720-891-1663

Security News Update for March 31st, 2023

Twitter to Open-Source Recommendation Algorithm

Not related to the announcement that some of their code was stolen last year and posted on GitHub, Twitter says they plan to publish their recommendation algorithm, which they say, no one left at the company understands. They say this will likely be embarrassing, but good for users. They also say that they are working on a new, simpler algorithm. If all goes as planned, this may improve trust in Twitter. Stay tuned. Credit: Data Breach Today

New Asst. Secy. of Defense for Cyber Won’t Be Proposed Till Year End

Last year Congress mandated a new assistant secretary of defense for cyber policy. The position has to be approved by Congress. Since this is a brand new position, the DoD has hired RAND Corporation to define what the post should do, how it should be organized, etc. That report won’t be done until September. Then the DoD has to figure out who should be nominated. Then the Senate needs to approve. Or not. Don’t wait up for this one. Credit: The Record

Tis the Time for IRS Email Scams

Malwarebytes is warning of a scam that is going around. An email, pretending to be from the IRS, says it contains a W-9 form (which you probably didn’t ask for or need) inside a zip file. If you open the zip file, it contains a 500+ megabyte WORD document (which is absolutely huge). The Word document requires you to enable macros (don’t) and if you do, it installs the Emotet banking trojan software. The email contains a number of typos, which also is a giveaway for something claiming to come from the IRS. Credit: Malwarebytes

Italy Bans ChatGPT – at Least Temporarily

Citing the potential violation of European privacy laws, Italy put the brakes on the use of ChatGPT in the country, saying that they didn’t have enough information to determine whether the company was violating the General Data Protection Regulation, the Digital Services Act and the Digital Markets Act. OpenAI has 20 days to respond and faces the potential of a 20 million Euro or 4 percent of their global revenue fine, whichever is larger. It seems likely to me that using people’s data without their knowledge or permission violates any number of EU laws and is also essential to making large language model AI work. Given the way these companies have been slurping up data, it seems impossible to get people’s permission. It is surprising that the regulators actually woke up this quickly. Credit: MSN

DEA Paid US Companies’ Employees to Steal Data and Open Parcels

Expect lawsuits over this one. Apparently, for years, the DEA paid workers inside U.S. private companies (including publicly traded ones) to steal data from them because it was easier than getting a warrant. They also paid employees in the parcel industry to open and reroute packages; got airline employees to provide them itineraries and other information and employees of bus companies to provide daily lists of passengers who paid cash. Now some lawmakers are pushing the DoJ to ban the practice across the entire DoJ, meaning, I guess, that this problem is wider than the DEA. Any wonder why half the country doesn’t trust the government? While it is hard to sue the government, it is pretty easy to sue the companies whose employees stole the data and sold it to the feds. Credit: Motherboard by Vice

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *