Saturday, April 30, 2022

Another shooter is added to the arsenal? Is everyone following the same rules?

https://www.defensenews.com/intel-geoint/2022/04/27/intelligence-agency-takes-over-project-maven-the-pentagons-signature-ai-scheme/

Intelligence agency takes over Project Maven, the Pentagon’s signature AI scheme

The National Geospatial-Intelligence Agency will take operational control of part of the Pentagon’s signature artificial intelligence program, the agency’s director announced April 25.

Project Maven is the Department of Defense’s most visible artificial intelligence tool, designed to process imagery and full-motion video from drones and automatically detect potential targets.

At the GEOINT Symposium in Denver, Colorado, NGA Director Vice Adm. Robert Sharp announced that his agency would take over operational control of Project Maven’s GEOINT AI services from the Office of the Under Secretary of Defense for Intelligence and Security under President Biden’s proposed budget for Fiscal Year 2023.





Locals screw up.

https://www.databreaches.net/over-20000-peoples-data-potentially-compromised-in-phishing-scam-targeting-valley-view-hospital/

Over 20,000 people’s data potentially compromised in phishing scam targeting Valley View Hospital (Colorado)

Ike Fredregill reports:

A phishing scam granted outside users access to four Valley View Hospital email accounts, potentially impacting the personal data of about 21,000 people, including hospital employees and patients, a Valley View spokesperson wrote in an email.

A Valley View news release Friday states the hospital learned in January that thousands of peoples’ personal information could have been accessed when an unauthorized third party gained access to several employees’ email accounts. An investigation followed, and it was determined March 29 that the accounts contained personal information that could have been compromised.

Read more at Aspen Times.

Valley View’s substitute notice, in full. They indicate when they discovered the breach, but not when it occurred.

Valley View Hospital Association (Valley View) is committed to protecting the privacy and security of our patients’ information. Regrettably, this notice is regarding an incident we identified that may have involved a limited group of patients’ information.
On January 19, 2022, Valley View discovered that an unauthorized party gained access to four of its employees’ email accounts that could have contained patient information. Valley View promptly secured the email accounts to prevent any further unauthorized access and engaged a forensic security firm to investigate the incident and confirm the security of Valley View’s email and computer systems.
We do not believe that any personal information was removed from our system. Consistent with our commitment to keep your personal information private, we investigated this matter and reviewed the contents of the email accounts. On March 29, 2022, we determined that the accounts contained personal information.
Valley View mailed letters to those patients whose information may have been involved in this incident beginning on March 19, 2022. If you believe you are involved and did not receive a letter, we encourage you to call 1-877-660-1330 with any questions regarding this incident. Representatives are available Monday through Friday from 7 a.m. – 4 p.m. Mountain Time.
We want to assure our patients that we are taking this matter very seriously. We deeply regret that this incident has occurred and greatly value the trust our patients have placed in Valley View.





I read this as: Yeah security’s important to us, but we did a really bad job of it.

https://www.insideprivacy.com/data-security/data-breaches/fourth-circuit-holds-statements-about-importance-of-data-security-not-actionable/

Fourth Circuit Holds Statements About Importance of Data Security Not Actionable

In a new post on the Inside Class Actions blog, our colleagues discuss a recent Fourth Circuit opinion holding that statements about the importance a company places on data security are not actionable following a data breach. The case, In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.





Could be very useful.

https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Google has for years accepted requests to remove certain sensitive data such as bank account or credit card numbers from search results. In a blog post on Wednesday, Google’s Michelle Chang wrote that the company’s expanded policy now allows for the removal of additional information that may pose a risk for identity theft, such as confidential log-in credentials, email addresses and phone numbers when it appears in Search results.





Old axiom: When all you have is a hammer, everything looks like a nail.

https://thenextweb.com/news/why-companies-should-stop-be-ai-first

Why companies should stop trying to be “AI-first”

Artificial intelligence has become a buzzword in the tech industry. Companies are eager to present themselves as “AI-first” and use the terms “AI,” “machine learning,” and “deep learning” abundantly in their web and marketing copy.

What are the effects of the current hype surrounding AI? Is it just misleading consumers and end-users or is it also affecting investors and regulators? How is it shaping the mindset for creating products and services? How is the merging of scientific research and commercial product development feeding into the hype?

These are some of the questions that Richard Heimann, Chief AI Officer at Cybraics, answers in his new book Doing AI. Heimann’s main message is that when AI itself becomes our goal, we lose sight of all the important problems we must solve. And by extension, we draw the wrong conclusions and make the wrong decisions.

Machine learning, deep learning, and all other technologies that fit under the umbrella term “AI” should be considered only after you have well-defined goals and problems, Heimann argues. And this is why being AI-first means doing AI last.





Tools & Techniques. Something for my Ethical Hackers perhaps.

https://www.makeuseof.com/tag/fake-live-video-call/

How Are Fake Live Video Calls Made? Here's How to Spot Them

… What if you could make a fake video call that switched out your face, the background, or other important features—would you fake call your family?

Here's how fake video calls work and how you can spot one.



No comments: