AllNet Law’s Post

"In our view, the NSA’s regime is defensible, and Wyden would be better off focusing on other targets. Nakasone admits that the NSA buys what he referred to as CAI, or commercially available information. However, he details the steps that the NSA takes to make sure that the CAI it buys is valuable to its intelligence and/or cybersecurity missions, that it is lawfully acquired, that information about U.S. persons is minimized, and that purchase of CAI is reassessed regularly for value rather than purchased on autopilot. The NSA is also buying data that is filtered to focus on malicious activity, rather than providing a full picture of Americans’ movements and actions. That data is aggregated from network operators and internet service providers, rather than collected directly from individuals under potentially misleading terms and conditions."

The Biden Administration recognizes the value of personal data, as well as the risk that comes along with it, and has made it more difficult for threat actors to obtain it. Because of this, they will need a new way to procure their data, and we unfortunately know that they are clever enough to figure it out. With lower supply on the surface web, we can expect increased data prices on covert marketplaces, and more malware to collect it. Dark web and botnet visibility is more important than ever.

🔒 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗻𝗴 𝗢𝘂𝗿 𝗣𝗿𝗶𝘃𝗮𝗰𝘆: 𝗔 𝗪𝗮𝗸𝗲-𝗨𝗽 𝗖𝗮𝗹𝗹 𝗳𝗼𝗿 𝗔𝗹𝗹 🔒 In today's digital age, safeguarding our personal information is more than just a duty or a responsibility; it's a necessity and cannot be overlooked. Recently, the Information Commissioner's Office (ICO) issued a stern reprimand to the UK Electoral Commission for significant lapses in data protection. 💥 𝗧𝗵𝗲 𝗕𝗿𝗲𝗮𝗰𝗵: 𝗔 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 𝗼𝗳 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆  In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known software vulnerabilities in the system that had not been secured. Until October 2022 – over a year later – the attackers had access to the personal information held on the Electoral Register, including names and home addresses. The servers were accessed on several occasions without the Electoral Commission’s knowledge. 📉 𝗪𝗵𝗮𝘁 𝗪𝗲𝗻𝘁 𝗪𝗿𝗼𝗻𝗴? * Weak passwords. * Inadequate security patches. * Compromised personal data. 💬 𝗘𝘅𝗽𝗲𝗿𝘁 𝗪𝗮𝗿𝗻𝗶𝗻𝗴  Stephen Bonner, Deputy Commissioner at the ICO, said: “𝘛𝘩𝘪𝘴 𝘢𝘤𝘵𝘪𝘰𝘯 𝘴𝘩𝘰𝘶𝘭𝘥 𝘴𝘦𝘳𝘷𝘦 𝘢𝘴 𝘢 𝘳𝘦𝘮𝘪𝘯𝘥𝘦𝘳 𝘵𝘰 𝘢𝘭𝘭 𝘰𝘳𝘨𝘢𝘯𝘪𝘴𝘢𝘵𝘪𝘰𝘯𝘴 𝘵𝘩𝘢𝘵 𝘺𝘰𝘶 𝘮𝘶𝘴𝘵 𝘵𝘢𝘬𝘦 𝘱𝘳𝘰𝘢𝘤𝘵𝘪𝘷𝘦 𝘢𝘯𝘥 𝘱𝘳𝘦𝘷𝘦𝘯𝘵𝘢𝘵𝘪𝘷𝘦 𝘮𝘦𝘢𝘴𝘶𝘳𝘦𝘴 𝘵𝘰 𝘦𝘯𝘴𝘶𝘳𝘦 𝘺𝘰𝘶𝘳 𝘴𝘺𝘴𝘵𝘦𝘮𝘴 𝘢𝘳𝘦 𝘴𝘦𝘤𝘶𝘳𝘦. 𝘋𝘰 𝘺𝘰𝘶 𝘬𝘯𝘰𝘸 𝘪𝘧 𝘺𝘰𝘶𝘳 𝘰𝘳𝘨𝘢𝘯𝘪𝘴𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘴 𝘪𝘯𝘴𝘵𝘢𝘭𝘭𝘦𝘥 𝘵𝘩𝘦 𝘭𝘢𝘵𝘦𝘴𝘵 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘶𝘱𝘥𝘢𝘵𝘦𝘴? 𝘐𝘧 𝘯𝘰𝘵, 𝘵𝘩𝘦𝘯 𝘺𝘰𝘶 𝘫𝘦𝘰𝘱𝘢𝘳𝘥𝘪𝘴𝘦 𝘱𝘦𝘰𝘱𝘭𝘦'𝘴 𝘱𝘦𝘳𝘴𝘰𝘯𝘢𝘭 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯 𝘢𝘯𝘥 𝘳𝘪𝘴𝘬 𝘦𝘯𝘧𝘰𝘳𝘤𝘦𝘮𝘦𝘯𝘵 𝘢𝘤𝘵𝘪𝘰𝘯, 𝘪𝘯𝘤𝘭𝘶𝘥𝘪𝘯𝘨 𝘧𝘪𝘯𝘦𝘴.” 🔔 𝗔 𝗖𝗮𝗹𝗹 𝘁𝗼 𝗔𝗰𝘁𝗶𝗼𝗻  Authorities entrusted with our personal data must lead by example in data protection. The Electoral Commission's failure emphasizes the need for stricter security measures. We must hold all organizations to higher standards to safeguard our information. 👉 Swipe through to learn about the key issues and discover practical solutions to protect your data. 🔗 𝗪𝗮𝘀 𝘁𝗵𝗶𝘀 𝗵𝗲𝗹𝗽𝗳𝘂𝗹? We'd love to help you further. Connect with us today for expert advice on data protection and security.  sammut.legal - biz/tech/privacy #DataProtection #CyberSecurity #GDPR #PrivacyMatters

