prevent their data from being included. Originally, GPDPR was supposed to come into action in July 2021 but has now been pushed back to September.
GPDPR will give private organisations access to the NHS Digital central database containing data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, and appointments, including information about physical, mental, and sexual health. The information will include data about patients’ gender, ethnicity, and sexual orientation.
Technically peoples’ data will be anonymised, but there are two qualifications. First, given how specific the data is, it will at least be possible to cross-reference with other databases to reidentify the data. Secondly, NHS Digital can unlock the codes to allow access in certain circumstances and where there is valid legal reason. No names and addresses will be available to researchers, but encoded postcodes will be included.
What about these third parties? According to NHS Digital, the data will only be used for health planning and research purposes by organisations that can show they have an appropriate legal basis and a legitimate need to use it. Any data sharing will be overseen by the British Medical Association (“BMA”), the Royal College of General Practitioners (“RCGP”), and the Independent Group Advising on the Release of Data (”IGARD”).
One issue is that neither the NHS, nor their chosen third parties, have had the best record when it comes to data sharing.

Read more on the New Zealand Privacy Commissioner’s Office Blog.





Two plus two does not always equal five.

https://www.databreaches.net/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority/

Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

Seen on Coveware:

If you had told us at the beginning of 2021 that then President elect Biden would be having a nose to nose face off with Putin over ransomware, we would have speculated that some serious escalation must have occurred. In reality, the lackadaisical indifference of one threat actor (DarkSide) set off a compounding series of events that have led us to where we are today. Given the volume of attacks that Ransomware-as-a-service (RaaS) groups conduct, and the de minimis diligence that these groups perform, we are quite certain that the DarkSide affiliate that attacked Colonial Pipeline, had no idea that a) Colonial controlled 45% of the gasoline supply on the US east coast, b) that shutting down that pipeline would cause a consumer run on gasoline, c) that NOTHING gets voters and their duly elected representatives out of their chairs like rising gasoline prices, and finally d) that if you mess with US gasoline prices, you are going to get the attention of the President. Other high profile attacks that would have otherwise garnered 12 hours of media attention were (FINALLY) codified proof that the US indeed has a major problem with ransomware.

But what does that have to do with ransomware payments declining, you ask? Read more on Coveware.





My AI says, “No that can never happen. Please stop asking.”

https://thenextweb.com/news/build-a-computer-with-free-will-syndication?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29

Can we build a computer with free will?

Do you have free will? Can you make your own decisions? Or are you more like an automaton, just moving as required by your constituent parts? Probably, like most people, you feel you have something called free will. Your decisions are not predetermined; you could do otherwise.

Yet scientists can tell you that you are made up of atoms and molecules and that they are governed by the laws of physics. Fundamentally, then – in terms of atoms and molecules – we can predict the future for any given starting point. This seems to leave no room for free will, alternative actions, or decisions.

Confused? You have every right to be. This has been one of the long outstanding unresolved problems in philosophy. There has been no convincing resolution, though speculation has included a key role for quantum theory, which describes the uncertainty of nature at the smallest scales. It is this that has fascinated me. My research interests include the foundations of quantum theory. So could free will be thought of as a macroscopic quantum phenomenon? I set out to explore the question.





Perspective. Well, maybe not everything...

https://www.zdnet.com/article/what-is-ai-heres-everything-you-need-to-know-about-artificial-intelligence/

What is AI? Here's everything you need to know about artificial intelligence

An executive guide to artificial intelligence, from machine learning and general AI to neural networks.

Back in the 1950s, the fathers of the field, Minsky and McCarthy, described artificial intelligence as any task performed by a machine that would have previously been considered to require human intelligence.

Francois Chollet, an AI researcher at Google and creator of the machine-learning software library Keras, has said intelligence is tied to a system's ability to adapt and improvise in a new environment, to generalise its knowledge and apply it to unfamiliar scenarios.

"Intelligence is the efficiency with which you acquire new skills at tasks you didn't previously prepare for," he said.





Perspective. Fully self-driving? The end of this year? Ford must think this is the future.

https://www.cnbc.com/2021/07/21/ford-and-argo-ai-to-launch-self-driving-cars-with-lyft-by-end-of-year.html

Ford and Argo AI to launch self-driving cars with Lyft by the end of the year

Ford will launch an autonomous vehicle fleet with Lyft and Argo AI by the end of the year, the companies announced Wednesday.

Self-driving rides with safety drivers will begin this year in Miami. The companies said they plan to expand to Austin, Texas, in 2022 and roll out about 1,000 self-driving cars in multiple markets within five years.

