ComputerWorld – Page 11 – PossibleThreat Articles

Nine months after US President Joe Biden signed an executive order that updated rules for the transfer of data between the US and the EU, the European Commission this week ratified the EU-US Data Privacy Framework. Industry experts, however, say it will be challenged at the European Court of Justice (CJEU), and stands a good chance of being struck down.

The move comes two years after the CJEU shut down the previous EU-US data sharing agreement, known as Privacy Shield, on grounds that the US doesn’t provide adequate protection for personal data, particularly in relation to state surveillance. In 2015, a previous attempt to forge a data sharing pact, dubbed Safe Harbor, was also struck down by the CJEU.

To read this article in full, please click here

ComputerWorld Independent

Apple's disappearing Rapid Security Response update (u)

July 11, 2023 0 Comments Apple, iOS, MacOS, Operating Systems, Security

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

ComputerWorld Independent

Apple's disappearing Rapid Security Response update

July 11, 2023 0 Comments Apple, iOS, MacOS, Operating Systems, Security

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

To read this article in full, please click here

ComputerWorld Independent

4 collaboration security mistakes companies are still making

July 11, 2023 0 Comments collaboration software, Security, small and medium business

Before the pandemic, the business world took for granted that the vast majority of knowledge workers would be working in corporate offices most of the time. In the post-pandemic world, however, many employees can work from anywhere, at any time, and on any device with an internet connection.

When COVID-19 work-at-home mandates took effect around the world in early 2020, organizations rushed to adopt online collaboration tools. With capabilities ranging from voice- and videoconferencing to document co-authoring and project tracking, these tools helped teams communicate, work together, and share updates on various projects and initiatives from home or anywhere else.

To read this article in full, please click here

ComputerWorld Independent

OpenAI launches new alignment division to tackle risks of superintelligent AI

July 7, 2023 0 Comments Artificial intelligence, Security

OpenAI is opening a new alignment research division, focused on developing training techniques to stop superintelligent AI — artificial intelligence that could outthink humans and become misaligned with humans ethics — from causing serious harm.

“Currently, we don’t have a solution for steering or controlling a potentially superintelligent AI, and preventing it from going rogue,” Jan Leike and Ilya Sutskever wrote in a blog post for OpenAI, the company behind the most well-known generative AI large language model, ChatGPT. They added that although superintelligence might seem far off, some experts believe it could arrive this decade.

To read this article in full, please click here

ComputerWorld Independent

Lawyers and Incident Response can be a dangerous combo

July 7, 2023 0 Comments IT Leadership, IT Strategy, Security

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 07 Jul 2023 03:30:00 -0700

Lawyers and C-suite leaders have the same basic mission: protect the enterprise from bad actors who want to do harm. But they often often approach the job in such polar opposite ways that they wind up fighting each other instead of working together.

A new academic report on the topic from researchers at the University of Edinburgh, the University of Innsbruck, Tufts University and the University of Minnesota tried to document how stark those differences have become.

“Cyber insurance sends work to a small number of [incident response] firms, drives down the fees paid and appoints lawyers to direct technical investigators,” the report noted. “Lawyers, when directing incident response often introduce legalistic contractual and communication steps that slow down incident response, advise IR practitioners not to write down remediation steps or to produce formal reports and restrict access to any documents produced.”

To read this article in full, please click here

ComputerWorld Independent

Apple warns that UK's Online Safety Bill puts people at 'greater risk'

June 28, 2023 0 Comments Apple, iOS, Mobile, Privacy, Security, small and medium business

Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.

And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.

The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.

To read this article in full, please click here

ComputerWorld Independent

With one June Patch Tuesday update, Microsoft falls short

June 20, 2023 0 Comments Microsoft, Security, small and medium business, Windows

I’ve tracked Microsoft’s Windows patches for years and closely watched all of the changes the company has made. I remember when you had to install updates in a certain order — and watch for which one had to be installed first. I remember the arrival of automated patching using Software Update Services (later called Windows Server Update Services). I’ve seen how we went from a system where each vulnerability was patched individually to what we now have: cumulative patching.

The ideal patch is self-contained. Install, reboot, get back to your work. It causes no side effects. It protects the operating system. And you forget about it because it does what it’s supposed to do.

To read this article in full, please click here

ComputerWorld Independent

Recent Teams, Office outages were caused by cyberattacks: Microsoft

June 19, 2023 0 Comments cyberattacks, DDoS, Microsoft

Microsoft has confirmed that recent outages to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS attack by a threat actor that the company tracks as Storm-1359.

Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a “hacktivist” group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports.

To read this article in full, please click here

ComputerWorld Independent

Apple beefs up enterprise identity, device management

June 19, 2023 0 Comments Apple, Security, Software Development

Last week at WWDC, Apple introduced new capabilities related to Managed Apple IDs and to user identity overall.

Managed Apple IDs have been around for some time. They handle many of the same tasks as personal Apple IDs, but are owned by an organization rather than the end user and are typically created alongside a user’s enterprise identity through federated authentication with a company’s identity provider.

Managed IDs allow a user to activate and use an Apple device — whether company owned or personal BYOD— and create a business profile on employee devices. Additionally, they provide Apple services including some core iCloud functionality such as backing up the work-related content on the device and syncing app data from Mail, Calendar, Contacts, and Notes. They also allow IT to manage what resources and devices a user can access, reset passwords, and help with Apple device management.

To read this article in full, please click here