newsweekshowcase.com

The Privacy Order of Biden gave some help to the EU-US data crisis

Wired: https://www.wired.com/story/north-korea-hacking-us-hospitals/

Two Years of Data Transfer Between the EU and the US: A Case Study of Sinbad.io, a Privacy Service for North Koreans

Customer information has been moving between the two regions for years. “Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship,” the White House said today. But two years ago, the EU Court of Justice in Luxembourg ruled that Europeans’ data sent to the US risked being snooped on by intelligence agencies, such as the US National Security Agency. The agreement that allowed companies to easily transfer data between Europe and the United States was ripped up. Businesses instead had to make do with a costly and complex temporary replacement.

Before then, around 5,000 businesses had been sending data back and forth across the Atlantic under a system called Privacy Shield. “The pre-Schrems system worked,” says Morgan Reed, president of the App Association, which represents small- and medium-size companies, mostly app developers. But the EU court ruling made the Privacy Shield system suddenly invalid, plunging thousands of companies into legal limbo.

The court decision made them more complicated because they did not stop transfers. “What the Schrems decision did was raise costs and concern for a lot of small companies that don’t have giant compliance departments’ and fleets’ worth of lawyers to do what are called standard contractual clauses,” says Reed. Standard contractual clauses are time-consuming data transfer agreements that force companies to take steps to assess whether they are safely moving data around the world.

Companies that have spent the past two years wrestling with these clauses are pleased by the order; they want to get back to business as usual. The executive order is the next step in the US and EU reaching a new privacy agreement. The president of the CCIA, a lobbying group that represents tech companies, said they were glad Biden was keeping data flowing between the US and EU.

With a major United States intelligence authority set to expire at the end of the year, and a congressional showdown brewing over whether or not to renew it, new details of an internal audit show that US Federal Bureau of Investigation (FBI) personnel have repeatedly conducted unlawful searches of data collected under the imperiled surveillance authority. Agents requested information on journalists, a US congressman, and a political party as a result of what the US Department of Justice called “misunderstandings.”

The creator of Sinbad.io, a privacy service popular among North Koreans, is the subject of a story this week by WIRED. And officials from the United Kingdom and United States announced sanctions against seven alleged members of the Conti and Trickbot ransomware groups, publishing their real-world names, dates of birth, email addresses, and photos. The two governments made it clear that they see evidence of links between Russia-based cybercrime groups and the Kremlin’s intelligence services.

US President Joe Biden asserted in his State of the Union address this week that ​​the US needs a bipartisan effort to “impose stricter limits on the personal data that companies collect on all of us.” Reactions in Washington after the speech were hopeful, but also realistic that getting a national privacy law on the books in the US anytime soon may prove too much of a political minefield to traverse. In regards to the Fair Credit Report Act, legal experts say that it should already reduce the information about Americans that data brokers can collect. The agency was told to start enforcement in a new letter from the Consumer Financial Protection Bureau.

We looked at how Moscow’s smart city initiative, which was launched with the promise of reducing crime rates, is becoming used for far more intrusive police patrols in the city because of Putin’s war in Ukraine. The company doesn’t seem to have any plans to comply with the requests for deletion that were made after the EU referendum.

The North Core Attack on Us Hospitals: Insights from Mandiant’s Senior Analyst, Oreev Mather, Petersson, and Violent Technologies

There is more. We didn’t cover many stories ourselves each week. The full stories are available to read. And stay safe out there.

Several hospitals have had to deal with major disruptions due to the attacks that are linked to the Andariel group, according to a senior analyst at Mandiant. In some of their operations, the advisory from the governments says, the attackers would try to “obfuscate” their involvement, use VPNs or virtual private servers to mask their location, and use common vulnerabilities to gain access to networks. The attackers used their own privately developed malware along with ransomware strains belonging to other groups, such as LockBit.

Source: https://www.wired.com/story/north-korea-hacking-us-hospitals/

Deep Fakes: How Smartphones are Hoovering up People’s Personal Data in the USA and Other Countries – A Study by Graphika

Pro-Chinese bot accounts on Twitter and Facebook have spread news videos in which presenters decry the lack of action against gun violence in the US and promote China’s world politics. There is a new twist to the propaganda that isn’t new. The news stars in the videos are not real. They’re AI-generated characters, commonly known as deepfakes. The videos were discovered last year by disinformation research firm Graphika, which says it is the “first time we’ve seen this in the wild.” The company says it believes the videos were created using a commercial AI video software service, and were low-quality overall. None of the videos had more than 300 views.

Researchers from universities in the UK and Ireland have discovered that leading Android phones in China are hoovering up people’s personal data. The pre-installed operating systems on Xiaomi, OnePlus, and Oppo Realme devices are collecting people’s locations, call history, and profile information before sending it on to third parties, according to a study from academics at the University of Edinburgh and Trinity College Dublin. The researchers conducted the research on phones bought in China and measured the network traffic the devices generate. In many instances, they write, people aren’t notified about the data that’s collected or given any choices to opt out. The study reiterates how different privacy rules are in China compared to many other parts of the world and the myriad ways people can be tracked. “The data shared by the global version of the firmware is mostly limited to device-specific information,” the researchers conclude.

Source: https://www.wired.com/story/north-korea-hacking-us-hospitals/

Reddit is Protecting its Users from a Phishing Attack: A Critical Review and New Learnings Learned after the Decay

Reddit said on Thursday that hackers had accessed its source code after a successful phishing attack compromised an employee’s system credentials. The incident also exposed the contract information of hundreds of current and former Reddit employees and contacts. The incident did not affect user passwords or production systems, but users can reset their passwords and have two-factor admin turned on for their accounts. The company also said that the lessons it learned after suffering a data breach five years ago were protective and helpful in dealing with the recent incident.

admin

, , ,