This week’s e-newsletter lets you know about a current threat, and thankfully I haven’t heard of many new threats this week! There are some important security updates for specific Apple devices. And I have included some recent security news and information about tech companies closing their operations in Russia.
Current Threats
- Final Care Solutions (email)
- This email is from someone using the domain @finalcaresolutions.
- The subject is “The University of Tennessee, Knoxville survivor benefit options”.
- The message is telling you that you can sign up for an appointment to better understand your state survivor benefit options.
- The email is almost identical to the ones you have seen asking to you set up the online appointment for discussing your state retirement benefits.
- This email is not affiliated with nor endorsed by UT or UT’s Retirement & Benefits.
Browser, OS, and Software Updates
- Apple
- Apple has released security updates for multiple products to address a vulnerability.
- This vulnerability affects iPhone 5, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch.
- Please make sure you have applied all available updates for these devices.
- Exploitation of this vulnerability could allow an attacker to take control of the affected device.
Recent Security News
- LastPass Confirms Security Breach
- LastPass, the well-known password manager app, has made public the acknowledgement of a recent security breach.
- Two weeks ago, a developer account was compromised, allowing cybercriminals to access portions of the source code, as well as some proprietary technical information.
- The company has confirmed that no user data was exposed.
- No action is required on the user side, as master passwords are not stored on LastPass servers according to LastPass.
- The American Data and Privacy Protection Act (ADPPA)
- Data privacy in the US has been an issue, with the exception of certain protections for health and financial data.
- The ADPPA is gaining momentum and could have significant implications for businesses reports TechTarget.
- The ADPPA limits data collection and processes to what is necessary for providing specific services. (This sounds a lot like my favorite security phrase…need-to-know!)
- The bill prohibits companies from transferring personal data without express consumer consent and requires consumer opt-in to targeted advertising, much in the way the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation in the European Union (GDPR) work.
- The bill also targets data algorithms, requiring businesses to provide an outline of how their algorithms work and what data the algorithms use.
- Government agencies will be exempt from ADPPA requirements.
- Hopefully Congress will vote on (and pass) this bipartisan bill in the near future.
Global Cybersecurity
- Tech Companies Leaving Russia
- Once Russia decided to invade Ukraine in February 2022, tech companies have been ending their business operations in Russia.
- Earlier this year Apple, Microsoft, and Cisco decided to take a stance and withdraw their operations.
- On August 27, Dell announced that it had ended all operations in Russia after shutting its offices earlier in the month.
- Switzerland-based Logitech International suspended its operations in March and is shutting down all remaining activities in Russia.
- This week two of Europe’s most prestigious 5G telecommunications companies, Nokia and Ericsson, who suspended business operations shortly after the start of the invasion, have now scheduled a complete withdrawal by the end of 2022.
- With the withdrawal of these tech companies, Chinese vendors, such as Huawei and ZTE, will remain in Russia, which will allow them to expand in Russia and likely exert even more control of the tech market.
Thanks for all you do to protect the Institute and its data. As always, if you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.
Thank you and have a great long weekend!
Sandy
