IRS is allowing taxpayers to opt out of facial recognition
After drawing criticism from both parties in Congress and from privacy advocates, the IRS has backed away from a planned program to require account holders to verify their ID by submitting a selfie to a private company. Instead, the IRS announced Monday that it is giving taxpayers a new option to verify their identity via a live virtual interview with tax agents. The agency calls the interview option a short-term solution for the current tax filing season and clarified that account holders will still have the selfie option, which is administered by ID.Me.
(NPR)
UK Defence Secretary warns Russia of cyber-retaliation
The UK’s Secretary of State for Defence has reportedly warned Russia that they will retaliate with cyber attacks if the Kremlin targets British networks. The House of Commons statement from Ben Wallace follows President Putin’s order to Russian troops to invade separatist regions of Ukraine. Wallace is reported to have stated in the Commons, “I’m a soldier – I was always taught the best part of defence is offense.” UK’s offensive cyber unit, the National Cyber Force (NCF), is reportedly in line for £5bn in funding to aid in its “legal, ethical and proportionate” goal to disrupt hostile states, terrorists and criminals threatening the UK’s national security.
Slack confirms outage for some users
Slack confirmed widespread outages Tuesday morning, indicating that some users were reporting issues with logging in, messaging, sending files, and getting notifications. Slack issued an apology and noted that they were “digging into the problem with the highest priority.” AWS, Github and Peloton were among other sites reporting outages alongside Slack. DownDetector noted that the reports of outages for all of the platforms began around 8:45 am ET.
(ZDNet)
Meyer Corporation discloses cyberattack
The second-largest cookware distributor in the world, Meyer Corporation, has disclosed a data breach that took place this past October in a letter shared with the U.S. Attorney General offices of Maine and California. Experts involved in the investigation discovered that intruders gained access to sensitive personal information belonging to employees of Meyer and its subsidiaries. The Conti ransomware gang claimed responsibility for the attack and compromised employee data is reported to have included names, addresses, Social Security numbers, health insurance and medical information, driver’s licenses, passports and Government IDs. Meyer is offering two years of identity protection services to affected employees and their dependents.
Thanks to our episode sponsor, Tines
Police bust phishing group stealing credit cards
Ukrainian cyberpolice have arrested five people in connection with a phishing scheme which enabled them to steal payment card data from at least 70,000 people after luring them to 40 fake mobile service top up sites. In total, the police estimate a financial damage of 5 million hryvnias (roughly US$175,000). Law enforcement officers raided the suspect’s residences, seizing 2 million hryvnias (US$70,000) in cash, mobile phones, flash drives, bank cards, and computers. Under Ukrainian law, these violations are punishable by up to eight years in prison.
GitHub makes Advisory Database public
GitHub has made its Advisory Database, the world’s largest database of vulnerabilities in software dependencies, open to the public allowing anyone to identify security vulnerabilities and helping to improve software supply chain security. The full contents of the database will be published to a new, freely accessible public repository under Creative Commons license. Experts say data sharing of this kind is key to improving the security of software supply chains and addressing software-related risks. The company stated, “GitHub believes that free and open security data is critical to empowering the industry as a whole to best secure our software supply chains.”
(CSO)
US Copyright Office says AI can’t copyright its art
Last week, the US Copyright Office reviewed a 2019 ruling against Steven Thaler, who tried to copyright a picture on behalf of an algorithm he dubbed Creativity Machine. A three-person board found that Thaler’s AI-created image didn’t include an element of “human authorship,” which is a necessary standard for protection. The board stated, “The courts have been consistent in finding that non-human expression is ineligible for copyright protection.” Highlighting this point, courts have recently ruled against claims that animals or divine beings can take advantage of copyright protections. Nonetheless, as AI becomes a bigger part of artists’ repertoires, the limits of copyright laws could be tested for years to come.
Google Chrome to allow users to add notes to saved passwords
Google is testing a new Chrome feature that allows users to add notes on passwords saved in the web browser. The new feature was spotted in experimental version 101 of Google Chrome Canary. Using this feature, users could potentially add info to saved passwords including associated email addresses, security questions/answers, or MFA backup codes. It’s unclear how well-protected these notes will be but information-stealing malware like RedLine can already steal Chrome’s password databases, so if the notes are bundled with them, they could also be vulnerable putting users at higher risk of account compromise.