Keeping software up to date is a key part of data protection, and UK GDPR best practice, not to mention a legal requirement under the UK GDPR ‘accuracy’ data processing principle. This has been made clear by the ICO’s action in reprimanding the Electoral Commission. This is with regard to allowing a vulnerability in their Microsoft Exchange Server that exposed the personal data of 40 million people. Read the news item here. https://lnkd.in/eWmRDixY #informationsecurity #privacy #dataprotection #microsoftexchange

According to a recent investigation by Proton, a mere 15% of #Italian politicians had their official emails exposed on the #darkweb. That's right, only 91 out of 609. Bravo! 🎉 But wait, there's more. These emails, often linked to #breaches from common service providers like Adobe and LinkedIn, were found alongside 197 passwords, many in plaintext. Because who needs complex passwords when you can just reuse "password123" for everything, right? While British MPs had their emails exposed over five times more frequently, Italian politicians can still hold their heads high. After all, it's not a security failure if your email is publicly available and just happens to end up on the dark web. It's just... unfortunate. The fact that these emails, which are publicly available on government websites, are on the dark web isn’t a security failure by itself. Nor is it evidence of a hack of the British, European, or French parliaments. Instead, it shows that politicians used their official email addresses to set up accounts on third-party websites (which were later hacked or suffered a breach), putting themselves and the information they’re entrusted to keep safe needlessly at risk. For those curious about the level of creativity in password selection, here are some gems found online: - "password123" - "qwerty" - "123456" - "iloveyou" 🍷 --- - https://lnkd.in/daKH6whZ. - https://lnkd.in/dTKj7wgw

Are you aware of what happens with your personal data online? 🤔?💻? In the wake of events like the Cambridge Analytica scandal, it's become clear that 'free' online services often come at a hidden cost. Every sign-up can mean handing over valuable personal details, sometimes to data brokers who resell your information.   Check the link for a deeper look into how different countries view data privacy. Your personal info is more valuable than you might think. Protect it. 💡?✨ #dataprotection #cybersecurity https://lnkd.in/eq4Sbdjc

The core challenge we face in the realm of compliance isn't the absence of laws; rather, it's the effectiveness of their enforcement. In the United States, a multitude of compliance regulations exist, yet their impact is often diluted by the lack of tangible consequences for businesses that fail to adhere. This is a reality I witness regularly, marking a disconcerting trend that leaves many businesses vulnerable, especially concerning cybersecurity. Consider the statistics on HIPAA violations from last year: only a few organizations were fined out of the hundreds of thousands that exist. This discrepancy is alarming and underscores a significant gap in our commitment to data security. If we aim to truly prioritize the protection of sensitive information, this enforcement disparity must be addressed. https://lnkd.in/erGvfWjz

#NSA is buying Americans’ internet browsing records without a warrant. Since the revelations by Edward #Snowden in 2013 at the latest, everyone should be aware that technically feasible things are also used by the secret services. So this new detail is not surprising. Who wants to get more details, check out these topics - #Pegasus spyware - #Palantir Technologies - #Echelon - #prism - #Tempora - stealthy snake - #wiretraps - #tumblr - #xkeyscore - #Bundespolizeigesetz in Germany

Key Update on NSA’s Data Collection Practices and Privacy Concerns A significant development in #digital #privacy has emerged. The #NSA, as confirmed by its director, is purchasing internet browsing data of Americans from commercial brokers without warrants. This practice, brought to light by Senator Ron Wyden raises profound privacy concerns. Wyden emphasizes the risk of such data potentially revealing sensitive information about individuals. While the #NSA asserts the data’s value for national security, the ethical implications are undeniable. This raises an urgent question: How do we balance security needs with the right to privacy? Reported by Reuters Link here: https://lnkd.in/gZ5dxQfp #digitalprivacy #nsa #datasecurity #cybersecurity #ethicsintech #nsa #data #digita #privacy