Subject: Why Microsoft is a national security threat
Source: The Register
https://www.theregister.com/2024/04/21/microsoft_national_security_risk/[h/t Sabrina]
Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it’s fair to call Redmond’s recent security failures a national security issue. [extortion? /pmw1]
Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.
“If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies” instead of making it the default, Grotto said. “As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach.”
That illustrates, Grotto said, that “they [Microsoft] just have a ton of leverage, and they’re not afraid to use it.”
“At the end of the day, Microsoft, any company, is going to respond most directly to market incentives,” Grotto told us. “Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be.” ®
+ comments
…
Filed: Public Sector
Subject: Cerebral to Pay $7 Million Fine and Limit Health Data Use for Ads Under Federal Order
Source: The Markup
https://themarkup.org/pixel-hunt/2024/04/22/cerebral-to-pay-7-million-fine-and-limit-health-data-use-for-ads-under-federal-order
Telehealth company Cerebral will pay a $7 million fine and limit the consumer health data it uses for advertising purposes under a new FTC order
Cerebral, a startup best known for dispensing counseling services and prescriptions for conditions like anxiety and depression, has also agreed to pay $7 million to resolve charges that it disclosed customers’ personal health information to third parties for ads, and that it did not honor its promise to make cancellation easy for customers.
This is just the latest in a series of federal actions cracking down on health data privacy online. The current commissioners have pledged to shore up gaps between federal privacy laws governing providers and payers and those protecting consumer services. Two weeks ago, the FTC filed a complaint against Monument, a telehealth company that treats alcohol use disorder with therapy and medications.
While OCR directly enforces the longstanding privacy protections in health care, the FTC has gone after companies for falsely claiming their HIPAA compliance.
Source: Malwarebytes
https://www.malwarebytes.com/blog/news/2024/04/how-to-change-your-social-security-number
[mostly info though sponsored] After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN.
The good news is that even though it’s a challenging process, it is possible. But if you’ve ever had to abandon an email address that you used for years, imagine all of the hassle that came with that, and then imagine it being about 10 times worse. Governments, your employer, and everyone else that identifies who you are by your SSN will have to be notified. And since it doesn’t happen very often, most of them will not have a streamlined process in place. It will take a lot of time and effort to set every record straight.
All that said, this process is not impossible, and in some cases, it is worth the effort. When do I qualify?
Subject: It’s the End of the Web as We Know It
Source: The Atlantic
https://www.bespacific.com/its-the-end-of-the-web-as-we-know-it/
Subject: Oracle approved to handle government secret-level data
Source: FedScoop
https://fedscoop.com/oracle-approved-to-handle-government-secret-level-data/
Oracle has added its name to the short list of cloud vendors approved to handle classified, secret-level data for the federal government. The company on Monday announced that three of its classified, air-gapped cloud regions received accreditation from the Department of Defense to handle workloads at the secret level — what the department refers to as Impact Level 6 (IL-6).
The achievement comes after Oracle last August also earned a Top Secret/Sensitive Compartmented Information accreditation from the intelligence community. With both that and the latest secret-level cloud authorization, Oracle is approved to handle government information at any classification level in the cloud.
…
Filed: https://fedscoop.com/category/modernization/
RSS: https://fedscoop.com/category/modernization/feed/
Subject: Cops Are Now Using AI to Generate Police Reports
Source: Gizmodo
https://gizmodo.com/cops-are-now-using-ai-to-generate-police-reports-1851429617
Axon, the public safety contractor that popularized the Taser, has launched a new product that is less actively terrifying but still vaguely concerning: an AI-powered software program that lets cops automate their police reports.Axon calls its new product Draft One. According to a press release published on Tuesday, Draft One is a “revolutionary new software product that drafts high-quality police report narratives in seconds.” The software is powered by the powerful large language model GPT-4, and can supposedly write reports by auto-transcribing audio from the police body cameras that Axon sells. Forbes was the first to report on the new product launch.Axon is pitching its new software as a way to reduce police office work so that cops can spend more time in their communities. In its press release, the company frames the benefits of its technology like this…
However, some critics have been quick to note that this product, which was designed to solve problems for the police, could also cause a host of problems for everyone else. Forbes’ article quotes Dave Maass, surveillance technologies investigations director at the Electronic Frontier Foundation, who called the new product “kind of a nightmare.” Maass noted that most cops are not trained in using AI and therefore may not be used to recognizing its foibles. Daniel Linskey, a former Boston Police Department Superintendent-in-Chief who was also interviewed by the news outlet, similarly urged caution in the tech’s deployment.
…
Subject: You Should Make Your Apple ID Recoverable Right Now
Source: How to Geek
https://www.bespacific.com/you-should-make-your-apple-id-recoverable-right-now/
How to Geek: “Your Apple ID is an account that’s worth guarding at all costs. Here are some simple steps you can take to secure it and make sure you can quickly recover it if the worst happens. Why You Should Do This – Let’s suppose for a moment that you lose access to your Apple ID. This could be as part of a deliberate attack or due to you not having access to your password or a trusted device. Remember that two-factor authentication requires that you not only know your password but also provide a code to log in. Suddenly, you lose access to any data you depend on in iCloud. This includes your iCloud Photos, Notes, Reminders, and iCloud Drive contents. You can’t make FaceTime calls or partake in iMessage conversations if you’re unable to log in. If you use an iCloud email account then your email is also out of action. Apple has a process called Account Recovery that is designed for use by anyone who has set up two-factor authentication.
Copyright © 2024 beSpacific, All rights reserved.