Subject: Facebook stops collection of user health data after New York investigation
Source: Becker’s Health IT
Facebook will no longer collect unauthorized data about people’s medical and other sensitive information following recommendations from a New York Department of Financial Services investigation, The Wall Street Journal reports. The state began investigating Facebook after a 2019 WSJ report claimed that personal health apps, including period and pregnancy tracker app called Flo, were quietly passing data to the social media giant.
Facebook’s official terms had prohibited app developers from giving the company data from children about health and other sensitive topics, but the company told the New York financial services department it had “routinely obtained” such information from developers, going against its own service terms and policies, according to the Feb. 18 report.
Subject: Bruce Schneier’s CRYPTO-GRAM, 15 Feb 2021
Source: RISKS Digest
https://catless.ncl.ac.uk/Risks/32/50/#subj38.1 Bruce Schneier’s CRYPTO-GRAM, 15 Feb 2021 – Peter Neumann <[email protected]>Mon, 15 Feb 2021 10:52:16 PST
- Cell Phone Location Privacy
- Injecting a Backdoor into SolarWinds Orion
- Sophisticated Watering Hole Attack
- SVR Attacks on Microsoft 365
- Insider Attack on Home Surveillance Systems
- Massive Brazilian Data Breach
- Dutch Insider Attack on COVID-19 Data
- Police Have Disrupted the Emotet Botnet
- New iMessage Security Features
- Including Hackers in NATO Wargames
- Georgia’s Ballot-Marking Devices
- More SolarWinds News
- Another SolarWinds Orion Hack
- Presidential Cybersecurity and Pelotons
- NoxPlayer Android Emulator Supply-Chain Attack
- SonicWall Zero-Day
- Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
- Ransomware Profitability
- Attack against Florida Water Treatment Facility
- Medieval Security Techniques
- Chinese Supply-Chain Attack on Computer Systems
NB RSS https://www.schneier.com/feed/
Subject: Why Europe’s COVID Vaccine Passports Won’t Work
Source: Daily Beast via Yahoo!
The president of the European Union Commission, Ursula von der Leyen, has adamantly supported the introduction of a “COVID passport” that would allow tourists to bypass quarantines and even invasive brain-tickling swab tests if they can prove they have been inoculated. “It is a medical requirement to have a certificate proving that you have been vaccinated,” she said last week, after a measure was introduced by Greece to make vaccination passports mandatory for E.U. travel, much like it is for those traveling to many African nations to prove they have had a Yellow Fever vaccine.
But none of these efforts to return to normalcy will work unless all countries agree to recognize proof of immunity, whether by antibodies or one of the many vaccines. “For certificates to work internationally, they must be recognized by countries around the world,” Sweden’s social minister, Lena Hallengren, said this week. And that may yet prove to be the biggest challenge.
Subject: COVID fueled 2020
The coronavirus was a driving force behind cyber activities in 2020 from both criminal and nation-state actors who tried to acquire information related to the virus and possible vaccines or extort the health care industry, according to a new Crowdstrike report….
Subject: Why non-human workers can increase security issues in your business
Most organizations don’t give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.The term non-human worker conjures up several images. In this case, we’re talking about “non-living workers,” so no worries about mistreating any animals. Some examples include chatbots, robotic process automation, robots and more. They’re now likely to be working alongside us in the office.
SEE: Robotics in the enterprise (free PDF) (TechRepublic) “The number of non-human workers is growing, particularly as global organizations increasingly prioritize cloud computing, DevOps, Internet of Things devices, and other digital transformation initiatives,” said David Pignolet, CEO of SecZetta, in an email interview.Pignolet does not have a problem with non-human workers; his concern is the lack of identity management regarding non-human workers and the increasing number of cyberattacks and data breaches caused by subverting the access privileges given to non-human workers.
See also The Forrester Research article How To Secure And Govern Non-Human Identities …
Source: VPNs pose challenges for agencies sustaining remote work
https://www.fedscoop.com/vpns-challenges-agencies-remote-work/Virtual private networks
(VPNs) are presenting some agencies with added challenges as they increase remote work during the COVID-19 pandemic. Some agencies had to make emergency acquisitions for more VPN licenses and are now looking to segment their data because the technology provides more internet exposure than advocates of models like zero-trust security are comfortable with. Infrastructure, not cloud, remains the focus as agencies attempt to remotely connect employees to network assets that may still be on-premise, and zero-trust security architectures are preferable, said Dan Jacobs, director of cloud adoption and cybersecurity within the General Services Administration Centers of Excellence.
According to a Zscaler risk report released this month, among 357 IT and cybersecurity professionals — 25 of them in government — 93% said their organization had deployed VPN services despite 94% acknowledging cybercriminals exploit their vulnerabilities to access network assets. Social engineering, ransomware and malware are the most common ways to compromise VPNs.
“Right now VPN just throws open the fire hose and gives me access to everything I had when I was in the building,” Feibus said. “Do I necessarily need that when I’m remote?”
