Pete Recommends – Weekly highlights on cyber security issues, June 30, 2023

Subject: Amazon delays virtual care service’s unveiling after senators raised privacy concerns
Source: Politico
https://www.politico.com/news/2023/06/23/amazon-delays-virtual-care-services-unveiling-after-senators-raised-privacy-concerns-00103451

Amazon is delaying the launch of a major expansion of its Amazon Clinic telemedicine service due to lawmakers’ concerns about its privacy practices that POLITICO detailed last week. According to an email from a person with direct knowledge subsequently obtained by POLITICO, Amazon will hold off on a promotional campaign for three weeks, until July 19.

Currently, Amazon Clinic is available in 33 states and leans on asynchronous care, meaning patients fill out a form to get treated for conditions like urinary tract infections, acid reflux and pink eye as well as to receive emergency contraception and birth control.

Amazon had planned to announce a 50-state launch of synchronous care — treatment provided via live video — on Tuesday. The company did not respond to a request for comment.

But the email says Amazon is delaying promotional activity because of POLITICO reporting on a letter from Sens. Peter Welch (D-Vt.) and Elizabeth Warren (D-Mass.) that raised concerns that the company is “harvesting” health data from patients. In the letter to Amazon CEO Andy Jassy, the lawmakers pointed to recent reporting that Amazon Clinic requires patients to sign a release giving the company “complete” access to their health information.

By signing, customers authorize Amazon to share their data, and acknowledge that it’s not protected by HIPAA, the federal health privacy law.

The senators also want Amazon to provide a sample-contract with third-party providers that give care to Amazon Clinic enrollees, and to explain if it shares data with law enforcement.


Subject: World Elder Abuse Awareness
Source: SSA Blog
https://blog.ssa.gov/tag/fraud/

A couple of entries from the SSA “fraud” tags:  World Elder Abuse Awareness Day: Combating Injustice

June 15, 2023 • By Mark Majestic, Associate Commissioner, Office of Program Integrity – The COVID-19 pandemic may have led us to focus more on ourselves – and forget about checking in with others. World Elder Abuse Awareness Day reminds us about the importance of staying in touch with older persons. Elder abuse is the intentional mistreatment or harming of an older person. An older person is defined by […]
Minimizing the Risk of Scams for People Living with Dementia June 13, 2023 • By Alzheimer’s Association Staff – Financial crime against older Americans is a growing problem. People living with dementia are at an especially high risk of becoming victims of fraud and financial abuse. That’s why we’re grateful for Social Security’s unwavering commitment to combatting fraud. As their memory and other thinking skills decline, people with dementia may struggle to make financial […]

Continue reading “Minimizing the Risk of Scams for People Living with Dementia” → Tags: fraud, scams, telephone scams


Subject: How Do Some Companies Get Compromised Again and Again?
Source: Security Intelligence
https://securityintelligence.com/articles/how-do-some-companies-get-compromised-again-and-again/

[h/t Sabrina] Hack me once, shame on thee. Hack me twice, shame on me.

The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also accessed some customers’ AIP keys, which would have enabled them to send email campaigns posing as those customers.

This data breach attack wasn’t especially noteworthy — until less than six months later, it happened again. As before, an intruder accessed internal tools to compromise data on 133 MailChimp accounts. The breach was made possible by a social engineering attack on employees and contractors to gain access to employee passwords.

What Goes Wrong in Attack Recovery that Invites New Attacks?
Here’s an under-appreciated fact about what happens after a cyberattack: Malicious actors learn what’s possible.
In the MailChimp example, cyberattackers learned that 1) internal tools were vulnerable, and 2) they could be used to steal customer data.

Tagged: data breach response | MailChimp | SolarWinds | cyber attacks | Cyberattacks | Data Breach | Data Breaches | Ransomware

Filed: https://securityintelligence.com/category/topics/security-intelligence-analytics/

RSS: https://securityintelligence.com/category/topics/security-intelligence-analytics/feed/


Subject: 5 Free Anonymous Web Browsers That Are Completely Private
Source: MakeUseOf
https://www.bespacific.com/anonymous-web-browsers-that-are-completely-private/

MakeUseOf: “Using an untraceable web browser leads to a much safer online experience. Fortunately, it’s easy to start using a browser that prioritizes your privacy. Here are a few of the best private browsers that are (almost) completely anonymous…”

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.


Subject: Junk News Sites With AI-Generated Content Are Abusing Ad Systems
Source: Gizmodo
https://gizmodo.com/study-junk-news-sites-ad-systems-ai-generated-content-1850578259

Content farms using chatbots like ChatGPT have exploded in prevalence and threatens the lifeblood of the internet.AI-generated text has the potential to sap the very lifeblood of the internet’s ad-dominated ecosystem. Just how much is the main question, but a new report says it’s a growing issue that major ad companies like Google have yet to fully grapple with.

NewsGuard, a company that sells online accuracy tools, released a new report on Sunday showing there are dozens of content farms automatically generating thousands of pieces of content every day, most of which is created by AI. The sites themselves require little or no human oversight. One identified site, World-Today-News.com, produced more than 1,200 articles a day and close to 8,600 articles in a single week in mid-June.

Other so-called made-for-advertising sites were trading in potentially harmful content, such as junk site MedicalOutline.com proliferating clickbait headlines like “Can lemon cure skin allergy?” That article starts off with the line “As an AI language model, I do not have the ability to provide medical advice.”

Filed: https://gizmodo.com/tech/artificial-intelligence


Subject: Does ChatGPT Save My Data? OpenAI’s Privacy Policy Explained
Source: tech.co
https://tech.co/news/does-chatgpt-save-my-data

We take a closer look at what data ChatGPT saves, how it’s used, and OpenAI’s privacy policy.

Does ChatGPT save data? The short answer is yes – and quite a lot of it. In fact, ChatGPT saves all of the prompts, questions, and queries users enter into it, regardless of the topic or subject being discussed. As a result, hundreds of millions of conversations are likely stored by ChatGPT owner OpenAI at present.

Just as you can review your previous conversations with ChatGPT, so can the chatbot. You can delete specific conversations with ChatGPT, but your data may have already been extracted by OpenAI to improve the chatbot’s language model and make its responses more accurate.In this guide, we take a closer look at the kinds of user information that ChatGPT and creators OpenAI store and whether it’s safe for businesses to use the generative AI tool. We also run through some of the main concerns around the ChatGPT privacy policy and discuss the precautions you should take while using it.


Subject: FBI launches national ‘swatting’ database amid rising incidents
Source: The Hill
https://thehill.com/blogs/blog-briefing-room/4075617-fbi-launches-national-swatting-database-amid-rising-incidents/

The FBI is tracking “swatting” incidents in a national database as the dangerous form of prank call becomes more common, the bureau revealed Thursday. Swatting incidents take place when a person calls the police claiming there is a dangerous person, kidnapping or a mass shooting at a house, hoping for police to respond in force.

The incidents have most commonly targeted internet celebrities and live streamers, but musicians like Rihanna and Justin Bieber have also been victims of swatting. Earlier this year, swatting incidents also became more common at schools.

“From my perspective, this is a form of terrorism,” former FBI intelligence analyst Jennifer Doebler told NewsNation in March. Dozens of schools were targeted with hoax active shooter threats in a single week in March.

Recent advances in technology, including the use of artificial intelligence, have made it more difficult to catch people who commit swatting. Callers can obscure their computer IP addresses and fake voices to mask their identities.

Posted in: AI, Big Data, Congress, Criminal Law, Cybercrime, Cybersecurity, Economy, Education, Email Security, Financial System, Health, Healthcare, Legal Research, Privacy