OpenAI recently announced it is developing formal AI risk guidelines and assembling a team dedicated to monitor and study threat assessment involving imminent “superintelligence” AI, also called frontier models. Topics under review include the required parameters for a robust monitoring and prediction framework and how malicious actors might want to leverage stolen AI model weights. The announcement was made shortly prior to the Biden administration issuing an executive order requiring the major players in artificial intelligence to submit reports to the federal government assessing potential risks associated with their models. Continue reading OpenAI Creates a Team to Examine Catastrophic Risks of AI

Earlier this year, Google introduced support for passkeys as part of a larger initiative to improve security and eventually eliminate the need for passwords. Since the launch, consumers have begun using passkeys across Google apps such as Search, YouTube and Maps. As the next step in establishing “a simpler and more secure way to sign into your accounts online,” and following positive feedback from early users, the company is offering passkeys as the default option across personal accounts. When signing into accounts, users will receive prompts for creating passkeys. Additionally, Google account settings will feature a toggle that reads “skip password when possible.” Continue reading Google Makes Passkeys Default Option on Personal Accounts

Ransomware attacks have surged in the 12 months ending in June 2023, with the United States accounting for 43 percent of the 1,900 attacks reported — 7x greater than that of the second most popular target, the United Kingdom, at 196. The period marked a 75 percent increase in U.S. ransomware attacks, which were perpetrated by 48 different groups including CL0P, a gang believed to have ties to Russia. U.S. companies, governmental organizations and individual consumers were targeted during the period, with healthcare and educational institutions disproportionately impacted, according to a study by cybersecurity firm Malwarebytes. Continue reading U.S. Impacted by Significant Increase in Ransomware Attacks

Cybersecurity was a major topic at CES 2023, and one panel described strategies around one of the important and often ignored components: people. Moderated by Strategic Cyber Ventures chief executive Hank Thomas, panelists examined people’s personal relationship with cybersecurity, how they fall victim to cybercrime and how they could be incentivized to take more responsibility for their online activities. Terranet Ventures executive in residence Carole House, who was recently director of cybersecurity at the National Security Council in The White House, said that seeing individuals badly impacted “elevates cybercrime as a national imperative.” Continue reading CES: Focus on People Component for Strong Cyber Strategy

Mozilla has bundled two premium security products into a subscription package. Firefox Relay and Mozilla VPN are available together for $6.99 with an annual subscription. With the holiday sales season in full swing, retailers are bracing for hacker attacks and phishing schemes, an angle Mozilla is leveraging with its push. Axios Codebook says “the ongoing economic downturn is prompting more shoppers to look for online discount codes and more hackers to trick these consumers with phony deals.” Firefox Relay protects identities by hiding users real email addresses, while Mozilla VPN is a virtual private network service. Continue reading Mozilla Sets Discount Privacy Bundle: VPN Plus Firefox Relay

Now that Apple, Google and Microsoft have updated their operating systems to support the open standard passkey protocol stewarded by the FIDO Alliance, consumers will soon be liberated from the tyranny of passwords and their attendant security threats. PayPal has become the latest to embrace the passkey approach, announcing U.S. users will soon be able to log in using FIDO-compliant passkeys. It joins Best Buy, CardPointers, eBay, Kayak and WordPress among those with digital portals offering a passkey option. Passkeys will permit consumers to login seamlessly across devices, making online purchases easier and eliminating friction from app access. Continue reading Big Tech Ramps Up Digital Security with Passkey Deployment

Google has updated its developer Play Store policies with an aim toward tamping down intrusive ads and other unpleasant consumer experiences, such as VPN abuse and brand impersonation on Android. Full-screen interstitial ads of all formats (video, GIF, static, etc.) that display unexpectedly — that often lead to users engaging with something else — are forbidden effective September 22. Likewise, apps that allow ads at the beginning of a game level or during the beginning of a game content segment are on the robust list of infractions the Play Store will no longer tolerate. Continue reading Google Updates Play Store Policies to Protect Android Users

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

The Microsoft Digital Crimes Unit has seized 42 websites from China-based hacking group Nickel, in attempt to thwart the group’s intelligence-gathering operations. A Virginia federal court granted Microsoft’s request to take over the U.S.-based websites run by Nickel, also known as APT15. Microsoft had since 2016 been tracking the group’s activities, determining them “highly sophisticated,” with attacks designed to install malware that facilitated surveillance and data theft attacks. Nickel was used to attack organizations in the United States and 28 other countries around the world, DCU says. Continue reading Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

Google is providing full access to Workspace (formerly G Suite) for its 3+ billion existing users in consumer, enterprise and education markets. Users turn on Google Chat in Gmail to enable the full experience. Although Google Drive and Docs have already been free, Workspace brings features such as smart suggestions in emails and documents. Google is also debuting Google Workspace Individual, a paid version aimed at small business owners, offering “booking services, professional video meetings, personalized email marketing” and more. Continue reading Google Expands Workspace Features and Opens to All Users

MIT Technology Review Insights and cybersecurity firm Darktrace published a survey of 300+ worldwide C-level executives, directors and managers that reveals 96 percent are adopting “defensive AI” against AI-driven attacks. Of this cohort, 55 percent said traditional security solutions aren’t able to anticipate such AI-driven attacks. Defensive AI is comprised of self-learning algorithms that recognize normal user, device and system patterns and can spot anomalies. Gartner reported that global spending on IT will reach $4.1 trillion this year. Continue reading C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

Facebook shut down malware out of China that stole user credentials to serve ads for diet pills, sexual health products and counterfeit goods including designer handbags, shoes and sunglasses. The hackers used the consumer’s associated payment method to purchase the ads, at the cost to victims of $4 million. The social media company first exposed these attacks in 2018 and traced them to ILikeAd Media International, filing a civil suit against the firm and the two Chinese nationals who allegedly developed the malware. Continue reading Facebook Detects Malware That Was Being Used for Ad Fraud

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles