Podcast Episode 8: Brightpoint’s IT Spirit Week, Infrastructure Security, AI’s Limitations

Posted in: Resources » Unmasked Podcast

Welcome to another captivating episode of Unmasked! Join us as we embark on a thrilling journey into the dynamic realm of cybersecurity, led by the always entertaining and insightful Paul Blacker and Mark Harvey.

In this episode, we’re excited to discuss Assura’s involvement in Brightpoint Community College’s IT Spirit Week. In this remarkable event, our expert team shared valuable insights into penetration testing and other aspects of offensive security. For Assura, giving back to the community isn’t just a noble gesture; it’s an essential commitment. Get a recap of how a tag on LinkedIn initiative this collaboration and details of Assura’s participation. 

Our podcast then takes you from local to global, delving into the profound impact of large-scale conflicts on security. We explore the evolution of security, transcending mere physical fortifications to encompass the complex world of digital defenses. Join us for an array of tips on how to remain vigilant in an ever-evolving digital landscape.

Our hosts dissect pressing cyber headlines, shedding light on the paramount importance of cybersecurity in local utilities, including the safeguarding of our precious water resources. We unravel the intricate challenge of insider threats, which often subvert even the most well-intentioned policies and procedures. Plus, we delve into why merely checking security boxes is a recipe for organizational failure and what forward-thinking measures are essential to stay ahead in the game. You’ll also learn why you shouldn’t rely too heavily on AI technology. 

All this and more in this thrilling episode! So, don’t miss out on this power half-hour of cyber insights. Tune in to gain perspective that helps you navigate the complex and ever-changing world of cybersecurity.

Next episode we will have a special guest John Craft Director of Information Security for University of Richmond  and talk about their upcoming CTF Events.  

SHOW NOTES: 

Wars and Conflicts across the globe – Hardening physical structures but what about the digital infrastructure? 

  • Ongoing issues with being proactive and securing networks during global conflicts 
  • What are some ways companies, agencies, organizations can step up cyber security protocols at this time? 
  • Where should focus be when war and conflicts break out halfway around the world to better secure networks? 
  • In a major blow to the Biden administration’s efforts to improve the cybersecurity defenses of critical infrastructure, the Environmental Protection Agency will no longer require cybersecurity audits of U.S. water utilities through sanitary surveys. 
  • In a letter to state drinking water administrators on Thursday, the EPA said litigation from Republican states and trade associations, which raised questions about the long-term legal viability of the initiative to regulate the cybersecurity of water utilities, drove the decision to rescind a March memorandum implementing the rule. 
  • The announcement represents a major setback to the White House’s efforts to add more stringent cyber mandates to critical infrastructure sectors. The Biden administration’s National Cybersecurity Strategy described improving the digital defenses of critical infrastructure as a key priority. 
  • EPA said it encourages “all states to voluntarily review public water system cybersecurity programs to ensure that any vulnerabilities are identified and corrected, and assistance is provided to systems that need help.” 
  • Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens’ personally identifiable information (PII) and selling it on the dark web. 
  • The man was indicted with his wife, Natasha Renee Chalk, in February 2021 and pleaded guilty to aggravated identity theft and conspiracy to commit wire fraud in March 2023
  • According to information contained in the indictment, Hooper opened an online account with a company maintaining a database containing the PII of millions of people in August 2018. 
  • The lead defense lawyer for convicted Fugees hip hop star Prakazrel “Pras” Michel improperly relied on an experimental generative AI program to draft his closing argument in Michel’s high-profile criminal trial last spring, according to a newly-filed brief demanding a retrial for Michel. 
  • Michel’s new counsel from ArentFox Schiff said that the AI-generated closing argument by Michel’s previous lawyer, David Kenner, was a resounding flop: “Kenner’s closing argument made frivolous arguments, misapprehended the required elements, conflated the schemes and ignored critical weaknesses in the government’s case,” the brief said. 
  • By using an experimental AI program to generate his closing argument, the brief said, Kenner botched “the single most important portion” of Michel’s jury trial. 
  • Kenner did not immediately respond to two email queries on the new brief. His co-counsel Alon Israely did not immediately respond to a query sent via LinkedIn. 
  • Microsoft has disabled a bad anti-spam rule flooding Microsoft 365 admins’ inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam. 
  • This false positive issue (tracked as EX682041) affected Exchange Online users worldwide, with many reports saying that all emails sent to external addresses were being tagged as spam. 
  • “We’re investigating an issue resulting in admins receiving an unexpected volume of copies of outbound email sent to external parties from other users in their organization,” the company said via its official Microsoft 365 Status account on Twitter. 
  • Cybercriminals are stealing medical records from plastic surgery offices to extort doctors and patients. 
  • On Oct. 17, the FBI published a rather bespoke public service announcement aimed at plastic surgery providers, indicating that hackers have been targeting their industry specifically. Their idea, it seems, is to capitalize on the sensitive nature of these procedures, threatening to publish personal information and explicit photographs in order to get both providers and their patients to pay up. 
  • In the last several months, plastic surgery providers have reported data breaches in California and South Dakota. The trend extends beyond US borders, as plastic surgeons in Brazil and the UK have been hit in recent years with ransomware extortion as well. 
  • It’s only the latest evidence of a much broader, deeper issue in healthcare cybersecurity. 
  • As Surber points out, “targeting plastic surgeons and their patients makes a lot of financial sense. Plastic surgery is a lucrative and largely pay upfront business. This means that both the surgeon and patients generally have significant disposable income and are interested in protecting their privacy more against embarrassment than concerns about identity theft.”