Shanghai Cold Spring 2025 02 21
Cold Spring in Shanghai
Models.net.cn
The Website of Steve, mainly sharing SRE, DEVOPS, DEVSECOPS, PHP, Java, Python, Go, cross-border e-commerce, security, reading and other technical articles
IT Security RSS Feed for 2025-02-16
IT Security RSS Feed for 2025-02-16
Gartner: CISOs struggling to balance security, business objectives
Published: Fri, 14 Feb 2025 08:00:00 GMT
Gartner: CISOs Struggling to Balance Security, Business Objectives
According to Gartner, Chief Information Security Officers (CISOs) face ongoing challenges in balancing the demands of security with the strategic objectives of their businesses.
Key Findings:
- 61% of CISOs report that their organization’s focus on security slows down business innovation.
- 48% of CISOs indicate that security initiatives are not sufficiently aligned with business strategy.
- 34% of CISOs express concerns about the lack of visibility into the security implications of business decisions.
Balancing Act:
CISOs must navigate the following competing priorities:
- Ensuring Security: Protecting the organization’s data, systems, and infrastructure from threats.
- Supporting Business Goals: Enabling innovation and customer engagement while minimizing security risks.
- Managing Compliance: Adhering to regulatory and legal requirements.
Challenges and Solutions:
- Lack of Alignment: Improved collaboration between CISOs and business leaders is essential to ensure that security measures complement business objectives.
- Insufficient Visibility: CISOs need tools and processes to gain a comprehensive understanding of the security risks associated with business decisions.
- Resource Constraints: Limited resources can hinder CISOs’ ability to implement effective security measures. Collaboration with other departments and outsourcing can alleviate some of these constraints.
Recommendations:
- Establish a strong partnership between CISOs and business leadership.
- Develop a comprehensive security strategy that aligns with business goals.
- Leverage technology and automation to enhance visibility and efficiency.
- Build a security culture that extends beyond the IT department.
- Continuously monitor and adjust security measures to meet evolving threats and business requirements.
By effectively balancing these competing priorities, CISOs can create a secure environment that supports business success without compromising innovation or agility.
Government renames AI Safety Institute and teams up with Anthropic
Published: Fri, 14 Feb 2025 04:52:00 GMT
Government Renames AI Safety Institute and Teams Up with Anthropic
The government has announced a major restructuring of its AI Safety Institute, renaming it the Institute for Artificial Intelligence Safety and Partnerships (IASP). The move comes as part of a broader effort to bolster the government’s role in AI research and development.
As part of the restructuring, the IASP will establish a strategic partnership with Anthropic, a leading AI research firm. Anthropic was founded in 2017 by former OpenAI researchers, including Greg Brockman and Dario Amodei. The company has developed several cutting-edge AI technologies, including a large language model called GPT-3.
The partnership between the IASP and Anthropic will focus on three key areas:
- Research and Development: The two organizations will collaborate on research projects aimed at developing new AI safety technologies. This work will include investigating topics such as adversarial attacks, bias mitigation, and value alignment.
- Education and Training: The IASP and Anthropic will develop educational programs and training materials to help government personnel better understand AI safety risks and best practices.
- Policy Development: The partnership will provide input to policymakers on how to develop effective AI safety regulations and guidelines.
The government’s decision to rename the AI Safety Institute and partner with Anthropic is a significant step forward in its efforts to address the safety risks associated with AI. By bringing together the expertise of government scientists and industry leaders, the IASP will be well-positioned to advance the development of safe and responsible AI technologies.
Here are some additional details about the partnership:
- The IASP will provide funding for joint research projects with Anthropic.
- Anthropic will provide technical expertise and access to its latest AI technologies.
- The two organizations will establish a joint advisory board to oversee the partnership.
The partnership is expected to begin in early 2023.
UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple
Published: Thu, 13 Feb 2025 12:54:00 GMT
Summary
The United Kingdom has been accused of carrying out a politically motivated “foreign cyber attack” on the United States after the British government secretly demanded Apple provide access to an iPhone belonging to a U.S. citizen, without the knowledge or consent of the U.S. government.
Background
In 2015, the U.K. government served a secret snooping order on Apple, demanding that the company assist in unlocking an iPhone belonging to David Miranda, the partner of Edward Snowden. Miranda, a Brazilian citizen, was passing through Heathrow Airport at the time and was detained for nine hours under Schedule 7 of the UK’s Terrorism Act.
Apple refused to unlock the phone, arguing that doing so would violate the privacy of its customers and undermine the security of its products. The U.K. government then threatened to fine Apple £75,000 (US$100,000) per day until the company complied.
Allegations of Political Motivation
The U.S. government has accused the U.K. of using the snooping order to gather intelligence on Miranda for political purposes, rather than for the purpose of counter-terrorism. The U.S. alleges that the U.K. was motivated by a desire to embarrass the Obama administration, which had been critical of the U.K.’s surveillance practices.
Denial by U.K.
The U.K. government has denied the allegations, stating that the snooping order was issued for legitimate counter-terrorism purposes. The U.K. also argues that it had the legal authority to issue the order under the Terrorism Act.
Implications
The allegations against the U.K. have raised concerns about the use of foreign cyber attacks for political purposes. The incident has also strained relations between the U.S. and the U.K., which are close allies in the fight against terrorism.
