Pete Recommends – Weekly highlights on cyber security issues, November 4, 2023

Subject: Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
Source: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: …QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others.

Subject: Biden’s new AI executive order gives several agencies more responsibility
Source: FedScoop

The order cites the need for training, technical assistance and coordination between the Department of Justice and federal civil rights offices to support the prosecution of AI-related civil rights violations. The Department of Health and Human Services is meant to establish a method of receiving reports on AI health risks and the State Department is supposed to lead an effort to create an international framework for the technology.

A full copy of the executive order, which includes myriad provisions and is scheduled to be formally announced Monday afternoon, was not immediately available for publication.

Subject: Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date
Source: Tech Republic

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. Protect your company from Octo Tempest with these tips. A new report from Microsoft Incident Response and Microsoft Threat Intelligence teams exposed the activities and constant evolution of a financially oriented threat actor named Octo Tempest, who deploys advanced social engineering techniques to target companies, steal data and run ransomware campaigns.

Jump to:

Using its social engineering skills, the group might call employees and trick them into installing a remote monitoring and management tool or browse a phishing site containing an Adversary in the Middle toolkit to bypass two-factor authentication and remove their FIDO2 token.


Subject: Critical Infrastructure Security and Resilience Month Toolkit
Source: CISA via Sabrina

Download the Critical Infrastructure Security and Resilience Month Toolkit to get started!

Resource Materials:

Subject: Russian Reshipping Service ‘SWAT USA Drop’ Exposed
Source: Krebs on Security

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.But such restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive stolen goods and relay them to crooks living in the embargoed areas.
Services like SWAT are known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on and job search sites. Most reshipping scams promise employees a monthly salary and even cash bonuses. In reality, the crooks in charge almost always stop communicating with drops just before the first payday, usually about a month after the drop ships their first package….

The information leaked from SWAT also has exposed the real-life identity and financial dealings of its principal owner — Fearlless, a.k.a. “SwatVerified.” We’ll hear more about Fearlless in Part II of this story. Stay tuned.

Subject: People Search Data Brokers, Stalking, and ‘Publicly Available Information’ Carve-Outs
Source: LawFare

“…In the debate about data privacy and harms to Americans, however, one issue has not received adequate attention by the press or in policy conversations relative to the severity and volume of harm: the link between publicly available information and stalking and gendered violence. For decades, “people search” data brokers have compiled profiles on millions of people—including their family members, contact information, and home addresses—and published them online for search and sale. It could cost as low as $0.95 per record—or $3.40/search, for a monthly fee—to buy one of these dossiers. In turn, for decades, abusive individuals have bought this data and used it to hunt down and stalk, harass, intimidate, assault, and even murder other people. The harms of stalking and gendered violence fall predominantly on women as well as members of the LGBTQIA+ community.  This matters for the privacy debate because many so-called people search websites get this data by scraping public records, from voting registries to property filings. Yet this information is completely exempted from many state privacy laws because it is considered “publicly available information.” One prominent line of argument suggests that since the information is already out there, a company that aggregates it, digitizes it, and links it to profiles of specific individuals makes no difference.[…]

NB LawFare topic:

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: New Law Library Report Examines Cybersecurity Laws of Several Countries
Source: In Custodia Legis blog

We know from our daily work that countries are influenced by the legal and policy approaches that are taken by other countries to different issues. For example, governments have considered, or are considering, developments in other jurisdictions in relation to the regulation of artificial intelligence and cryptocurrency. Sometimes, there are international agreements that are implemented into national laws. There are also “soft law” instruments, such as guidelines, recommendations, and standards, which might set out best practices that countries can choose to follow in their own policies, or even reference or implement in their legislation. Approaches can evolve based on a combination of all of these external influences, as well as in response to particular challenges or conditions within a country, historical, cultural, and economic factors, and the structure of governments and legal systems themselves.

For a recent report, we looked at whether and how the laws and policies of selected countries may have been influenced by a particular document – the “Cybersecurity Framework” developed by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce. This framework is “voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.”

In particular, we surveyed countries where the language is one of those into which the framework has been translatedBelgium, Brazil, Bulgaria, Chile, Indonesia, Japan, Mexico, Poland, Saudi Arabia, and Ukraine.

Posted in: AI, Cybercrime, Cybersecurity, Financial System, Government Resources, Libraries & Librarians, Privacy