Pete Recommends – Weekly highlights on cyber security issues July 28, 2019

Subject: Viral App FaceApp Now Owns Access To More Than 150 Million People’s Faces And Names
Source: Forbes via beSpacific
https://www.bespacific.com/viral-app-faceapp-now-owns-access-to-more-than-150-million-peoples-faces-and-names/

Forbes – “And we thought we learned a lesson from Cambridge Analytica. More than 100 million people have downloaded the app from Google Play. And FaceApp is now the top-ranked app on the iOS App Store in 121 countries, according to App Annie. While according to FaceApp’s terms of service people still own their own “user content” (read: face), the company owns a never-ending and irrevocable royalty-free license to do anything they want with it … in front of whoever they wish:

beSpacific Subjects: AI, E-Commerce, E-Records, Intellectual Property, Internet, Privacy, Search Engines, Social Media

Forbes category: https://www.forbes.com/consumer-tech/


Subject: Equifax To Pay Hundreds Of Millions In Data Breach Settlement
Source: KDKA via CBS Pittsburgh
https://pittsburgh.cbslocal.com/2019/07/22/equifax-federal-trade-commission-settlement/

WASHINGTON (AP/KDKA) — Equifax will pay up to $700 million to settle with the Federal Trade Commission and others over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people. [Note – see also beSpacific updates postings and associated resources on this settlement – Proving you deserve $20,000 from the Equifax settlement will be nearly impossible]

The proposed settlement with the Consumer Financial Protection Bureau, if approved by the federal district court Northern District of Georgia, will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief.

Under the settlement, Equifax has also agreed to strengthen its security practices going forward. Some of those practices include:

• Reorganizing its data security team;
• Minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
• performing regular security monitoring, logging and testing;
• Employing improved access control and account management tools;
• Reorganizing and segmenting its network; and
• Reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.

see also:
https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement


Subject: 5G Wireless Network Risk Factors
Source: DHS via CISA
https://www.us-cert.gov/ncas/current-activity/2019/07/22/5g-wireless-network-risk-factors

The Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic on 5G wireless network risk factors. Although 5G technology will bring capacity, reliability, and security improvements, it may also introduce supply chain, deployment, network security, and competition and choice vulnerabilities. These vulnerabilities may affect the security and resilience of 5G networks.

CISA encourages users and administrators to review the CISA 5G infographic to better understand the risks associated with 5G wireless networks.

RSS for CISA Alerts:
https://www.us-cert.gov/ncas/alerts.xml


Subject: Building Resilience to Foreign Interference, Misinformation Activities
Source: DHS via CISA
https://www.us-cert.gov/ncas/current-activity/2019/07/22/building-resilience-foreign-interference-misinformation-activities

As part of the effort to #Protect2020, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation). The Department of Homeland Security (DHS) views foreign interference as malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining the interests of the United States and its allies.

Responding to foreign interference requires a whole of society approach—CISA has made available the following foreign interference resources to #Protect2020: [3 PDFs:]


Subject: How vulnerable are the undersea cables that power the global internet?
Source: CNN Wire via WPMT FOX43
https://fox43.com/2019/07/26/how-vulnerable-are-the-undersea-cables-that-power-the-global-internet/

[some history, too … ]

Network down

In 2012, Hurricane Sandy slammed into the US East Coast, causing an estimated $71 billion in damage and knocking out several key exchanges where undersea cables linked North America and Europe.

“It was a major disruption,” Frank Rey, director of global network strategy for Microsoft’s Cloud Infrastructure and Operations division, said in a statement.

“The entire network between North America and Europe was isolated for a number of hours. For us, the storm brought to light a potential challenge in the consolidation of transatlantic cables that all landed in New York and New Jersey.”

For its newest cable, Marea, Microsoft chose to base its US operation further down the coast in Virginia, away from the cluster of cables to minimize disruption should another massive storm hit New York.

But most often when a cable goes down nature is not to blame. There are about 200 such failures each year and the vast majority are caused by humans.


Subject: Vulnerabilities in Multiple VPN Applications
Source: CISA DHS via
https://www.us-cert.gov/ncas/current-activity/2019/07/26/vulnerabilities-multiple-vpn-applications

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following security advisories and apply the necessary updates:


Subject: What Does Incognito Mode Actually Do? Here’s Everything You Need to Know
Source: Digital Trends
https://www.digitaltrends.com/computing/what-is-incognito-mode/

What does opening a browsing session in Incognito Mode actually do? Not as much as you might think. Research has shown that over 40% of people believe that using Incognito Mode hides their browsing location from the sites they visit, and around a third think that it hides browsing from employers. Not so.

Actually, privacy modes are a lot more limited than you might think: They may prevent casual records of your internet activity, but don’t go much further. Here’s everything you should know.

filed: https://www.digitaltrends.com/computing/
RSS: https://www.digitaltrends.com/computing/feed/


Subject: Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges
Source: U.S. GAO
https://www.gao.gov/products/GAO-19-384

To protect against cyber threats, federal agencies should incorporate key practices in their cybersecurity risk management programs.

  • These key practices include:
  • Designating a cybersecurity risk executive
  • Developing a risk management strategy and policies
  • Assessing cyber risks
  • Coordinating between cybersecurity and enterprise-wide risk management functions

All but one of the 23 agencies we reviewed designated a risk executive. However, none of these agencies fully incorporated the other key practices into their programs. We made 58 recommendations to federal agencies to help improve their cybersecurity risk management programs.

View Report (PDF, 119 pages)

Multimedia:

  • PODCAST: Defending Against Cyber Attacks

Download | Subscribe

NB Cyber and Info security RSS feed:
https://www.gao.gov/rss/topic/Information_Security


Subject: Oversight committee OKs subpoena on White House use of private email
Source: UPI
https://www.upi.com/Top_News/US/2019/07/25/Oversight-committee-OKs-subpoena-on-White-House-use-of-private-email/8211564072989/

“The committee has obtained direct evidence that multiple high-level White House officials have been violating the Presidential Records Act by using personal email accounts, text messaging services, and even encrypted applications for official business — and not preserving those records in compliance with federal law,” Cummings said.

The Presidential Records Act demands that all federal employees who create documents using non-governmental email accounts forward them to their governmental accounts within 20 days.

Topics

Posted in: Congress, Cybercrime, Cybersecurity, Email, Email Security, Government Resources, Internet Trends, Legal Research, Privacy, Social Media, Spyware