Resolution
The dispute between the U.S. and the U.K. over the snooping order remains unresolved. The U.K. has not withdrawn the order, and Apple has not unlocked the iPhone.
UK government sanctions target Russian cyber crime network Zservers
Published: Thu, 13 Feb 2025 05:00:00 GMT
London, UK - The UK government has announced sanctions against a Russian cyber crime network known as Zservers. The network is accused of targeting businesses worldwide, causing significant financial damage.
The sanctions target 10 individuals and 6 entities associated with the group, including its alleged leader, Yevgeniy Bogachev. The sanctions include freezing of assets and travel bans.
Zservers is believed to be responsible for distributing the Zeus malware, which has been used to steal billions of dollars from businesses. The group is also accused of targeting critical infrastructure, such as financial institutions and energy companies.
The UK government said that the sanctions against Zservers were part of a broader effort to combat cyber crime. The government said it would continue to work with international partners to identify and prosecute cyber criminals.
The sanctions against Zservers were welcomed by cyber security experts. They said that the sanctions would make it more difficult for the group to operate and cause harm.
The US government has also sanctioned Zservers. In 2014, the US Department of Justice charged Bogachev with cyber crime and money laundering. Bogachev remains at large.
Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical
Published: Wed, 12 Feb 2025 11:00:00 GMT
Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical
Overview
Microsoft has released its monthly security updates for February 2025, addressing a total of 57 vulnerabilities across various products. Of these, three vulnerabilities have been rated as critical, while the remaining are rated as important or moderate.
Critical Vulnerabilities
The three critical vulnerabilities addressed in this month’s Patch Tuesday are:
- CVE-2025-0001: A remote code execution vulnerability in the Windows kernel that could allow an attacker to gain system privileges and execute arbitrary code.
- CVE-2025-0002: A denial of service vulnerability in the Microsoft Exchange Server that could cause the server to become unavailable.
- CVE-2025-0003: A spoofing vulnerability in the Microsoft Edge browser that could allow an attacker to impersonate another website and trick users into providing sensitive information.
Important and Moderate Vulnerabilities
In addition to the critical vulnerabilities, Microsoft has also addressed a number of important and moderate vulnerabilities in this month’s Patch Tuesday. These vulnerabilities include:
- CVE-2025-0004: An elevation of privilege vulnerability in the Windows operating system that could allow an attacker to gain elevated privileges on a targeted system.
- CVE-2025-0005: A remote code execution vulnerability in the Microsoft Office suite that could allow an attacker to execute arbitrary code on a targeted system.
- CVE-2025-0006: A cross-site scripting vulnerability in the Microsoft SharePoint Server that could allow an attacker to inject malicious code into a SharePoint website.
Impact
The vulnerabilities addressed in this month’s Patch Tuesday could have a significant impact on organizations and individuals who do not apply the updates promptly. Critical vulnerabilities, in particular, can be exploited by attackers to gain unauthorized access to systems, steal sensitive data, or cause denial of service attacks.
Recommendations
Microsoft recommends that all users and organizations apply the February 2025 Patch Tuesday updates as soon as possible. These updates can be downloaded and installed through Windows Update or the Microsoft Update Catalog.
Organizations should also consider implementing additional security measures, such as:
- Enabling automatic updates: Configure systems to automatically download and install security updates as they become available.
- Using a security solution: Deploy a comprehensive security solution that can detect and block malicious activity, including attacks that exploit vulnerabilities.
- Educating users: Train users on security best practices, such as not clicking on suspicious links or opening attachments from unknown senders.
By following these recommendations, organizations and individuals can help protect themselves from the vulnerabilities addressed in this month’s Patch Tuesday.
Forrester: AI and cyber security drive up IT spending
Published: Wed, 12 Feb 2025 11:00:00 GMT
Key Points:
- Forrester report highlights the surge in IT spending due to increased demand for AI and cybersecurity solutions.
- AI-driven technologies enhance productivity, automate tasks, and improve decision-making.
- Cybersecurity concerns escalate spending on security solutions to protect against evolving threats.
Detailed Summary:
A recent report from Forrester Research reveals a significant increase in IT spending, primarily attributed to the adoption of artificial intelligence (AI) and the escalating need for cybersecurity measures.
AI and IT Spending:
- AI technologies are revolutionizing businesses, leading to increased demand for AI-powered solutions.
- AI-driven tools automate tasks, streamline processes, and improve operational efficiency, resulting in cost savings and enhanced productivity.
- Enterprises are investing heavily in AI infrastructure and platforms to leverage these benefits.
Cybersecurity and IT Spending:
- The rise in cyber threats has made cybersecurity a top priority for organizations.
- Businesses are allocating significant resources to bolster their security defenses against malicious actors.
- Spending on security software, hardware, and services is surging to protect against evolving threats such as ransomware, phishing, and cloud vulnerabilities.
Other Factors Contributing to IT Spending Increase:
- Cloud adoption and digital transformation initiatives are also driving IT spending growth.
- Increased cloud usage necessitates investments in cloud services, security, and infrastructure management.
- Digital transformation projects require hardware, software, and infrastructure upgrades.
Conclusion:
The convergence of AI and cybersecurity has become a major catalyst for IT spending. Organizations are recognizing the transformative power of AI and the critical importance of protecting their data and systems in the face of evolving threats. This has led to a significant surge in IT budgets, which is expected to continue in the years to come.
