Identity Theft is on the Rise-Here’s What You Can Do About It
Identity theft is rising, and the safety measures you take to protect your personal data should be too. Although letting your guard down while traveling or on vacation can be easy, that’s no reason to let basic safety precautions out the door.
The first rule of protecting yourself from identity theft while traveling should be: do not leave unmonitored boarding passes out in public. Whether they’re paper copy or digital, the barcode on your boarding pass is a portal into your identity. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account. If you must throw away a used boarding pass with a barcode, consider tossing it into a document shredder instead.
The second (incredibly basic but crucial) rule of protecting yourself from identity theft while traveling is: do not leave your email inbox open on a public computer, even if you just leave your desk for a second. Log out of your sessions whenever you need to step away from your desk. Even if you’re using your private computer in public, put the lock screen on whenever you are away from it – even when it’s in your hotel room. Ideally, have your drive encrypted and device tracking enabled.
Read: https://easydns.com/blog/2023/08/12/raising-the-identity-theft-bar-when-traveling/
Google’s Controversial Web Integrity API: Is it DRM for the Web?
Google’s latest proposed web standard raises eyebrows: Is it DRM? Recently, the online community caught wind of a proposal called the “Web Environment Integrity API.” The explanatory document was written by a team of four Google employees, including a member from Chrome’s “Privacy Sandbox” team.
The project aims to verify user authenticity, detect browser tampering, and provide valuable data for advertisers, including accurate ad impression tracking, combating bots, protecting intellectual property, preventing cheating in online games, and enhancing financial transaction security.
Google’s document assures that the API will not be misused. While the authors emphasize that it should not be used for unique user fingerprinting, they seek an indicator for rate limiting on physical devices. The project explicitly states that it does not aim to disrupt browser functionality, including plugins and extensions, hinting at the preservation of ad-blockers.
Read:
https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
Zoom Backtracks on Updates that Allowed Indiscriminate Use of Customer Data Without User Consent
Zoom says it will trace a recent change to its terms of service that allowed the company to use some customer content to train its machine learning and artificial intelligence models.
The move comes after recent criticism on social media from customers concerned about the privacy implications of Zoom using data in such a manner.
“Following feedback, Zoom made the decision to update its Terms of Service to reflect Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom or third-party artificial intelligence models,” a spokeswoman said in an emailed statement. “Zoom has accordingly updated its Terms of Service and product to make this policy clear.”
Zoom’s decision — and the reason for it — is sure to add to the growing debate about the privacy and security implications of technology companies using customer data to train AI models.
In Zoom’s case, the company recently introduced two generative AI features — Zoom IQ Meeting Summary and Zoom IQ Team Chat Compose — that offer AI-powered chat composition and automated meeting summaries. The terms of an updated service policy that the company announced earlier this year gave Zoom the right to use some customer data behind these services for training the AI models — without needing customer consent.
After customers pushed back on social media, Zoom initially revised its policy earlier this month to give customers the right to opt out of having their data used for AI training. “Zoom will not use audio, video, or chat Customer Content to train our artificial intelligence models without your consent,” the company said.
Read: https://www.darkreading.com/analytics/following-pushback-zoom-says-it-won-t-use-customer-data-to-train-ai-models
AZ Governor Hobbs Asked Twitter to Censor Critics, Emails Reveal
Democratic Arizona Governor Katie Hobbs has stirred controversy by requesting Twitter (now X) to silence her critics following a tweet where she compared Trump supporters to neo-Nazis. This disclosure raises significant concerns regarding free speech and political bias amidst the era of Big Tech censorship.
During her time in the Arizona state legislature, Hobbs drew widespread condemnation from her digital audience for a contentious 2017 tweet targeting Trump and his supporter base. She asserted, “Trump has made it abundantly clear he’s more interested in pandering to his neo-Nazi base than being president for all Americans.”
Despite numerous appeals for a response from X and Hobbs concerning the censorship requests, no reactions have come to light. These unfolding revelations cast a shadow and provide mounting evidence that a greater number of federal departments than previously believed may be purposely downplaying their participation in online censorship.
Read: https://reclaimthenet.org/az-governor-katie-hobbs-asked-twitter-to-censor-her-critics-emails-show
Medical and Social Security Data of Millions in Missourians Compromised in MOVEit Attacks
The Colorado Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado’s Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass hacks, exposing the sensitive medical data of more than 4 million patients.
In a data breach notification to those affected, Colorado’s HCPF said that the data was compromised because IBM, one of the state’s vendors, “uses the MOVEit application to move HCPF data files in the normal course of business.”
The letter states that while no HCPF or Colorado state government systems were affected by this issue, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor.”
These files include patients’ full names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income information, clinical and medical data (including lab results and medication), and health insurance information.
HCPF says about 4.1 million individuals are affected.
IBM has yet to publicly confirm that it was affected by the MOVEit mass hacks, and an IBM spokesperson did not respond to a request for comment by TechCrunch.
The breach of IBM’s MOVEit systems also impacted Missouri’s Department of Social Services (DSS), though the number of affected individuals is not yet known. More than 6 million people live in Missouri state.
In a data breach notification posted last week, Missouri’s DSS said: “IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians. The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS.”
Read:
https://techcrunch.com/2023/08/14/millions-americans-health-data-moveit-hackers-clop-ibm/
Elsewhere Online:
Knight Ransomware Spreading via Phony TripAdvisor Complaint Emails
Read: https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/
Massive Security Breach Exposes 1.47 Million Records at Alberta Dental Services
Read: https://www.infosecurity-magazine.com/news/alberta-dental-services-security/
Snapchat’s AI Chatbot Spooks Users with Mysterious Video
Read: https://arstechnica.com/information-technology/2023/08/snapchats-ai-chatbot-posts-mysterious-video-and-goes-silent-spooking-users/
U.S. Energy Company Falls Victim to QR Code Phishing Scheme
Read: https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/
Experts Warn of Increased Use of Cloudflare R2 for Phishing Attacks
Read: https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html
Previously on #AxisOfEasy
Clement Stone said this (the quote in your email)