Subject: US consumer watchdog probes major US banks over Zelle scam
Source: WSJ reports via Yahoo!Finance
https://finance.yahoo.com/news/u-consumer-watchdog-probes-major-134315911.html
(Reuters) -The Consumer Financial Protection Bureau is investigating major U.S. banks for their handling of customer funds on the peer-to-peer payments platform Zelle Network, the Wall Street Journal reported on Wednesday.The probe focuses on JPMorgan, Bank of America and Wells Fargo among other large banks, the report said, citing people familiar with the matter.
JPMorgan last week had disclosed in a filing that it was responding to the CFPB’s inquiries regarding Zelle and was considering whether to sue the U.S. consumer watchdog over the agency’s inquiries.
Wells Fargo also has previously disclosed in public filings that government authorities have been probing the handling of customer disputes via Zelle.
The proliferation of fraud and scams on Zelle, which is owned by seven major banks including JPMorgan and Bank of America, has drawn attention from U.S. lawmakers including Democratic Senator Elizabeth Warren and regulators concerned about consumer protection.
Banks have argued that covering the cost of scams will encourage more fraud and potentially cost billions of dollars.
Source: WIRED
https://www.wired.com/story/secret-hunting-bill-demirkapi/
If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data. Today, at the Defcon security conference in Las Vegas, Demirkapi is unveiling the results of this work, detailing a massive trove of leaked secrets and wider website vulnerabilities. Among at least 15,000 developer secrets hard-coded into software, he found hundreds of username and password details linked to Nebraska’s Supreme Court and its IT systems; the details needed to access Stanford University’s Slack channels; and more than a thousand API keys belonging to OpenAI customers.
A major smartphone manufacturer, customers of a fintech company, and a multibillion-dollar cybersecurity company are counted among the thousands of organizations that inadvertently exposed secrets. As part of his efforts to stem the tide, Demirkapi hacked together a way to automatically get the details revoked, making them useless to any hackers.
“The most acute risk of leaving secrets hard-coded is that if digital authentication credentials and secrets are exposed, they can grant adversaries unauthorized access to a company’s code bases, databases, and other sensitive digital infrastructure,” Schindel says.
Some Demirkapi directly reported to impacted companies. But he also turned to those providing credentials to their customers to see if there was a more efficient way to report the exposed secrets. In February, the researcher reported more than 1,000 exposed OpenAI API keys. The firm provided him with a public self-service API key that allows the exposed details to be automatically revoked. (OpenAI company spokesperson Niko Felix says the API “enables automatic deactivation of any keys detected as compromised” and allows customers to be kept safe.)
Source: Nextgov/FCW
https://www.nextgov.com/digital-government/2024/08/united-nations-approves-controversial-cybercrime-treaty/398745/
After a cumulative three years of work, the United Nations voted to adopt a draft version of its cybercrime convention last Friday, slated to be implemented by the General Assembly later this year in what the organization calls the first global legally-binding instrument on cybercrime. “The finalization of this Convention is a landmark step as the first multilateral anti-crime treaty in over 20 years and the first UN Convention against Cybercrime at a time when threats in cyberspace are growing rapidly,” said UNODC Executive Director Ghada Waly in a Friday press release.
The treaty outlines multiple objectives centered around halting the use of technology that can facilitate firearm and drug trafficking, terrorism, and other transnational crimes. It stresses a need for member state coordination on legislative fronts to enforce the provisions of the convention.
The treaty outlines multiple objectives centered around halting the use of technology that can facilitate firearm and drug trafficking, terrorism, and other transnational crimes. It stresses a need for member state coordination on legislative fronts to enforce the provisions of the convention.
Despite the General Assembly’s passage of the convention, privacy groups have long taken umbrage with the treaty’s text. On Thursday, the Human Rights Watch issued a statement disavowing the convention, citing inappropriate monitoring of global information flows.
“The global cybercrime treaty that the UN has now adopted will be a disaster for the human rights of people around the world,” Deborah Brown, deputy technology and rights director at HRW, said in a statement. “Member countries have created an unprecedented surveillance tool without adequate safeguards. The treaty will effectively be a legal instrument of repression against journalists, activists, and others across the world’s borders.”
In response to the criticism, the UN reiterated a stance from its May 2023 policy brief on Global Digital Compact to Nextgov/FCW, stating via email that the UN “is ‘committed to applying human rights online and to putting in place specific measures to protect people and communities […]’ and this remains the case with the approval of the draft cybercrime convention.”
Topics:
Source: EU Commission PR via Mastodon
https://newsie.social/@[email protected]/112959203222393332
EU and Singapore conclude negotiations for landmark Digital Trade Agreement. We have finalised a landmark Digital Trade Agreement with Singapore! This is the EU’s first of its kind and will shape global standards for digital trade and cross-border data flows.It builds on the 2019 EU-Singapore Free Trade Agreement, offering significant advantages for businesses and consumers.
Key benefits: https://europa.eu/!VtQrjr
- Facilitates digitally-enabled trade.
- Ensures cross-border data flow free of unjustified barriers.
- Strengthens trust in digital trade.
Source: The Register
https://www.theregister.com/2024/08/13/lockbit_ransomware_stats/
[h/t Sabrina] Plus many more newbies waiting in the wings. Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang, at least so far, this year, according to Palo Alto Networks’ Unit 42.
Of the 53 ransomware groups whose underworld websites, where the crooks name their victims and leak stolen data, that the incident response team monitored, just six accounted for more than half of the total infections observed.
————-
“The success and subsequent explosion of ransomware in the past few years have led to an ever-increasing pool of individuals and groups gambling for their chance at fame and fortune.” ®
More Context:
- Five months after takedown, LockBit is a shadow of its former self
- What is RansomHub? Looks like a Knight ransomware reboot
- Cops finally unmask ‘LockBit kingpin’ after two-month tease
- BreachForums returns just weeks after FBI-led takedown
More about:
The Register – Security: Cyber-crime RSS feed: https://www.theregister.com/security/cyber_crime/headlines.atom
Subject: Study finds 94% of business spreadsheets have critical errors
Source: Frontiers of Computer Science via PHYS.org
https://www.bespacific.com/study-finds-94-of-business-spreadsheets-have-critical-errors/
PHYS.org – A recent study published in the journal Frontiers of Computer Science “reveals that 94% of spreadsheets used in business decision-making contain errors, highlighting significant risks of financial and operational mistakes. Phys.org reports: Errors in spreadsheets can lead to poor decisions, resulting in financial losses, pricing mistakes, and operational problems in fields like health care and nuclear operations. “These mistakes can cause major issues in various sectors,” adds Prof. Pak-Lok Poon, the lead author of the study. Spreadsheets are crucial tools in many fields, such as linear programming and neuroscience. However, with more people creating their own spreadsheets without formal training, the number of faulty spreadsheets has increased. “Many end-users lack proper software development training, leading to more errors,” explains Prof. Poon. The research team reviewed studies from the past 35.5 years for journal articles and 10.5 years for conference papers, focusing on spreadsheet quality and related techniques across different fields. The study found that most research focuses on testing and fixing spreadsheets after they are created, rather than on early development stages like planning and design.
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Source: FTC
https://www.bespacific.com/ftc-remedy-amicus-brief-after-jury-finds-google-illegally-monopolized-app-store/
“The Federal Trade Commission filed an amicus brief (*) in a case brought by online video game maker Epic Games Inc. against Google LLC’s app store, which outlines how the court should consider potential remedies when determining effective relief to restore competition after Google was found liable for illegal monopolization. The FTC filed its amicus brief in the U.S. District Court for the Northern District of California in an ongoing antitrust case where a jury found Google liable for multiple antitrust violations related to its Google App Store, including finding that Google monopolized the Android App Distribution and Android In-App Payment Solutions markets for digital goods and services transactions. Google’s App Store …
Copyright © 2024 beSpacific, All rights reserved.
Introduction
Interest of the Federal Trade Commission
B. Courts Fashioning a Remedy in Private Suits Exercise Broad Equity Power Where the Public Interest is Implicated
A. Digital Platforms Enjoy Powerful Network Effects and Data Feedback Loops That Are Difficult to Dislodge
B. Effective Remedies Should Address Cumulative Harm Due to Network Effects and Data Feedback Loops Conclusion
Source: LA Times
https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number
About four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data.The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.
If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.
For more details, check out PIRG’s step-by-step guide to credit freezes.
…
Subject: The government unveils its quantum counter-weapons
Source: POLITICO
https://www.politico.com/newsletters/digital-future-daily/2024/08/13/the-government-unveils-its-quantum-counter-weapons-00173832
The federal government laid out its first line of defense against quantum cyberattacks on Tuesday — a major bulwark against one of the cybersecurity community’s biggest fears.The National Institute of Standards and Technology published the world’s first three official post-quantum cryptographic algorithms, tools designed to protect key systems against future quantum computers powerful enough to crack any code generated by a modern computer. Tuesday’s announcement, delivered with great fanfare at the White House, caps off a lengthy process that dates back to the last days of former President Barack Obama’s administration, when NIST called out to the scientific community asking experts to submit algorithms strong enough to resist quantum-powered hacking.The goal was to build something that could defend against a code-breaking algorithm developed in the 1990s by mathematician Peter Shor, which demonstrated the awesome power of a functional quantum computer to defeat even the U.S. government’s ultra-complex encryption techniques.
