European laws require companies to obtain some sort of consent from the people whose data they gather. Clearview doesn’t ask for anyone’s consent. It scrapes publicly available websites of any photos and personal data it can and sells access to this database and its facial recognition AI to pretty much anyone who wants it.
UK Government Orders Clearview To Pay $9.4 Million Fine, Delete All UK Residents’ Data
Clearview may as well exit Europe entirely. Things are not going to get better for it. Online privacy laws are far more restrictive on the other side of the pond and Clearview’s business model will always be in violation of those laws. . . This threat arrived 18 months after Clearview started doing business in the UK, offering its services to law enforcement, private equity firms, the Ministry of Defence, and (oddly) a charity headed by author J.K. Rowling.
The threat is now a reality, although the ask appears to have decreased a bit. . .
Clearview may never decide to stop being the worst participant in the crowed facial recognition marketplace, but sooner or later, it’s going to have trouble turning a profit. What’s happened elsewhere in the world is going to continue happening. The GDPR simply does not allow the sort of data gathering Clearview engages in.
And, while US laws are far more permissive, it’s still going to find itself the target of irate citizens, pissed off legislators, state prosecutors, and US congressional reps. It may be able to find willing customers in the United States — many of which are federal entities — but sooner or later, this gravy train ride is going to end because there are plenty of other, more ethical competitors to choose from."
Intro: "Carry On for Queen-and-Country" as the World turns around marked days of festivities for the final days of the long 70-year reign of Elizabeth II, monarch of the House of Windsor
Boris Johnson was met with a mixed reaction as he arrived for the Queen’s Jubilee service
British Prime Minister Boris Johnson was met with a mixed reaction from the crowd gathered for the second day of the Queen’s Platinum Jubilee celebration as he arrived with his wife Carrie at St. Paul's Cathedral in London on Friday
Both cheers and boos could be heard when the formally dressed couple was walking up the stairs of the cathedral for the National Service of Thanksgiving. Meanwhile, Johnson’s political opponent, Labour leader Keir Starmer, was met with complete silence.
Neither Johnson nor Carrie appeared to be bothered by the boos and whistling as they were smiling and chatting to each other on the way to the cathedral entrance.
During the service, they also seemed to be in good spirits. The prime minister read a short excerpt from the Bible in front of the congregation, which was full of royals, dignitaries, and current and former politicians.
The four days of festivities come as Johnson battles mounting calls to resign both from the opposition and fellow Conservatives over the ‘Partygate’ scandal. An investigation into 16 gatherings that took place at government buildings during Britain’s nationwide lockdowns of 2020 and early 2021 concluded that many of them “should not have been allowed to happen.” The author of the report, senior civil servant Sue Gray, also stressed that Johnson has to personally “bear responsibility for this culture.”
Despite growing pressure for a confidence vote from within his own party, the prime minister said that he was not going to “abandon” the nation as it faces economic hardships and the conflict in Ukraine.
Starmer, who over the last few months has repeatedly criticized Johnson for breaking the Covid rules, is now facing similar issues. The police are conducting an inquiry into a curry party that took place in the city of Durham last April. The so-called ‘Beergate’ investigation was opened after footage emerged showing the Labour leader sipping beer at the allegedly illegal gathering.
Starmer denies any wrongdoing but earlier made clear that if he were given a fine, he, unlike the prime minister, would resign."
The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC).
Active since 2007, Evil Corp (aka INDRIK SPIDER or the Dridex gang) is known for pushing the Dridex malware and later switching to the ransomware "business."
The gang started with Locky ransomware and then deployed their own ransomware strain known as BitPaymer until 2019.
An activity cluster tracked by Mandiant as UNC2165 (previously deploying Hades ransomware and linked to Evil Corp) is now deploying ransomware as a LockBit affiliate.
"Using this RaaS would allow UNC2165 to blend in with other affiliates, requiring visibility into earlier stages of the attack lifecycle to properly attribute the activity, compared to prior operations that may have been attributable based on the use of an exclusive ransomware," Mandiant said.