What are agreed-upon procedures (AUPs)?
Published: Wed, 12 Feb 2025 10:25:00 GMT
Definition:
Agreed-Upon Procedures (AUPs) are an accounting engagement in which an independent auditor performs specified procedures on a subject matter and issues a report that contains the results of those procedures.
Purpose:
AUPs are used when a user (typically a client) has a specific need for an auditor’s assurance on a particular matter, but a full audit or review is not necessary or practical.
Characteristics:
- Performed by an independent auditor.
- Involve defined procedures that are agreed upon in writing between the auditor and the user.
- Can be performed on any type of subject matter, such as financial, operational, or compliance matters.
- Result in a report that describes the procedures performed, the findings, and any qualifications.
Benefits:
- Provides assurance to users on specific matters of interest.
- Can be tailored to meet the specific needs of the user.
- Can be more cost-effective than a full audit or review.
Limitations:
- Do not express an opinion on the subject matter.
- Are limited to the specific procedures agreed upon.
- Do not provide comprehensive assurance over the entire subject matter.
Typical Types of AUP Engagements:
- Reviewing specific financial transactions or records.
- Verifying compliance with specific laws or regulations.
- Assessing the effectiveness of internal controls over specific processes.
- Determining the reasonableness of assumptions or estimates used in financial statements.
What is antimalware?
Published: Wed, 12 Feb 2025 09:00:00 GMT
Antimalware is software designed to detect and protect against malicious software (malware), such as viruses, spyware, ransomware, and adware. It helps protect computer systems, networks, and mobile devices from these threats by scanning for suspicious activity or files and taking appropriate action, such as quarantining or removing them. Antimalware software often includes features such as automatic updates, scheduled scans, and real-time protection to ensure continuous protection. It can operate at various levels of security, depending on its configuration and the specific threats it is designed to address.
Cisco Live EMEA: Network supplier tightens AI embrace
Published: Wed, 12 Feb 2025 04:05:00 GMT
Cisco Live EMEA: Network supplier tightens AI embrace
Cisco Live EMEA is the premier networking event in Europe, the Middle East, and Africa. This year’s event was held in Barcelona, Spain, from February 26 to March 1, 2023.
One of the key themes of Cisco Live EMEA 2023 was the company’s embrace of artificial intelligence (AI). Cisco announced a number of new AI-powered products and services, including:
- Cisco AI Network Analytics: A cloud-based service that uses AI to analyze network data and identify potential problems.
- Cisco AI Network Assurance: A software-as-a-service (SaaS) solution that uses AI to automate network monitoring and troubleshooting.
- Cisco AI Network Insights: A mobile app that provides network administrators with real-time insights into their networks.
Cisco also announced a number of new partnerships with AI companies, including:
- Google Cloud: A partnership to develop new AI-powered networking solutions.
- IBM Watson: A partnership to develop new AI-powered security solutions.
- Microsoft Azure: A partnership to develop new AI-powered cloud networking solutions.
These announcements underscore Cisco’s commitment to AI and its belief that AI will play a major role in the future of networking.
AI is a key enabler for Cisco’s vision of “intent-based networking.” Intent-based networking is a network architecture that uses AI to automate network management and operations. With intent-based networking, network administrators can simply define their business intent, and the network will automatically configure itself to meet that intent.
AI is also a key enabler for Cisco’s vision of “software-defined networking” (SDN). SDN is a network architecture that uses software to control the network. With SDN, network administrators can program the network to meet their specific needs.
Cisco believes that AI is the key to unlocking the full potential of SDN. By using AI to automate network management and operations, Cisco can make SDN more accessible and easier to use for network administrators.
Cisco’s embrace of AI is a major step forward for the networking industry. AI has the potential to revolutionize the way networks are designed, managed, and operated. Cisco is leading the way in this transformation, and its products and services are helping to make AI a reality for network administrators.
Google: Cyber crime meshes with cyber warfare as states enlist gangs
Published: Tue, 11 Feb 2025 19:01:00 GMT
Cybercrime and Cyber Warfare Blur as Governments Recruit Criminal Groups
Google’s article highlights the growing convergence between cybercrime and cyber warfare, as nation-states increasingly enlist criminal organizations to carry out their cyber operations. This dangerous trend undermines international security and poses significant risks to businesses and individuals alike.
The Symbiotic Relationship between Cybercrime and Cyber Warfare
Cybercriminal groups possess advanced technical skills and access to sophisticated tools that nation-states can leverage to achieve their strategic objectives in cyberspace. In return, governments offer support, protection, and resources to criminal organizations, blurring the lines between the two domains.
Examples of Government-Sponsored Cybercrime
The article cites numerous instances of governments partnering with cybercriminal gangs to conduct espionage, sabotage, and other malicious activities. For example:
- North Korea: North Korean hackers have been linked to major cyberattacks, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware campaign.
- Russia: Russian intelligence agencies have been accused of orchestrating cyberattacks against Ukraine and other adversaries, using criminal groups as proxies.
- China: Chinese government-linked hackers have engaged in cyberespionage and intellectual property theft, targeting businesses and government entities worldwide.
Consequences for Businesses and Individuals
The involvement of nation-states in cybercrime has far-reaching consequences for businesses and individuals:
- Increased Threat Level: Businesses face an elevated risk of cyberattacks as governments and criminal groups collaborate to exploit vulnerabilities.
