ComputerWorld – Page 9 – PossibleThreat Articles

Credit to Author: eschuman@thecontentfirm.com| Date: Thu, 17 Aug 2023 07:06:00 -0700

When Zoom amended its terms of service earlier this month — a bid to make executives comfortable that it wouldn’t use Zoom data to train generative AI models — it quickly stirred up a hornet’s nest. So the company “revised” the terms of service, and left in place ways it can still get full access to user data.

Computerworld repeatedly reached out to Zoom without success to clarify what the changes really mean.

Editor’s note: Shortly after this column was published, Zoom again changed its terms and conditions. We’ve added an update to the end of the story covering the latest changes.

Before I delve into the legalese — and Zoom’s weasel words to falsely suggest it was not doing what it obviously was doing — let me raise a more critical question: Is there anyone in the video-call business not doing this? Microsoft? Google? Those are two firms that never met a dataset that they didn’t love.

To read this article in full, please click here

ComputerWorld Independent

China hacks the US military and government — the Feds blame Microsoft

August 17, 2023 0 Comments Government IT, Microsoft, Security

Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military’s bases around the world. One US congressional aide calls it a “ticking time bomb” that as The New York Times put it, “could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases.”

To read this article in full, please click here

ComputerWorld Independent

Jamf Threat Labs subverts iPhone security with fake Airplane Mode

August 17, 2023 0 Comments Apple, iOS, MacOS, Mobile, Security, small and medium business

Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today’s threat environment.

When Airplane mode isn’t Airplane mode

In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.

This is by no means a straightforward attack and hasn’t been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims.

To read this article in full, please click here

ComputerWorld Independent

China hacks the US military and government— the Feds blame Microsoft

August 17, 2023 0 Comments Government IT, Microsoft, Security

To read this article in full, please click here

ComputerWorld Independent

As VR headset adoption grows, privacy issues could emerge

August 14, 2023 0 Comments augmented reality, Data privacy, Privacy, Virtual Reality

Head and hand motion data gathered from virtual reality (VR) headsets could be as effective at identifying individuals as fingerprints or face scans, research studies have shown, potentially compromising user privacy when interacting in immersive virtual environments.

Two recent studies by researchers at the University of California, Berkeley, showed how data gathered by VR headsets could be used to identify individuals with a high level of accuracy, and potentially reveal a host of personal attributes, including height, weight, age, and even marital status, according to a Bloomberg report Thursday.

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday: Microsoft rolls out 90 updates for Windows, Office

August 11, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

With its August Patch Tuesday release, Microsoft pushed out 90 updates for the Windows and Office platforms. The latest fixes include another update for Microsoft Exchange (along with with a warning about failed updates to Exchange Server 2016 and 2019) and a “Patch Now” recommendation from us for Office.

The team at Application Readiness has crafted this useful infographic outlining the risks associated with each of the updates for this month.

To read this article in full, please click here

ComputerWorld Independent

Zoom goes for a blatant genAI data grab; enterprises, beware

August 11, 2023 0 Comments analytics, Data privacy, generative ai, videoconferencing, zoom video communications

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 11 Aug 2023 11:21:00 -0700

(Computerworld repeatedly reached out to Zoom without success to clarify what the changes really mean.)

To read this article in full, please click here

ComputerWorld Independent

Q&A: TIAA's CIO touts top AI projects, details worker skills needed now

August 10, 2023 0 Comments analytics, Artificial intelligence, careers, chatbots, Emerging Technology, Financial Services Industry, generative ai, it jobs, natural language processing, Security

Artificial intelligence (AI) is already having a significant effect on businesses and organizations across a variety of industries, even as many businesses are still just kicking the tires on the technology.

Those that have fully adopted AI claim a 35% increase in innovation and a 33% increase in sustainability over the past three years, according to research firm IDC. Customer and employee retention has also been reported as improving by 32% after investing in AI.

To read this article in full, please click here

ComputerWorld Independent

Researchers build a scary Mac attack using AI and sound

August 8, 2023 0 Comments Apple, Artificial intelligence, computers and peripherals, MacOS, Security

A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren’t particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

“(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified,” the researchers wrote.

To read this article in full, please click here

ComputerWorld Independent

Has Microsoft cut security corners once too often?

August 7, 2023 0 Comments Microsoft, Security

Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 07 Aug 2023 10:00:00 -0700

As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier.

This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught.

To read this article in full, please click here