Pete Recommends – Weekly highlights on cyber security issues, May 18, 2024

Subject: Author Locked Out of Google Drive, Loses 200,000 Words
Source: Android Headlines

Google Workspace is a service used and enjoyed by millions around the world. There are entire businesses built on Google Workspace. India Today reports that American Romance author, K. Renee has lost access to her Google Drive account which denied her access to her work on Google Docs. Renee lost access to over 200,000 words because Google found her content inappropriate. The romance author known for randy romance novels lost access to her content on March 24, 2024, after Google flagged it as ‘inappropriate’.

Getting locked out of Google Drive is every author’s worst fear.

Wired reports that Google never told Renee which of the over 200,000 words broke the platform’s rules. The Google Drive terms of service state that files containing violence, gore, and child sexual abuse material, are prohibited. Google says that users can always request an appeal if they believe their content was flagged in error. Renee’s case highlights the importance of not relying on a single cloud storage provider..


Subject: CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources
Source: CISA

CISA, in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufactures to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable and high-risk communities.Civil society, comprised of organizations and individuals—such as nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy—are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests.

CISA and partners encourage civil society organizations and software manufacturers to review and implement the mitigations and practices in the joint guide to mitigate the threat posed by malicious cyber actors to civil society organizations. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more on protecting civil society, visit CISA’s Cybersecurity Resources for High-Risk Communities webpage.

This product is provided subject to this Notification and this Privacy & Use policy.

Subject: BIOSECURE Act would prohibit federal contracting with biotechnology firms of foreign adversaries
Source: Homeland Preparedness News

With China in mind, U.S. Reps. Brad Wenstrup (R-OH) and Raja Krishnamoorthi (D-IL) recently introduced the BIOSECURE Act (H.R.8333) – a bill to make it illegal for the federal government to contract with the biotechnology companies of foreign adversaries.Pitched as a way to safeguard American patients and tax dollars alike, the legislation builds on efforts undertaken by the 118th Congress against Chinese actions already. Of particular concern to the representatives are the Chinese national security laws, which require all Chinese firms to share any requested data with the Chinese Communist Party (CCP) – something that included biotechnology companies. Given these companies can collect, test and store genomic data from the populations of other countries, that conceivably leaves that data vulnerable to Chinese intrusion.

Together with Krishnamoorthi and their cosponsors, Wenstrup also called out several Chinese companies in particular: the Beijing Genomic Institute and WuXi AppTec among them. BGI operates more than 100 genetic collection labs in more than 20 countries, which the lawmakers accused of being used to serve Chinese ambitions to dominate biotech and advance that nation’s military. In WuXi’s case, they estimated the company makes more than 60 percent of its revenue from the U.S. market, despite sponsored events with China’s military and accusations both of involvement in genocide against Uyghurs and the theft of U.S. intellectual property.



Subject: Google Accidentally Deleted $125 Billion Pension Fund’s Account
Source: Gizmodo

Google made a big mistake recently. The company accidentally erased the private Google Cloud account of a $125 billion Australian pension fund, UniSuper.The result: more than half a million UniSuper fund members had no access to their accounts for about a week, The Guardian reported last week. UniSuper had a backup account with another cloud provider, and service was restored May 2.

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally,” Google Cloud CEO Thomas Kurian and UniSuper CEO Peter Chun said in a joint statement obtained by The Guardian May 8. “This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

Subject: What I wish I’d known before my smartphone was snatched
Source: – unpaywalled:

“Phone theft is rising at a rapid pace. And far more lucrative than the value of the handset, organised criminal gangs know that our smartphones have become the gateway to a vast amount of our personal financial information. They will go to incredible lengths to steal phones unlocked, deploying tactics including “shoulder surfing” and even covertly filming targets to obtain passcodes before phones are stolen, knowing this can unlock passwords for apps and other services. Disabling a phone’s location signal and locking us out buys them more time to plunder our digital wallets, financial apps and steal digital assets such as crypto, plus our personal details and photos. Chillingly, these could be used to defraud us in future — or target our friends and family members. I lost a phone, and several days of my life dealing with the financial fallout, and I was lucky not to lose more. However, I have gained valuable knowledge about what’s fuelling this crime wave and how we can all better protect ourselves…”

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: Mortgage Brokers Sent People’s Estimated Credit, Address, and Veteran Status to Facebook
Source: The Markup & USA Today

More than 200 national and regional lenders share sensitive user data with Facebook. Experts say it might be illegalWhen someone applies for a mortgage, they trust a home loan lender or mortgage broker with some of the most sensitive information they have: information about their credit, their home, and the personal details of their lives.

Unbeknownst to those prospective homeowners, they may also be sharing that information with Facebook.

The Markup tested more than 700 websites that offer loans for people looking to purchase or refinance a home, from major online brokers to lesser-known regional lenders, and found that more than 200 of them share some amount of user data with Facebook. On their sites, these companies embedded the Meta Pixel, a small piece of tracking software that shares visitors’ information with Facebook. As users filled out mortgage applications or requested quotes for mortgage rates, the pixel tracked information about their credit, veteran status, occupation, the specific homes they wanted, and more. Experts told The Markup that it might be against the law for mortgage lenders to feed this kind of information to Facebook.

What Have Mortgage Brokers Shared with Facebook? The Markup found mortgage brokers sent Facebook a range of different data points about visitors, including:

Posted in: AI, Cybercrime, Cybersecurity, Financial System, Legal Research, Privacy, Social Media