AFCEA Bethesda, Air Force, Centers of excellence, coronavirus, DevSecOps, General Services Administration (GSA), National Institute of Standards and Technology (NIST), Nuclear Regulatory Commission, remote work, VPN, Zero-Trust Security, zscaler
Subject: Dealing with Weather Emergencies
Source: FTC Consumer Information
It’s one thing to prepare your family, pets, and property for extreme weather situations. It’s another to protect your personal information and finances from scammers who use weather emergencies to cheat people. This page has information to help you prepare for, deal with, and recover from a weather emergency.
- Preparing for a Weather Emergency
- Staying Alert to Disaster-related Scams
- Getting Back on Your Feet Financially
Subject: The Best Law You’ve Never Heard Of
Source: NYT via beSpacific
The New York Times – Taking back control of our personal data can feel like a lost cause. But there’s hope! “Americans should feel angry about companies harvesting every morsel of our data to sell us sneakers or rate our creditworthiness. But a data protection law that few of us know about should also give us hope. I’m talking about the Biometric Information Privacy Act of Illinois, or BIPA. It’s one of the toughest privacy laws in the United States. And it passed in 2008, when most of us didn’t have smartphones and couldn’t have imagined Alexa in our kitchens. It applies only to Illinois residents and limits no more than what companies do with data from our bodies, like face scans and fingerprints. But its principles and legacy show that effective laws can wrest a measure of control from information-hogging companies. BIPA may also show that states can be America’s best laboratory for tackling the downsides of digital life….
Subject: How to Find Hidden Cameras Using Your Mobile Phone
Source: MakeUseOf via beSpacific
Source: Consumer Reports
The algorithms influence which videos and products you see online, and how social media posts are moderated
Later this month, your Facebook feed will start looking less political. The company says it’s testing a tweak that will surface fewer politics-related posts in users’ feeds, in a bid to keep political content from “taking over” what people see—an adjustment Facebook says users often ask for. But it’s not clear what the change will look like. In its announcement and in comments made to Consumer Reports, Facebook didn’t share any details about how its systems would assemble the new feeds, or even decide what counts as political content. And if you like your feed just the way it is, well, too bad—you don’t have a say in the matter.
Source: CBS Pittsburgh
Driscoll says there are also call blocking apps you can download to your phone but be careful.
“For example with a call blocking app permissions may be necessary to provide all of the contacts in your phone book, or it could be a concern if the app is also requiring access to your text messages and other information that may not actually be necessary to provide that service,” she warned.
For Android users anytime you get a robocall, go into your phone and block that number. iPhone users can go to settings, select ‘Phone’, then ‘silence unknown callers and make sure that is turned on. That will automatically send to voice mail any call from a number that is not in your contacts or that you have not reached out to either by phone or text.
As for blocking apps, a critical point to consider is how often they update their software.
Robocallers regularly switch numbers and mask them as local numbers. So you may block the number coming from Turtle Creek only to get the next call from Oakmont.
The best thing to do if you get a call from an unknown number decline it, or just let it go to voicemail.
Other robocall articles:
Idaho National Laboratory officials invented a means to speedily detect hidden malware that exploits infected computing systems’ resources to mine digital currencies.Now, they’re searching for an external partner with expertise to bring it to market.
“Advanced cryptocurrency mining algorithms, including Monero and Lightning, that have been surreptitiously embedded into legitimate High-Performance Computing (HPC) applications present an increasing threat to research data centers and HPC systems throughout the world,” a technology licencing opportunity post published this week reads.
Access to the full solicitation is restricted to those who submit a contract security form, but the post offers some details about the recently produced technology.
More than 2,000 types of cryptocurrencies exist, officials wrote in the post. But mining Bitcoin and other online currencies is expensive and demands heaps of hardware. Rates of energy and electricity consumed in the practice can match those of some small countries and grow with demand. The officials point to cryptojacking—or using HPC assets without authorization to mine the money—as one way some have opted to reduce cost.
Source: Route Fifty
A cybersecurity report found that 25% of state and local government employees use personal digital devices to telework while only 9% of federal employees do so. Nearly a quarter of state and local government employees use personal phones and tablets for work, putting them at higher risk for phishing attacks and other cyber intrusions, according to a new cybersecurity report.
Local governments have battled an onslaught of ransomware attacks and cybersecurity threats in recent years, including this month’s breach of a water treatment plant in Florida. But as government employees shifted to work from home during the coronavirus pandemic, the report from mobile security firm Lookout highlights one way that telework can put agencies at greater risk.
Using personal devices can provide employees greater flexibility to work from home, but “these unmanaged personal devices are more frequently exposed to phishing sites than managed devices,” the Lookout report found. “This is because personal un-managed devices connect to a broader range of websites and use a greater variety of apps.”
“With the proper protection in place, I think it’s perfectly acceptable for government employees to use personal devices,” he added.