NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Apr 01, 2024

McDonald's serves up a master class in how not to explain a system outage
The global outage that last month prevented McDonald's from accepting payments prompted the company to release a lengthy statement that should serve as a master  class in how not to report an IT problem. It was vague, misleading and yet the company used language that still allowed many of the technical details to be figured out. 

(You know you've moved far from home base when Burger King UK makes fun of you— in response to news of the McDonald's outage, Burger King played off its own slogan by posting on LinkedIn: "Not Loving I.T.")

The McDonald's statement was vague about what happened, but it did opt to throw the chain's point-of-sale (POS) vendor under the bus — while not identifying which vendor it meant. Classy.

To read this article in full, please click here



Computer World Security News
Mar 28, 2024

If you get an unexpected call from Apple Support, you're being hacked
Have you ever had an unexpected direct phone call from Apple support? I have not, and if you do ever receive one, you probably aren't talking to Apple. The company says you should immediately hang up.

"If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up," the company support website states.

Don't fall for it Other things it warns against are suspicious calendar invitations in Mail or Calendar, annoying pop-ups in the browser, unexpected software download prompts, and fraudulent emails.

To read this article in full, please click here



Computer World Security News
Mar 15, 2024

For March's Patch Tuesday, no zero-day flaws
Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they're just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

To read this article in full, please click here



Computer World Security News
Mar 13, 2024

A call for digital-privacy regulation 'with teeth' at the federal level
How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google's search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There's nothing beneficial to the user about Google's sponsored search results. That's also true of  the adjacent Google ads that follow you around from site to site.

To read this article in full, please click here



Computer World Security News
Mar 12, 2024

EC's use of Microsoft 365 violates data-privacy rules, watchdog group says
The European Commission (EC) has violated several key data protection rules in its use of Microsoft 365 regarding the transfer of people's personal data from Europe to other regions not covered by EU data-protection laws, a key European privacy watchdog found.

The European Data Protection Supervisor (EDPS) on Tuesday chastized the EC after finding it did not take proper protective measures when sending personal data outside the EU and European Economic Area (EEA) when using the cloud-based app.

To read this article in full, please click here



Computer World Security News
Mar 05, 2024

Researchers, legal experts want AI firms to open up for safety checks
More than 150 leading artificial intelligence (AI) researchers, ethicists and others have signed an open letter calling on generative AI (genAI) companies to submit to independent evaluations of their systems, the lack of which has led to concerns about basic protections.

The letter, drafted by researchers from MIT, Princeton, and Stanford University, called for legal and technical protections for good-faith research on genAI models, which they said is hampering safety measures that could help protect the public.

To read this article in full, please click here



Computer World Security News
Mar 01, 2024

EC to grill Meta on Facebook ‘subscription for no ads' plan
The European Commission (EC) on Friday said it needs more information from Facebook and Instagram parent company Meta to assess its compliance with applicable privacy and security laws in the European Union (EU).

The EC, in a statement, said Meta also needs to speed up its responses to requests in December for information, which centered on election information, terrorism and the protection of minors. The company has until March 15 to provide that information, with the new info about Meta's pay-to-opt-out-of-tracking program due March 22.

To read this article in full, please click here



Computer World Security News
Mar 01, 2024

Apple warns of increased iPhone security risks
Apple is telling European customers that new EU competition laws will make iPhones less safe once the company is forced to open up its platforms to third-party App Stores. The company, not exactly happy about this, has published a 32-page white paper where it spells out the risks arising from the EU's big experiment.

The EU's formal adoption of the Digital Markets Act (DMA) means Apple must make several changes to its App Store and business models. Changes include the introduction of support for third-party app stores, opening up to payment systems other than Apple Pay, and more.

To read this article in full, please click here



Computer World Security News
Feb 29, 2024

Eight European consumer watchdogs file complaints over Meta's data processing
Eight European consumer organizations have filed complaints against Facebook parent Meta accusing it of breaching the EU's General Data Protection Regulation (GDPR) with its so-called "pay-or-consent" policy and opaque internal policies.

The organizations are all members of BEUC, the European Consumer Organization.  Their complaints, publicized Thursday, argue that the large-scale consumer data collection practiced by Meta violates the GDPR, and that the company has abused its dominant market position to essentially coerce customers into accepting its terms. Each of the eight groups filed their complaints with their national data protection authorities, as there is no pan-European office to accept such complaints.

To read this article in full, please click here



Computer World Security News
Feb 28, 2024

Enterprise mobility 2024: Welcome, genAI
Generative artificial intelligence (genAI) has become a focal point for many organizations over the past year, so it should come as no surprise that the technology is moving into the enterprise mobility space, including unified endpoint management (UEM).

"Generative AI is the latest trend to impact the UEM space," says Andrew Hewitt, principal analyst, Forrester. "This has been the main topic of interest in the last year. We see generative AI having impacts in multiple areas, such as script creation, knowledge-based article creation, NLP [natural language processing]-based querying of endpoint data, and help desk chatbots. All of these are considerations for inclusion within the UEM stack."

To read this article in full, please click here



Computer World Security News
Feb 28, 2024

Download: UEM vendor comparison chart 2024
Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.

As remote and hybrid work models have become the norm over the past two years, "mobility management" has come to mean management of not just mobile devices, but all devices used by mobile employees wherever they are. UEM tools incorporate existing enterprise mobility management (EMM) technologies, such as mobile device management (MDM) and mobile application management (MAM), with tools used to manage desktop PCs and laptops.

To read this article in full, please click here



Computer World Security News
Feb 27, 2024

Microsoft, OpenAI move to fend off genAI-aided hackers — for now
Of all the potential nightmares about the dangerous effects of generative AI (genAI) tools like OpenAI's ChatGPT and Microsoft's Copilot, one is near the top of the list: their use by hackers to craft hard-to-detect malicious code. Even worse is the fear that genAI could help rogue states like Russia, Iran, and North Korea unleash unstoppable cyberattacks against the US and its allies.

The bad news: nation states have already begun using genAI to attack the US and its friends. The good news: so far, the attacks haven't been particularly dangerous or especially effective. Even better news: Microsoft and OpenAI are taking the threat seriously. They're being transparent about it, openly describing the attacks and sharing what can be done about them.

To read this article in full, please click here



Computer World Security News
Feb 22, 2024

JAMF warns: Many Apple-using businesses still aren't secure
Your enterprise security does not live in isolation — the threat environment extends across all your colleagues, partners, and friends.

