Pete Recommends – Weekly highlights on cybersecurity issues – October 2, 2022

Subject: MIT Report Validates Impact Of Deep Learning For Cybersecurity
Source: Forbes

There are a lot of buzzwords in the world of cybersecurity marketing. When an emerging concept hits a certain viral tipping point, it seems like suddenly all vendors are using the same buzzword—which just makes everything more confusing. Artificial intelligence and machine learning are ubiquitous in cybersecurity marketing—and often confused with each other and with deep learning. A recent report from MIT clarifies the distinction between the three, and emphasizes the value of deep learning for more effective cybersecurity.

The MIT Technology Review Insights report, titled “Deep learning delivers proactive cyber defense,” is sponsored by Deep Instinct—a cybersecurity vendor that developed the world’s first and only purpose-built deep learning cybersecurity framework. The company—which announced a shift in executive leadership this week with Lane Bess, former Palo Alto Networks CEO and Zscaler COO, taking over as CEO and Guy Caspi, Deep Instinct’s co-founder and former CEO succeeding Bess as Board Chair and transitioning to the role of Chief Product Officer—is on a mission to demonstrate that prevention is better than detection and response, and that deep learning is the differentiator that makes it possible.The MIT report explains, “The terms “AI,” “machine learning,” and “deep learning” are often confused. The technologies are separate but related.


Subject: Bosses spying on you? Here’s the most disastrous truth about surveillance software
Source: ZDNET

With remote and hybrid working, many companies have resorted to instant, constant surveillance of their employees. But does it work?companies worried that they couldn’t observe their employees in the way they used to. They couldn’t loom over them, see how long they took for lunch — or a bathroom break.

It’s frustrating being a boss and not having total control. You’re supposed to have it, right? You’re the boss.

Sprightly tech companies came along to offer what these bosses truly needed — spying software that could remotely track their employees’ every single keystroke and body movement.Why, one tech company insisted it could offer bosses a productivity number for every employee.

Subject: VPN Providers Flee India as a New Data Law Takes Hold
Source: WIRED

[from the “If you can’t trust your VPN provider, who can you trust?” dept.]

Many companies have pulled physical servers from the country as a mandate to collect customer data goes into effect.

Ahead of the deadline to comply with the Indian government’s new data-collection rules, VPN companies from across the globe have pulled their servers out of the country in a bid to protect their users’ privacy.

Starting today, the Indian Computer Emergency Response Team, or CERT—a body appointed by the Indian government to deal with cybersecurity and threats—will require VPN operators to collect and maintain customer information including names, email addresses, and IP addresses for at least five years, even after they have canceled their subscription or account.

In April, CERT said it needed to implement these rules because “the requisite information is not found available” with the security provider during investigations into cybersecurity threats, thereby thwarting inquiries. The new rules, CERT claims, will “strengthen cyber security in India” and are “in the interest of sovereignty or integrity of India.”

VPN companies and privacy experts believe this move impacts user privacy and freedom of speech, and defeats the sole purpose of using VPNs, which encrypt users’ internet activity and mask their locations and identities.

“VPNs by nature can be a privacy advancing tool and can be capable of protecting information security in multiple ways, being used by individuals and companies to secure confidential information,” says Tejasi Panjiar, associate policy counsel at the Internet Freedom Foundation. “They also help secure digital rights under the constitution, especially for journalists and whistleblowers, because the nature of information that’s transferred over VPNs is primarily encrypted, which allows them not only to secure confidential information but also to safeguard their own identity, protecting them from surveillance and censorship.”

Proton VPN is also pulling its servers from India, the Wall Street Journal reports. Meanwhile, other VPN companies are looking for solutions that have minimal impact on their users while also maintaining their privacy. Enter: virtual servers.

Subject: NYC artist granted first known registered copyright for AI art

Sept. 24 (UPI) — An artist based in New York City has been granted the first known registered copyright for artwork made using latent diffusion artificial intelligence.Kris Kashtanova received a copyright for a graphic novel titled Zarya of the Dawn made using the commercial AI art generator Midjourney, according to a statement posted to their Instagram account. The copyright was verified by UPI through public records. …Though AI-generated art has likely been registered with the U.S. Copyright Office in the past, Kashtanova’s claim marks the first known to have been registered that used models powered by latent diffusion.

…Some artists and photographers have criticized the art-making platforms for violating their own copyrights, as the models that make them work have been trained on images scraped from the internet and stock photography websites….Earlier this week, Getty Images sent an email notifying users that the stock photo giant will cease to accept all submissions created using AI generative models such as Midjourney and previous submissions made of AI-generated art will be removed….

Subject: PRIVACY
Source: Various postings via beSpacific an active beSpacific Subject category

Subject: How does identity crime affect victims?
Source: Help Net Security

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year.The report goes beyond the known financial implications of identity crimes and explores the lost opportunities as well as the emotional, physical and psychological impacts experienced by victims resulting from the crimes.For the report, the ITRC surveyed victims who contacted the ITRC and victims who did not. According to the responses, the number of repeat identity crime victims dropped year-over-year among victims. However, half of the general victims surveyed claim to have been victimized more than once. Also, victims experienced more complex attacks that require longer to resolve. The percentage of “unresolved cases from the previous year” has grown from 37 percent to 55 percent since 2020.

Other key takeaways – The ITRC has seen one type of attack grow by over 1,000 percent in the last 12 months – social media account takeover. The report includes the results of a snap survey of victims who reported a social media account takeover. According to the victims who responded to the micro-survey:

Subject: Why 2FA is failing and what should be done about it
Source: TechRepublic

Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem.
Recently, my PayPal account was hacked, and it’s not the first or second time it’s happened. Fortunately, I have enough alerts set up to catch these things fairly quickly and act on them, but that doesn’t mean all is well. It’s not. I know it’s only a matter of time before another account is hacked.At this point, you’re probably thinking: “Why doesn’t he use a strong password and two-factor authentication on those accounts?” My answer: I do. All of my accounts are protected by passwords I couldn’t even think about memorizing, generated by a random password generator. Every account I use has 2FA enabled.But not all 2FA setups are built the same. Let me explain: Of all the accounts I have — and, like you, they are many — only one configuration ever gets hacked. That configuration is 2FA sent over SMS. The accounts using 2FA via a password app like Authy or Google’s Authenticator have never had any problems.

What should consumers do?

As far as consumers and users are concerned, if given the option between SMS and app-based 2FA, always go with the app-based option. By going that route, you don’t have to worry that your time-based 2FA code will be transmitted across the ether for someone to snoop on and use against you.

This should be instituted across the board with zero exceptions — at least until someone comes up with a more reliable, secure form of multi-factor authentication. Otherwise, accounts are going to continue to be hacked at an increasingly alarming rate.

Filed: Security


Subject: FCC Proposes Crackdown on Spam Texts
Source: Phone Scoop

The FCC today issued proposals for new rules to fight scam text messages and other robotexts. The FCC wants to apply “caller ID authentication standards to text messaging”. Mobile wireless providers would be required to “to block texts, at the network level, that purport to be from invalid, unallocated, or unused numbers, and numbers on a Do-Not-Originate (DNO) list.” The FCC is also asking the industry if more can be done to detect and block texts from spoofed phone numbers. The FCC is seeking comment on these and any other steps the Commission might take to fight illegal texts.

Subject: Say Goodbye to VPNs
Source: Sensei Enterprises, Inc.

All too many people think virtual private networks (VPNs) are their salvation from cyberattacks and a totally secure method to access their business/firm networks. Sorry to be the bearer of bad news, but VPNs are not where you want to be today in the technology landscape. CSO reported that 97% of enterprises say VPNs are prone to cyberattacks with 44% of organizations experiencing an increase in exploits targeting VPNs.
We can attest to the significant increase in VPN usage since the beginning of the pandemic, which is concerning since “there are almost 500 known VPN vulnerabilities listed on the CVE (common vulnerabilities and exposures) database.”

Subject: Pennsylvania ranks top 5 in teen scams
Source: WTAJ

(WTAJ) — A new study shows that Pennsylvania ranks number five for money lost in scams, with teenagers being a rapidly growing target.The study, released by, shows that money lost by victims under 20 grew by 1,125% over the last five years while seniors’ losses grew by 390% in the same time frame. Teens reportedly lost just $8.2 million in 2017 compared to $101.4 million last year. Pennsylvania is the No. 5 most-scammed state in the nation with 17,262 victims losing $206,982,032 in 2021.The company says this is a great time for parents and teachers to talk to their kids/students about online safety.

Subject: Google Rolls out ‘Results About You’ for Personal Info Removal
Source: Gizmodo

Starting today, people in the U.S. will be able to use Google’s new “Results About You” feature, which aims to provide a simpler way for people to get their sensitive personal information out of the company’s search results. Next year, Results About You will become proactive and allow users to opt in to alerts when new personal information related to them appears in search results, enabling users to request removal more quickly.

Google announced that it would officially launch Results About You, first unveiled at I/O back in May, at its Search On 22 event on Wednesday. With Results About You, users can request the removal of personally identifiable information with just a few clicks. This information includes physical addresses, phone numbers, and email addresses. The feature is also a hub for all of Google’s content removal policies, such as those for Social Security numbers and bank account numbers, and will direct users to the forms to request take down of that info.

Before Results About You, Google had few ways to de-index personally identifiable information removed because the company has very limited policies for removal.

The company has a byzantine web of policies—from the removal of non-consensual images and fake porn to rules for doxing content or websites that charge you to remove your personal information.

