But things could backfire: A growing thicket of privacy laws regulating biometrics is aimed at protecting consumers amid increasing cloud breaches and AI-created deepfakes. But for businesses that handle biometric data, staying compliant is easier said than done. I explore the issues surrounding implementing and regulating biometrics in a post for Dark Reading today.
The world of open-source software is about to go through another tectonic change. But unlike earlier changes brought about by corporate acquisitions, this time it’s thanks to the growing series of tech layoffs. The layoffs will certainly change the balance of power between large and small software vendors, and between free and commercial software versions, and the role played by OSS in enterprise software applications could change.
In this post for SilicionANGLE, I talk about why these changes are important and what enterprise software managers should take away from the situation.
What a year 2023 was for cybersecurity!
It was a year the world became obsessed with generative artificial intelligence — and a year that brought new breaches with old exploits, a year that brought significant consolidation in the security tools marketplace, and a year when passkeys finally took hold, at least for consumers.
Are businesses better secured than before? Hardly. Attackers have continued to get more sophisticated, hiding in plain sight and using sneakier ways to penetrate enterprise networks. Ransomware is still a thing, and criminals are getting clever at using multiple tactics to extort funds from their victims.
In this story for SiliconANGLE, I’ve has collected some of the more notable predictions for 2024, and offer my own recommendations for best security practices.
Even long-time Central West Enders in St. Louis might not recognize Berlin Avenue, but the street has a storied past in our neighborhood. It is now called Pershing Avenue, and the corner of Pershing and Euclid now has a commemorative plaque that hints at its history. In a post for Nicki’s blog, I take a walk back in time to show what happened on this little corner of our city.
Here are the ones from the first part of the week.
- I did a video interview for a sponsored virtual event for TheCube here, talking about ransomware, air gapped networks, and other reasons to secure your data.
- An analysis of Infrastructure As Code — where it comes from, why it is important, and why it can be both blessing and trouble for IT and devs.
- An analysis of everyone’s least favorite hacking group, Lazarus of North Korea, and how they are changing tactics and using Telegram as a command channel, and scooping up millions of dollar-equivalents.
- This week, Ukraine’s largest telecom carrier got hit with a massive cyberattack. They are gradually bringing stuff back on line, including the ordinary (like people’s cell phones and bank’s ATMs) and the war-related stuff to target the people most likely to have originated the attack (you know who they are).
- A new report from Cloudflare shows their growth in internet traffic along with other interesting stuff such as outages and the percentage of those poor souls who are still using ancient TLS versions.
- Another report that examines the past year or so of various cyber attacks and other assorted breaches from a very well respected source at MIT.
Here are this week’s stories in SiliconANGLE. My most interesting story is about one man’s effort to improve the power grid in Ukraine, thanks to a very clever collection of Cisco networking gear that provides backups when the GPS systems are jammed by the Russians.
The American Red Cross responds quickly when disaster strikes. News programs are filled with striking scenes of disaster relief — shelters housing hundreds of survivors, the distribution of thousands of meals and disaster assessment volunteers at work across the affected area. But these efforts would be impossible without the support of the Operations Department working behind the scenes.
For one story, I interview Randy Whitehead and Dan Stokes and their various roles as volunteers. Both have transported a Red Cross emergency response vehicle from one location to another. That effort doesn’t capture news headlines, but it is essential to the mission.
For a second story, I spoke to the people behind an effort to help lawyers better understand international humanitarian law, something very much in the news these days. Lori Arnold-Ellis, the Executive Director of the Greater Arkansas chapter, and Wes Manus, an attorney and Red Cross board member, have expanded and extended a course first assembled by the International Red Cross called Even War Has Rules and are teaching it in our region to lawyers and non-lawyers alike. I took one of the courses and learned a lot too!
That is one of the reasons why I keep coming back to volunteer at the Red Cross: there are so many places to help out and you meet the most interesting people. It is terrific to get to talk to them and hear their stories.
Here are four stories that I wrote this week.
Happy holidays! Here are my stories for the week:
- The group behind LockBit ransomware is now exploting the Citrix Bleed vulnerability, which made big news last month and still at risk for thousands of devices around the world. US and Australian cybersec officials released a security advisory this week that provide the details, and my article follows up with what is going on with this very dangerous and prolific ransomware operation.
- The group behind the Phobos ransomware is also stepping up its game too.
- I examine a series of recent cloud security reports, some surveys of IT managers and some taken from actual network telemetry of customers and public sources, to show a not very rosy picture of the situation. Secondary issues such as security alerts take too much time to resolve, and risky behaviors fester without any real accountability to prevent or change.