Beware of users bringing their
own devices.
https://www.makeuseof.com/anyone-can-be-windows-admin-razer/
Anyone
Can Be a Windows Admin by Plugging In a Razer Mouse or Keyboard
… When
you plug your Razer mice or keyboard into the system, Windows will
automatically fetch and install the Razer Synapse software. It's a
cloud-based device configuration tool that lets users customize RGB
lighting, keyboard hotkeys, and Alexa profiles.
Windows
will then execute the RazerInstaller.exe file to install Synapse.
However, as with other system-level tasks, this will also be called
with admin privileges. So it doesn't matter which user has plugged
the component; the installer will run as admin.
Having
security procedures is not enough, you need to ensure they are
followed!
https://www.databreaches.net/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/
Fired
NY credit union employee nukes 21GB of data in revenge
Sergiu
Gatlan reports:
Juliana
Barile, the former employee of a New York credit union, pleaded
guilty to accessing the financial institution’s computer systems
without authorization and destroying over 21 gigabytes of data in
revenge after being fired.
“In
an act of revenge for being terminated, Barile surreptitiously
accessed the computer system of her former employer, a New York
Credit Union, and deleted mortgage loan applications and other
sensitive information maintained on its file server,” Acting U.S.
Attorney Jacquelyn M. Kasulis said.
Read
more on BleepingComputer.
[From
the article:
Even though a credit union employee asked the
bank's information technology support firm to disable Barile's remote
access credentials, that access was not removed. Two days later, on
May 21, Barile logged on for roughly 40 minutes.
The defendant deleted over 20,000 files and around
3,500 directories during that time, totaling roughly 21.3 gigabytes
of data stored on the bank's share drive.
This
seems rather quick to me. Something here I’m not seeing?
https://www.databreaches.net/wawa-paying-9-million-in-cash-gift-cards-in-data-breach-settlement-nov-deadline-to-file-claim/
Wawa
paying $9-million in cash, gift cards in data breach settlement; Nov.
deadline to file claim
WPVI
reports an update to the 2019 WaWa breach covered
on this site in
a number of posts:
Wawa
is paying out up to $9-million in cash and gift cards related to a
data
breach that exposed customers’ credit and debit card numbers and
names.
The breach happened between March 4, 2019
and December 12, 2019.
If you can show proof that the breach
cost you money, you can be reimbursed up to $500.
“The
Settlement Class consists of all customers who reside in the United
States and who used a credit or debit card at a Wawa convenience
store or fuel pump at any time during the Period of the Security
Incident,” the
Wawa Consumer Data Security
Read
more on WPVI.
Another
brick in the privacy wall?
https://www.pogowasright.org/illinois-protecting-household-privacy-act-was-signed-into-law-now-what/
Illinois’
Protecting Household Privacy Act Was Signed Into Law. Now What?
Odia
Kagan of Fox Rothschild writes:
On August 27, 2021, Illinois Governor JB
Pritzker signed the Protecting Household Privacy Act into law. It
goes into effect Jan. 1, 2022.
House Bill 2553 prohibits Illinois law
enforcement agencies from obtaining household electronic data or
direct the acquisition of household electronic data from a private
third party.
This includes any information or input
provided by a person to any device primarily intended for use within
a household that is capable of facilitating any electronic
communication, excluding personal computing devices (like a personal
computer, cell phone, smartphone, or tablet) and digital gateway
devices (like a modem, router, wireless access point, or cable
set-top box serviced by a cable provider.
Read
more on Privacy
Compliance & Data Security.
Ya
gotta ‘splain it gooder!
https://www.pogowasright.org/whatsapp-fined-266-million-over-data-transparency-breaches/
WhatsApp
Fined $266 Million Over Data Transparency Breaches
Stephanie
Bodoni and Katharine Gemmell of Bloomberg report:
Facebook Inc.’s WhatsApp was ordered to
pay a 225 million-euro ($266 million) penalty for
failing to be transparent about how it handled personal
information, its first fine under beefed-up European Union data
protection law.
The Irish Data Protection Commission —
Silicon Valley’s main privacy watchdog in Europe — said it found
violations in the way WhatsApp explained how it processed users’
and non-users’ data, as well as how data was shared between
WhatsApp and other Facebook companies.
Read
more on Bloomberg.
Long
but worth reading…
https://www.pogowasright.org/ftc-bans-spyfone-and-ceo-from-surveillance-business-and-orders-company-to-delete-all-secretly-stolen-data/
FTC
Bans SpyFone and CEO from Surveillance Business and Orders Company to
Delete All Secretly Stolen Data
Today,
the Federal Trade Commission banned SpyFone and its CEO Scott
Zuckerman from the surveillance business over allegations that the
stalkerware app company secretly harvested and shared data on
people’s physical movements, phone use, and online activities
through a hidden device hack. The company’s apps sold real-time
access to their secret surveillance, allowing stalkers and domestic
abusers to stealthily track the potential targets of their violence.