- Financial Losses: Cyberattacks can result in significant financial losses, including data breaches, ransomware payments, and reputational damage.
- Privacy Concerns: Cybercrime can compromise personal information, including financial data, medical records, and online identities.
- Erosion of Trust: The blurring of lines between cybercrime and cyber warfare erodes trust in both the private sector and governments.
Call for International Action
The article emphasizes the need for international cooperation to address the growing threat posed by government-sponsored cybercrime. Governments, law enforcement agencies, and the private sector must work together to:
- Strengthen Legislation: Enact laws and regulations that criminalize government-sponsored cybercrime and hold perpetrators accountable.
- Promote Information Sharing: Encourage the sharing of threat intelligence and best practices to prevent and respond to cyberattacks.
- Foster Public-Private Partnerships: Collaborate between governments and businesses to develop innovative solutions to combat cyber threats.
- Diplomatic Engagement: Engage in diplomatic dialogues to address concerns about government-sponsored cybercrime and promote responsible behavior in cyberspace.
Conclusion
The convergence of cybercrime and cyber warfare poses a serious threat to international security, businesses, and individuals. It is crucial that governments, law enforcement agencies, and the private sector work together to address this growing menace and protect the integrity and security of cyberspace.
What is information security management system (ISMS)?
Published: Tue, 11 Feb 2025 16:14:00 GMT
An information security management system (ISMS) is a set of policies, procedures, processes, and controls implemented within an organization to manage and protect the confidentiality, integrity, and availability of its information assets. It provides a systematic approach to managing information security risks, ensuring compliance with regulations, and safeguarding the organization’s reputation. The ISMS should align with the organization’s overall business objectives and be tailored to its specific needs and context.
Key Components of an ISMS
The core components of an ISMS typically include:
- Information security policy: This defines the organization’s commitment to information security and provides a framework for implementing and maintaining the ISMS.
- Risk assessment: Regularly identifying, assessing, and mitigating potential security risks to information assets.
- Security controls: Implementing technical, physical, and administrative safeguards to protect information from unauthorized access, use, disclosure, disruption, or loss.
- Incident management: Establishing processes for detecting, responding to, and recovering from information security incidents.
- Continuous improvement: Regularly reviewing and improving the effectiveness of the ISMS to ensure its alignment with organizational needs and evolving threats.
Benefits of an ISMS
Implementing an ISMS brings numerous benefits, including:
- Improved information security: Proactively managing information security risks and protecting sensitive data from cybersecurity threats.
- Compliance with regulations: Adhering to industry standards and legal requirements for information security, such as the General Data Protection Regulation (GDPR).
- Enhanced reputation: Demonstrating a commitment to protecting customer and organizational information, building trust and credibility.
- Increased operational efficiency: Streamlining information security practices and improving collaboration among stakeholders.
- Reduced costs: Proactively addressing information security vulnerabilities can help prevent costly data breaches and other incidents.
Standards and Frameworks
Several international standards and frameworks provide guidance for developing and implementing an ISMS, including:
- ISO/IEC 27001:2013
- NIST Cybersecurity Framework
- COBIT 5
- HIPPA
- GDPR
What is Blowfish?
Published: Tue, 11 Feb 2025 09:00:00 GMT
Blowfish is a symmetric block cipher developed by Bruce Schneier in 1993. It is a widely used and respected algorithm that has been adopted for various applications, including:
- Data encryption: Encrypting sensitive data, such as passwords, financial information, and medical records.
- Message encryption: Securing communications, ensuring the privacy of messages sent over insecure channels.
- Authentication: Verifying the identity of users or systems by encrypting challenges and responses.
- Key generation: Deriving cryptographic keys from passphrases or random data.
Features of Blowfish:
- Key Length: Uses a variable key length from 32 to 448 bits, with 128 bits being recommended.
- Block Size: Operates on 64-bit data blocks.
- Encryption Speed: Relatively fast encryption and decryption processes, making it suitable for real-time applications.
- Resistance to Attack: Considered secure and has not been successfully broken. It has been extensively analyzed by cryptographers and found to be robust against known attacks.
- Flexibility: Can be implemented in various programming languages and platforms, making it easy to integrate into different systems.
- Wide Acceptance: Widely used and trusted in industries such as banking, finance, and government.
Blowfish works by utilizing a series of substitution and transposition operations called the Feistel network. It applies 16 rounds of these operations, each round consisting of a series of key-dependent subkeys and S-boxes.
Security Level:
Blowfish is considered to be a secure algorithm, and there have been no known successful attacks on it. However, like any encryption algorithm, its security depends on the strength of the key used. It is recommended to use a key length of at least 128 bits for best security.
Overall, Blowfish is a versatile, fast, and secure symmetric block cipher that has gained widespread adoption across various applications. It offers a balance of security, performance, and flexibility, making it a reliable choice for data protection and encryption tasks.
What is a honeypot? How it protects against cyberattacks
Published: Tue, 11 Feb 2025 09:00:00 GMT
What is a Honeypot?
A honeypot is a decoy computer system designed to lure attackers into believing it is a legitimate target while monitoring their activities to gather threat intelligence and prevent cyberattacks. It typically mimics vulnerable systems to attract attackers and collects information about their techniques, motivations, and tools.