All of these policies can make it difficult to know which one to cite or which process to go through when you request content removal. That’s something Results About You aims to change, Sullivan said.

Subject: Russia demands answers after Apple kicks VK apps from App Store
Source: BleepingComputer

Russian telecom watchdog Roskomnadzor demanded explanations today from Apple regarding the removal of all VK apps, including the app for the country’s largest social network VKontakte, from its App Store on Monday.

Two of the apps removed from the Apple Store, the VKontakte social network application and the mail app, are included on the Russian Ministry of Digital Development’s list of apps with mandatory pre-installation on mobile devices in Russia.

VKontakte is used by more than 75 million users each month, and, based on the watchdog’s stats, it’s the most popular social network in Russia.

“The consequence of the actions of the American corporation was the loss by millions of Russian users of the opportunity to use the VKontakte social network and other applications, including: VK Music, VK Clips, VK Messenger, VK Admin,,” Roskomnadzor said.

“The agency believes that such discriminatory restrictions violate the rights of Russian Internet users to freely receive information and communicate, and are unacceptable.”

In March, Roskomnadzor announced it banned the Instagram, Facebook, and Twitter social networks in Russia after they booted pro-Kremlin media outlets and news agencies from their platforms and allowed calls for violence against Russian invaders and the Russian and Belarusian presidents.

The Russian Internet watchdog also blocked access to multiple foreign news outlets in the country, including Voice of America, BBC, DW, and Radio Free Europe/Radio Liberty, accusing them of allegedly spreading fake news regarding the ongoing invasion of Ukraine.


Subject: I Said No to Online Cookies. Websites Tracked Me Anyway
Source: Consumer Reports

Companies may be showing you targeted ads even after you opt out of tracking on their websites, Consumer Reports finds: You tell websites not to track you, but they do it anyway.I’m jaded when it comes to the internet, but this was a bit surprising because certain privacy protections are mandated by law in Europe and California, and consumers are starting to see these pop-ups everywhere. I found the cookie settings annoying, but I was using them anyway. Were companies all over the internet just wasting my time?

How You Can Limit Tracking Right Now

The pop-ups and privacy links on websites might not always work, but there are effective tools you can use to limit tracking, even if you can’t eliminate it entirely. One thing that doesn’t typically work is just closing the cookie pop-ups without making a decision. It might seem like a life hack, but you can assume it’s usually the same as clicking “I accept.”

See also:

Subject: What Is a Redress Number for Travel?
Source: NerdWallet

Redress numbers exist to clear up traveler watchlist mismatches. Most travelers won’t need or have one.

Whenever you travel by air within, to or from the U.S., you’re electronically screened using the Transportation Security Administration Secure Flight screening program. While this system is transparent for most passengers, it occasionally misidentifies passengers as high risk.

If you’ve frequently been stopped for additional security during travel or have been denied travel for security reasons, you may consider applying for a redress number to avoid this in the future.

A redress number is given to individuals who were falsely identified as posing threats to transportation security or public safety when flying. It aims to streamline TSA checkpoints for these travelers.

Do I need a redress number? If you’ve been denied travel or delayed during travel for additional security screening, or if you’ve had trouble getting through checkpoints at U.S. borders, DHS TRIP may provide relief from security-related travel woes.

Specifically, TSA suggests that you apply for a redress number if you’ve had issues like being unable to print a boarding pass, being denied or delayed boarding of a plane, being denied or delayed entry into or exit from the U.S. at a border checkpoint, or are frequently referred for additional screening at an airport.
While a redress number isn’t required for travel and not everyone will need one, if you’ve experienced security-related issues while flying, applying for a redress number may be right for you. By adding it to your travel bookings or frequent flyer accounts, you can help TSA identify you to save time and stress.

See also

Subject: Submarine Cables: Risks and Security Threats
Source: Energy Industry Review via beSpacific

Energy Industry Review: “99% of the internet network runs through submarine cables. It is estimated that over USD 10,000 billion in financial transactions run today through these “seabed highways”. This is especially the case of the main global financial exchange system, SWIFT (Society for Worldwide Interbank Financial Telecommunications), which has recently been banned for many Russian banks. The security of these transactions is a political, economic, and social problem. This is a major issue that has long been ignored. The extreme geographic concentration of the cables makes them particularly vulnerable. There are over 420 submarine lines in the world, totaling 1.3 million kilometres, over three times the distance from Earth to Moon.

Submarine internet cables have a crucial importance, like oil and gas pipelines. In the context of Russia’s invasion of Ukraine, the seabed is more than ever a battlefield that must be protected.

Abstracted from beSpacific
Copyright © 2022 beSpacific, All rights reserved.

Posted in: AI, Cybercrime, Cybersecurity, E-Commerce, Email, Privacy, Technology Trends, Telecommuting