The partnership comes as ride-hailing companies Uber and Lyft ditch their own in-house systems and instead look to outside partners for self-driving technology. Lyft announced plans in April to sell its autonomous vehicle unit to a subsidiary of Toyota for $550 million. In December, Uber sold its self-driving unit to start-up Aurora — which is backed by Hyundai and Amazon — amid safety concerns and extreme costs.





Perspective. Your next programming language?

https://www.analyticsinsight.net/julia-is-causing-quite-a-stir-with-code-modernization-in-the-tech-industry/

JULIA IS CAUSING QUITE A STIR WITH CODE MODERNIZATION IN THE TECH INDUSTRY

The present tech industry is in dire need of a programming language that provides the best of C or C++ and the usability of Python. All of these capabilities are at the heart of what the open-source Julia language project set out to do over a decade ago. When Julia was conceived in 2009 at MIT, the goal was to solve a problem that still exists: the need to use two (or more) languages, one for high performance (C or C++) and another that made programming complex systems a more pleasant experience (the Python example). While using both could get the job done, there is inherent friction between those interfaces and processes. In addition to this basic mismatch, many of the codes in high-value science and engineering are the product of decades of building. They are inherently messy and rooted in codes that were state of the art in the 1980s, particularly in modeling and simulation.





Tools & Techniques.

https://www.makeuseof.com/use-microsoft-edge-solve-math-problems/

How to Use Microsoft Edge's to Solve Math Problems

Developed by Microsoft, Math Solver is a tool built into the Edge browser that recognizes mathematical problems from an image, and solves them for you.



Friday, July 23, 2021

What are your customers worth?

https://threatpost.com/kaseya-universal-decryptor-revil-ransomware/168070/

Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.

The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator (VSA) platform, affected Kaseya customers in 22 countries using the on-premises version of the platform – many of which are managed service providers (MSPs) who use VSA to manage the networks of other businesses. In addition to the 60 direct customers, around 1,500 downstream customers of those MSPs were also affected.

In the wake of the attacks, the REvil gang (aka Sodinokibi) demanded $70 million for a universal public decryption key that will remediate all impacted victims – a price that one researcher said was eventually lowered to $50 million.

Late on Thursday afternoon, the vendor announced via its rolling advisory on the incident that it had obtained the decryptor “through a third party.” It’s unclear if the ransom was indeed paid.





Are any ‘targets’ off limits?

https://www.bbc.com/news/technology-57922664

Pegasus spyware seller: Blame our customers, not us, for hacking

The maker of powerful spy software allegedly used to hack the phones of innocent people says blaming the company is like "criticising a car manufacturer when a drunk driver crashes".

NSO Group is facing international criticism, after reporters obtained a list of alleged potential targets for spyware, including activists, politicians and journalists.

The Israeli company says its software is intended for use against criminals and terrorists and made available to only military, law enforcement and intelligence agencies from countries with good human-rights records.

But a consortium of news organisations, led by French media outlet Forbidden Stories, has published dozens of stories based around the list, including allegations French President Emmanuel Macron's number was on it and may have been targeted.





Something seems a bit off here… Closed in 2017 and no one noticed?

https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn

A Defunct Video Hosting Site Is Flooding Normal Websites With Hardcore Porn

As pointed out by Twitter user @dox_gay, hardcore porn is now embedded on the pages of the Huffington Post, New York magazine, The Washington Post, and a host of other websites. This is because a porn site called 5 Star Porn HD bought the domain for Vidme, a brief YouTube competitor founded in 2014 and shuttered in 2017. Its Twitter account is still up, but the domain lapsed.





Anything with a value will be hacked/counterfeited. (Especially “proof” that you are healthy or law abiding.)

https://www.databreaches.net/german-pharmacies-stop-issuing-covid-vaccine-passes-after-security-breach/

German pharmacies stop issuing COVID vaccine passes after security breach

Madeline Chambers reports:

German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets, the industry association said on Thursday, the latest blow to the inoculation drive.
Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them.

Read more on Reuters.





Privacy history.

https://www.pogowasright.org/the-past-present-and-future-of-us-privacy-law/

The Past, Present and Future of US Privacy Law

From WilmerHale:

In this article published by the Seton Hall Law Review (Vol. 51: Iss. 5, Article 5), Kirk Nahra discusses the history of privacy law, the current privacy structure, and what to expect for the future.
Excerpt: Modern United States privacy law is roughly twenty years old. Even though still in its relative infancy, privacy law is now everywhere. As part of this evolution, the legal structure for protecting privacy in appropriate ways is one of the defining debates of our society today, with no signs of slowing down in the foreseeable future. As we look toward a potential national privacy law, what are the governing principles and key issues for this future law?
Read the full article.