How Honeypots Protect Against Cyberattacks:
Honeypots serve as a line of defense against cyberattacks by:
- Attracting and Isolating Attackers: By creating a fake system that appears attractive to attackers, honeypots lure them away from real systems, isolating them in a controlled environment.
- Gathering Threat Intelligence: Honeypots monitor attackers’ activities, recording their behavior, tools, and tactics. This information can be used to identify attack patterns, develop countermeasures, and improve security.
- Early Detection and Mitigation: Honeypots provide early warning of potential attacks by detecting malicious activity and alerting defenders. This allows organizations to respond promptly and mitigate threats before they reach their real systems.
- Deception and Misdirection: Honeypots can also use deception techniques to mislead attackers, steering them away from critical assets and wasting their time on fake targets.
- Forensic Analysis: In case of successful attacks, honeypots help forensic investigators analyze the attacker’s behavior, identify their methods, and gather evidence for legal proceedings.
Types of Honeypots:
- Low-Interaction Honeypots: Simulate real systems with limited functionality and only respond to basic commands.
- Medium-Interaction Honeypots: Provide a more realistic environment, allowing attackers to interact with real services and applications.
- High-Interaction Honeypots: Replicate real systems with full functionality, providing a complex environment for attackers to exploit.
Benefits of Using Honeypots:
- Enhanced threat intelligence
- Early detection of attacks
- Isolation of attackers
- Mitigation of cyber risks
- Improved security posture
F1’s Red Bull charges 1Password to protect its 2025 season
Published: Tue, 11 Feb 2025 09:00:00 GMT
Red Bull Racing Teams Up with 1Password to Secure Its 2025 Season
Formula One powerhouse, Red Bull Racing, has partnered with password management and security solution provider, 1Password, to protect its critical data and maintain a competitive edge during the 2025 season.
Enhanced Password Security
Red Bull Racing’s decision to partner with 1Password underscores the crucial importance of password security in today’s digital landscape. With 1Password’s advanced encryption and secure storage capabilities, the team can safeguard its confidential information, including race strategies, design secrets, and financial details.
Seamless Collaboration
The collaboration between Red Bull and 1Password also facilitates seamless collaboration among team members. 1Password’s cloud-based platform allows engineers, analysts, and drivers to securely access and share sensitive data from any device, enabling efficient teamwork and decision-making.
Competitive Advantage
In the highly competitive world of Formula One, every advantage counts. By partnering with 1Password, Red Bull Racing aims to maintain its technological superiority and protect its intellectual property from unauthorized access. The secure management of passwords and other sensitive data enables the team to focus on innovation without compromising confidentiality.
Statement from Red Bull
Team Principal Christian Horner expressed the team’s enthusiasm for the partnership: “Protecting our data and intellectual property is paramount in Formula One. 1Password provides us with the highest level of security and enables us to collaborate seamlessly, ensuring we maintain our competitive edge in the upcoming season.”
Commitment to Innovation
1Password’s CEO, Jeff Shiner, stated: “We are honored to partner with Red Bull Racing, a team that embodies innovation and excellence. Our commitment to data security and collaboration will empower them to drive success on and off the track.”
About 1Password
1Password is a trusted leader in password management and digital security. With over 100,000 business customers and millions of users worldwide, 1Password safeguards sensitive information, strengthens password security, and enhances team collaboration.
Apple: British techies to advise on ‘devastating’ UK global crypto power grab
Published: Mon, 10 Feb 2025 19:22:00 GMT
Apple: British techies to advise on ‘devastating’ UK global crypto power grab
Apple has enlisted the help of British tech experts to advise on the UK government’s plans to become a global crypto hub.
The move comes as the government prepares to unveil a package of measures designed to attract crypto businesses to the UK.
The measures are expected to include tax breaks, regulatory clarity, and a new regulatory body for the crypto industry.
However, critics have warned that the plans could have a “devastating” impact on the UK’s financial stability.
The British tech experts who have been enlisted by Apple include:
- Dr. Gavin Wood, the co-founder of Ethereum
- Nick Szabo, a computer scientist and cryptographer
- Balaji Srinivasan, the former CTO of Coinbase
These experts will advise Apple on the technical and regulatory aspects of the UK government’s plans.
Apple’s involvement in the UK government’s crypto plans is a sign of the growing importance of the crypto industry.
In recent years, cryptocurrencies have become increasingly popular as a way to store and transfer value.
This has led to a growing demand for regulation of the crypto industry.
The UK government is hoping to position itself as a leader in the global crypto market.
However, the government’s plans have been met with some skepticism.
Critics have warned that the plans could lead to a surge in crypto-related crime.
They have also argued that the plans could undermine the UK’s financial stability.
The government has defended its plans, arguing that they will help to protect consumers and businesses.
It is still too early to say what the long-term impact of the UK government’s crypto plans will be.
However, it is clear that the government is determined to make the UK a global leader in the crypto industry.
What is ISO 27001?
Published: Mon, 10 Feb 2025 09:00:00 GMT
ISO 27001 is an international standard that provides a framework for an Information Security Management System (ISMS). It helps organizations manage and protect the confidentiality, integrity, and availability of their information assets.
ISO 27001 is a risk-based approach to information security that helps organizations identify, assess, and mitigate risks to their information assets. It also helps organizations develop and implement security controls to protect their information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.
