Security News Update for the Week Ending February 24, 2023

European Governments Want to be Able to Snoop on ALL of Our Communications

As is usually the case, their excuse it that “it is to protect the children”. They want to break encryption while sprinkling magic fairy dust to not break encryption (an impossibility) in an effort to force kiddie porn traders (now called child sexual abuse material) to go further underground to evade detection. One of the ideas is to allow governments (in the form of the carriers) to install software on your devices to rummage through them in search of … something … (CSAM is the current claim, but once you opened that door, it could be used to look for anything). While some dummies will get caught, the big fish are way smarter than that. In the meantime, governments all around the world (and probably others) will be able to read whatever is on our devices at will. One additional benefit is that European companies, who would be required to abide by these rules, would be put at a business disadvantage over companies in other countries, making sure that Europe is an also-ran in the digital world. Other companies will choose to block Europeans from using their software so as to not have to comply. What could possibly go wrong? Read an interview on the subject at Cybernews. Credit: Cybernews

CIA Says Russia Working to Close Down US Intel – Unsuccessfully

The head of the Central Intelligence Agency told the Munich Security Conference on Saturday that Russia was putting a lot of work into disrupting the agency’s intelligence collection efforts — but without significant success. Likely this is because the US is providing Ukraine with useful intelligence. If the CIA gives Ukraine’s military information like the coordinates of Russian troops and ammo dumps, well, you can figure the rest out. That is likely not making Russia happy, but they have not been successful at stopping it. Credit: The Record

NLRB Rules That Non-Disparagement and Gag Clauses in Exit Packages are Illegal

The National Labor Relations Board ruled this week that employers cannot require laid-off employees to sign non-disparagement agreements or prevent them from disclosing the terms of their exit packages. Companies have threatened former employees if they do either of these things. The NLRB ruled that the Board’s 2020 decisions that such clauses are okay was made in error. This reversal reinstates what had been a long standing precedent prior to the 2020 ruling. I assume that companies that have used these clauses will attempt to appeal this decision or get around it in some other way. Credit: Motherboard by Vice

Facebook to Penalize Non-Paying Users with Worse Support, Higher Risk

This just could be the best thing to happen to social media. Twitter’s $8-$11 a month and now Facebook’s proposed charge up to $15 a month to get a blue badge (what’s with this blue thing?), extra impersonation protection and access to customer support may change people’s view of social media. Maybe people will realize that they don’t need social media quite so much. Social media companies are looking for additional revenue and this will generate some. And some resentment. And it might just wean some folks off of the platforms when they realize they are just second class citizens. Credit: Cybernews

CommonSpirit Health Says Ransomware Attack Cost $150 Million SO FAR

Commonspirit Health, the merger between Catholic Health and Dignity Health, says that last year’s ransomware attack has cost them $150 million so far. This includes lost revenue from service interruption. mitigation costs and other business expenses. This does not include any insurance recovery, but it also does not include settling any of the lawsuits from the 629,000 people affected. Credit: Health IT Security

by