Skip to main content
Please wait...

Apple, platform security, and the next big war

1 month ago

When Apple CEO Tim Cook in 2016 warned of a cybersecurity war, he was specifically discussing the pressure Apple then faced to create back doors on its platforms so law enforcement could snoop on users.  

He was championing encryption and opposing the creation of designer vulnerabilities that can be exploited by any entity that knows they exist. Since then, we’ve seen a cancerous tumult of surveillance as a service that companies such as the NSO Group break out, each of them using the kind of hard-to-find flaws governments may insist on platform providers creating.

To read this article in full, please click here

Businesses, beware: The Motorola ThinkPhone comes with a major caveat

1 month ago

Let me just preface this by saying: No, the saga we're about to dive into isn't in any way related to April Fools' — as far as I can tell, anyway. After all, we're at the start of May.

And yet, one of Android's best-known phone-makers is putting out a new device with such eye-rollingly off-the-mark claims, I can't help but wonder if maybe they got mixed up on months and meant this to be a joke. It's so hilariously and obviously ironic, I'm just not sure what else to make of it.

So here it is: Motorola's got a new business-aimed Android phone called the Motorola ThinkPhone. It's the first time the company — which has been owned by Lenovo since 2014, when Google broke our hearts and pawned the brand off after a glorious 20 months of control — is bringing a classic Lenovo name into the Motorola and Android arena this prominently.

To read this article in full, please click here

White House seeks information on tools used for automated employee surveillance

1 month ago

The White House Office of Science and Technology Policy (OSTP) will soon release a public request for information (RFI) to learn more about the automated tools employers use to surveil, monitor, evaluate, and manage workers.

“Employers are increasingly investing in technologies that monitor and track workers, and making workplace decisions based on that information,” the OSTP announced in a blog on Monday. It said that while these technologies can benefit both workers and employers in some cases, they can also create serious risks to workers.

To read this article in full, please click here

Generative AI is about to destroy your company. Will you stop it?

1 month ago

As the debate rages about how much IT admins and CISOs should use generative AI — especially for coding — SailPoint CISO Rex Booth sees a wide range of obstacles before enterprises can see any benefits, especially given the industry’s less-than-stellar history of making the right security decisions.

Google has already decided to publicly leverage generative AI in its searches, a move that is freaking out a wide range of AI specialists, including a senior manager of AI at Google itself

To read this article in full, please click here

As Europeans strike first to rein in AI, the US follows

1 month ago

A proposed set of rules by the European Union would, among other things. require makers of generative AI tools such as ChatGPT, to publicize any copyrighted material used by the technology platforms to create content of any kind.

A new draft of European Parliament's legislation, a copy of which was attained by The Wall Street Journal, would allow the original creators of content used by generative AI applications to share in any profits that result.

To read this article in full, please click here

As Europeans strike first to reign in AI, the US follows

1 month ago

A proposed set of rules by the European Union would, among other things. require makers of generative AI tools such as ChatGPT,to publicize any copyrighted material used by the technology platforms to create content of any kind.

A new draft of European Parliament's legislation, a copy of which was attained by The Wall Street Journal, would allow the original creators of content used by generative AI applications to share in any profits that result.

To read this article in full, please click here

ChatGPT learns to forget: OpenAI implements data privacy controls

1 month 1 week ago

OpenAI, the Microsoft-backed firm behind the groundbreaking ChatGPT generative AI system, announced this week that it would allow users to turn off the chat history feature for its flagship chatbot, in what’s being seen as a partial answer to critics concerned about the security of data provided to ChatGPT.

The “history disabled” feature means that conversations marked as such won’t be used to train OpenAI’s underlying models, and won’t be displayed in the history sidebar. They will still be stored on the company’s servers, but will only be reviewed on an as-needed basis for abuse, and will be deleted after 30 days.

To read this article in full, please click here

IT staffers would help colleagues avoid monitoring software

1 month 1 week ago

The use of invasive monitoring software that tracks employee productivity is unlikely to be popular with workers — and it turns out IT staffers aren’t keen on deploying the technology either.

In fact, many IT workers are apparently willing to defy company policy and help colleagues find workarounds to avoid being spied on by the boss. That’s according to a survey of 500 IT managers and 500 non-manager IT workers in the US conducted by Wakefield Research on behalf of digital employee experience software vendor 1E. The survey results were made public last week. 

To read this article in full, please click here

Jamf debuts sophisticated security protection for executive iPhones

1 month 1 week ago

Newton’s Third Law of motion argues that for every action there is an equal and opposite reaction. With that in mind, it’s no surprise that the Apple ecosystem is fighting back in a big way against the mercenary spyware companies that have made headlines recently.

Improving situational awareness

Few people in tech sit comfortably with NSO Group and others in their attacks against journalists, human rights advocates, and high-value targets on behalf of repressive governments. They know that these technologies tend to proliferate, which is why most firms are now engaged in finding new ways to fight back.

To read this article in full, please click here

Do the productivity gains from generative AI outweigh the security risks?

1 month 1 week ago

There's no doubt generative AI models such as ChatGPT, BingChat, or GoogleBard can deliver massive efficiency benefits — but they bring with them major cybersecurity and privacy concerns along with accuracy worries. 

It's already known that these programs — especially ChatGPT itself — make up facts and repeatedly lie. Far more troubling, no one seems to understand why and how these lies, coyly dubbed "hallucinations," are happening. 

In a recent 60 Minutes interview, Google CEO Sundar Pichai explained: “There is an aspect of this which we call — all of us in the field — call it as a ‘black box.' You don’t fully understand. And you can’t quite tell why it said this.”

To read this article in full, please click here

Google adds data loss prevention, security features to Chrome

1 month 2 weeks ago

Google today rolled out several new features for enterprise users of its Chrome browser, including data loss prevention (DLP), protections against malware and phishing, and the ability to enable zero-trust access to the search engine.

In all, Google highlighted six new features for Chrome – three of them specific to the browser's existing DLP capabilities.

A new “context-aware” feature allows enterprise administrators to customize DLP rules based on the security posture of the device being used. For example, admins can allow users to download sensitive documents if they're accessing them from a corporate device that’s up to date on security fixes or is confirmed to have endpoint protection software installed.

To read this article in full, please click here

Security researchers uncover NSO Group iPhone attacks in Europe

1 month 2 weeks ago

Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked  for a global news agency.

Older iPhones at most risk

The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”

To read this article in full, please click here

Three issues with generative AI still need to be solved

1 month 2 weeks ago

Disclosure: Qualcomm and Microsoft are clients of the author.

Generative AI is spreading like a virus across the tech landscape. It’s gone from being virtually unheard a year ago to being one of, if not the, top trending technology today. As with any technology, there are issues that tend to surface with rapid growth, and generative AI is no exception.

I expect three main problems to emerge before the end of the year that few people are talking about today.

The critical need for a hybrid solution

Generative AI uses massive language models, it’s processor-intensive, and it’s rapidly becoming as ubiquitous as browsers. This is a problem because existing, centralized datacenters aren’t structured to handle this kind of load. They are I/O-constrained, processor-constrained, database-constrained, cost-constrained, and size-constrained, making a massive increase in centralized capacity unlikely in the near term, even though the need for this capacity is going vertical. 

To read this article in full, please click here

NSO Group returns with triple iOS 15/16 zero-click spyware attack

1 month 2 weeks ago

No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.

It also suggests Lockdown Mode is effective against such attacks.

A trio of exploits used in complex form

The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.

To read this article in full, please click here

Patch now to address a Windows zero-day

1 month 2 weeks ago

Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a "Patch Now" release.

This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.

To read this article in full, please click here

EU privacy regulators to create task force to investigate ChatGPT

1 month 2 weeks ago

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR).

Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

To read this article in full, please click here

Checked
1 hour 8 minutes ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.