That's why it's very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf.

Data is gold, which attackers recognize — even many in business don't. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.

To read this article in full, please click here



Computer World Security News
Feb 21, 2024

Apple's iMessage gains industry-leading quantum security
Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple's messaging system being more secure against both current and future foes.

What is the protection? Announced on Apple's Security Research blog, the new iMessage protection is called PQ3 and promises the "strongest security properties of any at-scale messaging protocol in the world."

To read this article in full, please click here



Computer World Security News
Feb 20, 2024

EU begins formal investigation of TikTok over potential violations of Digital Services Act
The European Commission has opened formal proceedings to assess whether TikTok may have breached the European Union's Digital Services Act (DSA) in various ways associated with the protection of minors, advertising transparency, data access for researchers, and managing risk for addictive design and harmful content.

The formal investigation adds to the privacy and safety concerns that have plagued the video-sharing platform, giving enterprises yet another reason to consider banning its use by employees while they access corporate networks. The Commission had previously conducted a preliminary investigation and risk assessment that found further oversight to be necessary.

To read this article in full, please click here



Computer World Security News
Feb 20, 2024

Ensure security and collaboration thrive in the hybrid working era
iStock Small and medium sized businesses can cut costs and drive growth by adopting remote working - but increasingly sophisticated cyber attackers can exploit these new practices.

To read this article in full, please click here



Computer World Security News
Feb 20, 2024

Miro boosts security for its visual collaboration app
Miro has unveiled a set of security tools designed to help businesses protect sensitive data shared on its digital whiteboard application. The new Miro Enterprise Guard includes features to automate detection and classification of sensitive data, manage content for legal audits, and provide IT admins with greater control over encryption.

Visual collaboration is one of the fastest-growing areas of the wider collaboration software market, according to IDC. Digital whiteboard apps provide a shared canvas for coworkers to brainstorm ideas and plan projects, with Miro competing against the likes of Mural, Figma, Microsoft and others.

To read this article in full, please click here



Computer World Security News
Feb 16, 2024

Microsoft fixes two zero-days with Patch Tuesday release
Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added "Patch Now" schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here



Computer World Security News
Feb 14, 2024

Microsoft and the Taylor Swift genAI deepfake problem
The last few weeks have been a PR bonanza for Taylor Swift in both good ways and bad. On the good side, her boyfriend Travis Kelce was on the winning team at the Super Bowl, and her reactions during the game got plenty of air time. On the much, much worse side, generative AI-created fake nude images of her have recently flooded the internet.

As you would expect, condemnation of the creation and distribution of those images followed swiftly, including from generative AI (genAI) companies and, notably, Microsoft CEO Satya Nadella. In addition to denouncing what happened, Nadella shared his thoughts on a solution: "I go back to what I think's our responsibility, which is all of the guardrails that we need to place around the technology so that there's more safe content that's being produced."

To read this article in full, please click here



Computer World Security News
Feb 13, 2024

Apple is ramping up its fight against malware
Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what's happening: Apple is now updating fundamental protection at a faster clip than it's ever done before.

Apple's security teams are alert That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.

To read this article in full, please click here



Computer World Security News
Feb 12, 2024

How to thwart cyber criminals seeking to target smaller businesses
Cyber criminals are increasingly targeting small and medium sized businesses (SMBs) in the belief that they have not invested in the security technology required to thwart attacks. In fact, 43% of cyberattacks are aimed at SMBs. Cybercriminals are rational, profit-driven and highly organised: they know that attacking easy targets can result in a bigger aggregate pay-day. 

 

To read this article in full, please click here



Computer World Security News
Feb 12, 2024

Building the foundations of a sustainable innovation strategy
Modern customer demands and evolving technology capability mean smaller businesses are seeking digital transformation as eagerly as their enterprise counterparts.  

 

In the UK, for example, a recent survey by the Federation of Small Business (FSB) suggests that in the past three years, 69% of companies have either brought an entirely new product to market (25%), improved existing products (38%) or improved or introduced new internal or customer-facing processes (25%).  

To read this article in full, please click here



Computer World Security News
Feb 12, 2024

The AI data-poisoning cat-and-mouse game — this time, IT will win
The IT community of late has been freaking out about AI data poisoning. For some, it's a sneaky mechanism that could act as a backdoor into enterprise systems by  surreptitiously infecting the data large language models (LLMs) train on and then getting  pulled into enterprise systems. For others, it's a way to combat LLMs that try to do an end run around trademark and copyright protections.

To read this article in full, please click here



Computer World Security News
Feb 07, 2024

What a future without browser cookies looks like
Most online users have experienced it. You do an online search for healthcare purposes, travel information, or something to buy and soon you're being bombarded with emails and targeted online ads for everything related to your search. That's because browser cookies were tracking you as you performed your searches; they identified you and your activity.

Over the past few years, the online advertising industry has been undergoing a sea change as regulators restricted how cookies can be used and browser providers moved away from their use in response to consumer outcries over privacy.

"They often feel surveilled; some even find it ‘creepy' that a website can show them ads related to their behavior elsewhere," according to a recent study by the HEC Paris Business School.

To read this article in full, please click here



Computer World Security News
Feb 06, 2024

When a customer gets defrauded, should the enterprise reimburse?
The New York Attorney General's decision to sue Citibank last week for failing to reimburse customers who'd been victimized by fraud raised some interesting issues for business that go beyond just Citibank. Specificially, when should a customer be reimbursed for fraud and at what point do the customer's own actions come into play?

To be clear, financial institutions have been routinely refusing to reimburse customers who have done nothing wrong. The far trickier issue is when the customer does indeed do something wrong.

To read this article in full, please click here



Computer World Security News
Jan 30, 2024

Apple accuses UK gov't of ‘unprecedented overreach' on privacy
In the name of security, the UK government may well have put a cybersecurity target on the nation's back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a "serious and direct threat to data security and information privacy.

"We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk," Apple said in a statement. "This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers."

To read this article in full, please click here



Computer World Security News
Jan 29, 2024

Russia hacks Microsoft: It's worse than you think
Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.

This time is different. Because this time the targets weren't Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia's Foreign Intelligence Service (and has been since at least 2008).

To read this article in full, please click here



Computer World Security News
Jan 19, 2024

10 must-have security tips for digital nomads
I've been a digital nomad since 2006. Since then, I've spent more time abroad than in the United States, working all the while, no matter where. And I've learned a lot about safety, security and privacy in specific locations on the European, African, and American continents — often the hard way.

Lots of people travel for business or vacation. The difference with digital nomads abroad (and bleisure and workcation travelers) is that you're more likely to be carrying your most expensive electronics, more likely to be staying at an Airbnb than a hotel, and more likely to be in serious trouble if you lose work computers and devices (not to mention passports and your wallet).

To read this article in full, please click here



Computer World Security News
Jan 19, 2024

The most significant number from Samsung's Galaxy S24 announcement
My goodness, there's a lot to be said about Samsung's newly announced Galaxy S24 family of flagship Android devices.

Aaaaand, spoiler alert: We won't be saying most of those things here, in this column, today.

Now, don't get me wrong: Samsung's latest and greatest Galaxy models have tons of good stuff going for 'em. From the eye-catching hardware to the specs to end all specs, Samsung rarely holds back with its top-of-the-line Android offerings. And this year's devices appear to be no exception.

To read this article in full, please click here



Computer World Security News
Jan 17, 2024

3 exceptional Android privacy power-ups
In many ways, privacy has become a bit of a conceptual buzzword — something that, similar to the AI craze of the moment, is as much about marketing a broad idea to people as it is anything specific or practical.

But all opportunistic hype aside, privacy absolutely does matter — once you dig in past that silly outer layer and actually think about what, exactly, you want to achieve. And here in the land o' Android, you've got plenty o' potential-packed possibilities to ponder.

Today, I want to draw your attention to one area where a teensy bit of effort can give you an awful lot of added privacy advantages — and that's in the ever-evolving domain of web browsing on your favorite Android gadget.

To read this article in full, please click here



Computer World Security News
Jan 16, 2024

How OpenAI plans to handle genAI election fears
OpenAI is hoping to alleviate concerns about its technology's influence on elections, as more than a third of the world's population is gearing up for voting this year. Among the countries where elections are scheduled are the United States, Pakistan, India, South Africa, and the European Parliament.

"We want to make sure that our AI systems are built, deployed, and used safely. Like any new technology, these tools come with benefits and challenges," OpenAI wrote Monday in a blog post. "They are also unprecedented, and we will keep evolving our approach as we learn more about how our tools are used."

To read this article in full, please click here



Computer World Security News
Jan 15, 2024

Failed unsubscribes could be a clue your data's out of control
Anyone who's eveer tried to unsubscribe to an email list knows that "unsubscribe" button never seems to work — except to verify your email account is working. But what if that failure arises from something more problematic than an unethical person ignoring the request?

What if it is the latest symptom of the overly distributed data problem?

That's the same issue that undermines compliance and legal discovery rules such as GDPR's Right To Be Forgotten rule. It's also the same problem that makes it all-but-impossible for enterprises to have current and comprehensive datamaps. 

To read this article in full, please click here



Computer World Security News
Jan 12, 2024

For Patch Tuesday, 48 updates, no zero-day flaws
Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.

Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.

The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.

To read this article in full, please click here



Computer World Security News
Jan 10, 2024

Security tips for Apple-using workers in co-working spaces
For Apple-using workers on the go, especially if you frequent shared co-working spaces or public places, don't assume you're as secure as you think you are.  

Co-working spaces are particularly under threat, in part because criminals have already figured out that the people using them are good targets for data theft, ransomware, and more.

They've also realized that at least some of those working from such spaces might well be part of, or connected with, larger corporate entities — meaning a successful data heist could unlock the gates to greater and more profitable kingdoms. There are useful resources from government and industry aimed at helping workers lock down their devices and data. In the US, for instance, the National Institute of Standards and Technology has published a useful guide to explain some of the risks, while the US Office of Personnel Management offered up even more useful advice.

To read this article in full, please click here



Computer World Security News
Jan 10, 2024

Will super chips disrupt the 'everything to the cloud' IT mentality?
Enterprise IT for the last couple of years has grown disappointed in the economics — not to mention the cybersecurity and compliance impact — of corporate clouds. In general, with a few exceptions, enterprises have done little about it; most saw the scalability and efficiencies too seductive.

Might that change in 2024 and 2025?

Apple has begun talking about efforts to add higher-end compute capabilities to its chip, following similar efforts from Intel and NVIDIA. Although those new capabilities are aimed at enabling more large language model (LLM) capabilities on-device, anything that can deliver that level of data-crunching and analytics can also handle almost every other enterprise IT task. 

To read this article in full, please click here



Computer World Security News
Dec 25, 2023

How to securely erase your Android device in 3 simple steps
It's an inevitable moment in the smartphone-owning cycle: the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever eye-catching new Android gizmo your favorite manufacturer started selling.

Whatever the case, it's common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there's also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here



Computer World Security News
Dec 20, 2023

The top 10 tech stories of 2023
The top technology stories of 2023 highlight fundamental changes in culture and geopolitics as well as tech itself: It's clear that generative AI will affect all aspects of technology and society, while geopolitical tensions are sparking cybersecurity attacks globally. General unease about the dominance of big tech, meanwhile, is pushing regulators to get tougher on mopolistic business practices and multibillion-dollar mergers.

Fired! Rehired! Sam Altman's ouster and return to OpenAI

Computer World Security News
Dec 19, 2023

Choosing a genAI partner: Trust, but verify
Enterprise executives, still enthralled by the possibilities of generative artificial intelligence (genAI), more often than not are insisting that their IT departments figure out how to make the technology work. 

Let's set aside the usual concerns about genAI, such as the hallucinations and other errors that make it essential to check every single line it generates (and obliterate any hoped-for efficiency boosts). Or that data leakage is inevitable and will be next to impossible to detect until it is too late. (OWASP has put together an impressive list of the biggest IT threats from genAI and LLMs in general.) 

To read this article in full, please click here



Computer World Security News
Dec 15, 2023

For December, an exceptionally light Patch Tuesday
Over the past year, we've seen Microsoft make radical improvements in its browser stability and significant positive changes to its Windows update communication and telemetry strategies.  And this month's Patch Tuesday release brings with it an incredibly light set of updates — maybe the fewest number of updates I have ever seen.

There are no zero-days, which is a great finish to 2023, though Windows gets three critical updates and Visual Studio will require immediate attention due to several re-releases of past critical application patches.

The team at Readiness has created a helpful infographic to outline the risks associated with each update in this last release of 2023. One note of caution: we have seen several potential updates to older patches (October/November) potentially coming down the release pipeline from Microsoft. It might be worth checking in during the upcoming holiday break to see whether there are any out-of-band patches for the Windows ecosystem.

To read this article in full, please click here



Computer World Security News
Dec 13, 2023

Internet traffic soars in 2023, with generative AI a standout trend: Report
This year saw a 25% rise in global internet traffic, reflecting an increasing reliance on online services, according to a new report by cloud performance and security company Cloudflare.

In its annual Year in Review reports, Cloudflare offers an overview of online trends and security issues. This year, Cloudflare said, Google retained its position as the most popular internet site,  followed by Facebook, Apple, and TikTok. Facebook surpassed 2022's leader, TikTok, in social media, with Instagram and Twitter/X also ranking highly.

The emerging category of generative AI services saw OpenAI in the lead, followed by Character AI, Quillbot, and Hugging Face.

To read this article in full, please click here



Computer World Security News
Dec 13, 2023

What is Stolen Device Protection for iPhone and how does it work?
Take that, iPhone thieves — Apple is about to make it even more difficult to use its smartphones when you have no right to do so. In the upcoming iOS 17.3, it is testing out a new security system called "Stolen Device Protection."

Here's a look at what this is, and what it does.

Stolen Device Protection explained Apple's beta notes explain: "Stolen Device Protection adds an additional layer of security in the unlikely case that someone has stolen your iPhone and also obtained your passcode."

The company explains the features this way:

Accessing your saved passwords requires Face/Touch ID to be sure it's you. Changing sensitive settings like your Apple ID password is protected by a security delay. No delay is required when iPhone is at familiar locations such as home and work. The idea is that Stolen Device Protection introduces another obstacle that makes it difficult for thieves to gain access to your data, erase it, or delete the device to factory fresh status for resale.

To read this article in full, please click here



Computer World Security News
Dec 08, 2023

Meta releases open-source tools for AI safety
The Purple Llama project aims to help developers build generative AI models responsibly.

Computer World Security News
Dec 07, 2023

Attacks against personal data are up 300%, Apple warns
It's been another bad week in security.

Not only do we learn that so-called "friendly" governments are quietly requesting surveillance data concerning push notifications, but Apple tells us more than 2.6 billion personal records have already been compromised by data breaches in the past two years.

To read this article in full, please click here



Computer World Security News
Dec 05, 2023

Spanish media's $600M suit against Meta is based on GDPR noncompliance
Facebook parent company Meta is facing yet another legal challenge over user privacy, as a Spanish media company representing top media outlets in the country is suing the social media giant for $600 million for competitively unfair advertising practices based on noncompliance with the EU's General Data Privacy Regulation (GDPR).

The Information Media Association (La Asociación de Medios de Información, or AMI), has filed a €550 million ($600 million) lawsuit against Meta, claiming Meta's ability to design personalized advertising on its Facebook, Instagram and WhatsApp platforms based on its enormous user base represents an unfair competitive advantage in the advertising market in Europe, which includes media companies.

To read this article in full, please click here



Computer World Security News
Dec 05, 2023

Microsoft to offer extended Windows 10 security updates to businesses, individual users
Microsoft plans to offer extended security updates to both business and individual Windows 10 users for the first time when the operating system reaches end-of-life in late 2025.

Microsoft encouraged Windows 10 customers to begin plans to migrate to the latest version of the operating system — Windows 11 — last April with the announcement that Windows 10 22H2 would be the final version.

Windows 10 is still the most widely used version of the OS, accounting for 64% of US desktop market share, according to StatCounter's figures; that compared to 30% for Windows 11.

To read this article in full, please click here



Computer World Security News
Dec 05, 2023

How Fake Lockdown Mode can fool you into a sense of security
In yet another illustration of just how devious criminals have become in their attempts to undermine security, Jamf Threat Labs has identified a potential tampering technique that puts a device into Fake Lockdown Mode.

As most people know, Lockdown Mode is an extreme protection feature for iPhone designed to protect the kind of high-value targets some of the nastiestsurveillance and state-sponsored attackers aim for.

To read this article in full, please click here



Computer World Security News
Dec 04, 2023

The arrival of genAI could cover critical skills gaps, reshape IT job market
Generative artificial intelligence (genAI) is likely to play a critical role in addressing skills shortages in today's marketplace, according to a new study by London-based Kaspersky Research. It showed that 40% of 2,000 C-level executives surveyed plan to use genAI tools such as ChatGPT to cover critical skills shortages through the automation of tasks.

The European-based study found genAI to be firmly on the business agenda, with 95% of respondents regularly discussing ways to maximize value from the technology at the most senior level, even as 91% admitted they don't really know how it works.

To read this article in full, please click here



Computer World Security News
Dec 01, 2023

Apple secures WebKit as global ransomware attacks surge
If nothing else, Apple's most recent emergency security update should be considered proof of an increasingly tense security environment.

Enterprises must understand that while Apple maintains a pretty solid ecosystem — certainly at present the most secure, even according to Cisco — that doesn't mean it's entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.

With more and more business users turning to the company's solutions, it's important to get ahead of the threat.

To read this article in full, please click here



Computer World Security News
Nov 30, 2023

Unused Gmail accounts head to the chopping block
It's the last call to keep any Gmail accounts you haven't used recently.

Beginning December 1, Google will start deleting accounts that have been inactive for two years, including all associated photos, Drive documents, contacts, emails, and calendar entries. The tech giant first announced this change in their inactivity policy in May.

Google confirmed to Computerworld that it's proceeding with the deletion plan. "We plan to roll this out slowly and in phases, not all at once," spokesperson Christa Muldoon said. "We'll be starting with accounts that were created and never used."

Separate Gmail accounts held by the same user under different names are also subject to deletion, Muldoon said.

To read this article in full, please click here



Computer World Security News
Nov 29, 2023

How to go incognito in Chrome, Edge, Firefox, and Safari
Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here



Computer World Security News
Nov 29, 2023

GenAI is highly inaccurate for business use — and getting more opaque
Large language models (LLMs), the algorithmic platforms on which generative AI (genAI) tools like ChatGPT are built, are highly inaccurate when connected to corporate databases and becoming less transparent, according to two studies.

One study by Stanford University showed that as LLMs continue to ingest massive amounts of information and grow in size, the genesis of the data they use is becoming harder to track down. That, in turn, makes it difficult for businesses to know whether they can safely build applications that use commercial genAI foundation models and for academics to rely on them for research.

To read this article in full, please click here



Computer World Security News
Nov 22, 2023

What is Contact Key Verification and how is it used?
Many business professionals require highly secure messaging solutions, particularly when they travel. Apple's iMessage will soon offer a new secure identity verification system enterprise professionals might find useful. It's called Contact Key Verification.

What is Contact Key Verification? Apple actually announced the system in 2022. It is now expected to go live across the Apple ecosystem with the release of iOS 17.2 and updates for Macs and iPads.

To read this article in full, please click here



Computer World Security News
Nov 17, 2023

Critical zero-day flaws in Windows, Office mean it's time to patch
We are now in the third decade of Microsoft's monthly Patch Tuesday releases, which deliver fewer critical updates to browsers and Windows platforms — and much more reliable updates to Microsoft Office — than in the early days of patching. But this month, the company rolled out 63 updates (including fixes for three zero-days in Windows and Office).

Updates to Microsoft Exchange and Visual Studio can be included in standard patch release cycles, while Adobe needs to be included in your "Patch Now" releases for third-party applications. 

The team at Readiness has provided a detailed infographic that outlines the risks associated with each of the updates for November.

To read this article in full, please click here



Computer World Security News
Nov 10, 2023

How to manually update Microsoft Defender
Microsoft Defender is the built-in anti-malware package that's included with modern Windows operating systems. It's alternatively known as Windows Security (it shows up under Settings Privacy & security as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Learn page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

As with Windows Update in general, sometimes Microsoft Defender updates may not work. Normally, Defender updates are handled as part of routine Windows update behavior, run on a daily basis as a scheduled task. But sometimes, Windows Update itself runs into problems and doesn't do much (or anything).

To read this article in full, please click here



Computer World Security News
Nov 08, 2023

Windows Hello for Business: Passwordless authentication for Windows shops
Microsoft is trying to get rid of that sticky note that you see taped to everyone's office monitor. You know, the one with the password on it. The one with all of the old passwords crossed off one by one, each one subtly different from the last — an exclamation point turning into an ampersand, a one into a two.

Enterprises have really done this to themselves. The passwords that most organizations require — which have to be complex, with long strings of numbers and specially cased phrases with some (but not all! heavens no, not the one you want) symbols — are difficult to remember. There's no hope except to write them down. Then you have to reset them every so often. Then they get recycled. And on and on the cycle goes.

To read this article in full, please click here



Computer World Security News
Nov 02, 2023

Q&A: Cisco CIO sees AI embedded in every product and process
Less than a year after OpenAI's ChatGPT was released to the public, Cisco Systems is already well into the process of embedding generative artificial intelligence (genAI) into its entire product portfolio and internal backend systems.

The plan is to use it in virtually every corner of the business, from automating network functions and monitoring security to creating new software products.

But Cisco's CIO, Fletcher Previn, is also dealing with a scarcity of IT talent to create and tweak large language model (LLM) platforms for domain-specific AI applications. As a result, IT workers are learning as they go, while discovering new places and ways the ever-evolving technology can create value.

To read this article in full, please click here



Computer World Security News
Nov 01, 2023

Splunk cuts 7% of workforce ahead of Cisco acquisition
The layoffs are happening in the wake of a market retraction, Splunk CEO Gary Steele said.

Computer World Security News
Nov 01, 2023

New Jamf CEO John Strosahl on Apple in the enterprise, Jamf's future
John Strosahl became Jamf CEO in September. He isn't a new face and was one of the first employees then-incoming (now former) CEO Dean Hager hired eight years ago. Together, they managed the company's transition into a leading Apple solution integrator across the enterprise, medical, and education industries.

I caught up with both men to talk about Apple's growing place in the enterprise and Strosahl's plans for the future of Jamf.

The culture thing Mac admins like to say that Jamf has a unique company culture, which is particularly visible at the company's public events.

To read this article in full, please click here



Computer World Security News
Nov 01, 2023

New Jamf CEO John Strosahl on Apple in the enterprise, Jami's future
John Strosahl became Jamf CEO in September. He isn't a new face and was one of the first employees then-incoming (now former) CEO Dean Hager hired eight years ago. Together, they managed the company's transition into a leading Apple solution integrator across the enterprise, medical, and education industries.

I caught up with both men to talk about Apple's growing place in the enterprise and Strosahl's plans for the future of Jamf.

The culture thing Mac admins like to say that Jamf has a unique company culture, which is particularly visible at the company's public events.

To read this article in full, please click here



Computer World Security News
Oct 31, 2023

What exactly will the UK government's global AI Safety Summit achieve?
From tomorrow, the UK government is hosting the first global AI Safety Summit, bringing together about 100 people from industry and government to develop a shared understanding of the emerging risks of leading-edge AI while unlocking its benefits. 

The event will be held at Bletchley Park, a site in Milton Keynes that became the home of code breakers during World War II and saw the development of Colossus, the world's first programmable digital electronic computer, used to decrypt the Nazi Party's Enigma code, shortening the war by at least two years.

To read this article in full, please click here



Computer World Security News
Oct 30, 2023

Biden lays down the law on AI
In a sweeping executive order, US President Joseph R. Biden Jr. on Monday set up a comprehensive series of standards, safety and privacy protections, and oversight measures for the development and use of artificial intelligence (AI).

Among more than two dozen initiatives, Biden's "Safe, Secure, and Trustworthy Artificial Intelligence" order was a long time coming, according to many observers who've been watching the AI space — especially with the rise of generative AI (genAI) in the past year.

To read this article in full, please click here



Computer World Security News
Oct 30, 2023

‘Data poisoning' anti-AI theft tools emerge — but are they ethical?
Technologists are helping artists fight back against what they see as intellectual property (IP) theft by generative artificial intelligence (genAI) tools  whose training algorithms automatically scrape the internet and other places for content.

The fight over what constitutes fair use of content found online is at the heart of what has been an ongoing court battle. The fight goes beyond artwork to whether genAi companies like Microsoft and its partner, OpenAI, can incorporate software code and other published content into their models.

To read this article in full, please click here



Computer World Security News
Oct 25, 2023

White House to issue AI rules for federal employees
After earlier efforts to reign in generative artificial intelligence (genAI) were criticized as too vague and ineffective, the Biden Administration is now expected to announce new, more restrictive rules for use of the technology by federal employees.

The executive order, expected to be unveiled Monday, would also change immigration standards to allow a greater influx of technology workers to help accelerate US development efforts.

On Tuesday night, the White House issued invitations for a "Safe, Secure, and Trustworthy Artificial Intelligence" event Monday hosted by President Joseph R. Biden Jr., according to The Washington Post.

To read this article in full, please click here



Computer World Security News
Oct 24, 2023

Android's new biometric spec for 'strong security' is anything but
Google has released new biometrics specs for Android devices, with the top-level "strong security" option requiring only "a spoof and imposter acceptance rate not higher than 7%." But most biometrics specialists say that for something to be considered "high security," that imposter and acceptance rate should be closer to 1%.

That prompted me to ask Google for comment. Google replied by emailing an anonymous statement to be attributed to nobody that doesn't directly defend the levels it chose — but did say security decisions are ultimately up to each handset manufacturer.

To read this article in full, please click here



Computer World Security News
Oct 19, 2023

Apple's latest China App Store problem is a warning for us all
Ask anyone who knows, and they'll tell you that when it comes to security, the weakest point is always people. Yet, as pressure grows for Apple to allow app purchases from outside the App Store, the fact the company fired App Store staff for "business misconduct" is cause for alarm.

As first reported by The Information, the Apple story is pretty simple.

To read this article in full, please click here



Computer World Security News
Oct 13, 2023

Microsoft addresses three zero-days for October's Patch Tuesday
This month, Microsoft has released 103 updates to Windows, Edge, Microsoft Office, and Exchange Server. This update also includes minor updates to Visual Studio. Three zero-days (CVE-2023-44487, CVE-2023-36563 and CVE-2023-41763) require "Patch Now" updates for both Windows and the Edge browser for this October update cycle.

To read this article in full, please click here



Computer World Security News
Oct 06, 2023

Homeland Security confirms your privacy is no longer safe
The big problem with privacy is that once you relinquish some of it, you never get it back. What makes it worse is when those who are supposed to protect your rights choose to undermine them. When they do so, they eat away at the thin protections we should all enjoy in the digital age.

US agencies' illegal use of smartphone data These are some of the reasons to be so concerned to learn from a newly released US Department of Homeland Security report that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did. To do this, they purchased smartphone location data, including Advertising Identifiers (AdIDs) from data brokers that had been harvested from a wide range of apps.

To read this article in full, please click here



Computer World Security News
Oct 05, 2023

Are you looking forward to the new age of mobile app insecurity?
A contact recently told me that Apple handles thousands of inquiries from people who have forgotten or misplaced their Apple ID logins every day. That's probably why Apple recently made it easier to access your Apple ID using any known email address.

But Apple reps are also inundated with requests related to third-party apps over which they have no control. As the EU looks to force Apple into allowing apps from alternative app stores onto its devices, a practice known as sideloading, the user experience with Apple devices — and the flood of inquiries and complaints — is about to get much, much worse.

To read this article in full, please click here



Computer World Security News
Oct 04, 2023

Message to IT: Yes, you should install Apple security updates
While it's not universally the case, many businesses actively using Macs for work may not be paying enough attention to ensuring those devices are secured, according to cloud security provider Qualys, which estimates that just over half of Macs remain unprotected by recent security patches.

To read this article in full, please click here



Computer World Security News
Oct 03, 2023

Zero trust and why it matters to the Apple enterprise
Once upon a time, digital business sat inside the security perimeter. Devices were kept in offices, shared the same network, and were protected by antivirus software, firewalls, and software updates. This system wasn't perfect and became increasingly specialized, with security teams, networking teams, and others all working in different sectors.

With mobility, this changed. Devices were unleashed from their locations, used their own networks, and stood outside of traditional corporate endpoint protection.

The pandemic accelerated these changes, fostering the evolution of innovative security protections outside of traditional perimeters, such as around zero-trust. The global zero trust security market is now expected to reach $99 billion by 2030, up from $23 billion in 2021.

To read this article in full, please click here



Computer World Security News
Sep 28, 2023

Google to block Bard conversations from being indexed on Search
Alphabet-owned Google is working on blocking user conversations with its new Bard generative AI assistant from being indexed on its Search platform or showing up as results.

"Bard allows people to share chats, if they choose. We also don't intend for these shared chats to be indexed by Google Search. We're working on blocking them from being indexed now," Google's Search Liaison account posted on Twitter, now X.

The internet search giant was responding to an SEO Consultant who pointed out on Twitter that user conversations with Bard were being indexed on Google Search.

To read this article in full, please click here



Computer World Security News
Sep 25, 2023

Q&A: How one CSO secured his environment from generative AI risks
In February, travel and expense management company Navan (formerly TripActions) chose to go all-in on generative AI technology for a myriad of business and customer assistance uses.

The Palo Alto, CA company turned to ChatGPT from OpenAI and coding assistance tools from GitHub Copilot to write, test, and fix code; the decision has boosted Navan's operational efficiency and reduced overhead costs.

GenAI tools have also been used to build a conversational experience for the company's client virtual assistant, Ava. Ava, a travel and expense chatbot assistant, offers customers answers to questions and a conversational booking experience. It can also offer data to business travelers, such as company travel spend, volume, and granular carbon emissions details.

To read this article in full, please click here



Computer World Security News
Sep 21, 2023

ServiceNow embeds AI-powered customer-assist features throughout products
Workflow management software provider ServiceNow has embedded a chatbot for assisting customers with most of its products.

ServiceNow's new Now Assist tool is an expansion to its AI-powered Now Platform, and is available in its Vancouver software release for IT Service Management (ITSM), Customer Service Management (CSM), HR Service Delivery (HRSD), and Creator workflow application.

To read this article in full, please click here



Computer World Security News
Sep 20, 2023

UK's controversial online safety bill set to become law
Four years after it started life as a white paper, the UK government's controversial Online Safety Bill has finally passed through Parliament and is set to become law in the coming weeks.

The  bill aims to keep websites and different types of internet-based services free of illegal and harmful material while defending freedom of expression. It applies to search engines; internet services that host user-generated content, such as social media platforms; online forums; some online games; and sites that publish or display pornographic content.

To read this article in full, please click here



Computer World Security News
Sep 20, 2023

Jamf: Generative AI is coming to an Apple IT admin near you
Imagine running fleets of iPhones that alert you when unexpected security-related incidents take place, or when otherwise legitimate service requests arrive from devices at an unexpected time or location. Imagine management and security software that not only identified these kinds of anomalies but gave you useful advice to help remediate the problem.

This, and more, is the kind of protection Jamf hopes to deliver using generative AI tools.

