The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 4/23

by Colin Mullins on Friday April 23, 2021

Contact Us
Free Demo

Ransomware glitches, rules governing AI, and the state of privacy legislation - catch up on all of the week's infosec news with the Friday Five!

1. Stanford student finds glitch in ransomware payment system to save victims $27,000 by Sean Lyngaas 

In a feel good story this week, a security researcher named Jack Cable was able to save fifty people from having to pay ransoms by exploiting a glitch in the hacker’s payment scheme. By changing a letter in the transaction ID from lowercase to uppercase, the system would unlock the files, thinking the victim had already paid. The new strain of ransomware on the infected computers is called QLocker and has been rapidly spreading around the internet. All told, Cable was able to save those affected around $27,000. Though the glitch has been fixed by the ransomware gang, it’s always great to read about a win in the fight against ransomware.

Read more

2. With details sparse, vendors scramble to make sense of Biden 100-day grid security plan by Joe Uchill

The Biden administration has launched a 100-day initiative to improve the cybersecurity of electric utilities. Details are still sparse but industry professionals who looked at the plan are praising it for overcoming failures of previous security pushes in the industry. As part of the new approach, the plan is specific to operational technology and emphasizes detection and response as opposed to just preventing attacks. The plan is part of the larger shift by the federal government as they invest more resources and focus on addressing the challenges of cybersecurity.

Read more

3. Europe's Proposed Limits on AI Would Have Global Consequences by Will Knight 

The European Union has proposed new rules that could have significant implications on the future of artificial intelligence. The proposed rules are still in progress but if implemented, they are likely to lead to restrictions or bans on artificial intelligence inside the EU. As the rules are currently vague, advocates worry that companies will exploit loopholes and the law will not properly protect citizens from potential misuses of AI. The new rules will have to contend with the contentious debate around facial recognition, especially its use in national security. The proposal is likely to go through changes as it proceeds through the EU Parliament and EU Council but it’s certainly something to watch as it has major implications for the future of AI.

Read more

4. First Federal Privacy Legislation of 2021 Introduced by Chris Brook

As more states have enacted data privacy laws, it puts into perspective the fact that the US still lacks a federal data privacy law. The latest effort to rectify the absence was introduced last month by U.S. Congresswoman Susan DelBene. The Information Transparency and Personal Data Control Act seeks to keep the personal information of children under thirteen years old protected and empowers the FTC with staff and resources to pressure states into cracking down on companies mishandling data. Though past federal privacy legislation has not gained much traction, there seems to be a growing understanding that the current patchwork of state laws is not sustainable.

Read more

5. The Incredible Rise of North Korea's Hacking Army by Ed Caesar 

This great story looks at the rise of state sponsored hacking by the North Korean Government. The country has long turned to crime in order to get around the sanctions put in place because of their nuclear program and the article explores how cybercrime was a natural progression. With high profile attacks in the last few years, including the hack of Sony Pictures and the scourge of the WannaCry ransomware, researchers and governments are now paying more attention to the state sponsored hacking units in North Korea. The story also examines how the country trains young hackers and how it can be a lucrative and prestigious career path in a country that lacks opportunities. The piece is a great read and I highly recommend the full story.

Read more

Tags: Ransomware, Legislation

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Colin Mullins

Colin Mullins is a Social Media Marketing intern at Digital Guardian