The University of Michigan’s MORPHEUS technology emerged unscathed from the university's bug bounty effort. DARPA pitted 500+ hackers against this computer chip, and the chip won. Congratulations to all of the engineers and developers who obviously prioritized data security in the design and development of MORPHEUS.

If it works, Rita Personal Data is a great idea. We’ve not actually tested the service, but certainly love what it stands for. Inspired by GDPR, the service promises to find all of a user's data online then enable users to restrict which companies have access. It's difficult to believe a single entity would be able to find every piece of data on an individual, not to mention compel other organizations to pay you for using that data. But the concept is intriguing. Have any of you tried this?

Nicole Nguyen's WSJ article, The Best Password Managers and Security Tips: How to Solve Your Login Problems, stands to help a lot of people. As Rebecca has shared in the past, however, locally stored password managers (those on your own storage drive, not in a cloud) are the most secure option.

The U.S. Federal Trade Commission (FTC) has once again earned a privacy beacon, this time for providing free weekly credit reports during COVID-19. The agency has extended the service through April 2022. Take advantage of this! As the FTC reported, “If you’re feeling anxious about your financial health during these uncertain times, you’re not alone. That’s why the three national credit reporting agencies, which last year gave people weekly access to monitor their credit report for free, are extending that benefit until April 20, 2022.”

Mich Kabay puts out frequent privacy and security reminders through his Facebook page. Check it out. Start with this post about a mailing he received for scammy auto repair insurance.

California officials created the California Privacy Protection Agency Board, a first of its kind privacy board in the U.S. Thank you to each of the appointees for serving in this important and historic capacity:

There's an apparent uptick in reported incidents of hidden two-way mirrors in public bathrooms, dressing rooms, fitness gyms, restaurants and nightclubs... even other people's homes. Here are just two recent incidents...

Sadly, Rebecca has personal experience with this, having discovered such a mirror early in her career at a Las Vegas hotel off of the strip. She was in town to attend an IT audit conference when she found the analog surveillance "device." And, she's not the only one. A Privacy Professor Consultancy client recently shared their story of finding a similar mirror in vacation home rental and thought it could be a good tip to share here in the Monthly Tips.

To see some of the above tips demonstrated, check out this video.

It's important to keep in mind these tips are far from exhaustive, and new technology will one day (if it's not already) enabling the development of two-way mirrors capable of passing these simple tests. Use caution whenever you are in front of a mirror you don't own.

Besides being a good data hygiene practice (See more about data hygiene in Rebecca’s article referenced later), it also helps your Outlook run much faster with a smaller .pst file (which houses all your emails).

Microsoft has created a set of instructions for making a backup to a local hard drive. Check it out and let us know if you find the process easy to follow.

Cybersecurity firm warns of potential ransomware attack in the near future. CNBC’s Eamon Javers reports on a dire warning from cybersecurity firms that a ransomware attack could be coming soon.

Largest ransomware demand now stands at $30 million as crooks get bolder. Cybersecurity researchers at Palo Alto Networks analyzed ransomware attacks targeting organizations across North America and Europe. The found the average ransom paid rose from $115,123 in 2019 to $312,493 in 2020.

This dangerous ransomware is using a new trick to encrypt your network. Ryuk now has the ability to use a worm-like capability to spread itself to any Windows machine on the same network as the initial compromise.

This company was hit by ransomware. Here's what they did next, and why they didn't pay up "When it hit, we ran to our server room and data center and started pulling plugs out." How one company was hit by ransomware, but refused to pay up.

Exchange servers first compromised by Chinese hackers hit with ransomware. As if Exchange users didn't already have enough to worry about, they have this.

Ransomware Extortion Threat Actors Post Data from 4 Healthcare Entities. Recent dark web postings of data allegedly stolen from healthcare entities show that ransomware extortion threat actors will continue to target healthcare in 2020.

Ransom Paid Just Before Netwalker Gang Disrupted. Client Says Third-Party Administrator Paid for Promise to Destroy Exfiltrated Data

Photo Caption (Star Wars-themed Image Above): "Happy April Fools Day!" by JD Hancock is licensed under CC BY 2.0

Below are three different views of the same problem: Cameras, sold by startup Verkada, have the capacity for facial recognition, attracting the attention (and the bad deeds) of hackers. The company has reported an attack.

Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras. Flock has expanded from surveilling individual neighborhoods into a network of smart cameras that spans the United States.

How Many Times are Americans on Camera Every Week? Research found the average American is filmed by security cameras more than 230 times a week, a number that has increased rapidly over the last decade and will continue to do so in the near future.

Good Surveillance Avoidance Tips: How to Remove Yourself From People Search Directories.

For Employees: US: Cyber Risk: Facing Off Against Employee Monitoring Requirements.

Tracking the Vaccinated by Name, Race Challenges Privacy Laws. First of all, we strongly support getting vaccinations! So, please do not interpret this as being against fighting the COVID-19 pandemic to make the public safer. However, even with the best programs used to improve and protect the public, privacy issues must be taken into account. A shout-out to Maria for pointing out this article.

A Hacker Got All My Texts for $16. A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild. According to IBM, the vulnerability is rated 8.8 out of 10 on the CVSS scale, and could allow a remote attacker to execute arbitrary code on the target system. "By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system," the report stated.

Turns Out This Sophisticated Hacking Campaign Was Actually the Work of 'Western Government Operatives.' A sophisticated hacking campaign that was previously witnessed targeting security flaws in Android, Windows and iOS devices is actually the work of “Western government operatives” conducting a “counterterrorism operation,” according to a new report from MIT Technology Review.

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack. The vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.

Thousands of UK taxpayers' personal details potentially exposed online through councils' debt-chasing texts. Got a link? Change the last character and bingo, it's blackmail time!

US military conducted 2 dozen cyber operations to head off 2020 election meddling. Details regarding these operations are scarce given their sensitivity. However, Cyber Command has been public about using its unique authorities to operate outside the US to act against malicious activity.

Woman allegedly made deepfakes to kick rivals off daughter's cheerleading squad. According to law enforcement, a cheerleader's mother sent coaches AI-altered photos and videos of rivals on her daughter's cheerleading squad to portray them drinking, smoking or naked. Lesson: Think twice before believing photos and videos you see online. Deepfakes are becoming easier to make, and the consequences of people believe them could be life-changing to those involved.

Ignore bogus COVID vaccine survey. Scammers are using a new trick to steal your money and personal information: a bogus COVID vaccine survey.