Cybersecurity News of the Week, July 10, 2022

A weekly aggregation of important cybersecurity and privacy news designed to educate, support, and advocate; helping you meet your data care challenges and responsibilities.

Stan’s Top of the News

This Week’s Top of the News is again about privacy in the wake of the Supreme Court’s recent decision to overturn Roe v Wade.

  • Texts, web searches about abortion have been used to prosecute women: The data privacy risks associated with abortion aren’t hypothetical. Cases in Mississippi and Indiana could preview how digital evidence could be used post-Roe. Washington Post, July 3, 2022
  • Federal Patient Privacy Law Does Not Cover Most Period-Tracking Apps: A patient privacy law known as HIPAA, passed in 1996, hasn’t kept pace with new technologies and at-home tests. ProPublica, July 5, 2022
  • Data privacy concerns make the post-Roe era uncharted territory: It’s becoming increasingly clear that the end of Roe will look vastly different than before Roe — in large part because of the role of data.  NPR, July 2, 2022
  • Your Phone’s Location Access Reveals a Lot. Here’s How to Turn It Off.: Your phone is likely selling your location information to the highest bidder. But there are steps you can take to help prevent that. Wirecutter, June 29, 2022
  • End-to-End Encryption’s Central Role in Modern Self-Defense: A number of course-altering US Supreme Court decisions last month—including the reversal of a constitutional right to abortion and the overturning of a century-old limit on certain firearms permits—have activists and average Americans around the country anticipating the fallout for rights and privacy as abortion “trigger laws,” expanded access to concealed carry permits, and other regulations are expected to take effect in some states. And as people seeking abortions scramble to protect their digital privacy and researchers plumb the relationship between abortion speech and tech regulations, encryption proponents have a clear message: Access to end-to-end encrypted services in the US is more important than ever. Wired, July 5, 2022
  • ‘Asleep at the wheel’: Canada police’s spyware admission raises alarm: An admission from Canada’s national police force that it routinely uses powerful spyware to surveil citizens has prompted concern from experts, who warn the country is “asleep at the wheel” when it comes to regulating and reining in use of the technology. The Guardian, July 7, 2022

Privacy Webinar: SecureTheVillage is hosting a webinar on July 21 at 11:00AM Pacific Time to assist ‘village residents’ understand the risks to their privacy along with what they can do to protect themselves. The privacy challenges raised by the overturning of Roe v. Wade cross political lines and demonstrate that each of us has the personal responsibility to treat our online privacy as a core element of sound data care.

Cyber Humor

Security Nonprofit of the Week … Cyber Readiness Institute.

Our kudos this week to the Cyber Readiness Institute (CRI) and the great work they do helping our medium-size and smaller organizations manage their information security challenges. CRI’s Cyber Readiness Program helps organizations protect their data, employees, vendors, and customers. This free, online program is designed to help small and medium-sized enterprises become more secure against today’s most common cyber vulnerabilities. Their free Cyber Leader Certification Program is a personal professional credential for those who have completed the Cyber Readiness Program. Both are highly recommended.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn

Live on Cyber with Dr. Stan Stahl: Join Julie Morris and me as we discuss Multi-Factor Authentication (MFA / 2FA) … what it is and why it’s a vital piece of defense. Our conversation follows a survey by the Cyber Readiness Institute,  our Security Nonprofit of the Week. The survey showed that more than half of small and medium-sized business owners do not use multi-factor authentication and only 28% who provide multi-factor authentication options require its use. MFA is one of the most important things individuals and organizations can do to protect their online accounts. As Nike says: Just do it!!

Section 2 – Personal Data Care – Security and Privacy

Important data care stories for protecting yourself and your family.


  • 8 common Facebook Marketplace scams and how to avoid them: Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed. … Last year, Facebook Marketplace passed one billion global users. In so doing, it’s become a giant of the consumer-to-consumer space, allowing individual Facebook users to buy from and sell to each other seamlessly. It has surpassed the popularity of Craigslist for several reasons. It’s also free and simple to use, as most people already have a Facebook account. It allows users to search for listings from their local area, making pick-up much easier. And because people can view sellers’ profiles, they feel more assured of safety and security on the site. Unfortunately, this is often a false sense of security. WeLiveSecurity, July 6, 2022
  • Hackers are using YouTube videos to trick people into installing malware: Cybercriminals have begun to lean on YouTube as a means of distributing potent malware (opens in new tab), security experts have discovered. Tech Radar, July 6, 2022

Keep your browser up to date. Review your privacy and security settings.  

 And take advantage of the protections browsers offer.

Section 3 – General Data Care, Cybersecurity, and Privacy Stories

Data Care, cybersecurity and privacy stories for those wanting a deeper look.

This week continues to see its share of cyber attacks.

Three stories on cyber warnings to help us get prepared for an attack.

  • China: MI5 and FBI heads warn of ‘immense’ threat: The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. … FBI director Christopher Wray said China was the “biggest long-term threat to our economic and national security” and had interfered in politics, including recent elections. … MI5 head Ken McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again.  BBC, July 7, 2022
  • North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector: CISA, the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA), North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector, to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. CISA, July 6, 2022
  • Cyberattacks: A very real existential threat to organizations: One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? … We all know cybersecurity is a critical element of business risk. But how critical? Some boardrooms seem to pay little more than lip service to security and still manage to avoid serious repercussions. That’s why a new report from global insurer Hiscox makes for interesting reading. It actually claims that many European and American organizations have come close to insolvency after security breaches. And while spending is on the rise, fewer global firms than ever are described as cyber-readiness “experts.” WeLiveSecurity, July 4, 2022

For those of us living in California … Being Number 1 isn’t always a good thing..

We continue to see stories of companies who expose sensitive information because they misconfigure their cloud settings.

And then there are the cybersecurity threats that are on their way.

Occasionally one gets relatively good cybersecurity stories. Here are two.

The attempt to pass privacy legislation in Washington just hit a roadblock as the US Chamber opposes parts of the current bill.

And finally …. If you are thinking about a career in cybersecurity or know someone who is, this story is for you. With several hundred thousand openings and no college degree needed, cybersecurity offers great career opportunities.

  • CISA and NPower offer free entry-level cybersecurity training: NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US, including women, people of color, young adults, and military veterans and their spouses. The program is part of CISA’s wider effort to address the cyber workforce shortage in the short and long term. Help Net Security, July 6, 2022

Section 4 – Data Care in the Organization

Stories to support executives and top management in securing their organizations.

We can’t emphasize enough the importance of using Multi-Factor Authentication (MFA / 2FA) to protect access to critical information. Thanks to the Cyber Readiness Institute for their survey showing the dismal state of MFA usage.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge