Google has released new biometrics specs for Android devices, with the top-level “strong security” option requiring only “a spoof and imposter acceptance rate not higher than 7%.” But most biometrics specialists say that for something to be considered “high security,” that imposter and acceptance rate should be closer to 1%.

That prompted me to ask Google for comment. Google replied by emailing an anonymous statement to be attributed to nobody that doesn’t directly defend the levels it chose — but did say security decisions are ultimately up to each handset manufacturer.

To read this article in full, please click here

Ask anyone who knows, and they’ll tell you that when it comes to security, the weakest point is always people. Yet, as pressure grows for Apple to allow app purchases from outside the App Store, the fact the company fired App Store staff for “business misconduct” is cause for alarm.

As first reported by The Information, the Apple story is pretty simple.

To read this article in full, please click here

This month, Microsoft has released 103 updates to Windows, Edge, Microsoft Office, and Exchange Server. This update also includes minor updates to Visual Studio. Three zero-days (CVE-2023-44487, CVE-2023-36563 and CVE-2023-41763) require "Patch Now" updates for both Windows and the Edge browser for this October update cycle.

To read this article in full, please click here

The big problem with privacy is that once you relinquish some of it, you never get it back. What makes it worse is when those who are supposed to protect your rights choose to undermine them. When they do so, they eat away at the thin protections we should all enjoy in the digital age.

These are some of the reasons to be so concerned to learn from a newly released US Department of Homeland Security report that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did. To do this, they purchased smartphone location data, including Advertising Identifiers (AdIDs) from data brokers that had been harvested from a wide range of apps.

To read this article in full, please click here

A contact recently told me that Apple handles thousands of inquiries from people who have forgotten or misplaced their Apple ID logins every day. That’s probably why Apple recently made it easier to access your Apple ID using any known email address.

But Apple reps are also inundated with requests related to third-party apps over which they have no control. As the EU looks to force Apple into allowing apps from alternative app stores onto its devices, a practice known as sideloading, the user experience with Apple devices — and the flood of inquiries and complaints — is about to get much, much worse.

To read this article in full, please click here

While it’s not universally the case, many businesses actively using Macs for work may not be paying enough attention to ensuring those devices are secured, according to cloud security provider Qualys, which estimates that just over half of Macs remain unprotected by recent security patches.

To read this article in full, please click here

Once upon a time, digital business sat inside the security perimeter. Devices were kept in offices, shared the same network, and were protected by antivirus software, firewalls, and software updates. This system wasn’t perfect and became increasingly specialized, with security teams, networking teams, and others all working in different sectors.

With mobility, this changed. Devices were unleashed from their locations, used their own networks, and stood outside of traditional corporate endpoint protection.

The pandemic accelerated these changes, fostering the evolution of innovative security protections outside of traditional perimeters, such as around zero-trust. The global zero trust security market is now expected to reach $99 billion by 2030, up from $23 billion in 2021.

To read this article in full, please click here

Alphabet-owned Google is working on blocking user conversations with its new Bard generative AI assistant from being indexed on its Search platform or showing up as results.

“Bard allows people to share chats, if they choose. We also don't intend for these shared chats to be indexed by Google Search. We're working on blocking them from being indexed now,” Google’s Search Liaison account posted on Twitter, now X.

The internet search giant was responding to an SEO Consultant who pointed out on Twitter that user conversations with Bard were being indexed on Google Search.

To read this article in full, please click here

In February, travel and expense management company Navan (formerly TripActions) chose to go all-in on generative AI technology for a myriad of business and customer assistance uses.

The Palo Alto, CA company turned to ChatGPT from OpenAI and coding assistance tools from GitHub Copilot to write, test, and fix code; the decision has boosted Navan’s operational efficiency and reduced overhead costs.

GenAI tools have also been used to build a conversational experience for the company’s client virtual assistant, Ava. Ava, a travel and expense chatbot assistant, offers customers answers to questions and a conversational booking experience. It can also offer data to business travelers, such as company travel spend, volume, and granular carbon emissions details.

To read this article in full, please click here

Workflow management software provider ServiceNow has embedded a chatbot for assisting customers with most of its products.

