PSB Monthly News

We made the decision to put a pause on posting news for the time being, so we can focus on creating more courses, blog posts, books, infographics, and other products and services helpful to organizations, and the general public. When we resume posting news, we will put an alert on the home page. Thank you!

November 2022

Breaches and Security Incidents

Critical Infrastructure

Education Sector: Schools and Students

Internet of Things (IoT) Tech (See expanded coverage in the PSB page dedicated to IoT tech)

Laws, Regulations, and Legal Sanctions

Personal, Sensitive and Other Data

Social Media

Surveillance

Technologies: New and Evolving

October 2022

Breaches and Security Incidents

Education Sector: Schools and Students

Hacking and Cybercrime

Laws, Regulations, and Legal Sanctions

Personal, Sensitive and Other Data

Social Media

September 2022

HIPAA and Healthcare

Insider Threat and Selling Health Data to Russia

We are including multiple reports about the same incident to provide a diversity of views, opinions, and more comprehensive facts about the case. Notice the first report below is the one from the U.S. Department of Justice that announced this news:

Personal, Sensitive and Other Data

August 2022

Personal, Sensitive and Other Data

May 2022

Applications and Systems Security, Vulnerabilities and Threats

Breaches

Laws, Regulations, Fines, Penalties, Law Suits

Nation State Attacks, Hacking & Cyberwar

Ransomware

April 2022

AI & Machine Learning

Cloud Security & Privacy

Education, Training & Awareness

Laws, Regulations & Law Suits

Privacy

Ransomware

Trends

March 2022

AI & Machine Learning

Authentication

Breaches

Bitcoin & Other Cryptocurrency

Conspiracy Theories, Misinformation, Disinformation

Critical Infrastructure

Cyber Crime

Cyber Insurance

Cybersecurity

Education

Laws, Regulations & Law Suits

Linux & Similar OS’s Vulnerabilities & News

Nation State Attacks, Hacking & Cyberwar

Okta

Operating Systems

Phishing and Other Social Engineering

Privacy

Ransomware

Remote and Mobile working and WFH

Surveillance and Facial Recognition

Technology

February 2022

Catphishing, phishing and other social engineering

Cloud Security

  • Signing up with a cloud provider? Don't forget to set an exit plan

    It’s not simply about getting easy permission to go when it's time to part ways; it’s about IT making sure any decisions don’t complicate that eventual departure.

    Feb 22 2022

    https://www.computerworld.com/article/3650673/signing-up-with-a-cloud-provider-dont-forget-to-set-an-exit-plan.html?fbclid=IwAR3X-SUarw62Pjr21_ewBhllq2K8axoeQEFBSpc7qy5Pc32olWU4rcKt5K0