Generative IT for Apple admins Jamf believes generative AI can be a big benefit to tech support and IT admin, and talked about its efforts at the end of an extensive Jamf Nation User Conference (JNUC) keynote. Akash Kamath, the company's senior vice president, engineering, explained that just as the Mac made computing personal, genAI makes AI personal.

To read this article in full, please click here



Computer World Security News
Sep 15, 2023

Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday
Microsoft released 59 updates in its September Patch Tuesday release, with critical patches for Microsoft Office and Visual Studio, and  continued the trend of including non-Microsoft applications in its update cycle. (Notepad is a notable addition, with Autodesk returning with a revised bulletin.) We've made "Patch Now" recommendations for Microsoft development platforms (Visual Studio) and Microsoft Word.

Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this time, too.

The team at Readiness has created this infographic outlining the risks associated with each of the September updates.

To read this article in full, please click here



Computer World Security News
Sep 08, 2023

Message to IT: Update all your Apple devices right away
Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens' rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an "Individual employed by a Washington DC-based civil society organization with international offices."

To read this article in full, please click here



Computer World Security News
Sep 06, 2023

UK rolls back controversial encryption rules of Online Safety Bill
The UK government has conceded one of the more controversial parts of its Online Safety Bill, stating that the powers granted by the legislation will not be used to scan encrypted messaging apps for harmful content until it can be done in a targeted manner.

Companies will not be required to scan encrypted messages until it is "technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content," said Stephen Parkinson, the Parliamentary Under-Secretary of State for Arts and Heritage, in a planned statement during the bill's third reading in the House of Lords on Wednesday afternoon.

To read this article in full, please click here



Computer World Security News
Sep 05, 2023

GenAI in productivity apps: What could possibly go wrong?
We're in the "iPhone moment" for generative AI, with every company rushing to figure out its strategy for dealing with this disruptive technology.

According to a KPMG survey conducted this June, 97% of US executives at large companies expect their organizations to be impacted highly by generative AI in the next 12 to 18 months, and 93% believe it will provide value to their business. Some 35% of companies have already started to deploy AI tools and solutions, while 83% say that they will increase their generative AI investments by at least 50% in the next six to twelve months.

To read this article in full, please click here



Computer World Security News
Aug 31, 2023

With BYOD comes responsibility — and many firms aren't delivering
Apple deployments are accelerating across the global enterprise, so it's surprising that many organizations don't properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It's quite shocking.

That's the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don't have a formal Bring-Your-Own-Device (BYOD) policy in place. That's bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.

To read this article in full, please click here



Computer World Security News
Aug 25, 2023

New law could turn UK into a hacker's playground
It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.

A poor law This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.

To read this article in full, please click here



Computer World Security News
Aug 25, 2023

Managed Apple IDs, iCloud, and the shadow IT connection
Apple is continuing its expansion of Managed Apple IDs for business customers, giving them increased access to iCloud services and Apple Continuity features. Companies get iCloud backup and new syncing options (particularly for passwords, passkeys, and other enterprise credentials) — along with access to business-friendly Continuity features such as Universal Control.

But they could also lead to increased data sprawl and siloing. Ironically, those issues are typically related to shadow IT, even though they're enterprise features. Let's look at what's going on and how enterprises can take advantage of these features and services without running into trouble.

To read this article in full, please click here



Computer World Security News
Aug 21, 2023

Why and how to create corporate genAI policies
As a large number of companies continue to test and deploy generative artificial intelligence (genAI) tools, many are at risk of AI errors, malicious attacks, and running afoul of regulators — not to mention the potential exposure of sensitive data.

For example, in April, after Samsung's semiconductor division allowed engineers to use ChatGPT, workers using the platform leaked trade secrets on least three instances, according to published accounts. One employee pasted confidential source code into the chat to check for errors, while another worker shared code with ChatGPT and "requested code optimization."

To read this article in full, please click here



Computer World Security News
Aug 17, 2023

Jamf Threat Labs subverts iPhone security with fake Airplane Mode
Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today's threat environment.

When Airplane mode isn't Airplane mode In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.

This is by no means a straightforward attack and hasn't been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims. 

To read this article in full, please click here



Computer World Security News
Aug 17, 2023

Zoom goes for a blatant genAI data grab; enterprises, beware (updated)
When Zoom amended its terms of service earlier this month — a bid to make executives comfortable that it wouldn't use Zoom data to train generative AI models — it quickly stirred up a hornet's nest. So the company "revised" the terms of service, and left in place ways it can still get full access to user data.

Computerworld repeatedly reached out to Zoom without success to clarify what the changes really mean.

Editor's note: Shortly after this column was published, Zoom again changed its terms and conditions. We've added an update to the end of the story covering the latest changes.

Before I delve into the legalese — and Zoom's weasel words to falsely suggest it was not doing what it obviously was doing — let me raise a more critical question: Is there anyone in the video-call business not doing this? Microsoft? Google? Those are two firms that never met a dataset that they didn't love.

To read this article in full, please click here



Computer World Security News
Aug 17, 2023

China hacks the US military and government — the Feds blame Microsoft
Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military's bases around the world. One US congressional aide calls it a "ticking time bomb" that as The New York Times put it, "could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases."

To read this article in full, please click here



Computer World Security News
Aug 17, 2023

China hacks the US military and government— the Feds blame Microsoft
Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military's bases around the world. One US congressional aide calls it a "ticking time bomb" that as The New York Times put it, "could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases."

To read this article in full, please click here



Computer World Security News
Aug 14, 2023

As VR headset adoption grows, privacy issues could emerge
Head and hand motion data gathered from virtual reality (VR) headsets could be as effective at identifying individuals as fingerprints or face scans, research studies have shown, potentially compromising user privacy when interacting in immersive virtual environments.

Two recent studies by researchers at the University of California, Berkeley, showed how data gathered by VR headsets could be used to identify individuals with a high level of accuracy, and potentially reveal a host of personal attributes, including height, weight, age, and even marital status, according to a Bloomberg report Thursday.

To read this article in full, please click here



Computer World Security News
Aug 11, 2023

Patch Tuesday: Microsoft rolls out 90 updates for Windows, Office
With its August Patch Tuesday release, Microsoft pushed out 90 updates for the Windows and Office platforms. The latest fixes include  another update for Microsoft Exchange (along with with a warning about failed updates to Exchange Server 2016 and 2019) and a "Patch Now" recommendation from us for Office.

