Retool, a software development firm offering modular code for customizable enterprise software, recently notified 27 customers that a threat actor had accessed their accounts. The attacker was able to navigate through multiple layers of security controls after taking advantage of an employee through an SMS-based phishing attack. The attacker then used this access to target
Data Privacy + Security Insider Blogs
Blog Authors
Latest from Data Privacy + Security Insider
Privacy Tip #373 – If you Use Windows Copilot —Configuration Update Issued by Microsoft This Week
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot.
According to Microsoft, it has identified that when using Copilot in preview:
- Narrator does not work as you expect with challenge–response tests, such as Captcha.
- Narrator fails
…
AI and Cybersecurity
There is a lot of chatter out there around the uses of artificial intelligence (AI) for cybersecurity. For example, Applied Sciences published a paper on how AI can be used for mobile malware detection, and Gartner has published on AI Security Management.
According to an article published in Forbes, entitled “A Primer on Artificial Intelligence…
High Alert: China Linked BlackTech Hides in Router Firmware
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan. According to a Joint Advisory published on September 27, 2023, by the National Security Agency,…
Governance of AI: Keeping You Informed
We have been keeping a keen eye on the explosion of the use of artificial intelligence (AI) tools and generative AI. We are assisting clients with Governance Programs to formulate a process to evaluate the use of AI in their organizations, encourage safe and reliable use of AI tools by employees, evaluate appropriate uses of…
Google Workspace’s Privacy Policy Is Changing. Are You Ready?
Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications…
Joint Advisory Warns of Snatch Ransomware
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.
Snatch has been hitting the Defense Industrial Base (DIB),…
Privacy Tip #372 – Personal Preparedness for Massive Cyber-Attack
It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive cyber-attack. I started thinking about this when I was…
FAA Extends the Compliance Deadline for Remote ID Rule to March
This week the Federal Aviation Administration (FAA) announced that drone pilots who are unable to comply with the Remote ID Rule broadcast requirement will have until March 16, 2024, to equip their drone appropriately. If a drone pilot fails to comply with this requirement after this extended deadline, the pilot could be subject to fines…
Delaware Consumer Privacy Law Effective in 2025
This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is…