ServiceNow’s new Now Assist tool is an expansion to its AI-powered Now Platform, and is available in its Vancouver software release for IT Service Management (ITSM), Customer Service Management (CSM), HR Service Delivery (HRSD), and Creator workflow application.

To read this article in full, please click here

Four years after it started life as a white paper, the UK government’s controversial Online Safety Bill has finally passed through Parliament and is set to become law in the coming weeks.

The  bill aims to keep websites and different types of internet-based services free of illegal and harmful material while defending freedom of expression. It applies to search engines; internet services that host user-generated content, such as social media platforms; online forums; some online games; and sites that publish or display pornographic content.

To read this article in full, please click here

Imagine running fleets of iPhones that alert you when unexpected security-related incidents take place, or when otherwise legitimate service requests arrive from devices at an unexpected time or location. Imagine management and security software that not only identified these kinds of anomalies but gave you useful advice to help remediate the problem.

This, and more, is the kind of protection Jamf hopes to deliver using generative AI tools. 

Jamf believes generative AI can be a big benefit to tech support and IT admin, and talked about its efforts at the end of an extensive Jamf Nation User Conference (JNUC) keynote. Akash Kamath, the company's senior vice president, engineering, explained that just as the Mac made computing personal, genAI makes AI personal.

To read this article in full, please click here

Microsoft released 59 updates in its September Patch Tuesday release, with critical patches for Microsoft Office and Visual Studio, and  continued the trend of including non-Microsoft applications in its update cycle. (Notepad++ is a notable addition, with Autodesk returning with a revised bulletin.) We've made "Patch Now" recommendations for Microsoft development platforms (Visual Studio) and Microsoft Word.

Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this time, too.

The team at Readiness has created this infographic outlining the risks associated with each of the September updates.

To read this article in full, please click here

Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens' rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

To read this article in full, please click here

The UK government has conceded one of the more controversial parts of its Online Safety Bill, stating that the powers granted by the legislation will not be used to scan encrypted messaging apps for harmful content until it can be done in a targeted manner.

Companies will not be required to scan encrypted messages until it is "technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” said Stephen Parkinson, the Parliamentary Under-Secretary of State for Arts and Heritage, in a planned statement during the bill’s third reading in the House of Lords on Wednesday afternoon.

To read this article in full, please click here

We’re in the “iPhone moment” for generative AI, with every company rushing to figure out its strategy for dealing with this disruptive technology.

According to a KPMG survey conducted this June, 97% of US executives at large companies expect their organizations to be impacted highly by generative AI in the next 12 to 18 months, and 93% believe it will provide value to their business. Some 35% of companies have already started to deploy AI tools and solutions, while 83% say that they will increase their generative AI investments by at least 50% in the next six to twelve months.

To read this article in full, please click here

Apple deployments are accelerating across the global enterprise, so it’s surprising that many organizations don't properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It’s quite shocking.

That’s the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don’t have a formal Bring-Your-Own-Device (BYOD) policy in place. That’s bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.

To read this article in full, please click here

It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.

This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.

To read this article in full, please click here

Apple is continuing its expansion of Managed Apple IDs for business customers, giving them increased access to iCloud services and Apple Continuity features. Companies get iCloud backup and new syncing options (particularly for passwords, passkeys, and other enterprise credentials) — along with access to business-friendly Continuity features such as Universal Control.

But they could also lead to increased data sprawl and siloing. Ironically, those issues are typically related to shadow IT, even though they're enterprise features. Let's look at what's going on and how enterprises can take advantage of these features and services without running into trouble.

To read this article in full, please click here

As a large number of companies continue to test and deploy generative artificial intelligence (genAI) tools, many are at risk of AI errors, malicious attacks, and running afoul of regulators — not to mention the potential exposure of sensitive data.

For example, in April, after Samsung’s semiconductor division allowed engineers to use ChatGPT, workers using the platform leaked trade secrets on least three instances, according to published accounts. One employee pasted confidential source code into the chat to check for errors, while another worker shared code with ChatGPT and “requested code optimization.”

To read this article in full, please click here