This is true as long as you do not know what the data can tell you. Once you learn that, new data should be placed in a structure (organized) to make extracting that know information stream faster. But you need the unstructured to find even more new things. Looks like you need two sets of data!

https://venturebeat.com/2021/07/22/why-unstructured-data-is-the-future-of-data-management/

Why unstructured data is the future of data management

All the sessions from Transform 2021 are available on-demand now. Watch now.

Enterprises are increasingly relying on unstructured data for regulatory, analytic, and decision-making purposes. Unstructured data will power analytics, machine learning, and business intelligence.

According to the latest figures from research firm ITC, the volume of unstructured data is set to grow from 33 zettabytes in 2018 to 175 zettabytes, or 175 billion terabytes, by 2025. There has to be some kind of data management so organizations have the right kind of data available at the right time. Krishna Subramanian, president and COO of Komprise, a data management software provider, sat down with VentureBeat to discuss the business benefits and challenges associated with unstructured data.





Beware the tool user rather than the tool?

https://science.sciencemag.org/content/373/6552/284

Beware explanations from AI in health care

Artificial intelligence and machine learning (AI/ML) algorithms are increasingly developed in health care for diagnosis and treatment of a variety of medical conditions (1). However, despite the technical prowess of such systems, their adoption has been challenging, and whether and how much they will actually improve health care remains to be seen. A central reason for this is that the effectiveness of AI/ML-based medical devices depends largely on the behavioral characteristics of its users, who, for example, are often vulnerable to well-documented biases or algorithmic aversion (2). Many stakeholders increasingly identify the so-called black-box nature of predictive algorithms as the core source of users' skepticism, lack of trust, and slow uptake (3, 4). As a result, lawmakers have been moving in the direction of requiring the availability of explanations for black-box algorithmic decisions (5). Indeed, a near-consensus is emerging in favor of explainable AI/ML among academics, governments, and civil society groups. Many are drawn to this approach to harness the accuracy benefits of noninterpretable AI/ML such as deep learning or neural nets while also supporting transparency, trust, and adoption. We argue that this consensus, at least as applied to health care, both overstates the benefits and undercounts the drawbacks of requiring black-box algorithms to be explainable.





Because free is good?

https://www.makeuseof.com/want-windows-11-for-free-heres-what-you-need/

Want Windows 11 for Free? Here's What You Need



Thursday, July 22, 2021

There are pros and cons, depending on what information is released and how quickly.

https://www.cnbc.com/2021/07/21/new-bill-would-make-some-companies-report-cyber-attacks-to-government.html

New bill would make some companies report cyberattacks to the government

The bipartisan Cyber Incident Notification Act is a response to the recent attacks on SolarWinds, which impacted government agencies, and Colonial Pipeline, which disrupted access to fuel across a large region of the country. Since then, ransomware attacks — where hackers encrypt files until a victim pays a ransom — have proliferated.

The problem is, under federal law, companies don’t have to report these attacks. That means some attacks may occur without the government knowing, which can have serious implications if the government’s own systems are affected by the hack. [I can only read this as “the government does not know when it has been hacked.” Bob]





Yes, it may be evil, but it’s profitable evil.

https://www.nytimes.com/2021/07/21/technology/clearview-ai-valuation.html

Clearview AI raises $30 million from investors despite legal troubles.

Clearview AI is currently the target of multiple class-action lawsuits and a joint investigation by Britain and Australia. That hasn’t kept investors away.

The New York-based start-up, which scraped billions of photos from the public internet to build a facial-recognition tool used by law enforcement, closed a Series B round of $30 million this month.

The investors, though undeterred by the lawsuits, did not want to be identified.





Just a reminder: There are far more computers than humans – welcome to the minority.

https://www.bespacific.com/justice-by-algorithm-are-artificial-intelligence-risk-assessment-tools-biased-against-minorities/

Justice by Algorithm: Are Artificial Intelligence Risk Assessment Tools Biased Against Minorities?

Conklin, Michael and Wu, Jun, Justice by Algorithm: Are Artificial Intelligence Risk Assessment Tools Biased Against Minorities? (June 30, 2021). Available at SSRN: https://ssrn.com/abstract=3877686 or http://dx.doi.org/10.2139/ssrn.3877686

This is a review of Katherine B. Forrest’s new book When Machines Can Be Judge, Jury, and Executioner. The book does an excellent job discussing issues of fairness and racial disparities from the use of artificial intelligence risk assessment tools (hereinafter “AI”) for decisions such as pretrial release and likelihood of recidivism. This is a timely topic as the technology is currently a tipping point. While Europe has begun to implement protections for defendants regarding AI, the U.S. is increasing its reliance on AI without such safeguards. This review includes a discussion on the topics of how AI compares to human judge predictions and decisions, fairness and racial outcomes, how recidivism is frequently misunderstood and its relevance, how human decisions are inextricably intertwined with AI, and the proper understanding of an AI’s “error rate.”





