There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

Building on its Webex product line, Cisco plans to deliver an air-gapped, cloud-based collaboration system  for companies involved in US national security and defense work, extending the secure offerings the company already provides to industries that require collaboration tools with strong security measures to meet US government requirements.

Beginning in 2024, the new Webex system — Air-Gapped Trusted Cloud — will provide an added layer of security for teams collaborating through the Webex App, Cisco said.

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. For example, an air-gapped computer is unable to connect to the internet or any other communications networks so as to have complete security with the information that resides within it.

To read this article in full, please click here

Just weeks after President Biden signed an executive order designed to prevent the US government from purchasing commercial spyware used to subvert democracies, researchers have identified yet another shameful zero-click, zero-day exploit that targeted iPhone users. This spy-for-hire ‘solution’ was sold by an Israeli firm called QuaDream.

Making everyone less safe

QuaDream’s attacks have been exposed by security researchers at Microsoft and Citizen Lab. QuaDream is a more secretive entity than NSO Group but shares much of the same pedigree, including being founded by ex-NSO Group employees and having connections to Israeli intelligence. Its attacks were first exposed last year, but the researchers have since found more about how these digital mercenaries worked.

To read this article in full, please click here

So you have a Windows 10 computer — or a fleet of them. But which exact version of Windows 10? If you are on Windows 10, version 21H2, its end of servicing is coming up on June 13, 2023. For Windows 10 Home, Windows 10 Pro, Windows 10 Pro Education, and Windows 10 Pro for Workstations, version 21H2 will stop being offered updates — including security updates — after June. (For Windows 10 Enterprise and Windows 10 Education customers, support for 21H2 lasts another year.)

Why should you upgrade to a new feature release if your existing machines are working just fine? As Windows 10 comes into its final years of support (through to 2025), it’s key to keep machines on supported versions so you can receive security updates. Take the time to review the machines under your control and ensure that they are ready for the end of 21H2 support.

To read this article in full, please click here

Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation.

It feels as if practically everyone has been using Open AI's ChatGPT since the generative AI hit prime time. But many enterprise professionals may be embracing the technology without considering the risk of these large language models (LLMs).

That’s why we need an Apple approach to Generative AI.

What happens at Samsung should stay at Samsung

ChatGPT seems to be a do-everything tool, capable of answering questions, finessing prose, generating suggestions, creating reports, and more. Developers have used the tool to help them write or improve their code and some companies (such as Microsoft) are weaving this machine intelligence into existing products, web browsers, and applications.

To read this article in full, please click here

The UK's Information Commission’s Office reminds organizations that data protection laws still apply to unfiltered data used to train large language models.

The Chinese government is instituting a cybersecurity review of US-based memory chip maker Micron’s products being sold in the country, in the latest move in the ongoing semiconductor trade dispute that pits China against the US and its allies.

The rupture between China and the West over semiconductors is causing chip supply chain disruptions that threaten many of the fastest-growing parts of the technology sector – mainly AI and cloud technology. The chip war is also putting global enterprises in the crosshairs, as auto manufacturing and a host of other sectors are increasingly dependent on the availability of advanced silicon for growth.

To read this article in full, please click here

Ransomware.

It’s one word that can strike a chill in anyone from a corporate C-suite to a home user. It’s sometimes hard to get a feel for the overall ransomware industry (and yes, it’s now an industry). But based on anecdotal reviews of forums and social media, it appears as though attacks against individuals are slowing. I no longer see people report they’ve been hit by ransomware on their PCs.

But it may be that attackers have realized that going after “one-off” targets isn’t the best business plan. In fact, in a recent Microsoft Secure online seminar (registration required), Jessica Payne and Geoff McDonald discuss how ransomware is now a big business, offered as a service by those who sell access to compromised networks to others.

To read this article in full, please click here

Organizations are rapidly adopting the use of artificial intelligence (AI) for the discovery, screening, interviewing, and hiring of candidates. It can reduce time and work needed to find job candidates and it can more accurately match applicant skills to a job opening.

But legislators and other lawmakers are concerned that using AI-based tools to discover and vet talent could intrude on job seekers’ privacy and may introduce racial- and gender-based biases already baked into the software.

"We have seen a substantial groundswell over the past two to three years with regard to legislation and regulatory rule-making as it relates to the use of AI in various facets of the workplace," said Samantha Grant, a partner with the law firm of Reed Smith. 

To read this article in full, please click here

Apple’s decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say could let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable.

The problem is how the standard handles power-saving

The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.

To read this article in full, please click here

3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, users are urged to use the PWA Client instead.

More than 1,100 technology luminaries, leaders, and scientists have issued a warning against labs performing large-scale experiments with artificial intelligence (AI) more powerful than ChatGPT, saying the technology poses a grave threat to humanity.

In an open letter published by Future of Life Institute, a nonprofit organization with the mission to reduce global catastrophic and existential risks to humanity, Apple co-founder Steve Wozniak and SpaceX and Tesla CEO Elon Musk joined other signatories in agreeing AI poses “profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs.”

To read this article in full, please click here

More than 1,100 technology luminaries, leaders and scientists have issued a warning against labs performing large-scale experiments with artificial intelligence (AI) more powerful than ChatGPT, saying the technology poses a grave threat to humanity.

In an open letter published by Future of Life Institute, a nonprofit organization with the mission to reduce global catastrophic and existential risks to humanity, Apple co-founder Steve Wozniak and SpaceX and Tesla CEO Elon Musk joined other signatories in agreeing AI poses “profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs.”

To read this article in full, please click here

In April, 2021, Cisco CEO Chuck Robbins announced he would let all 75,000 employees work remotely indefinitely, even after the COVID-19 pandemic ended. The company had seen no drop in productivity by allowing employees to work from home and expected to save money by not fully staffing offices. When and how often employees should come into the office would be up to their managers, who abide by a flexible hybrid policy.

But that shift brought technology challenges most companies are by now familiar with: how do you secure networks when the employee’s home is essentially a branch office? How do you create company culture from afar? And, how do you retain employees at a time when IT talent is in historically high demand.

To read this article in full, please click here

Russia’s Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it's hard to think there isn't an argument there. But the bigger story isn’t the harm to Apple’s small business in Russia, it's the threat to digital supply chains it shows.

To read this article in full, please click here

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month's Patch Tuesday release to 84. 

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a "Patch Now" release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

To read this article in full, please click here

The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

To read this article in full, please click here

Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.

Rapid Security Response aims to secure Apple’s platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.

Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.

To read this article in full, please click here

Apple-focused device management and security vendor Jamf today published its Security 360: Annual Trends report, which reveals the five security tends impacting organizations running hybrid work environments. As it is every year, the report is interesting, so I spoke to Michael Covington, vice president of portfolio strategy, for more details about what the company found this year.

First, here's a brief rundown of some of the salient points in the report:

To read this article in full, please click here