The IT Privacy and Security Weekly Update.

R. Prescott Stearns Jr.
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY
The IT Privacy and Security Weekly Update.

Into year five for this award-winning, light-hearted, lightweight IT privacy and security podcast that spans the globe in terms of issues covered with topics that draw in everyone from executive, to newbie, to tech specialist. Your investment of between 15 and 20 minutes a week will bring you up to speed on half a dozen current IT privacy and security stories from around the world to help you improve the management of your own privacy and security.

  1. 3 DAYS AGO

    Episode 221.5 Deep Dive: The IT Privacy and Security Weekly Update closes the door for the Week Ending December 17th., 2024 1

    FAQ: IT Privacy and Security Weekly Update (Week Ending December 17th, 2024) 1. What is the main takeaway from the recent US Telecom breach? The breach linked to Chinese hackers highlights the dangers of government backdoors in encryption systems. The 1994 CALEA law, intended to assist law enforcement, created vulnerabilities exploited in this incident. Experts emphasize that backdoors weaken security for everyone and make systems susceptible to both good and bad actors. 2. What security concerns arose with UnitedHealthcare's Optum AI chatbot? Optum's AI chatbot, used internally for managing health insurance claims, was left publicly accessible without a password. Although it didn't contain sensitive health data, its exposure raises concerns about the responsible management of AI, particularly given UnitedHealthcare's alleged use of AI to deny patient claims. 3. Despite improvements, why should users still be cautious with Microsoft's Recall feature? While Microsoft's Recall screen capture tool now includes encryption and sensitive information filtering, tests reveal inconsistencies in its performance. It struggles to identify private data in non-standard formats or situations, potentially leading to unintended exposure of sensitive details. 4. What is the significance of Meta's recent €251 million fine by the EU? The fine stems from a 2018 security breach exposing data of millions of EU users. It underscores the EU's strong enforcement of the GDPR and emphasizes the importance of companies prioritizing data protection. For users, it serves as a reminder that their personal information may not always be secure. 5. How is the US-China trade conflict impacting the Ukraine war effort? China is limiting sales of drone components critical to Ukraine's defense as part of the escalating trade conflict with the US. This move is expected to expand to broader export restrictions, hindering Ukraine's access to vital drone technology. 6. Why is the EU investing in its own satellite constellation, IRIS²? The EU aims to reduce reliance on non-European networks like Starlink by developing IRIS². This sovereign satellite constellation will provide secure internet access across Europe, enhancing strategic autonomy and fostering public-private collaboration in the space sector. 7. What benefits will Let's Encrypt's new six-day certificates offer? The shift to shorter certificate lifespans significantly reduces security risks associated with compromised keys. While this means issuing more certificates, Let's Encrypt's automated systems will ensure a smooth transition for users, resulting in a safer and more secure internet experience. 8. How is United Airlines using Apple technology to improve its baggage handling? United Airlines is integrating Apple's "Share Item Location" feature into its mobile app. Passengers can now share real-time locations of AirTags attached to their luggage, enabling United's customer service team to track and retrieve misplaced baggage more efficiently.

    14 min

  2. 4 DAYS AGO

    The IT Privacy and Security Weekly Update closes the Door for the Week Ending December 17th., 2024

    Episode 221 Our first update has an important security lesson, "When you build a backdoor, don’t be surprised when everyone comes walking through it." Then a very topical subject when an insurance chatbot is exposed... now you can experience the chatbot denying your claims in real time! Microsoft’s Recall feature: capturing sensitive info, even when it promises it won’t—because AI still struggles with “Oops.” Then Meta seems to be collecting fines as efficiently as it collects your data. China to Ukraine: “No drones for you!”—because trade wars come with flying consequences. Europe builds its own Starlink—because relying on Musk for internet isn’t a good long-term plan. And now, Six-day certificates! "Keeping secrets for 90 days is so last year." Lastly, for the holidays:  United Airlines teams up with (Apples) AirTags—because you can’t lose what you can track. Let's go rattle some doors! For the full transcript to this podcast click here.