Good question?

https://www.bespacific.com/what-is-legal-innovation/

What Is Legal Innovation?

Sandberg, Haim, What Is Legal Innovation? (March 17, 2021). 2021 University of Illinois Law Review online 63, Available at SSRN: https://ssrn.com/abstract=3806704

Technological progress, along with the economic success it brings innovators, has transformed technological innovation into an object of admiration. The law supports and regulates technological and creative innovation in other fields, but is law itself an arena of innovation – of legal innovation? Do the concepts, doctrines, theories and techniques produced by the law encompass innovation? If so, does legal innovation share similar characteristics with other kinds of innovation? Can we learn something about the nature of legal innovation from the general field of innovation research? The legal discipline is more preoccupied with identifying innovation in other areas than in analyzing the characteristics of its own innovations. In this Essay I argue that legal innovation has similar characteristics to innovation in other areas, although it is no less impressive and influential. The phenomenon of legal innovation can and should attract more scientific attention.”





Is this innovation?

https://www.reuters.com/legal/transactional/disco-shares-jump-ceo-says-software-is-coming-legal-sector-2021-07-21/

As DISCO shares jump, CEO says 'software is coming' to legal sector

E-discovery provider CS Disco Inc made its public debut on the New York Stock Exchange on Wednesday, with shares jumping more than 28% over their opening price to close at $41.

The Austin-based company, which provides artificial intelligence-powered software for e-discovery, legal document review and case management to corporate legal departments and law firms, listed under the trading symbol "LAW."

"We think that software is coming to the legal function, that software will help automate away a lot of the services that have historically been used by legal departments and law firms," DISCO founder and CEO Kiwi Camara said in an interview as shares began trading Wednesday.





Unfortunately, many IT departments were reluctant to save (or even generate) log data because it was “big data.”

https://www.infoq.com/news/2021/07/AI-IT-operations/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=news

Artificial Intelligence for IT Operations: an Overview

Artificial intelligence for IT operations (AIOps) combines sophisticated methods from deep learning, data streaming processing, and domain knowledge to analyse infrastructure data from internal and external sources to automate operations and detect anomalies (unusual system behavior) before they impact the quality of service. Odej Kao, professor at the University of Technology Berlin, gave a keynote presentation about artificial intelligence for IT operations at DevOpsCon Berlin 2021.

Log data is the most powerful source of information, widely available, and can be well-processed by AI-based prediction models, as Kao explained:





Looks like the market remains hot!

https://finance.yahoo.com/news/global-artificial-intelligence-market-expected-112200801.html

The Global Artificial Intelligence Market is expected to grow by $ 13.26 billion during 2021-2025, progressing at a CAGR of almost 47% during the forecast period

Reportlinker.com announces the release of the report "Global Artificial Intelligence Market in the Industrial Sector 2021-2025" - https://www.reportlinker.com/p04647367/?utm_source=GNW





Are all teachers of English doomed?

https://syncedreview.com/2021/07/21/deepmind-podracer-tpu-based-rl-frameworks-deliver-exceptional-performance-at-low-cost-66/

Google’s Wordcraft Text Editor Advances Human-AI Collaborative Story Writing

Neural language models are gaining popularity in real-life creative tasks such as text-adventure games, collaborative slogan writing, and even sports journalism, poetry and novel generation. Most such language models however provide limited interaction support for users, as control that goes beyond simple left-to-right text generation requires explicit training.

To address this limitation, a team from Google Research has proposed Wordcraft, a text editor with a built-in AI-powered creative writing assistant. Wordcraft leverages few-shot learning and the natural affordances of conversation to support a variety of user interactions; and can help with story planning, writing and editing.

The Wordcraft web interface comprises a traditional text editor augmented with a number of key commands for triggering requests to the AI assistant. The model is able to sketch a story outline, write the story and even perform editing and rewrites.





Tools & Techniques. (Not hacking tools!)

https://www.makeuseof.com/pdf-password-remover-tools/

6 PDF Password Remover Tools to Unlock PDF Files

Often PDF files, especially those downloaded from the internet, are protected by passwords. You're asked to enter the password each time you want to view the document. This is done to prevent the files from being opened, edited, and printed by unauthorized users.