"Additionally, the frequent code updates and rebranding of HADES required development resources and it is plausible that UNC2165 saw the use of LOCKBIT as a more cost-effective choice."
LockBit ransomware activity (ID-Ransomware)
This new tactic of acting as a Ransomware as a Service (RaaS) operation affiliate would likely allow them to invest the time needed for ransomware development into broadening the gang's ransomware deployment operations.
Another theory is that a switch to others' malicious tools may provide Evil Corp with enough free resources to develop a new ransomware strain from scratch, making it harder for security researchers to link to the gang's previous operations.
"We expect these actors as well as others who are sanctioned in the future to take steps such as these to obscure their identities in order to ensure that it is not a limiting factor to receiving payments from victims," Mandiant concluded."
The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.
The U.S. Federal Trade Commission (FTC) says over 46,000 people Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022.
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India.
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
NASA said this week that it plans to purchase five additional Crew Dragon missions from SpaceX to carry astronauts to the International Space Station.
Although the space agency's news release does not specifically say so, these may be the final flights NASA needs to keep the space station fully occupied into the year 2030. As of now, there is no signed international agreement to keep the station flying until then, but this new procurement sends a strong signal that the space agency expects the orbital outpost to keep flying that long.
The announcement also suggests that SpaceX will fly more than twice as many crews to the space station than the other partner in NASA's commercial crew program, Boeing. Under the new agreement, SpaceX would fly 14 crewed missions to the station on Crew Dragon, and Boeing would fly six during the lifetime of the station.
Let's run down the math on that. SpaceX has already launched four operational crew missions to the space station, dating to the November 15, 2020, launch of the Crew-1 mission. SpaceX has two more flights under its original crew contract with NASA. In February 2022, NASA awarded fixed-price contracts for the Crew-7, Crew-8, and Crew-9 missions to SpaceX. The latest announcement would bring the total number of Crew Dragon missions to 14.
As for Boeing, it has yet to fly an operational mission to the station. The company recently completed a largely successful uncrewed test flight in May. Looking ahead, Boeing will probably complete a crewed flight test of Starliner late this year or early in 2023 and then fly its first operational mission sometime in 2023, or possibly later if issues are discovered on the crewed test flight.
Intro: Ya know, dear readers, your MesaZona blogger is really throwing one more RANT today about our Air Quality ....Ooops!! Here's another one, but this time here are some links so that YOU, dear readers, CAN FOLLOW THROUGH to get yourown daily updates . . . ask for more accountability. Maricopa County consistently VIOLATES federal Clean Air Standards Whose job is it anyway to ensure that Federal Clean Air Standards do not get consistently violated here? It doesn't look like they are "Doing Their Job"! Here's another Advisory for tomorrow: WHAT DO YOU WANT TO DO ABOUT IT???????? It's just NOT a Particulate Matter > Do you take it personally? It's time to hold ADEQ accountable.
Health Impacts
People most vulnerable to the impacts of air pollution include children, older adults, adults exercising outdoors and people with heart or lung disease and those suffering from asthma and bronchitis. Exposure can increase the number and severity of asthma attacks, cause or aggravate bronchitis or other lung disease and reduce the body’s ability to fight infection. Symptoms may include itchy eyes, nose, and throat, wheezing, coughing, shortness of breath, chest pain and upper respiratory issues. Long-term exposure is linked to premature death in people with heart or lung disease, nonfatal heart attacks, irregular heartbeat and decreased lung function.
Particulate Matter:
State and county agencies measure levels of particulate matter (PM) in the air.
PM is extremely small solid particles and liquid droplets that circulate in air.
PM comes from combustion (cars, industry, wood burning) or dust stirred up into the air. High levels of PM occur when air is especially stagnant or windy.
Two types of PM are measured:
PM-10, commonly called dust
PM-2.5, commonly called soot or smoke.
PM-10 is 10 microns or less in size
PM-2.5 is 2.5 microns or less in size.
(For perspective, one strand of human hair is 70-100 microns in size.)