    16 min

  3. 12 DEC

    EP 220.5 Deep Dive - The IT Privacy and Security Weekly Update solves the Mystery of the vanishing Stoli for the Week Ending December 10th., 2024

    IT Privacy and Security FAQ - Week Ending December 10th, 2024 1. What happened to Stoli, and how can I protect my business from the same fate? A ransomware attack crippled Stoli Group's IT systems, leading to bankruptcy for its US and Kentucky Owl subsidiaries. The attack highlighted the importance of robust cybersecurity measures. To safeguard your business, prioritize secure IT systems, keep software updated, maintain regular backups, and educate employees about phishing and malware threats. 2. Is my phone call safe? What's this about a Chinese hacking campaign? A Chinese cyber-espionage campaign, Salt Typhoon, targeted telecom networks in at least two dozen countries, including major US carriers. The attackers stole metadata to identify high-value targets and intercept communications. While classified information wasn't compromised, this emphasizes the need for vigilance. Limit sharing sensitive information over calls or texts, and consider end-to-end encryption tools for added security. 3. What is the FCC doing about telecom cybersecurity? The FCC is proposing mandatory cybersecurity risk management plans for telecom companies and will enforce them with potential fines or criminal penalties. This follows concerns over persistent security lapses and aims to prevent breaches like the recent Chinese hacking campaign. 4. I use Google Messages. Is it truly end-to-end encrypted? Google Messages' claims of "end-to-end encryption" are misleading. While RCS chats within Google Messages can be encrypted, SMS messages and those sent to non-Google users are not. Always verify encryption details and don't rely on vague claims to protect your privacy. 5. What is Sauron, and should I be concerned about its home security approach? Sauron is a startup offering high-tech home security using drones, cameras, facial recognition, and 24/7 monitoring. While appealing for its advanced features, the company's use of facial recognition and potential for aggressive countermeasures raises privacy concerns. Weigh these factors carefully when considering such systems for your home. 6. Is Solana safe? What happened with the code library attack? A supply chain attack compromised Solana's JavaScript SDK, leading to the theft of $184,000 from digital wallets. While the malicious code was quickly removed, it highlights the risks of open-source libraries. Developers and users should prioritize upgrading libraries, rotating keys, and staying informed about security updates from reliable sources like CoinDesk and The Block. 7. Can I now use my cellphone anywhere with SpaceX's Starlink? SpaceX launched new satellites enabling direct cellphone connectivity through Starlink. While initially limited to text messaging, the service will eventually support voice, data, and IoT devices. This promises global coverage even in remote areas. However, pricing details and encryption information remain unclear. Stay tuned for updates and explore how this service could benefit you. 8. What's the main takeaway from this week's IT security news? This week's news emphasizes the growing cybersecurity threats across various domains, from ransomware attacks to sophisticated state-sponsored espionage and supply chain vulnerabilities. Staying informed, adopting proactive security measures, and carefully evaluating new technologies are crucial steps in protecting yourself and your data.

    30 min

  4. 11 DEC

    The IT Privacy and Security Weekly Update solves the Mystery of the Missing Stoli for the Week Ending December 10th., 2024

    Episode 220 This week we solve a mystery that has may have more impact this holiday season than you could imagine, and what you can do to stop the same thing happening to you. A Chinese hacking campaign targets telecoms globally, proving that no phone call is truly safe. The FCC takes a hard stance on telecom cybersecurity, warning companies: fix those flaws or face hefty penalties. Google's "end-to-end encryption" turns out to be more like "end-to-what?" as tech bloggers expose misleading claims. A startup takes home security to new extremes with drones, facial recognition, and a little bit of paranoia. A backdoor in a popular Solana library drains wallets, leaving a $184,000 hole and crypto developers scrambling to upgrade. SpaceX's new satellite network aims to keep your phone connected, even when you're way off the grid—though texting is the only thing that's fast for now. We have the world of IT Privacy and Security covered from Stoli to SpaceX.  Let's jet. Find the full transcript here.

    16 min

  5. 5 DEC

    Episode 219.5 Deep dive into The IT Privacy and Security Weekly Update moves into Low Earth Orbit for the Week Ending December 3rd., 2024

    Deep dive into The IT Privacy and Security Weekly Update moves into Low Earth Orbit for the Week Ending December 3rd., 2024: Your FAQs Answered 1. What is the FTC doing to protect my location data? The FTC has taken action against companies like Gravy Analytics and Venntel selling sensitive location data without user consent. This data, often gathered from smartphones, was being used for surveillance purposes, including by law enforcement agencies. The FTC has banned these companies from selling this data, except in limited circumstances related to national security or law enforcement. 2. How can I ensure software updates support my smart devices? Unfortunately, a recent FTC study found that nearly 9 of 10 smart device makers don't disclose how long they will provide software updates. This means your devices could become obsolete and vulnerable to security risks sooner than you expect. Before purchasing a smart device, check the manufacturer's website for clear information about software update policies. 3. What are the biggest cybersecurity threats facing the UK? According to the UK's new cyber chief, the country is significantly underestimating the risks posed by cyberattacks. The frequency, sophistication, and intensity of hostile activity in UK cyberspace has increased. Despite growing threats from Russia and China, there's a lack of awareness about the severity of the risks. 4. Why are U.S. Senators concerned about facial recognition technology at airports? A bipartisan group of Senators has called for an investigation into the TSA's use of facial recognition technology at airports. They cite concerns about privacy violations, lack of transparency, and potential for misuse. There are also questions about the technology's effectiveness in reducing delays and improving security. 5. How is Australia protecting children from the potential harms of social media? Australia has become the first country to ban children under 16 from using social media platforms. This landmark law aims to protect young people's mental health and well-being by limiting their access to platforms like TikTok, Instagram, and Facebook. Social media companies face hefty fines if they fail to comply. 6. What is the significance of the overturned sanctions on Tornado Cash? A U.S. appeals court overturned sanctions on Tornado Cash, a cryptocurrency privacy tool. The court ruled that smart contracts, which power Tornado Cash, aren't considered property under U.S. law, and therefore the Treasury Department overstepped its authority. This decision is a significant win for privacy advocates in the crypto industry and highlights the ongoing debate over how governments regulate privacy-focused technologies. 7. Why is global cooperation essential for managing space traffic? Low Earth orbit is becoming increasingly crowded with satellites and debris, posing risks of collisions and rendering space unusable. Experts are urging global cooperation to create a shared database for tracking objects and developing international rules to manage space traffic. However, geopolitical tensions and corporate secrecy make this cooperation difficult. 8. How are cybersecurity threats impacting spacecraft and satellites? As space exploration expands, so do the cybersecurity risks. Hackers are becoming more sophisticated, targeting spacecraft and satellites with potentially catastrophic consequences. These attacks could disrupt navigation, communications, and even defense systems. The increasing use of artificial intelligence (AI) in space adds further vulnerabilities. Protecting space assets from cyber threats is now a critical priority for governments and space agencies worldwide. Stay safe, stay secure and stay with us!

    14 min

  6. 4 DEC

    ⁠EP 219 The IT Privacy and Security Weekly Update moves into Low Earth Orbit for the Week Ending December 3rd., 2024

    EP219 For this update, yes we are up again.  We start off on terra firma, but we definitely end up in the clouds. A double whammy from the FTC who just put the brakes on companies selling your location data—because privacy should come first, (even if you’re just visiting a coffee shop.) and then suddenly notices that your smart devices might not be as 'smart' as you thought—especially when it comes to knowing how long they'll get updates. The UK's cybersecurity chief warns: we're underestimating the cyber threats, and warns the UK citizenry it's time to brace for a bigger digital storm. Facial recognition at airports: convenient or a privacy nightmare? It's spreading across the US like wildfire so senators are calling for a closer look before it becomes mandatory. Australia just became the first country to ban kids under 16 from social media—marking... a huge step towards giving kids their childhoods back again. A crypto privacy win! Tornado Cash sanctions get overturned, sparking debate on how the government should regulate tech. Then up we go, with Earth’s orbit getting crowded, experts are calling for global cooperation to prevent space from becoming the next traffic jam (or junk yard). Space might be the final frontier, but hackers are already eyeing it—leading experts to warn of rising cybersecurity risks for satellites and spacecraft. Come on, let's chase the horizon! Find the full transcript of this podcast here.

