Researchers Call for Safe Harbor for the Evaluation of AI Tools

Artificial intelligence stakeholders are calling for safe harbor legal and technical protections that will allow them access to conduct “good-faith” evaluations of various AI products and services without fear of reprisal. More than 300 researchers, academics, creatives, journalists and legal professionals had as of last week signed an open letter calling on companies including Meta Platforms, OpenAI and Google to allow access for safety testing and red teaming of systems they say are shrouded in opaque rules and secrecy despite the fact that millions of consumers are already using them. Continue reading Researchers Call for Safe Harbor for the Evaluation of AI Tools

Google Makes Passkeys Default Option on Personal Accounts

Earlier this year, Google introduced support for passkeys as part of a larger initiative to improve security and eventually eliminate the need for passwords. Since the launch, consumers have begun using passkeys across Google apps such as Search, YouTube and Maps. As the next step in establishing “a simpler and more secure way to sign into your accounts online,” and following positive feedback from early users, the company is offering passkeys as the default option across personal accounts. When signing into accounts, users will receive prompts for creating passkeys. Additionally, Google account settings will feature a toggle that reads “skip password when possible.” Continue reading Google Makes Passkeys Default Option on Personal Accounts

Windows 11, GitHub, Nintendo Are Latest to Support Passkeys

Passkeys — a secure way to login to accounts without passwords — are back in the news as a bevy of companies lend their support to the cryptographic technology. Windows 11, GitHub and Nintendo are among the latest to go passwordless. The standard, which began gaining momentum last year, has also been embraced by companies including Apple, Google, the FIDO Alliance and the World Wide Web Consortium. Each passkey involves two keys — one public and registered with an online service or app, and one private and stored on individual devices, like smartphones or computers. Continue reading Windows 11, GitHub, Nintendo Are Latest to Support Passkeys

Cisco to Acquire Cybersecurity Firm Splunk in $28 Billion Deal

Cisco is poised to make its biggest acquisition ever, with an agreement in place to buy cybersecurity firm Splunk for $28 billion. Cisco, which turns 30 next year, is a global leader in the manufacture of computer networking equipment. Splunk is a 20-year-old company with more than 1,100 patents and a business built around keeping systems and data safe, resolving technical issues and minimizing the risk of hacks, most recently introducing new AI-based services. The companies expect the deal to close in late 2024. Cisco CEO Chuck Robbins says the deal will be financed with a combination of cash and debt. Continue reading Cisco to Acquire Cybersecurity Firm Splunk in $28 Billion Deal

Google Is Using AI to Bring Zero Trust Security to Workspace

Google has unveiled a spate of security enhancements to products in its Google Workspace collection including Gmail and Drive. Artificial intelligence is helping to steer some of the changes, automating specific tasks. The upgrades take a new approach, combining the idea of zero trust with the concept of data loss prevention (DLP). Under zero trust, all users, devices and components are considered untrustworthy at all times — even those within an organization’s network. These Workspace tools are in development or at various stages of testing, but Google says they will begin going live in general release later this year and into Q1 2024. Continue reading Google Is Using AI to Bring Zero Trust Security to Workspace

U.S. Impacted by Significant Increase in Ransomware Attacks

Ransomware attacks have surged in the 12 months ending in June 2023, with the United States accounting for 43 percent of the 1,900 attacks reported — 7x greater than that of the second most popular target, the United Kingdom, at 196. The period marked a 75 percent increase in U.S. ransomware attacks, which were perpetrated by 48 different groups including CL0P, a gang believed to have ties to Russia. U.S. companies, governmental organizations and individual consumers were targeted during the period, with healthcare and educational institutions disproportionately impacted, according to a study by cybersecurity firm Malwarebytes. Continue reading U.S. Impacted by Significant Increase in Ransomware Attacks

Biden Restricts the Government Use of Commercial Spyware

In what the White House says is a precedent-setting move, President Biden has signed an executive order prohibiting use by the U.S. Government of “commercial spyware,” powerful cyber technology used by state actors to spy on journalists, dissidents and human rights activists. The White House defined the class of apps as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users,” explaining such technology “has proliferated in recent years with few controls and high risk of abuse.” Continue reading Biden Restricts the Government Use of Commercial Spyware

Federal Government Creates Strike Force to Fight Tech Theft

The U.S. is increasing efforts to thwart technology theft, launching what some are calling a “hack back” attack against adversaries who use illegal means in attempts to steal developmental secrets or strike at supply chains. Operating from 12 metropolitan regions, the new Disruptive Technology Strike Force (DTSF) will enforce laws protecting U.S. advanced technologies from illegal acquisition and use by nation-states. The goal of the DTSF — a joint venture of the Department of Justice and the Commerce Department — is “to strike back against adversaries trying to siphon off our best technology,” deputy attorney general Lisa Monaco said. Continue reading Federal Government Creates Strike Force to Fight Tech Theft

Apple Introduces New iCloud Encryption to Prevent Hacking

Apple is adding a new end-to-end encryption option for iCloud data that will further protect backups, photos and notes. Called Advanced Data Protection, it will shield even Apple from seeing some of the most sensitive data users store on its servers. The change reportedly makes it impossible for Apple to provide law enforcement with the contents of encrypted files. The company says the security enhancements will help protect its customers from the most sophisticated hackers. The feature rolls out this week for those participating in Apple’s Beta Software Program. Continue reading Apple Introduces New iCloud Encryption to Prevent Hacking

Mozilla Sets Discount Privacy Bundle: VPN Plus Firefox Relay

Mozilla has bundled two premium security products into a subscription package. Firefox Relay and Mozilla VPN are available together for $6.99 with an annual subscription. With the holiday sales season in full swing, retailers are bracing for hacker attacks and phishing schemes, an angle Mozilla is leveraging with its push. Axios Codebook says “the ongoing economic downturn is prompting more shoppers to look for online discount codes and more hackers to trick these consumers with phony deals.” Firefox Relay protects identities by hiding users real email addresses, while Mozilla VPN is a virtual private network service. Continue reading Mozilla Sets Discount Privacy Bundle: VPN Plus Firefox Relay

Big Tech Ramps Up Digital Security with Passkey Deployment

Now that Apple, Google and Microsoft have updated their operating systems to support the open standard passkey protocol stewarded by the FIDO Alliance, consumers will soon be liberated from the tyranny of passwords and their attendant security threats. PayPal has become the latest to embrace the passkey approach, announcing U.S. users will soon be able to log in using FIDO-compliant passkeys. It joins Best Buy, CardPointers, eBay, Kayak and WordPress among those with digital portals offering a passkey option. Passkeys will permit consumers to login seamlessly across devices, making online purchases easier and eliminating friction from app access. Continue reading Big Tech Ramps Up Digital Security with Passkey Deployment

EU’s Cyber Resilience Act Plans to Augment Security for IoT

The European Union has released additional details of its Cyber Resilience Act (CRA), proposed cybersecurity rules initially introduced last year aimed at the growing number of smart devices and the Internet of Things. The goal is to introduce effective regulations that would help curb surging cyberattacks. Major tech companies from Apple to Amazon and LG would need to meet strict new standards in the connected electronics space or face significant fines that could run as high as the greater of $15 million or 2.5 percent of a company’s worldwide revenue. Continue reading EU’s Cyber Resilience Act Plans to Augment Security for IoT

Microsoft, Google, Apple Unite Behind Passwordless Logins

Apple, Google and Microsoft have joined forces in a rare intercorporate collaboration to create passwordless sign-in technology that relies on smartphones to sign-in. The tech giants announced last week that they are coordinating support for the passwordless sign-in standard, developed by the World Wide Web Consortium (W3C) and the FIDO (Fast Identity Online) Alliance. As a result, by the end of the year users of any of the three operating systems should be able to sign-in to any app or website when using supporting browsers from their nearby device. Continue reading Microsoft, Google, Apple Unite Behind Passwordless Logins

Major Security Vulnerability Triggers Worldwide Internet Crisis

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

Biden Administration Orders Agencies to Repair Cyber Flaws

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws