Listen as our AI hosts discuss Tuesday's update in this special update podcast.
https://rprescottstearns.weebly.com/news/the-it-privacy-and-security-weekly-update-with-a-side-of-post-quant-for-the-week-ending-september-17th-2024
Post-Quantum Cryptography Takes Center Stage: NIST finalizes three new encryption algorithms to counter future quantum threats, prompting Google and Microsoft to announce updates. This section emphasizes the rapid response of tech giants and the importance of proactive security measures.
Larry Ellison's AI Vision: Surveillance and Databases: Oracle's CTO highlights the company's role in AI infrastructure, emphasizing the importance of organized data. Ellison's controversial statements regarding AI-driven surveillance are explored, raising ethical questions about privacy in the age of AI.
North Korean Cyberthreat: Targeting Developers: The Lazarus Group's sophisticated malware campaign uses fake coding tests to target job-seeking developers. This section details the dangers of social engineering attacks and the importance of vigilance in cybersecurity practices.
Facebook's Data Harvesting Practices Exposed: Facebook admits to scraping data from Australian users, including public photos and posts, to train its AI models. The lack of opt-out options for Australians, in contrast to EU regulations, sparks concerns about data privacy and consent.
23andMe Data Breach Settlement: The genetic testing company agrees to a $30 million settlement following a data breach affecting millions of customers. Details of the settlement, including cybersecurity improvements and customer payouts, are outlined, raising questions about data security practices in the genetic testing industry.
The Hidden Threat in Your Smart TV: Over a million streaming devices found to be infected with malware capable of remote updates, highlighting vulnerabilities in open-source Android systems. This section explores the potential causes of the infection, including supply chain risks and the use of outdated software, urging consumers to be cautious about device security.
Quote of the Week: Reflecting on the week's themes, the update concludes with a quote from Tim Cook emphasizing the inherent risks of backdoors in technology, even for seemingly benevolent purposes.
Source 2: US: NIST finalizes trio of post-quantum encryption standards (The Register)
Introduction: Highlights the release of new post-quantum encryption standards by NIST, designed to withstand future quantum computing attacks.
New Encryption Standards: Details the three finalized algorithms, focusing on their specific purposes in protecting data transmission and ensuring online identity authentication.
Backup Algorithms and Transition Timeline: Discusses NIST's ongoing work on backup algorithms and emphasizes the need for system administrators to begin transitioning to the new standards promptly.
Industry Response: Showcases Google and Microsoft's swift actions in updating their encryption algorithms to align with NIST standards, illustrating the industry's proactive approach to quantum-resistant security.
Source 3: US: Ellison Declares Oracle 'All In' On AI Mass Surveillance (The Register)
Oracle's Role in the AI Landscape: Summarizes Larry Ellison's vision of Oracle as a leading provider of AI infrastructure, leveraging its networking architecture and partnerships with AWS and Microsoft.
AI and Mass Surveillance: Presents Ellison's controversial proposal for using AI to enable constant surveillance, highlighting his belief that it will improve police conduct and citizen behavior.
Ethical Concerns and Implications: Raises questions about the ethical implications of widespread AI surveillance and the potential erosion of privacy in pursuit of public safety.
Source 4: Global: malware via fake recruiting tests (SC Magazine)
Introduction: Describes a new malware campaign attributed to the North Korean Lazarus Group targeting developers through fake coding tests during recruitment processes.
Modus Operandi: Details the attackers' tactics, including the use of legitimate-looking Python libraries, hosting malware on trusted platforms, and creating a sense of urgency to bypass security checks.
Scope and Impact: Explores the potential impact of the malware, highlighting the risks associated with Python's deep system interaction and the need for enhanced security measures in the tech industry.
Source 5: AU: Facebook Admits To Scraping Every Australian Adult User's Public Photos and Posts To Train AI, With No Opt-out Option (ABC News Australia)
Facebook's Data Scraping Admission: Reveals Facebook's admission during an inquiry that it scrapes public data of Australian users to train AI models, without providing an opt-out option.
Comparison to EU Regulations: Contrasts the lack of opt-out for Australians with Facebook's compliance with EU regulations allowing users to refuse consent for data scraping.
Potential Consequences: Speculates on potential actions by Australian authorities, particularly in light of the involvement of children's data and the potential for privacy violations.
Source 6: Global: 23andMe To Pay $30 Million In Genetics Data Breach Settlement (Bleeping Computer)
Data Breach Settlement: Reports on the $30 million settlement reached by 23andMe to resolve a class action lawsuit stemming from a data breach affecting millions of customers.
Settlement Details: Outlines the key elements of the settlement, including customer payouts, cybersecurity enhancements, and employee training programs.
Denial of Wrongdoing: Notes that 23andMe denies any wrongdoing despite agreeing to the settlement, highlighting the company's stance on its data security practices.
Source 7: Global: Your TV may come with its own back door (Dr. Web)
Malware Infection in Streaming Devices: Describes a widespread malware infection affecting millions of Android-based streaming devices globally, raising concerns about device security.
Technical Analysis: Explores the nature of the malware and its ability to receive remote updates through a backdoor, emphasizing the potential for malicious activities.
Possible Infection Vectors: Investigates potential causes of the infection, including the use of outdated software, vulnerabilities in open-source Android systems, and supply chain risks.
Consumer Protection: Concludes by urging consumers to be aware of potential security risks associated with streaming devices, particularly those from lesser-known manufacturers.
