Subject: Week in review: Fileless attacks increase 1,400%, consumers ditch brands hit by ransomware
Source: Help Net Security
https://www.helpnetsecurity.com/2023/07/09/week-in-review-fileless-attacks-increase-1400-consumers-ditch-brands-hit-by-ransomware/
Week in review: Fileless attacks increase 1,400%, consumers ditch brands hit by ransomware. Here’s an overview of some of last week’s most interesting news, articles, interviews and videos……
RSS feed for WiR: https://www.helpnetsecurity.com/tag/week_in_review/feed/
Source: Help Net Security
https://www.helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.Experts expose flaws in voiceprint technology Voice authentication – which allows companies to verify the identity of their clients via a supposedly unique “voiceprint” – has increasingly been used in remote banking, call centers and other security-critical scenarios.
“When enrolling in voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique vocal signature (voiceprint) from this provided phrase and stores it on a server,” said Andre Kassis, a Computer Security and Privacy PhD candidate and the lead author of a study detailing the research.
…
Subject: The potential healthcare privacy risks of ChatGPT
Source: Becker’s Healthcare
https://www.beckershospitalreview.com/cybersecurity/the-potential-healthcare-privacy-risks-of-chatgpt.html
Hospitals and health systems whose providers use ChatGPT could be opening themselves up to HIPAA violations and lawsuits if they are not careful with patient data, two health policy experts wrote in JAMA.Clinicians who employ the artificial intelligence chatbot in their practice are sharing the data with its developer, OpenAI, so they have to be sure they do not input protected health information, according to the July 6 article by Genevieve Kanter, PhD, an associate professor of health policy at Los Angeles-based University of Southern California, and Eric Packel, a healthcare privacy and compliance attorney with law firm BakerHostetler. “This is harder than it sounds,” they wrote.
…
The two experts recommended that health systems train staffers on the risks of chatbots, including as part of their annual HIPAA training.
Source: Quartz
https://www.bespacific.com/shadow-libraries-at-heart-of-mounting-copyright-lawsuits-against-openai/
Quartz “…Shadow libraries are online databases that provide access to millions of books and articles that are out of print, hard to obtain, and paywalled. Many of these databases, which began appearing online around 2008, originated in Russia, which has a long tradition of sharing forbidden books, according to the magazine Reason. Soon enough, these libraries became popular with cash-strapped academics around the world thanks to the high cost of accessing scholarly journals—with some reportedly going for as much as $500 for an entirely open-access article. These shadow libraries are also called “pirate libraries” because they often infringe on copyrighted work and cut into the publishing industry’s profits….
Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.
Source: The Markup
https://themarkup.org/pixel-hunt/2023/07/12/congressional-report-finds-meta-and-tax-prep-companies-recklessly-shared-taxpayers-data
Meta and major tax preparation companies inappropriately shared millions of taxpayers’ financial data for years, according to a congressional report released today that was spurred by a Markup article.Our investigation, which was published in November, revealed how tax filing services including H&R Block, TaxAct, and TaxSlayer were transmitting data to Facebook’s parent company, Meta, through a tool called the Meta Pixel. The data was sent as taxpayers filed their taxes and included personal information like first and last names, income, filing status, and refund amounts. Some data was also sent to Google through its analytics tools, and Google was also a subject of the congressional investigation.
Today’s report from lawmakers was informed by interviews with representatives of Meta, Google, and major tax prep services. It cited and confirmed The Markup’s report and chided the tax companies for being ”shockingly careless with their treatment of taxpayer data” and the tech firms for acting “with stunning disregard for taxpayer privacy.”
Tax data is tightly regulated, with penalties for improper sharing including fines and jail time. The report found the companies involved likely didn’t receive proper consent to share the data and could face criminal penalties.
But while the code is used on millions of sites around the web, Meta cautions against using it to collect potentially sensitive information, like financial and health data. Nonetheless, as part of a project called Pixel Hunt, The Markup has found several cases in which sensitive data has been repeatedly sent to Meta, including from major hospitals, telehealth companies, and the U.S. Department of Education.
…
From the series — Pixel Hunt and Impact
Source: UPI.com
https://www.upi.com/Top_News/US/2023/07/12/fcc-chair-pilot-program-cybersecurity-schools/1721689182908/
July 12 (UPI) — The chair of the Federal Communications Commission Wednesday laid out the framework for a proposal that would enhance cybersecurity protecting school networks. Chair Jessica Rosenworcel made the announcement during a speech to the School Superintendents Association and the Association of School Business officers. Rosenworcel said a pilot program is in the works that will see an investment in cybersecurity services for eligible K-12 schools and libraries.
…
RELATED DOJ launches new cyber unit targeting nat’l security threats
Topics – Technology
Source: Gizmodo
https://gizmodo.com/cooper-davis-act-drugs-companies-report-users-1850510171
Internet drug sales have skyrocketed in recent years, allowing powerful narcotics to be peddled to American teenagers and adolescents. It’s a trend that’s led to an epidemic of overdoses and left countless young people dead. Now, a bill scheduled for a congressional vote seeks to tackle the problem, but it comes with a major catch. Critics worry that the legislative effort to crack down on the drug trade could convert large parts of the internet into a federal spying apparatus.Gizmodo spoke with the American Civil Liberties Union and the Electronic Frontier Foundation—two organizations involved in the policy discussions surrounding the bill. Both groups expressed concern over the impact the proposed law could have on internet privacy. “There are some very real problems with this bill—both in how it’s written and how it’s conceptualized,” said India McKinney, an analyst with the EFF. Critics argue that, at its worst, the bill would effectively “deputize” internet platforms as informants for the DEA, creating an unwieldy surveillance apparatus that may have unintended consequences down the line.
The Problem: The Amazon-ification of Drug Dealing – The Cooper Davis Act seeks to solve a very real problem, which is the the ease with which drugs can now be purchased online. Back in the day, buying drugs used to be a slog. First, you had to know a guy—typically not a super pleasant or well-groomed one. Then, you had to meet up at said guy’s apartment or a street corner, where your plug would dole out the goods. It was an entire ordeal, filled with paranoia and inconvenience. But these days, buying drugs is a lot simpler. In fact, to hear federal officials tell it, buying narcotics is currently about as easy as DoorDashing a burrito. That’s because drug sales on social media platforms have exploded, creating a streamlined drug-buying experience that puts an entire black market at young people’s fingertips.
Subject: New Lawsuit Claims Texas TikTok Ban Violates First Amendment
Source: Gizmodo
https://gizmodo.com/tiktok-ban-texas-lawsuit-first-amendment-1850637368
After Republican Governor Greg Abott announced a sweeping ban of TikTok on state devices this past winter, a group representing university professors is challenging him with a new lawsuit. The complaint, filed Thursday, claims that the prohibition infringes on First Amendment rights.The New York Times reports that the lawsuit was filed in Western District of Texas federal court by the Knight First Amendment Institute at Columbia University on behalf of a group known as the Coalition for Independent Technology Research. The latter’s members include professors at Texas colleges and universities who claim their research has been compromised after the ban restricted their access to the app. The main argument of the lawsuit is that professors should be excluded from the TikTok ban as the state restricting their research is a violation of the First Amendment.