The team at Application Readiness has crafted this useful infographic outlining the risks associated with each of the updates for this month.

To read this article in full, please click here



Computer World Security News
Aug 11, 2023

Zoom goes for a blatant genAI data grab; enterprises, beware
When Zoom amended its terms of service earlier this month — a bid to make executives comfortable that it wouldn't use Zoom data to train generative AI models — it quickly stirred up a hornet's nest. So the company "revised" the terms of service, and left in place ways it can still get full access to user data.

(Computerworld repeatedly reached out to Zoom without success to clarify what the changes really mean.)

Before I delve into the legalese — and Zoom's weasel words to falsely suggest it was not doing what it obviously was doing — let me raise a more critical question: Is there anyone in the video-call business not doing this? Microsoft? Google? Those are two firms that never met a dataset that they didn't love.

To read this article in full, please click here



Computer World Security News
Aug 10, 2023

Q&A: TIAA's CIO touts top AI projects, details worker skills needed now
Artificial intelligence (AI) is already having a significant effect on businesses and organizations across a variety of industries, even as many businesses are still just kicking the tires on the technology.

Those that have fully adopted AI claim a 35% increase in innovation and a 33% increase in sustainability over the past three years, according to research firm IDC. Customer and employee retention has also been reported as improving by 32% after investing in AI.

To read this article in full, please click here



Computer World Security News
Aug 08, 2023

Researchers build a scary Mac attack using AI and sound
A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren't particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

"(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified," the researchers wrote.

To read this article in full, please click here



Computer World Security News
Aug 07, 2023

Has Microsoft cut security corners once too often?
As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier. 

This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught. 

To read this article in full, please click here



Computer World Security News
Aug 02, 2023

UK intelligence agencies seek to weaken data protection safeguards
UK intelligence agencies are campaigning for the government to weaken surveillance laws, arguing that the current safeguards limit their ability to train AI models due to the large amount of personal data required.

GCHQ, MI5, and MI6 have been increasingly using AI technologies to analyze data sets, including bulk personal data sets (BPDs), which can often contain sensitive information about people not of interest to the security services.

Currently, a judge has to approve the examination and retention of BPDs, a process that intelligence agencies have described as "disproportionately burdensome" when applied to "publicly available datasets, specifically those containing data in respect of which the subject has little or no reasonable expectation of privacy."

To read this article in full, please click here



Computer World Security News
Jul 31, 2023

EEOC chief: AI system audits might comply with local anti-bias laws, but not federal ones
Keith Sonderling, commissioner of the US Equal Employment Opportunity Commission (EEOC), has for years been sounding the alarm about the potential for artificial intelligence (AI) to run afoul of federal anti-discrimination laws such as the Civil Rights Act of 1964.

It was not until the advent of ChatGPT, Bard, and other popular generative AI tools, however, that local, state and national lawmakers began taking notice — and companies became aware of the pitfalls posed by a technology that can automate efficiencies in the business process.

Instead of speeches he'd typically make to groups of chief human resource officers or labor employment lawyers, Sonderling has found himself in recent months talking more and more about AI. His focus has been on how companies can stay compliant as they hand over more of the responsibility for hiring and other aspects of corporate HR to algorithms that are vastly faster and capable of parsing thousands of resumes in seconds.

To read this article in full, please click here



Computer World Security News
Jul 31, 2023

EEOC Commissioner: AI system audits might not comply with federal anti-bias laws
Keith Sonderling, commissioner of the US Equal Employment Opportunity Commission (EEOC), has for years been sounding the alarm about the potential for artificial intelligence (AI) to run afoul of federal anti-discrimination laws such as the Civil Rights Act of 1964.

It was not until the advent of ChatGPT, Bard, and other popular generative AI tools, however, that local, state and national lawmakers began taking notice — and companies became aware of the pitfalls posed by a technology that can automate efficiencies in the business process.

Instead of speeches he'd typically make to groups of chief human resource officers or labor employment lawyers, Sonderling has found himself in recent months talking more and more about AI. His focus has been on how companies can stay compliant as they hand over more of the responsibility for hiring and other aspects of corporate HR to algorithms that are vastly faster and capable of parsing thousands of resumes in seconds.

To read this article in full, please click here



Computer World Security News
Jul 28, 2023

Apple toughens up app security with API control
Apple is at war with device fingerprinting — the use of fragments of unique device-specific information to track users online. This fall, it will put in place yet another important limitation to prevent unauthorized use of this kind of tech.

Apple at WWDC 2023 announced a new initiative designed to make apps that do track users more obvious while giving users additional transparency into such use. Now it has told developers a little more about how this will work in practice.

To read this article in full, please click here



Computer World Security News
Jul 26, 2023

Was Steve Jobs right about this?
Perhaps Steve Jobs was right to limit the amount of time he let his children use iPhones and iPads — a tradition Apple maintains with its Screen Time tool, which lets parents set limits on device use. Now, an extensive UNESCO report suggests that letting kids spend too much time on these devices can be bad for them.

Baked in inequality and lack of social skills That's the headline claim, but there's a lot more to the report in terms of exploring data privacy, misuse of tech, and failed digital transformation experiments.

To read this article in full, please click here



Computer World Security News
Jul 21, 2023

Apple: Proposed UK law is a ‘serious, direct threat' to security, privacy
New UK government surveillance laws are so over-reaching that tech companies can't possibly meet all of their requirements, according to Apple, which argues the measures will make the online world far less safe. 

Apple, WhatsApp, Meta all threaten to quit UK messaging The UK Home Office is pushing proposals to extend the Investigatory Powers Act (IPA) with a range of proposals that effectively require messaging providers such as Apple, WhatsApp, or Meta to install backdoors into their services. All three services are now threatening to withdraw messaging apps from the UK market if the changes move forward.

To read this article in full, please click here



Computer World Security News
Jul 20, 2023

Medical data sharing: Are we there yet?
Fifteen years ago, if you entered an emergency room a thousand miles from home, the ER doctors would not have had access to potentially lifesaving information in your medical records, such as your allergies or a list of drugs you were taking. Only 10% of US hospitals had electronic health record (EHR) systems, and health record requests were typically sent in paper form by mail or fax machine. Then the federal government stepped in, providing billions of dollars in EHR incentives to help hospitals get online.

To read this article in full, please click here



  • CEOExpress
  • c/o CommunityScape | 200 Anderson Avenue
    Rochester, NY 14607
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2024 CEOExpress Company LLC