However, it can be annoying for the rightful owner of the PDF to forget or lose the password. In such cases, you can use password remover tools to get access to your PDF documents.



Wednesday, July 21, 2021

If you didn’t know you were a victim, was someone lying to you?

https://www.cpomagazine.com/cyber-security/almost-all-organisations-suffered-at-least-one-data-breach-in-past-18-months-the-state-of-cloud-security-report-found/

Almost All Organisations Suffered At Least One Data Breach in Past 18 Months, The State of Cloud Security Report Found

Nearly 100% of organizations experienced a cloud data breach within the last 18 months, according to the cloud infrastructure security firm Ermetic.

The cloud data breach report also found that cloud security incidents increased by almost 20% within the past year.





Software for paranoids, which seems to be every country.

https://www.ft.com/content/24f22b28-56d1-4d66-8f76-c9020b1b5cb1

How Israel used NSO spyware as diplomatic calling card

NSO’s Pegasus software, which requires a government licence for export because it is considered a weapon, has in recent years become a crucial part of Israel’s diplomatic outreach — a role that has come into focus after this weekend’s revelation by a consortium of newspapers that it had been traced to the cell phones of 37 journalists, lawyers and political activists. The software surreptitiously turns phones into listening devices while unveiling their encrypted contents.

From the 1950s, Israel used its weapons sales for diplomatic gains, the only thing that changes is the names of the countries,” said Eitay Mack, an Israeli human rights lawyer who has tried for years to have NSO’s export licence cancelled. “The question is if there will be some change in the exports policy.”



(Related) You can’t be very important if no one is trying to spy on you. This might just be bragging for political advantage.

https://threatpost.com/french-launch-nso-probe-after-macron-believed-spyware-targe/167986/

French Launch NSO Probe After Macron Believed Spyware Target

French lawmakers have launched an investigation into Israeli offensive cybersecurity company NSO Group after they learned French President Emmanuel Macron topped a list of 14 heads of states potentially targeted by the company’s spyware.

Amnesty International said Tuesday the French leader was a potential spyware target, along with presidents Imran Khan of Pakistan, Cyril Ramaphosa of South Africa and Barham Salih of Iraq. Heads of state, including the prime ministers and the king of Morocco, Mohammed VI, were also high-profile potential targets of NSO’s software known as Pegasus.





One of its largest selling points was anonymity.

https://www.bbc.com/news/technology-57901113

EU plans to make Bitcoin transfers more traceable

Proposed changes to EU law would force companies that transfer Bitcoin or other crypto-assets to collect details on the recipient and sender.

The proposals would make crypto-assets more traceable, the EU Commission said, and would help stop money-laundering and the financing of terrorism.

The new rules would also prohibit providing anonymous crypto-asset wallets.





Faster development, larger liability?

https://www.consumerreports.org/car-safety/tesla-full-self-driving-beta-software-lacks-safeguards-a6698414036/

Tesla’s ‘Full Self-Driving’ Beta Software Used on Public Roads Lacks Safeguards

Consumer Reports' car safety experts worry that Tesla continues to use vehicle owners as beta testers for its new features, putting others on the road at risk

After Tesla released the latest prototype version of its driving assistance software last week, reports from owners have gained the attention of researchers and safety experts—both at CR and elsewhere—who have expressed concerns about the system’s performance and safety.

CR plans to independently test the software update, popularly known as FSD beta 9, as soon as our Model Y SUV receives the necessary software update from Tesla. So far, our experts have watched videos posted on social media of other drivers trying it out and are concerned with what they’re seeing—including vehicles missing turns, scraping against bushes, and heading toward parked cars. Even Tesla CEO Elon Musk urged that drivers use caution when using FSD beta 9, writing on Twitter that “there will be unknown issues, so please be paranoid.”





AI is like the mumbo-jumbo of the Shaman: of course I don’t understand, I have no magic!

https://www.statnews.com/2021/07/21/explainable-medical-ai-easier-said-than-done/

Explaining medical AI is easier said than done

The growing use of artificial intelligence in medicine is paralleled by growing concern among many policymakers, patients, and physicians about the use of black-box algorithms. In a nutshell, it’s this: We don’t know what these algorithms are doing or how they are doing it, and since we aren’t in a position to understand them, they can’t be trusted and shouldn’t be relied upon.

A new field of research, dubbed explainable artificial intelligence (XAI), aims to address these concerns. As we argue in Science magazine, together with our colleagues I. Glenn Cohen and Theodoros Evgeniou, this approach may not help and, in some instances, can hurt.





Resources.

https://www.makeuseof.com/websites-find-statistics/

7 Great Websites to Find Statistics