Cybercrime and hacking

Laws, regulations, and legal actions

Misinformation and Conspiracy Theories

Nation-state and War Hacking and Other Actions

Work from Home, Hybrid Work, and Mobile Working

January 2022

Breaches and Incidents

Critical Infrastructure

Cyber Attacks and Hacks

Cyber Insurance

Data Privacy Day and Data Privacy Week

Encryption and Cryptography

Hacking and Cyber Attacks

Healthcare

Laws, Legal Actions, Penalties and Lawsuits

Manufacturing

Military

Privacy Management, Standards and Frameworks

Ransomware

Voting and Elections

December 2021 Security, Privacy and Compliance

Apps

Government

Hacking

Ransomware

Social Media

Compliance, Law, Penalties

Cybercrime

Work from Home and Mobile Working

Insider Threat

Ransomware

Facial Recognition

Engineering

Cryptocurrency

Laws, Legal Compliance, Judgments & Penalties

Nation State Hacking & Espionage

November 2021 Security, Privacy and Compliance

Hacking

Vulnerable Software

Drones

Smart Cars

Breaches

Critical Infrastructure Cybersecurity

Cyber Insurance

Privacy After Death

Social Media

Tech and Career Trends

Work from Home

October 2021 Security, Privacy and Compliance News

Applications and Systems Security, Vulnerabilities and Threats

Artificial Intelligence (AI),  Machine Learning & Robots

Cybercrime and Hacking

Cybersecurity Awareness Month October 2021

Education Cybersecurity & Privacy

Insider Threat

Laws, Legal Compliance, Judgments & Penalties

Killware

Privacy and Privacy Invasive Tech

Ransomware

Social Media

Supply Chain Security & Privacy

Work from Home

September 2021 Security, Privacy and Compliance News

Apps, Vulnerabilities and Threats

Bitcoin and Cryptocurrency

Cybercrime and Hacking

Cyber Insurance

Firmware, Hardware and Software Vulnerabilities

Healthcare

Insider Threat

Privacy Invasive Tech

Ransomware

Social Media

Work from Home

August 2021 Security, Privacy and Compliance News

Artificial Intelligence (AI) & Machine Learning

Biometrics

COVID-19

Cyber Attacks

DBOMs, SBOMs, CBOMs & Other Types of BOMs

War Impacts on Cybersecurity & Privacy

Social Media

  • German Marshall Fund Study on Facebook Interactions. “Sites that gather and present information irresponsibly (according to the news-rating service NewsGuard) accounted for a record-high one-fifth of Facebook interactions with U.S.-based sites in the second quarter of 2021, while engagement with articles from outlets that repeatedly publish false content plummeted on Twitter and Facebook. This occurred amidst an overall decline in engagement with all types of sites. After all-time highs in engagement with both types of deceptive news outlets in 2020, sites that publish false content have seen their engagement drop at much higher rates than U.S.-based sites in general, likely as a result of account takedowns and changes in policies around COVID-19 misinformation and content moderation.”

    Aug 23, 2021

    https://www.washingtonpost.com/context/marshall-fund-study-on-facebook-interactions/ee1f6c5a-3697-4959-841f-181be59750fa/?

Privacy Notices / Policies Updates

National and International Cybersecurity & Privacy

Disinformation, Misinformation and Conspiracies

Laws, Legal Compliance & Penalties

Privacy Notices and Policies

Tracking and Surveillance

Ransomware

Tech and Career Trends

Vendor, Third Party and Supply Chain Management

Honors, Recognitions, and Other Callouts to Rebecca Herold and/or Privacy & Security Brainiacs

July 2021 Security, Privacy and Compliance News

Apps

Data Management

Laws, Legal Compliance & Penalties

Misinformation

Ransomware

Vendor, Third Party and Supply Chain Management

Useful Links

June 2021 Security, Privacy and Compliance News

Apps

https://www.wired.com/story/voila-cartoonify-face-privacy-security

https://www.washingtonpost.com/technology/2021/07/15/contacts-sharing-privacy/

Artificial Intelligence (AI) & Machine Learning

Researchers try different approaches to solve problem of amplifying negative stereotypes.

https://arstechnica.com/science/2021/06/the-efforts-to-make-text-based-ai-less-racist-and-terrible

https://www.bbc.com/news/technology-57122120

https://www.statnews.com/2021/06/21/algorithm-bias-playbook-hospitals/

A majority worries that the evolution of artificial intelligence by 2030 will continue to be primarily focused on optimizing profits and social control. They also cite the difficulty of achieving consensus about ethics. Many who expect progress say it is not likely within the next decade. Still, a portion celebrate coming AI breakthroughs that will improve life

https://www.pewresearch.org/internet/2021/06/16/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/?mod=djemAIPro

Researchers have discovered that even sophisticated AI technology designed to create synthetic content can leave ’fingerprints’

June 16, 2021

https://www.wsj.com/articles/facebook-michigan-state-develop-deepfake-detection-technique-11623859200?st=da6t6chng3syvyd&reflink=desktopwebshare_permalink

Authentication Security & Privacy

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/you-might-want-to-audit-your-laps-permissions/ba-p/2280785

Critical Infrastructure Cybersecurity

https://itspmagazinepodcast.com/episodes/safe-to-drink-cyber-attacks-and-the-water-supply-what-you-need-to-know-a-conversation-with-bryson-bort-your-everyday-cyber-with-limor-kessem-and-diana-kelley-nakjfYAi

"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.

https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206

Cybercrime, Cyberattacks and Cyber Warfare

https://katu.com/news/local/school-districts-say-cyber-security-attacks-are-a-growing-risk

https://beta-ctvnews-ca.cdn.ampproject.org/c/s/beta.ctvnews.ca/local/toronto/2021/6/15/1_5471742.html

Data Anonymization, De-Identification, etc.

Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said.

Jun 17, 2021

https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/?rf=1

Data Brokes and related Privacy and Security

Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.

https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii

Data Leaks and Breaches

https://www.theladders.com/career-advice/billions-of-emails-and-passwords-appear-in-largest-data-leak-ever-consumers-should-change-passwords

Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher.

https://healthitsecurity.com/news/cvs-health-faces-data-breach1b-search-records-exposed

DBOMs, SBOMs, CBOMs & Other Types of BOMs

https://www.rsaconference.com/library/blog/supply-chain-security-awareness-part-3-how-to-fend-off-supply-chain-risks

https://www.ntia.doc.gov/files/ntia/publications/isa_bps_wg_-_2021.06.06.pdf

Disposal Security

  • Physical information security, privacy, and legal news out of Iowa! "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it.

