This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Cyber Risk Community here at this week. Health Sign up at this week, health.com/subscribe. I'll keep you posted on all the latest webinars and podcasts and all the other stuff that we do, like our 2 29 Project City tour dinners and summits and something new coming soon.

Uh, I'm gonna. I'm gonna keep you looped on that, uh, when we get it all squared away. It's great to see everyone today. Here's some stuff you might want to know about. I started talking about this back in May when I started the UN Fake Podcast, but the feds have dropped some new intel last week all about this North Korean fake remote worker hustle that's been going on now for a while.

Their catfishing businesses across the US, including healthcare organizations, they use deep fakes and stolen IDs to land jobs like remote developers or application analysts. So that employee that you just recently hired from Oklahoma City. They might actually be North Koreans working in China or Russia, and in some cases they're using US-based laptop farmers to make it all look legit.

I'm gonna give you more of an update on all of that in a post tomorrow or maybe Thursday. Kind of see how it all comes together. Um, there's a lot of new reporting on this since, again, I started talking about it in the spring. So if you or your HR team think that you just hired a wiz kid. Remote work developer on the cheap.

You might wanna take a second look. It's really possible that you've onboarded an operative helping to bankroll North Korea's weapons program. So it's kind of time to think, rethink how we vet remote workers. If you have Allianz's life insurance, listen, our packers have stolen personal data for most of the 1.4 million customers in North America.

Just a couple of weeks ago, a cyber threat gained access to a third party cloud-based CRM system used by allianz's Life Insurance Company of North America. And from there they were able to obtain personal data connected to customers and some company personnel, and they did it all by using social engineering techniques.

Which leads me to the question that I've asked before. How's everything going with your password reset and your MFA re-registration program? Do you feel comfortable that your team won't get caught? They won't fall victim to the same social engineering techniques? Finally, there's an app called TTEA, it's marketed.

It was marketed as a women's only dating safety platform. Women can share reviews and info about men that they've dated. I think the intention is to give women a place to sort of check and see if a guy's a creep before they go out with them. To join the site, you had to provide a selfie and a copy of your government id.

Well, last Friday, somebody demonstrated that a lot of the data, including the IDs and selfies and other images that were posted to the app were stored in a way that was open to the rest of us on the internet. That data was scooped up by a bunch of dirt bags who specialize in selling that kind of data on the dark web, and now it's in marketplaces and hacker forums everywhere.

Then yesterday we find out the data also included over a million private messages that were sent using the app, which means that this safe space for women to better protect themselves has become. Uh, I don't know. Not that. So when you find these cool apps online, they sound like such a good idea, but just be careful.

Apps go viral and we all get excited about them and they ask for sometimes some pretty personal information. When you sign up, like a copy of your id, just consider what you're giving up to those systems before you act out of habit. More on all those stories and a lot of other healthcare tech innovation and security news at this week.

health.com/news. You can find all our security podcast, including the ones you might have missed on fake UNH hack. It's all at this week. health.com/unh hack. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I will see you around campus.