This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO, Nemertes, and podcaster at Heavy Strategy.
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Mimecast gets into human risk management
Mimecast, a company whose services include email and collaboration security, announced this week that it is acquiring Elevate Security, a company that ingests what it calls “inbound risk data” uses analytics to identify a client’s riskiest users, and flags high-risk people using a risk scoring algorithm. This, according to Mimecast, will provide “proactive insights and deeper visibility into human behaviors and risk.”
(Mimecast)
NIST creates cybersecurity playbook for Generative AI
The U.S. National Institute of Standards and Technology (NIST) has published a report laying out in detail the types of cyberattacks that could be aimed at AI systems as well as possible defenses against them. According to its statement, the agency believes such a report is critical because current defenses against cyberattacks on AI systems are lackluster – at a time when AI is increasingly pervading all aspects of life and business.
China and Russia Test ‘Hack-Proof’ Quantum Communication
Quoting directly from BNN Breaking, “China and Russia have reportedly conducted tests on a ‘hack-proof’ communications link. Utilizing quantum key distribution (QKD), this breakthrough signifies a major advancement in cybersecurity, potentially revolutionizing secure communication and mitigating threats of cyber espionage and data breaches.”
(BNN)
New York hospitals sue cloud provider for return of data
Two New York hospitals – also not-for-profits – are seeking a court order to force the Boston-based cloud storage company Wasabi Technologies to “return stolen data stored on one of its servers by the LockBit ransomware gang.” According to Bleeping Computer, the Carthage Area Hospital and Claxton-Hepburn Medical Center were attacked in September, with the LockBit affiliate renting cloud storage at Wasabi to store stolen data. The hospitals are requesting the court to “force Wasabi to provide and delete the data from their servers.”
Thanks to today’s episode sponsor, NetSPI
Google settles $5 billion ‘incognito mode’ lawsuit
Google has agreed to settle a class-action lawsuit filed in June 2020 that alleged the company misled users by tracking their internet usage even when their browsers were in “incognito” or “private” mode. The plaintiffs alleged that Google violated federal wiretap laws by using Google Analytics to track user activity. Google attempted to get the lawsuit dismissed by pointing to a message it displays informing users that their activity might still be visible to websites they visit, their organization, or their ISP. The class-action lawsuit originally sought roughly $5 billion in damages, however, the final settlement terms have yet to be disclosed.
A call for formal ban on ransomware payments
The security company Emsisoft published a blog post calling on a legally mandated ban on ransomware payments. It cited that in 2023, the US saw over 300 ransomware attacks against hospitals, schools, and government bodies, costing an average of $1.5 million to mitigate. These figures don’t account for the MOVEit breaches or ones on private third-parties. Some critics say that in the long term a ban may be warranted, if enacted immediately it would prove impossible to enforce and potentially cause more harm for organizations that lack resiliency and IT maturity.
FTC asks for ideas to fight voice cloning
The Federal Trade Commission opened a call for submissions on how to fight fraud with text-to-speech technology. It’s hoping the challenge will receive ideas from across disciplines to better monitor and stop abuse of this tech. It will accept submissions until January 12th with the winner receiving $25,000. Submissions must include ideas on how to prevent malicious parties from accessing voice cloning software, improve real-time voice cloning detection, and provide a way to detect cloned voices in clips. The FTC warned about the potential for this type of abuse back in March, but to date has taken any enforcement action on it.
Rite Aid banned from using AI facial recognition
The Federal Trade Commission (FTC) announced Tuesday that it has banned Rite Aid from using facial recognition technology for five years. The FTC alleged that between 2012 and 2020 Rite Aid used an often inaccurate AI-powered facial recognition database to identify customers it believed were shoplifters or “dishonest.” Rite Aid used grainy images drawn from security cameras, employee phone cameras and even news stories to populate its database. The company then forced employees to stalk and sometimes humiliate those who had been wrongly identified. The FTC said Rite Aid did not take “reasonable measures” to prevent harm to consumers.