  • This is a significant issue that #InformationAssurance practitioners must consider: How #WorkFromHome employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

Encryption

https://www.washingtonpost.com/politics/2021/06/16/cybersecurity-202-justice-department-is-racking-up-wins-despite-encryption-concerns/

The agency spent years running a secure phone network for criminals. So much for “going dark.”

https://www.wired.com/story/fbi-anom-phone-network-encryption-debate/

Facial Recognition

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/

https://www.bbc.com/news/technology-57504717

ID.me's says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.

https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems

The measure would make private use of the technology illegal but would not apply to police. It awaits the mayor's signature.

https://www.wired.com/story/baltimore-ban-facial-recognition-everyone-but-cops

The bill, which only has Democratic support, would bar federal agencies from using the technology without approval from Congress

June 16, 2021

https://www.wsj.com/articles/lawmakers-re-introduce-bill-that-would-ban-facial-recognition-technology-11623854310?reflink=desktopwebshare_permalink

Hacking

“Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.

“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.””

https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war

https://www.beckershospitalreview.com/cybersecurity/hacker-removes-files-from-new-mexico-hospital-s-computers-exposes-69-000-patients-info.html

Insider Threat

Experts Say Odd Case Offers Forewarning to Others

https://www.govinfosecurity.com/security-firm-coo-charged-in-attack-on-medical-center-a-16866

Laws, Legal Compliance & Penalties

https://www.marketwatch.com/story/amazon-may-face-425-million-fine-over-alleged-eu-privacy-violations-report-11623339505

Bills Address Criminal Penalties, School District Protection and More

June 21, 2021

https://www.bankinfosecurity.com/lawmakers-unveil-cybersecurity-legislation-a-16918

SEC: Executives Left in Dark About Vulnerability in File-Sharing System

June 21, 2021

https://www.databreachtoday.com/first-american-financials-sec-breach-settlement-488000-a-16912

Miscellaneous

https://www.reuters.com/lifestyle/sports/german-firms-air-taxi-aims-be-operational-paris-2024-olympics-2021-06-21

Misinformation

https://www.npr.org/2021/06/12/1002908327/5-ways-for-seniors-to-protect-themselves-from-online-misinformation

https://www.technologyreview.com/2021/06/30/1026338/gen-z-online-misinformation/

https://mitsloan.mit.edu/press/technology-companies-testing-anti-misinformation-accuracy-prompts-developed-mit-research-team

https://theconversation.com/punitive-laws-are-failing-to-curb-misinformation-in-africa-time-for-a-rethink-162961

Ransomware

https://www.scmagazine.com/home/security-news/ransomware/c-suites-adapt-to-ransomware-as-a-cost-of-doing-business/

https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/

https://arstechnica.com/information-technology/2021/06/ukraine-arrests-ransomware-gang-in-global-cybercriminal-crackdown/?amp=1

Software and Firmware Security

The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?

https://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/software-eating-car

June 18, 2021

https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/

Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets.

https://www.wired.com/story/dell-firmware-vulnerabilities/

https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

https://www.securitymagazine.com/articles/95444-firmware-security-requires-firm-supply-chain-agreements

Tracking and Surveillance

https://www.cdc.gov/coronavirus/2019-ncov/variants/variant-surveillance.html

Vicious cycle of monitoring and overwork is fuelling productivity — and a backlash

JUNE 15 2021

https://www.ft.com/content/b74b6ad6-3b8d-4cd8-9dd6-3b49754aa1c7

https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/

Voting and Elections Security

https://www.secureworldexpo.com/industry-news/ohio-decides-to-air-gap-votes

Wearables and Implants

https://spectrum.ieee.org/consumer-electronics/audiovideo/skin-displays-will-give-wearables-their-independence

Work from Home, School from Home & Mobile Computing

  • "The Iowa Supreme Court on Friday said police can’t search a suspect’s trash without a warrant.

In a 4-3 decision, the court ruled a police search of garbage left outside of homes for collection is an “unreasonable and thus unconstitutional seizure and search” unless a judge had approved a warrant. "

Consider that, generally in many/most US locations, items put into trash is considered public property and others can, and do, take items from it. This is a significant issue that information assurance practitioners must consider: How w work from home employees and contractors dispose of items that are business related.

https://iowacapitaldispatch.com/briefs/iowa-supreme-court-police-cant-search-trash-without-a-warrant/

See actual court decision here: https://www.iowacourts.gov/courtcases/8892/embed/SupremeCourtOpinion

https://www.scmagazine.com/home/security-news/researchers-offer-advice-on-how-to-block-wfh-employees-from-downloading-pirated-software/

https://www.cityam.com/deloitte-tells-staff-they-can-work-from-home-forever/

Articles by or including Rebecca

HHS Proposal Aims to Improve Patient Record Matching, But What Are the Risks? - June 17, 2021

https://www.govinfosecurity.com/standardizing-patient-addresses-privacy-security-issues-a-16894

Useful Links:

https://edps.europa.eu/_en

We are happy to report that, for the 14th year in a row, through three different governors of two different political parties, we’ve worked with the Iowa Governor’s office annually to support the formal proclamations of Iowa Data Privacy on January 28th! The Iowa holiday is held in conjunction with International Data Privacy Day.

Data Privacy Day Proclamation