Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Cybersecurity Today is brought to you by
0:02
the generous support of our sponsor, Boseron
0:04
Security. You can get their
0:07
2024 State of Cybersecurity Awareness Report
0:09
at boseronsecurity.com, and there's a link
0:11
you can follow in the show
0:13
notes. Microsoft
0:17
faces heat in Congress, and
0:20
alleged cyber crook is arrested, and more.
0:23
Welcome to Cybersecurity Today. It's Monday,
0:25
June 17, 2024. I'm Howard Solomon,
0:30
contributing reporter on
0:32
cybersecurity for technewsday.com.
0:38
Law enforcement agencies in the
0:40
U.S., Germany, the Netherlands, and
0:42
Iceland shot servers last
0:45
week used by the Islamic State
0:47
for terrorist communications and propaganda. In
0:50
addition, police in Spain arrested
0:53
what they say are nine
0:55
radicalized persons. Separately,
0:58
there are news reports that police
1:00
in Spain arrested an alleged member
1:02
of the Scattered Spider Cybercrime Group.
1:05
Security reporter Brian Krebs says
1:08
the suspect is a 22-year-old
1:10
man from the UK. This
1:12
follows the arrest in January
1:15
of another alleged Scattered Spider
1:17
gang member in Florida. A
1:19
favored tactic of this gang is tricking
1:22
targets into giving up information that allows
1:24
the crooks to take over their smartphones
1:26
in what's known as a SIM swapping
1:29
attack. With smartphone control,
1:31
the crooks can access corporate
1:33
IT networks. Attention
1:36
owners or administrators of ASUS
1:39
routers. According to Security
1:41
Affairs, ASUS has issued
1:43
patches for several of its Zen
1:45
Wi-Fi and RT routers. The
1:48
patches close on authentication vulnerability.
1:53
Blackbaud, a U.S. company that
1:55
sells data management software for
1:58
nonprofits, will have to pay California. $6.7
2:02
million for making misleading public statements about
2:04
a 2020 data breach. This
2:07
is part of a settlement with a state that still
2:10
has to be approved by a court. The
2:12
agreement comes after the U.S. Federal
2:15
Trade Commission finalized an order against
2:17
Blackbaud forbidding the company
2:19
from misrepresenting its data security
2:21
and data retention policies, as
2:24
well as forcing the company
2:26
to develop comprehensive information security
2:29
programs. Vermont's
2:31
legislature plans to meet today
2:33
to override Governor Phil Scott's
2:36
veto of a proposed state
2:38
privacy law. According to
2:40
Security Week, the governor said the proposed
2:42
law would make the state hostile to
2:44
businesses. The bill,
2:47
passed by a wide margin
2:49
by the legislature, would prohibit
2:51
firms from selling social security
2:53
driver's license numbers, financial information,
2:55
and health data. The
2:59
UK Information Commissioner's office says
3:01
it is pleased NEDA has
3:04
paused its plan to use
3:06
publicly available Facebook and Instagram
3:08
posts in Europe to train
3:10
its generative AI system. An
3:13
ICO official said that to get the most
3:15
out of generative AI, it's
3:18
crucial that the public trust that their
3:20
privacy rights will be respected. However,
3:23
TechCrunch notes that NEDA continues in
3:25
the U.S. and other countries to
3:28
use Facebook and Instagram posts to
3:30
train its AI. Last
3:33
week, the Canadian Press published an article
3:35
on how you can ask NEDA not
3:37
to use your data for AI training.
3:40
One problem, applicants have
3:43
to prove that their data is being
3:45
used by the company for AI training.
3:49
Tomorrow's launch of the Windows
3:51
Co-Pilot Plus PCs won't include
3:53
the full use of the
3:56
controversial Recall tool. Recall,
3:59
which takes snapshots of users'
4:01
screens every few seconds to help them
4:03
search and recall where they've been online
4:05
has been branded a security and privacy
4:08
risk by many experts. Last
4:11
week, Microsoft bowed to pressure and
4:13
said it would tighten protection of
4:15
recall data stored on users' computers.
4:18
It was still supposed to
4:20
be broadly available for use
4:22
on copilot PCs in preview
4:24
mode starting Tuesday. However,
4:27
at the end of last week,
4:29
Microsoft said recall will now be
4:31
limited to those in the Windows
4:33
Insider program. At
4:35
some point, the preview will get
4:37
general availability. Copilot
4:40
Plus PCs have a special
4:42
Snapdragon X processor for running
4:44
AI-related photo and video editing
4:47
jobs. Speaking
4:50
of Microsoft, President Brad Smith got
4:52
a skeptical response from some members
4:55
of a House of Representatives committee
4:57
when he testified last Thursday. "'Every
5:00
time there's anything remotely close to
5:02
or requests for data from the government
5:05
of China, I always ensure we say
5:07
no,' Smith testified." According
5:10
to Cyberscoop, Florida Representative
5:12
Carlos Jimenez wondered how it is
5:14
that Microsoft doesn't have to comply
5:16
with a Chinese law. "'For
5:19
some reason, I just don't trust a word
5:21
you're saying to me,' Jimenez told
5:23
Brad Smith. "'You have a
5:26
cozy relationship in China. I can't believe that
5:28
they're going to say, well, okay, no problem
5:30
for you at Microsoft. You don't have to
5:32
comply with our law, but
5:34
everybody else does.'" In
5:37
his opening statement, Smith admitted Microsoft
5:39
can do better on cybersecurity,
5:41
saying the company is putting more
5:44
resources into making its products more secure.
5:47
That includes accepting and working
5:49
on all recent recommendations by
5:51
the U.S. Cybersecurity Safety Review
5:54
Board on tightening companies' security.
5:57
Those recommendations came in a report on the
5:59
hack by China last year
6:01
of Microsoft Exchange Online.
6:04
However, Representative Bernie Thompson
6:07
of Mississippi said he's
6:09
still unsatisfied with Microsoft's explanation
6:11
of how a stolen digital
6:13
key for the consumer version
6:16
of Exchange Online worked
6:18
also on enterprise accounts. To
6:22
this day, we still don't know how the
6:24
threat actor accessed the signing key, said.
6:28
Microsoft Smith also complained about
6:30
cyber attacks in general from
6:32
China, North Korea and Russia
6:35
and warned they might work more
6:37
closely together in cyberspace. Nation
6:40
state attackers too often attack
6:42
without meaningful consequences, he said.
6:45
Which brings me to the negotiations at
6:48
the United Nations on a cybercrime treaty.
6:51
The final session is scheduled to start July
6:53
29th in New York. According
6:56
to the Electronic Frontier Foundation,
6:58
the nearly final version leaves
7:01
the possibility open of criminalizing
7:03
the work of security researchers, whistleblowers
7:06
and reporters who look for holes
7:08
in applications. The foundation
7:10
says the treaty should make it
7:13
clear that investigative activity must have
7:15
criminal intent to harm, steal data
7:17
or defraud people. Another
7:19
worry is that a clause that
7:22
countries have agreed on could allow
7:24
governments to compel any individual with
7:26
knowledge of computer systems to provide
7:28
any necessary information for conducting searches
7:31
and seizures of computer systems. Listeners
7:34
can contact their national governments to
7:37
ask about their country's position on
7:39
the negotiations. That's
7:42
it for now. Links to
7:44
details about news mentioned in this podcast
7:46
episode are in the text version at
7:49
technewsday.com. Follow
7:52
cybersecurity today on Apple Podcasts, Spotify
7:54
or add us to your flash
7:57
briefing on your smart speaker. Thanks
8:00
for listening. I'm Howard
8:02
Solomon.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More