SpyFone’s lack of basic security also exposed device owners to
hackers, identity thieves, and other cyber threats. In addition to
imposing the surveillance-business ban, the FTC’s order requires
SpyFone to delete the illegally harvested information and
notify device owners that
the app had been secretly installed.
… This
is the second
case the
FTC has brought against stalkerware apps, and the first where the FTC
is obtaining a ban. In a complaint,
the FTC alleged that Support King, LLC, which did business as
SpyFone.com, and its CEO sold stalkerware apps that allowed
purchasers to surreptitiously monitor photos, text messages, web
histories, GPS locations, and other personal information of the phone
on which the app was installed without the device owner’s
knowledge.
Something
new, for my students involved in privacy.
https://www.csoonline.com/article/3631409/cdpse-certification-requirements-exam-and-cost.html#tk.rss_all
CDPSE
certification: Requirements, exam, and cost
The
Certified Data Privacy Solutions Engineer (CDPSE) certification is
new on the scene, but the privacy-focused cert is already in
increasing demand.
The
Certified Data Privacy Solutions Engineer (CDPSE) certification
focuses on the implementation of privacy solutions, from both a
technical and governance perspective. It is offered by ISACA, a
nonprofit professional association focused on IT governance with a
number of certifications in its stable, including CISM.
…
Overall,
a CDPSE certification is meant to demonstrate expertise in three main
areas, which ISACA refers to as work-related
domains:
Privacy
governance,
which includes governance, management, and risk management
Privacy
architecture, which
includes infrastructure, applications and software, and technical
privacy controls
Data
lifecycle, which
includes data purpose and data persistence
ISACA
breaks down what's
covered under each of these domains in more detail on their website.
How
about automatically filing them under “Humor?”
https://www.theverge.com/2021/9/1/22652764/facebook-twitter-censor-ban-texas-republicans-abbott?scrolla=5eb6d68b7fedc32c19ef33b4
Texas
is set to pass a new law banning Facebook from censoring
conservatives
Texas
is one step closer to enacting a law that would make it more
difficult for social media companies to moderate political content.
Both Texas’ House and Senate approved the bill earlier this week,
sending it to Gov. Greg Abbott’s desk.
The
bill would make it unlawful for social media companies with more than
50 million users, like Facebook and Twitter, to censor users and
content based on political views or geographic location. This
includes moderation actions like banning, deplatforming, or
demonetizing users and removing posts.
Perspective.
Have we all gone mad?
https://abcnews.go.com/Politics/house-gop-leader-mccarthy-threatens-companies-cooperate-jan/story?id=79772460
House
GOP Leader McCarthy threatens companies that cooperate with Jan. 6
probe
House
Minority Leader Kevin McCarthy on Tuesday warned dozens of
communications companies against cooperating with the House select
committee investigating the Jan. 6 Capitol attack, saying that
Republicans "will not forget" it if they retake the House.
His
broadside was immediately criticized by Democrats and ethics experts,
who accused him of violating House ethics rules and likened the
statement to tampering with the congressional investigation.
Tools
& Techniques.
https://www.nature.com/articles/d41586-021-02346-4
Drowning
in the literature? These smart software tools can help
Every
time Eddie Smolyansky had a few moments to himself, he tried to stay
abreast of new publications in his field. But by 2016, the
computer-vision researcher, who is based in Tel Aviv, Israel, was
receiving hundreds of automated literature recommendations per day.
“At some point the bathroom breaks weren’t enough,” he says.
The recommendations were “way too much, and impossible to keep up
with”.
… But
change is afoot. In 2019, Smolyansky co-founded Connected Papers,
one of a new generation of visual literature-mapping and
recommendation tools. Other services that promise to tame the
information overload, integrating Twitter feeds and daily news as
well as research, are also available.
Instead
of serving up a daily list of new articles by e-mail, Connected
Papers uses a single, user-chosen ‘origin paper’ to build a map
of related research, based partly on overlapping citations. The
service recently surpassed one million users, Smolyansky says.
The
maps are colour-coded by publication date, and users can toggle
between ‘prior’, seminal, papers and later, ‘derivative’,
works that build on them. The idea is that scientists can search for
an origin paper that interests them, and see from the resulting map
which recent papers have made a splash in their field, how they
relate to other research, and how many citations they have accrued.
Beware the amateur psychologist.
https://dilbert.com/strip/2021-09-02