Tuesday’s announcement caps off a process that took nearly eight years, stretching across four rounds of submissions and 69 possible encryption standards. But the competition to shore up Washington’s defenses against quantum code-breaking was ultimately dominated by IBM — a company not always seen as a key player in the development of cutting-edge tech.
Two of the cryptographic algorithms chosen by NIST were developed by IBM researchers in partnership with other companies and academics. The third algorithm was co-developed by a researcher who later joined IBM (along with a global group of developers that included Google and Amazon). NIST plans to standardize a fourth algorithm developed by IBM before the end of this year.
Ciel Qi, an analyst at the China-focused Rhodium Group think tank, told IEEE Spectrum last week that “While China likely holds an advantage in [quantum]-based cryptography due to its early investment and development, others are catching up.”
“With AI itself, and its ability to write code, and to be able to use AI to create new attacks and then defend against those attacks… between 2016 [when the NIST program began] and now, that story is dramatically different from what we were encountering then,” Gil said.
…
Morning Tech Newsletter archives: https://www.politico.com/newsletters/morning-tech/archive
Source: POLITICO Newsletters
https://www.politico.com/newsletters/digital-future-daily/2024/08/14/how-to-stop-the-government-from-deleting-itself-00174035
Right now the End of Term Archive is preparing for its initial “crawl” of government websites next month, and will then do another around the inauguration in January, Graham said. And a digital copy of those websites will be available almost immediately to the public via the Wayback Machine.
Subject: FTC Announces Final Rule Banning Fake Reviews and Testimonials
Source: FTC
https://www.bespacific.com/ftc-announces-final-rule-banning-fake-reviews-and-testimonials/
Copyright © 2024 beSpacific, All rights reserved.
Subject: California Mobile ID Coming to Apple Wallet
Source: Phone Scoop
https://www.phonescoop.com/articles/article.php?a=23337
Source: The Register
https://www.bespacific.com/microsoft-tweaks-fine-print-to-warn-everyone-not-to-take-its-ai-seriously/
The Register – “Microsoft is notifying users that its AI services should not be taken too seriously, echoing prior service-specific disclaimers – an update to the IT giant’s Service Agreement, which takes effect on September 30, 2024, Redmond has declared that its Assistive AI isn’t suitable for matters of consequence. “AI services are not designed, intended, or to be used as substitutes for professional advice,” Microsoft’s revised legalese explains. The changes to Microsoft’s rules of engagement cover a few specific services, such as noting that Xbox customers should not expect privacy from platform partners….
—
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
See also:
https://www.microsoft.com/en-us/servicesagreement/upcoming-updates
https://www.microsoft.com/en-us/servicesagreement/upcoming
Source: Android Headlines
https://www.androidheadlines.com/2024/08/the-california-journalism-preservation-step-forward.html
Right now, companies like Google and Meta are locked in a battle against the American government. Right now, there’s a bill circulating called the CJPA (California Journalism Preservation Act), and it’s been stirring up some drama in the journalism industry. Well, the CJPA just passed the Senate Appropriations Committee, and now it’s going to a floor vote.To catch you up, the CJPA is an act that would force major tech companies to pay publishers to link to their sites. These major tech brands as large corporations that distribute links to the masses like Google, Meta, Microsoft, and others. These are companies that share ad revenue with the companies whose links they display.
As you can imagine, these companies have pushed back against this over the years. Both Meta and Google have stopped displaying links in certain countries and regions, which resulted in major damaging effects. The large corporations don’t care, of course, as they’re able to throw their weight around.
Meta stopped sharing links in Canada and Google pulled out of Spain for eight years, just to name a few instances.
President and CEO of the News/Media Alliance, Danielle Coffey, offered a statement, “News publishers must receive compensation from the Big Tech platforms for the use of their content to be able to continue their critically important work. We need quality news and information now more than ever to stay informed and help counter the tsunami of misinformation online.”
Why this is necessary – It seems odd that the government wants major companies to pay publishers to use their links. The companies already share the ad revenue with publishers, and that pays the bills. However, the fact of the matter is that the amount of ad revenue (at least in Google’s case) going to news organizations has been decreasing over the years.
…