720-891-1663

Security News Update for the Week Ending May 17, 2024

Anne Neuberger, Deputy National Security Advisor for Cyber says that after a decade of pleading with hospitals to protect your data, they are getting ready to roll out regulations. The hospitals say don’t penalize us by making us protect your data; why do we have to do this. Pretty amazing. ChangeHealth’s data was not, apparently, encrypted and they were not using two factor authentication, but we should just trust them to secure your information. Credit: The Record

Project Fortress is a mix of offensive and defensive measures to protect money center banks. According to a letter from Treasury to several banking groups, the protection will include the use of Treasury’s national security team and also law enforcement. It will also include technical tools to help protect the banks. We know that banks need all the help they can get. Credit: Quartz

Right now it is perfectly legal, depending on the circumstances. WebTPA is a Texas based firm that does health plan administration for self insured companies and non profits. They notified the feds on May 8th that the data of 2.43 million people was compromised. Between April 18 and April 23, 2023 – more than a year ago. They notified plan administrators on March 25th. In their breach notice they said they did not discover the intruders until December 28th, more than 8 months after the attack. Then they claimed it took them until March 25th to understand the scope of the problem. That means that it was 11 months after the breach that they told administrators about the breach and 13 months before they started to notified customers. Is that reasonable? I suspect that many dollars in legal fees will be spent parsing that question. I will say that telling customers 13 months after a breach that their data was compromised is, pretty much, useless. It may well be, however, completely legal. Credit: Data Breach Today

The feds arrested a woman in the US and a man in Poland who defrauded over 300 companies including a top-five TV network, an aerospace manufacturer, a carmaker and others. The scam worked this way. The woman had almost a hundred laptops running in her home. Her Ukrainian co-conspirator hired North Koreans who used stolen identities along with the US laptops to appear to be in the US, along with the stolen US identities. They were able to funnel millions back to North Korea for years before they were caught. In another scam one person living in Maryland got jobs under his own name and then hired North Koreans to do the work. Credit: Helpnet Security and The Register

Google demoed the capability to do on-device scanning at Google I/O. The demo was designed to detect financial scams in voice calls. That, of course, is only one small step from scanning your text messages or browsing for LGBTQ content or abortion services. For that matter, for any content that any government finds objectionable. Certainly CSAM will be high on the list and I am sure that there will be no false positives. Since Android runs on three-quarters of the world’s phones, we are not that far from the day where big brother could be watching you, possibly with no way to opt out if the government has its way. Credit: Tech Crunch

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *