CES: FTC Commissioner Rebecca Slaughter on AI Regulation

In a CES conversation with Consumer Technology Association Senior Director of Regulatory Affairs Rachel Nemeth, FTC Commissioner Rebecca Slaughter discussed the Commission’s work on AI-enabled impersonation fraud, privacy, and right of repair. Taking the stage just after FDA Commissioner Robert Califf, Slaughter said she wanted to co-sign his plea for “full visibility of the work we do.” “We have responsibility to all Americans to make sure they are represented in the substance of the work we do,” she said. “The same is true for industries that want to reach all Americans.” Continue reading CES: FTC Commissioner Rebecca Slaughter on AI Regulation

Apple Says U.S. Data Breaches Up by More Than 20 Percent

Apple is emphasizing the importance of data encryption with a report that shows personal data breaches up 300 percent between 2013 and 2022. In the past two years, more than 2.6 billion personal records have been exposed, according to the newly released study “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase.” The report, created by Dr. Stuart Madnick, the founding director of Cybersecurity at MIT Sloan, cites increasing dependence on cloud computing as the main factor for the surge. U.S. data intrusions through Q3 of this year are 20 percent higher than all 12 months of 2022. Continue reading Apple Says U.S. Data Breaches Up by More Than 20 Percent

Google Seeks Out Scammers Using Bard to Spread Malware

Google has filed suit in federal district court in California to stop alleged fraudsters from leveraging public interest in artificial intelligence generally and Bard in particular to spread malware. The perpetrators, who are believed to be based in Vietnam, are said to be using Facebook to promote an “unpublished” version of Bard that when downloaded installs password-stealing malware into the host system. The suit claims the scammers are using Google’s trademark-protected intellectual property — including its name and that of Bard, its brand look and colors, and photographs of CEO Sundar Pichai to promote an illegal scheme. Continue reading Google Seeks Out Scammers Using Bard to Spread Malware

Google Is Using AI to Bring Zero Trust Security to Workspace

Google has unveiled a spate of security enhancements to products in its Google Workspace collection including Gmail and Drive. Artificial intelligence is helping to steer some of the changes, automating specific tasks. The upgrades take a new approach, combining the idea of zero trust with the concept of data loss prevention (DLP). Under zero trust, all users, devices and components are considered untrustworthy at all times — even those within an organization’s network. These Workspace tools are in development or at various stages of testing, but Google says they will begin going live in general release later this year and into Q1 2024. Continue reading Google Is Using AI to Bring Zero Trust Security to Workspace

Biden Advocates Tougher Cybersecurity for Private Enterprise

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan. Continue reading Biden Advocates Tougher Cybersecurity for Private Enterprise

Ireland DPC Fines Meta $275 Million for Data Privacy Breach

Meta Platforms has been fined $275 million for violating European Union privacy rules, the result of a 2021 data leak that led to the online publication of personal information belonging to 500 million Facebook users. The penalty is the latest imposed on Meta by Ireland’s Data Protection Commission, which in September imposed a $400 million penalty on Instagram for mishandling children’s data. In October 2021, the same regulator fined Meta $235 million for violations by its WhatsApp messaging service. In total, Irish authorities have imposed penalties of more than $900 million on Meta in the past two years. Continue reading Ireland DPC Fines Meta $275 Million for Data Privacy Breach

Cybersecurity Labeling System Coming to IoT Devices in 2023

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

Charges Made by Twitter Whistleblower Could Benefit Musk

A former Twitter security chief may be Elon Musk’s white knight in the billionaire’s effort to get out of his contract to purchase Twitter for $54.20 per share ($44 billion). Peiter Zatko filed a whistleblower disclosure to Congress and federal agencies claiming Twitter not only deceived shareholders and the public by misrepresenting its bot count and security measures, but also alleging “that one or more current employees may be working for a foreign intelligence service,” according to CNN. If true, the allegations would violate a 2011 agreement between Twitter and the Federal Trade Commission. Continue reading Charges Made by Twitter Whistleblower Could Benefit Musk

Password Era Coming to End as Providers Support Passkeys

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

Antitrust legislation pending in the U.S. and European Union is at odds with consumer privacy initiatives in those territories, Apple CEO Tim Cook told attendees of the IAPP Global Privacy Summit 2022 in Washington, D.C. on Tuesday. Speaking out against proposed “gatekeeper” rules, Cook warned that “when companies decide to leave the App Store because they want to exploit user data, it could put significant pressure on people to engage with alternate app stores — app stores where their privacy and security may not be protected.” Continue reading Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

Crypto Bridges Creating Vulnerabilities Popular with Hackers

Cryptocurrency bridges, which enable transactions across a wide range of token types, are an increasingly important factor in the world of blockchain. A hack involving approximately $540 million in Ethereum and USDC stablecoin from the Ronin bridge in March was another drop in the $1 billion-plus bucket stolen from bridges. Successful attacks have become more common in recent years and the Ronin heist, among the largest, underscores a bigger problem. Different cryptocurrencies are typically siloed, so a Dogecoin transaction can’t be implemented on the Bitcoin blockchain, but it can by using a bridge. Continue reading Crypto Bridges Creating Vulnerabilities Popular with Hackers

Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

The Microsoft Digital Crimes Unit has seized 42 websites from China-based hacking group Nickel, in attempt to thwart the group’s intelligence-gathering operations. A Virginia federal court granted Microsoft’s request to take over the U.S.-based websites run by Nickel, also known as APT15. Microsoft had since 2016 been tracking the group’s activities, determining them “highly sophisticated,” with attacks designed to install malware that facilitated surveillance and data theft attacks. Nickel was used to attack organizations in the United States and 28 other countries around the world, DCU says. Continue reading Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

U.S. to Limit Exporting Surveillance Tech to Certain Countries

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries