Independent – Page 30 – Computer Security Articles

Nine months after US President Joe Biden signed an executive order that updated rules for the transfer of data between the US and the EU, the European Commission this week ratified the EU-US Data Privacy Framework. Industry experts, however, say it will be challenged at the European Court of Justice (CJEU), and stands a good chance of being struck down.

The move comes two years after the CJEU shut down the previous EU-US data sharing agreement, known as Privacy Shield, on grounds that the US doesn’t provide adequate protection for personal data, particularly in relation to state surveillance. In 2015, a previous attempt to forge a data sharing pact, dubbed Safe Harbor, was also struck down by the CJEU.

To read this article in full, please click here

Independent Krebs

Apple & Microsoft Patch Tuesday, July 2023 Edition

July 11, 2023 admin adam barnett, andrew brandt, apple zero-day, Cisco, cve-2023-32046, cve-2023-32049, cve-2023-35311, cve-2023-36884, immersive labs, ios 16.5.1, kevin breen, macos 13.4.1, patch tuesday july 2023, Rapid7, safari 16.5.2, Security Tools, Sophos, storm-0978, Time to Patch, Trend Micro

Credit to Author: BrianKrebs| Date: Tue, 11 Jul 2023 22:55:07 +0000

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.

ComputerWorld Independent

Apple's disappearing Rapid Security Response update (u)

July 11, 2023 admin apple, iOS, MacOS, Operating Systems, Security

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

ComputerWorld Independent

Apple's disappearing Rapid Security Response update

July 11, 2023 admin apple, iOS, MacOS, Operating Systems, Security

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

To read this article in full, please click here

ComputerWorld Independent

4 collaboration security mistakes companies are still making

July 11, 2023 admin collaboration software, Security, small and medium business

Before the pandemic, the business world took for granted that the vast majority of knowledge workers would be working in corporate offices most of the time. In the post-pandemic world, however, many employees can work from anywhere, at any time, and on any device with an internet connection.

When COVID-19 work-at-home mandates took effect around the world in early 2020, organizations rushed to adopt online collaboration tools. With capabilities ranging from voice- and videoconferencing to document co-authoring and project tracking, these tools helped teams communicate, work together, and share updates on various projects and initiatives from home or anywhere else.

To read this article in full, please click here

Independent Krebs

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014

July 7, 2023 admin A Little Sunshine, ashley madison, Ashley Madison hack, avid life media, Disney, Hulu, jeremy bullock, noel biderman, wall to wall media, warner bros., william webster harrison

Credit to Author: BrianKrebs| Date: Fri, 07 Jul 2023 19:55:45 +0000

When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

ComputerWorld Independent

OpenAI launches new alignment division to tackle risks of superintelligent AI

July 7, 2023 admin Artificial Intelligence, Security

OpenAI is opening a new alignment research division, focused on developing training techniques to stop superintelligent AI — artificial intelligence that could outthink humans and become misaligned with humans ethics — from causing serious harm.

“Currently, we don’t have a solution for steering or controlling a potentially superintelligent AI, and preventing it from going rogue,” Jan Leike and Ilya Sutskever wrote in a blog post for OpenAI, the company behind the most well-known generative AI large language model, ChatGPT. They added that although superintelligence might seem far off, some experts believe it could arrive this decade.

To read this article in full, please click here

ComputerWorld Independent

Lawyers and Incident Response can be a dangerous combo

July 7, 2023 admin IT Leadership, IT Strategy, Security

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 07 Jul 2023 03:30:00 -0700

Lawyers and C-suite leaders have the same basic mission: protect the enterprise from bad actors who want to do harm. But they often often approach the job in such polar opposite ways that they wind up fighting each other instead of working together.

A new academic report on the topic from researchers at the University of Edinburgh, the University of Innsbruck, Tufts University and the University of Minnesota tried to document how stark those differences have become.

“Cyber insurance sends work to a small number of [incident response] firms, drives down the fees paid and appoints lawyers to direct technical investigators,” the report noted. “Lawyers, when directing incident response often introduce legalistic contractual and communication steps that slow down incident response, advise IR practitioners not to write down remediation steps or to produce formal reports and restrict access to any documents produced.”

To read this article in full, please click here