    16 min

  7. 28 NOV

    Episode 218.5 Deep Dive: The IT Privacy and Security Weekly Update serves up some Pi for the Week Ending November 26th., 2024

    FAQ: 1. What measures are US senators proposing to enhance cybersecurity in healthcare? A bipartisan group of US senators has introduced the Health Care Cybersecurity and Resiliency Act of 2024. This act mandates healthcare organizations adopt basic cybersecurity standards like multi-factor authentication (MFA), improved coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), and a more transparent breach reporting process, including details about the number of individuals affected and corrective actions taken. 2. What is Australia doing to combat the rise of ransomware attacks? Australia has enacted its first Cyber Security Act, requiring organizations exceeding a certain size (likely those with a turnover above AUD $3 million) to report any ransomware payments made to cybercriminals. The act also establishes a framework for the voluntary reporting of cyber incidents to encourage information sharing and enhance collective cybersecurity. 3. What is the extent of the alleged Chinese hacking of US telecom infrastructure? Reports suggest that Chinese government-backed hackers, known as Salt Typhoon, have infiltrated US telecommunications networks, potentially gaining access to phone calls and text messages. This breach reportedly exploited vulnerabilities in the system used by US authorities for lawful wiretaps. The incident, labeled as potentially the "worst telecom hack in our nation's history", raises serious concerns about national security and data privacy. 4. What advice is the Japanese government giving its citizens regarding their digital legacies? The Japanese National Consumer Affairs Center recommends that citizens engage in "digital end-of-life planning" to prevent difficulties in managing their online accounts after their death. They advise ensuring family members can access their devices, maintaining a list of subscriptions and login credentials, possibly including this information in end-of-life documents, and considering services that allow designated individuals to manage accounts posthumously. 5. What privacy concerns have arisen with Microsoft's Copilot tool? Microsoft's Copilot, designed to streamline tasks by accessing internal company information, has inadvertently exposed sensitive data, including CEO emails and HR documents. This occurred due to lax permission settings in some companies, allowing Copilot to access and retrieve documents beyond intended access levels. 6. How is Microsoft enhancing Windows security following the CrowdStrike incident? In response to the CrowdStrike incident that impacted millions of Windows devices, Microsoft is introducing the Windows Resiliency Initiative. This initiative includes Quick Machine Recovery, enabling remote repair of unbootable systems, stricter testing and deployment protocols for security vendors, and a framework to move antivirus processing outside the Windows kernel for improved security and stability. 7. What was the outcome of Interpol's Operation Serengeti in Africa? Interpol's Operation Serengeti, conducted in collaboration with Afripol, resulted in the arrest of over 1,000 suspects across 19 African countries. The operation targeted cybercriminals involved in activities like ransomware, business email compromise, digital extortion, and online scams. Notably, the operation dismantled networks involved in credit card fraud, Ponzi schemes, human trafficking, illegal gambling, and cryptocurrency scams. 8. Why are undersea data cables becoming an increasing security concern? Undersea fiber-optic cables, responsible for transmitting vast amounts of global internet traffic, are increasingly vulnerable to damage and sabotage. Recent incidents, such as damage to cables in the Baltic Sea suspected to be linked to a Chinese cargo vessel, highlight these risks.

    17 min

  8. 27 NOV

    The IT Privacy and Security Weekly Update serves up some Pi for the Week Ending November 26th., 2024

    Episode 218   For this Update we start with an attempt to stop a spoiler and end with quite a few ways to slice a Pi. In the US a few senators have gotten together a tablet of requirements they'd like to see healthcare organizations swallow in the US. Australia, moves forward with a reporting requirement for all firms paying ransomware demands. China is back in the news in the backdoor of all the US mobile phone providers.  The big issue this week?  Finding them and kicking them out! Japan has a very pragmatic suggestion if you are prone to jumping off mountains in a squirrel suit.   Microsoft's Copilot reveals a side of it's extreme cleverness that could get the CEO fired, and then they announce new rollouts that will hopefully prevent another Crowdstrike debacle. Interpol busts the Nigerian prince that you sent that money to so he could wire you a million. With online television and content providers growing in popularity plenty have cut their cable, however they too could be compromised if the popularity of this particular cable cutting continues to grow. This week we cut headcount, cables and Pi.  Come on, let's go serve it up! Find the full transcript of this podcast here.

    19 min
See All (234)

About

Into year five for this award-winning, light-hearted, lightweight IT privacy and security podcast that spans the globe in terms of issues covered with topics that draw in everyone from executive, to newbie, to tech specialist. Your investment of between 15 and 20 minutes a week will bring you up to speed on half a dozen current IT privacy and security stories from around the world to help you improve the management of your own privacy and security.

Information

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada