Friday Five 7/1
The overturning of Roe v. Wade is sparking more privacy concerns, cybercriminals are using deepfakes to gain access to corporate networks, and home routers are being attacked with malware. Read about these stories and more in this week's Friday Five.
1. Supreme Court's Roe v. Wade reversal sparks calls for strengthening privacy by Tonya Riley
The need for federal privacy legislation is at an all-time high after the Supreme Court overturned Roe v. Wade Friday, ending nearly 50 years of the nation’s highest court affirming the constitutional right to abortion. “In the digital age, this decision opens the door to law enforcement and private bounty hunters seeking vast amounts of private data from ordinary Americans,” says Alexandra Reeve Givens of the Center for Democracy and Technology. Read the full story from CyberScoop to learn which lawmakers are taking action and what you can do to protect yourself before federal privacy legislation can be signed into law.
2. CISA: Switch to Microsoft Exchange Online 'Modern Auth' before October by Liam Tung
On October 1, 2022, Microsoft will be disabling Basic Authentication for Exchange Online, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that organizations will need to switch to Modern Authentication by that day to remain secure. This deadline, which was originally set in February 2021 by Microsoft, was pushed back due to the COVID-19 pandemic and is now exactly three months away.
According to Microsoft, “To be clear, we will start on October 1; this is not the date we turn it off for everyone. We will randomly select tenants, send 7-day warning Message Center posts (and post Service Health Dashboard notices), then we will turn off Basic Auth in the tenant. We expect to complete this by the end of this year.” Read the full story from ZDNet to learn why Microsoft is moving away from Basic Authorization.
3. A New, Remarkably Sophisticated Malware Is Attacking Routers by Dan Goodin
Lumen Technologies’ Black Lotus Labs have identified at least 80 targets infected by unusually sophisticated malware capable of taking full control of connected devices running Windows, macOS, and Linux, as reported this past Tuesday. The remote access Trojan is now known as ZuoRAT and exists as a part of a broader hacking campaign that has existed since at least Q4 of 2020. Read the full story from Wired to learn about who may be behind the attacks, whom they’re targeting, and what you can do if your network device is targeted.
4. FBI: Stolen PII and deepfakes used to apply for remote tech jobs by Sergiu Gatlan
In a recent public service announcement, the FBI warned that cybercriminals are increasingly using stolen PII and deepfakes to apply for remote work positions and eventually gain corporate network access. “The remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software-related job functions. Notably, some reported positions include access to customer PII, financial data, corporate IT databases, and/or proprietary information.” Read the full story from BleepingComupter to learn more about how you can spot a deepfake and what actions to take if you come across one.
5. U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores by Ravie Lakshmanan
Due to its pattern of “surreptitious data practices,” one of the commissioners of the U.S. Federal Communications Commission, Brendan Carr, has called for Apple and Google to remove TikTok from their respective app stores. In an open letter addressed to Apple and Google’s chief executives, Carr wrote, "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," also calling the social media platform a "sophisticated surveillance tool" for amassing users' personal information. Read the full story from The Hacker News to learn about what prompted these statements from Carr and what kinds of data TikTok may have on you.