The previously issued Ozone High Pollution Advisory for today will remain in effect and be extended for Tuesday, May 26th. Friday, high pressure’s grip on the Desert Southwest bolsters and another Ozone High Pollution Advisory is possible. Please keep in mind that although ozone fluctuates daily, the week in Phoenix is going to get progressively hotter! Eventually, the 110 degree realm is likely.
The National Weather Service is covering that aspect in detail. They have issued a host of heat related warnings
Intro: In a statement, Owl Labs officials wrote: ". . .To the best of our knowledge, there have never been any customer security breaches. We have either already addressed, or are in the process of addressing other points raised in the research report.
Below are the specific updates we are making to address security vulnerabilities, which will be available in June 2022 and implemented starting tomorrow:
RESTful API to retrieve PII data will no longer be possible
Implement MQTT service restrictions to secure IoT comms
Removing access to PII from a previous owner in the UI when transferring a device from one account to another
Limiting access or removing access to switchboard port exposure
Fix for Wi-Fi AP tethering mode
Meeting Owl videoconference device used by govs is a security disaster
No patch yet for easy-to-hack access point that leaks data and exposes networks to hacks.
The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive.
The consoles, which are slightly taller than an Amazon Alexa and bear the likeness of a tree owl, are widely used by state and local governments, colleges, and law firms.
A recently published security analysis has concluded the devices pose an unacceptable risk to the networks they connect to and the personal information of those who register and administer them.
The litany of weaknesses includes:
The exposure of names, email addresses, IP addresses, and geographic locations of all Meeting Owl Pro users in an online database that can be accessed by anyone with knowledge of how the system works. This data can be exploited to map network topologies or socially engineer or dox employees.
The device provides anyone with access to it with the interprocess communication channel, or IPC, it uses to interact with other devices on the network. This information can be exploited by malicious insiders or hackers who exploit some of the vulnerabilities found during the analysis
Bluetooth functionality designed to extend the range of devices and provide remote control by default uses no passcode, making it possible for a hacker in proximity to control the devices. Even when a passcode is optionally set, the hacker can disable it without first having to supply it.
An access point mode that creates a new Wi-Fi SSID while using a separate SSID to stay connected to the organization network. By exploiting Wi-Fi or Bluetooth functionalities, an attacker can compromise the Meeting Owl Pro device and then use it as a rogue access point that infiltrates or exfiltrates data or malware into or out of the network.
Images of captured whiteboard sessions—which are supposed to be available only to meeting participants—could be downloaded by anyone with an understanding of how the system works.
Glaring vulnerabilities remain unpatched
Researchers from modzero, a Switzerland- and Germany-based security consultancy that performs penetration testing, reverse engineering, source-code analysis, and risk assessment for its clients, discovered the threats while conducting an analysis of videoconferencing solutions on behalf of an unnamed customer. The firm first contacted Meeting Owl-maker Owl Labs of Somerville, Massachusetts, in mid-January to privately report their findings. As of the time this post went live on Ars, none of the most glaring vulnerabilities had been fixed, leaving thousands of customer networks at risk.
While the operational features of this product line are interesting, modzero does not recommend using these products until effective measures are applied. The network and Bluetooth features cannot be turned off completely. Even a standalone usage, where the Meeting Owl is only acting as a USB camera, is not suggested. Attackers within the proximity range of Bluetooth can activate the network communication and access critical IPC channels.
Hmmm. This report by Jenna McLaughlin about the U.S. Cyber Command states it's an effort to expose Russian aggression. OK, but both sides are deeply involved
The so-called "world's first hybrid-cyberwar" in Ukraine hasn't always been front and center of news coverage, but it's one of the things that might most directly impact the West. . .
BLOGGER NOTE: Hybrid wars and cyber warfare have been front and center - and in the archives - on this blog for many months. Please use the Searchbox on right-hand margin >>>>>
Even as the U.S. government is a key ally to Ukrainian defenders, the private sector might have a more complete picture of what's going on at any given time, because of their access to the digital systems in Russian hackers' crosshairs.
The relationship between the U.S. private sector and Ukraine has only deepened as the war drags on into its third month.
During an interview with NPR in Seattle last week, Microsoft head of customer security and trust Tom Burt detailed what his team has been seeing throughout the war, beginning a couple months prior to the official start of the physical invasion.
A digital conflict between Russia and Ukraine rages on behind the scenes of war
< SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a senior U.S. intelligence official told British outlet Sky News that the U.S. is running offensive cyber operations in support of Ukraine.
"My job is to provide a series of options to the secretary of defense and the president, and so that's what I do," said Gen. Paul Nakasone, the head of the National Security Agency, who also serves as the chief of the Pentagon's digital branch, the U.S Cyber Command.
While he did not give any further detail, it was the first time the spy chief alluded to the U.S. government's efforts to launch counterattacks against Russia in cyberspace, in addition to helping defend Ukrainian agencies. . .
The buildup
In January, according to Tom Burt - Microsoft head of customer security and trust - Microsoft witnessed several "destructive attacks against a number of Ukrainian government agencies." This was the first time Microsoft and others observed what's become a major feature of Russia's digital strategy during the war — using wiper malware designed to destroy data within Ukrainian agencies. . ."That's the experimental zone for Russian cyberattacks," he said.
Before publicly revealing what Microsoft had seen and attributing those attacks to Russia, Burt said he reached out to U.S. and Ukrainian government partners, to make sure Microsoft didn't "disrupt what might be very delicate conversations that were happening at the time."
However, Burt said, both governments gave the green light — just one example of how public officials have been more open about disclosing sensitive information during the war in an effort to expose Russian aggression.
It became obvious to Burt that an invasion was imminent on February 23, a day before Putin announced the "special military operation," he said. "So it's commonly believed that the invasion of Ukraine started on February 24th. But from our viewpoint, it really started on February 23rd, about 10 hours before the missiles were launched and the tanks rolled across the border," said Burt. "There was a huge wiper attack across 300 different systems in government agencies and private sector companies in Ukraine."
According to Burt, at the beginning of the invasion, Microsoft only really had a pinhole view into what was happening in Ukraine. While some Ukrainian companies and agencies were using Microsoft products, where the company is routinely looking for threats, very few were using the cloud, where Microsoft has the most insights.
Before the war, there was actually a law that prevented Ukranian agencies from using the cloud. That position was reversed on March 16, when the Ministry of Digital Transformation announced that state authorities are now allowed to store data using cloud services. According to Burt, Microsoft has been helping these agencies make the transition, and has become more able to detect threats as a result. . .
The cyber and the physical
In the first days of the invasion, both the Russian military and hackers were targeting Ukrainian media and communications...There have also been combined cyberattacks and physical assaults on energy and IT infrastructure, from nuclear power plants to tech companies, Burt said. More recently, Burt told NPR, Microsoft has seen Russia targeting Ukrainian railways with both cyberattacks and missiles. In this phase of the invasion, there's an effort to disrupt Ukraine's ability to resupply and move vital goods around the country.
..."And so we see, again, of course, sponsoring both the cyberattack and the kinetic attack in in support of what is clearly a hybrid war where the Russians are using all those resources in combination," Burt said.
[. ] Working with Ukrainians on the front lines
On the ground in Ukraine, Ukrainian cybersecurity officials face a constant barrage. On Tuesday, Ukrainian mobile communications operations in the south in Kherson reported communication outages, which they linked to Russia. . .It's a constant struggle.
While Ukrainian officials were able to get communications back online by routing internet traffic through a Russian internet provider, according to Net Blocks, an organization that tracks internet disruptions, that opens those communications up to even further surveillance and disruption by Russia.
. . .
Burt recalled one instance where his team was trying to alert one Ukrainian company to a possible cyberattack, when they received a message back that the company couldn't respond because the building was surrounded by Russian tanks.
"If you are Ukrainian, this has been a relentless, unending cyber war that has been launched in correspondence with the physical war in what is clearly the world's first major hybrid war," said Burt."
/cdn.vox-cdn.com/uploads/chorus_image/image/70899604/acastro_210512_1777_deepfake_0002.0.jpg)
0
BLOGGER NOTE: Hybrid wars and cyber warfare have been front and center - and in the archives - on this blog for many months. Please use the Searchbox on right-hand margin >>>>>