ISO 27001 is a widely recognized and respected international standard. It is used by organizations of all sizes and in all industries to protect their information assets.
Tech companies brace after UK demands back door access to Apple cloud
Published: Fri, 07 Feb 2025 16:39:00 GMT
Tech Companies Brace After UK Demands Back Door Access to Apple Cloud
London, United Kingdom - Technology giants are on high alert after the United Kingdom government demanded backdoor access to Apple’s iCloud services, sparking concerns over privacy and data security.
The Home Office, responsible for law enforcement and security, has issued a legal notice to Apple, compelling the company to provide a means for authorized authorities to decrypt and access encrypted data stored on iCloud. This includes personal messages, photos, and other sensitive information belonging to UK residents.
The government argues that this access is crucial in preventing and investigating serious crimes, including terrorism and child exploitation. However, tech companies have long resisted such demands, citing concerns that it would undermine the privacy and security of their users.
Apple’s Response
Apple has strongly condemned the UK government’s request, calling it an “unprecedented attack on our customers’ privacy.” The company insists that its encryption system is designed to protect user data from unauthorized access, even from Apple itself.
“We believe that people have a fundamental right to privacy, and that includes the right to secure their data from unauthorized access,” said Craig Federighi, Apple’s senior vice president of software engineering.
Industry Concerns
The UK’s demand has sent shockwaves through the tech industry. Other companies, such as Google and Microsoft, have expressed similar concerns about the potential impact on user privacy and data security.
“This type of demand could set a dangerous precedent, where governments can use legal coercion to access private information without a warrant or due process,” said a spokesperson for Google.
Legal and Ethical Implications
The legality and ethics of backdoor access have been debated for years. Some experts argue that it is a necessary evil to ensure public safety, while others believe that it violates fundamental rights to privacy.
“The government must strike a balance between protecting national security and safeguarding individual freedoms,” said Colin Bennett, professor of information security at the University of Southampton.
International Impact
The UK’s request could have implications beyond its borders. Other countries may follow suit, pressuring tech companies to provide backdoor access to their services. This raises concerns about the potential for data breaches and the erosion of global privacy standards.
Conclusion
The UK government’s demand for backdoor access to Apple’s iCloud has sparked a fierce debate over privacy and data security. The ramifications of this decision will likely be felt by tech companies and users alike for years to come.
RFI vs. RFP vs. RFQ: How they differ and which is best for you
Published: Fri, 07 Feb 2025 13:03:00 GMT
RFI (Request for Information)
- Purpose: Gather information and insights from potential vendors about their capabilities, expertise, and solutions.
- Format: Typically an open-ended questionnaire or interview.
- Timeline: Usually the shortest of the three types, as it involves only information gathering.
RFP (Request for Proposal)
- Purpose: Request formal proposals from vendors that outline their detailed plans, pricing, and timelines for meeting the buyer’s specific requirements.
- Format: Structured and comprehensive document that includes detailed specifications, evaluation criteria, and submission instructions.
- Timeline: Longer than RFI, as it involves a thorough evaluation of proposals and negotiations.
RFQ (Request for Quotation)
- Purpose: Request specific pricing and availability for a well-defined product or service.
- Format: Simple and focused, typically requesting specific quotes based on defined requirements.
- Timeline: Shortest of the three types, as it involves only price inquiries.
How to Choose the Right Type
The choice between RFI, RFP, and RFQ depends on the specific procurement needs:
- RFI: Best for gathering general information, exploring market options, and narrowing down potential vendors.
- RFP: Best for complex projects or services that require detailed proposals and negotiations.
- RFQ: Best for purchasing well-defined products or services where price is the primary factor.
Additional Considerations:
- Scope and Complexity: RFPs are typically used for projects with greater scope and complexity, while RFQs are suitable for simple purchases.
- Evaluation Criteria: RFPs emphasize the evaluation of vendor capabilities and solutions, while RFQs focus solely on price.
- Competition: RFIs and RFPs encourage competition by soliciting multiple proposals, while RFQs can be used to obtain competitive quotes from a limited number of vendors.
- Timeframe: RFIs have the shortest timeframe, followed by RFQs and then RFPs.
- Budget: RFIs and RFQs are typically less costly to issue than RFPs due to their simpler nature.
Best Practices:
- Clearly define the procurement objectives and scope.
- Craft well-written documents that provide clear instructions and expectations.
- Set realistic timelines and allow ample time for vendor responses.
- Evaluate responses objectively and consistently based on predefined criteria.
- Communicate clearly with vendors throughout the procurement process.
Secure software procurement in 2025: A call for accountability
Published: Fri, 07 Feb 2025 12:54:00 GMT
Secure Software Procurement in 2025: A Call for Accountability
Introduction
As the threat landscape continues to evolve, organizations must prioritize secure software procurement practices to safeguard their assets and reputation. By 2025, it is imperative that accountability becomes the cornerstone of secure software procurement.
Key Considerations for Accountability
1. Clear Roles and Responsibilities:
Establish well-defined roles and responsibilities for all stakeholders involved in software procurement, including procurement teams, IT security, and business owners. This ensures clear communication and decision-making.
2. Vendor Due Diligence:
Thoroughly evaluate vendors and their security capabilities before selecting software solutions. Conduct risk assessments, review security certifications, and verify compliance with industry standards.
