Threat Management Partners

07/06/2025

Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors: go.dhs.gov/wjJ

10/25/2022

As a reminder, tomorrow is FIGHT RETAIL CRIME DAY in Washington, D.C.! Join with the National Retail Federation (NRF) in pushing for congressional action this fall on the retail industry's top two priorities to address organized retail crime and theft.

• INFORM Consumers Act (S.936/H.R. 5502): Requires online marketplaces to verify the identity of high-volume third-party sellers to help curb the sale of stolen and counterfeit merchandise. NRF supports inclusion of the INFORM Act in the pending Senate National Defense Authorization Act (NDAA) manager's amendment.

• Combatting Organized Retail Crime Act (S.5046/H.R. 9177): Establishes a new Organized Retail Crime Coordination Center that will help federal, state and local law enforcement agencies better coordinate to effectively combat criminal activities. Recently introduced in both chambers of Congress, NRF is advocating for additional cosponsors.

[D-Ddaily.net, 10/25/22]

06/24/2020

Corporate America's Mass Layoffs Risk Loss of Corporate Data

The COVID-19 pandemic made significant changes to corporate life this spring, as huge swathes of the workforce transitioned to remote work and many companies had to furlough or lay off scores of employees. Experts have warned that the wave of layoffs may be accompanied by a wave of data theft. As offices across the country closed and employees began working remotely, corporate security teams were left temporarily blind as to what employees were doing.

Joe Payne of the firm Code 42 said he has observed "an enormous spike in exfiltrated data" as employees leave their jobs. Code 42 statistics show that 71 percent of information security workers and a similar share of business decision makers believe they own the work they do, not their companies.

Employees who have been laid off may feel angry or upset, prompting them to take company data as they go. Experts said companies can minimize the risk of corporate data theft by making it clear from the very beginning of an employee's tenure that the work belongs to the company, not the individual.

Paul F. Roberts in Forbes (06/16/20) via Security Management

06/19/2020

U.S. Senators Unveil Bill to Curb Foreign Espionage, Influence on Campuses

A bipartisan group of U.S. senators unveiled legislation on Thursday aimed at protecting research and innovation on U.S. campuses and prevent suspected theft of intellectual property by China and other countries. The bill comes amid a growing push in Washington to clamp down on spying and intellectual property theft that some Chinese nationals are suspected of engaging in on U.S. university and college campuses.

The “Safeguarding American Innovation Act” proposes to strengthen the State Department’s authority to deny visas to foreign nationals seeking access to certain sensitive technologies related to U.S. national security and economic security interests. It also proposes penalizing individuals with fines and imprisonment for failing to disclose foreign support on federal grant applications, as well as lowering the threshold for U.S. schools and universities to report foreign gifts.

The bill, co-sponsored by senators including Rob Portman (R-Ohio), Tom Carper (D-Del.), Marco Rubio (R-Fla.), and Maggie Hassan (D-N.H.), also aims to give the Department of Education authority to punish U.S. schools that fail to properly report gifts received from foreign entities. In one of the highest-profile cases to emerge from a U.S. Justice Department crackdown on Chinese influence within universities, a Harvard University professor pleaded not guilty on Tuesday to charges that he lied to U.S. authorities about his ties to a China-run recruitment program and funding he received from the Chinese government for research.

Reuters (06/18/20) via Security Management.

05/25/2020

On this Memorial Day, we honor the more than 1.1 million Americans who paid the ultimate sacrifice in the nation’s wars.

05/16/2020

Zoom Tackles Hackers With New Security Measures

Zoom is continuing to implement new security measures to minimize cyberattacks and unauthorized intrusions. Ever since the company enjoyed a surge in popularity at the start of the work-from-home period of the COVID-19 crisis, trolls and malicious actors have disrupted Zoom-facilitated video conferences with offensive content, including racist, homophobic, and explicit imagery. Zoom last month vowed to enhance its cybersecurity amid a flood of complaints over unauthorized people hijacking meetings and posting disturbing content. On May 9, all users with free Zoom accounts will be required to use passwords for entry into meetings, and Zoom said another security update will come by the end of the month. Jo O'Reilly, deputy editor at ProPrivacy, said the security updates are a good start, but predicted that the company will need to keep strengthening its defenses.

[BBC, "Zoom Tackles Hackers With New Security Measures," 05/06/20 via Security Management]

05/14/2020

Citizen Buys Old Tesla Parts on eBay, Finds Them Full of User Data

A security researcher has raised concerns over the sale of old Tesla parts on eBay after recovering a trove of sensitive information from 13 Tesla infotainment systems. The researcher, who said he is a "Tesla tinkerer that's curious about how things work," acquired the 13 media control units (MCUs) after they were removed by certified Tesla technicians, likely during repairs and refurbishments. The researcher said 12 of the MCUs came from eBay, while the thirteenth was given to him by a friend. "It looks like some service center employees sell intact units on the side instead of returning them," the researcher said, pointing out that Tesla asks for removed MCUs to either be shipped back to the company intact or destroyed upon removal. Each of the MCUs contained a trove of personal information, including phone books, call logs, calendar entries, account passwords, common locations, and session cookies that allowed access to Netflix and YouTube.

[Goodin, Dan. "Hacker Buys Old Tesla Parts on eBay, Finds Them Full of User Data." Ars Technica, 05/05/20 via Security Management]

05/12/2020

Fauci Warns of ‘Suffering and Death’ If US Reopens Too Soon

Dr. Anthony Fauci, the country’s top authority on infectious diseases, paints a picture of "needless suffering and death" if America lifts its COVID-19 lockdown prematurely. The government is pushing for a return to normalcy as the national economy flails under stay-at-home orders; but Fauci and others warn that lack of readiness could sabotage any comeback and spark new outbreaks. The absence of contact tracing, for instance, will allow inadvertent transmission to continue; while inadequate testing will lead to uninformed decisions to reopen schools and businesses. With no effective treatments, meanwhile, a COVID-19 rebound threatens to again push the limits of the U.S. health care system. Fauci and representatives from the National Institutes of Health, Centers for Disease Control and Prevention, and the Department of Health and Human Services will testify on the risks of reopening the country at a May 12 hearing before a Senate committee. With many in self-quarantine following exposure to a White House staffer who tested positive for coronavirus, they will speak via video conference.

[Alonso-Zaldivar, Ricardo; Neergaard, Lauran. "Fauci Warns of ‘Suffering and Death’ If US Reopens Too Soon," Associated Press, 05/12/20 via Security Management]

04/12/2019

Amazon Workers Are Listening to What You Tell Alexa
From "Amazon Workers Are Listening to What You Tell Alexa"

Amazon.com Inc. employs thousands of people around the world to help improve the Alexa digital assistant powering its line of Echo speakers. The team listens to voice recordings captured in Echo owners’ homes and offices, and the recordings are transcribed, annotated, and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands. According to seven people who have worked on the Alexa voice review process, the team comprises a mix of contractors and full-time Amazon employees who work in outposts from Boston to Costa Rica, India and Romania. They work nine hours a day, with each reviewer parsing as many as 1,000 audio clips per shift, according to two workers based at Amazon’s Bucharest office. Workers say the work is mundane, but sometimes they hear recordings they find upsetting, or possibly criminal. Amazon says it has procedures in place for workers to follow when they hear something distressing, but two Romania-based employees said that, after requesting guidance for such cases, they were told it wasn’t Amazon’s job to interfere. “We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in an emailed statement. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience."

Bloomberg (04/10/19) Day, Matt; Turner, Giles; Drozdiak, Natalia via Security Management Weekly.

10/24/2016