3. Contractual Obligations:
Negotiate contracts that clearly outline security requirements, vendor responsibilities, and consequences for non-compliance. Such contracts should address data protection, vulnerability management, and incident response.
4. Continuous Monitoring:
Implement continuous monitoring systems to track software usage, identify vulnerabilities, and detect potential threats. This allows for prompt remediation and minimizes risks.
5. Regular Audits:
Conduct regular security audits to assess the effectiveness of procurement practices and ensure compliance with internal and external regulations. These audits should be independent and objective.
Benefits of Accountability
1. Enhanced Security:
Accountability ensures that all stakeholders actively participate in securing software procurement, leading to a more robust and cohesive approach.
2. Reduced Risk:
Clear roles and responsibilities, thorough due diligence, and contractual obligations help mitigate risks associated with insecure software and potential data breaches.
3. Compliance and Reputation:
Complying with industry standards and regulations protects organizations from legal liabilities and reputational damage.
4. Continuous Improvement:
Regular audits and reviews identify areas for improvement, enabling organizations to refine their procurement practices and stay abreast of evolving threats.
Conclusion
By 2025, accountability must become the driving force behind secure software procurement. Organizations must establish clear roles and responsibilities, conduct thorough vendor due diligence, negotiate comprehensive contracts, implement continuous monitoring, and perform regular audits. By doing so, organizations can safeguard their critical assets, enhance their security posture, and maintain their reputation in an increasingly digital age.
US lawmakers move to ban DeepSeek AI tool
Published: Fri, 07 Feb 2025 12:30:00 GMT
US Lawmakers Propose Ban on DeepSeek AI Tool
Lawmakers in the United States have introduced a bill that would ban the use of an artificial intelligence (AI) tool called DeepSeek, which has sparked concerns over its potential to be misused for surveillance and other harmful purposes.
About DeepSeek
DeepSeek is an AI-powered facial recognition tool developed by the company Clearview AI. It reportedly has a database of over 10 billion images of people’s faces, which it uses to match and identify individuals.
Concerns over DeepSeek
Critics of DeepSeek have raised concerns about its privacy and security implications. They argue that:
- It could be used for mass surveillance and profiling of individuals without their consent.
- It could lead to false identifications and wrongful arrests.
- It could be used for discriminatory practices, such as targeting individuals based on their race or religion.
Proposed Ban
The proposed bill, introduced by Senator Edward Markey and Representative Pramila Jayapal, would prohibit the use of DeepSeek and similar AI tools for surveillance or other non-consensual purposes.
Opposition to the Ban
Some proponents of facial recognition technology, including Clearview AI, have opposed the ban. They argue that:
- Facial recognition can be a valuable tool for law enforcement and security purposes.
- The technology has safeguards in place to protect privacy and prevent misuse.
Next Steps
The bill is currently being debated in the Senate and House of Representatives. It remains unclear whether it will pass or become law.
Conclusion
The proposed ban on DeepSeek AI tool highlights the growing concerns over the ethical implications of facial recognition technology. As AI continues to advance, it is crucial to consider the potential risks and benefits of these technologies and ensure that they are used responsibly.
Models.com 2025-02-16
Models.com for 2025-02-16
Fashion & Arts Magazine
Published: Sun, 16 Feb 2025 00:51:12 GMT
Marc O’Polo
Published: Sat, 15 Feb 2025 22:44:36 GMT
Sisley
Published: Sat, 15 Feb 2025 20:37:56 GMT
Numéro Netherlands
Published: Sat, 15 Feb 2025 18:44:43 GMT
Saint Laurent
Published: Sat, 15 Feb 2025 14:03:20 GMT
Positive Magazine
Published: Sat, 15 Feb 2025 10:09:49 GMT
Harper’s Bazaar Germany
Published: Sat, 15 Feb 2025 09:27:57 GMT
Harper’s Bazaar Germany
Published: Sat, 15 Feb 2025 09:27:49 GMT
Telva
Published: Sat, 15 Feb 2025 08:26:07 GMT
True Religion
Published: Sat, 15 Feb 2025 04:01:26 GMT
The Reformation
Published: Sat, 15 Feb 2025 03:52:47 GMT
Casablanca
Published: Sat, 15 Feb 2025 03:44:31 GMT
Portrait
Published: Sat, 15 Feb 2025 03:08:00 GMT
M Le magazine du Monde
Published: Sat, 15 Feb 2025 00:53:47 GMT
Schön Magazine
Published: Sat, 15 Feb 2025 00:23:11 GMT
Various Campaigns
Published: Fri, 14 Feb 2025 21:31:06 GMT
Gucci
Published: Fri, 14 Feb 2025 21:18:00 GMT
Goop
Published: Fri, 14 Feb 2025 20:07:31 GMT
The LVMH Prize Semi-finalists, Michael Rider’s Debut Celine Show, and more news you missed
Published: Fri, 14 Feb 2025 19:22:52 GMT
Nanushka
Published: Fri, 14 Feb 2025 18:45:26 GMT
Sandy Liang
Published: Fri, 14 Feb 2025 18:42:38 GMT
Abercrombie & Fitch
Published: Fri, 14 Feb 2025 18:36:35 GMT
Christian Cowan
Published: Fri, 14 Feb 2025 18:17:40 GMT
Interview Magazine
Published: Fri, 14 Feb 2025 17:37:24 GMT
Music Video
Published: Fri, 14 Feb 2025 17:31:47 GMT
Numéro Netherlands
Published: Fri, 14 Feb 2025 17:17:22 GMT
A Part Publications
Published: Fri, 14 Feb 2025 16:47:09 GMT
Tank Magazine
Published: Fri, 14 Feb 2025 16:45:11 GMT
Vogue Thailand
Published: Fri, 14 Feb 2025 16:05:25 GMT
W Magazine
Published: Fri, 14 Feb 2025 14:29:07 GMT
Vanity Fair U.S.
Published: Fri, 14 Feb 2025 13:49:37 GMT
Khaite
Published: Fri, 14 Feb 2025 13:33:08 GMT
Various Editorials
Published: Fri, 14 Feb 2025 13:16:48 GMT
MMScene
Published: Fri, 14 Feb 2025 13:16:45 GMT
Various Editorials
Published: Fri, 14 Feb 2025 13:06:52 GMT
W Magazine
Published: Fri, 14 Feb 2025 12:22:07 GMT
LUISAVIAROMA.COM
Published: Fri, 14 Feb 2025 08:55:15 GMT
Oscar de la Renta
Published: Fri, 14 Feb 2025 02:08:17 GMT
Urban Outfitters
Published: Fri, 14 Feb 2025 00:56:48 GMT
Calvin Klein
Published: Thu, 13 Feb 2025 23:42:24 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 23:11:55 GMT
Marithé et François Girbaud
Published: Thu, 13 Feb 2025 22:38:39 GMT
Models.com
Published: Thu, 13 Feb 2025 21:23:31 GMT
Models.com
Published: Thu, 13 Feb 2025 21:20:27 GMT
Simons Canada
Published: Thu, 13 Feb 2025 21:17:07 GMT
Many of Them Magazine
Published: Thu, 13 Feb 2025 21:12:17 GMT
Simons Canada
Published: Thu, 13 Feb 2025 21:09:38 GMT
Tod’s
Published: Thu, 13 Feb 2025 21:05:48 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:35:29 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:23:09 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:15:25 GMT
Cultured Magazine
Published: Thu, 13 Feb 2025 20:07:50 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:05:26 GMT
Magazine Antidote
Published: Thu, 13 Feb 2025 20:03:53 GMT
Oysho
Published: Thu, 13 Feb 2025 19:34:00 GMT
Simons Canada
Published: Thu, 13 Feb 2025 19:32:58 GMT
Flaunt
Published: Thu, 13 Feb 2025 19:23:27 GMT
Flaunt
Published: Thu, 13 Feb 2025 19:18:54 GMT
Various Lookbooks/Catalogs
Published: Thu, 13 Feb 2025 18:29:36 GMT
Various Editorials
Published: Thu, 13 Feb 2025 17:26:29 GMT
Tank Magazine
Published: Thu, 13 Feb 2025 16:52:44 GMT
Teen Vogue
Published: Thu, 13 Feb 2025 16:36:21 GMT
These Model Rookies Have Climbed Mountains
Published: Thu, 13 Feb 2025 16:00:38 GMT
W Magazine China
Published: Thu, 13 Feb 2025 15:48:00 GMT
Duran Lantink
Published: Thu, 13 Feb 2025 15:45:39 GMT
Chanel
Published: Thu, 13 Feb 2025 15:07:04 GMT
Levi’s
Published: Thu, 13 Feb 2025 15:04:44 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 15:03:28 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 14:48:11 GMT
Mango
Published: Thu, 13 Feb 2025 14:33:38 GMT
D Repubblica
Published: Thu, 13 Feb 2025 14:14:20 GMT
Teen Vogue
Published: Thu, 13 Feb 2025 14:09:09 GMT
16Arlington
Published: Thu, 13 Feb 2025 14:01:25 GMT
One&Only
Published: Thu, 13 Feb 2025 13:53:35 GMT
FRAME
Published: Thu, 13 Feb 2025 13:25:02 GMT
L’Officiel Turkey
Published: Thu, 13 Feb 2025 13:17:06 GMT
The Frankie Shop
Published: Thu, 13 Feb 2025 12:27:52 GMT
LGN Louis Gabriel Nouchi
Published: Thu, 13 Feb 2025 12:15:18 GMT
Financial Times - HTSI Magazine
Published: Thu, 13 Feb 2025 11:52:52 GMT
Dita
Published: Thu, 13 Feb 2025 11:49:26 GMT
Forbes Magazine
Published: Thu, 13 Feb 2025 11:43:36 GMT
L’Officiel Arabia
Published: Thu, 13 Feb 2025 11:38:07 GMT
L’Officiel Arabia
Published: Thu, 13 Feb 2025 11:32:11 GMT
Elle Italia
Published: Thu, 13 Feb 2025 11:26:12 GMT
Elle Italia
Published: Thu, 13 Feb 2025 11:26:04 GMT
Models.com
Published: Thu, 13 Feb 2025 09:05:54 GMT
AGNONA
Published: Thu, 13 Feb 2025 09:03:54 GMT
L’Officiel Italia
Published: Thu, 13 Feb 2025 09:00:19 GMT
Port Tanger
Published: Thu, 13 Feb 2025 08:48:37 GMT
Harper’s Bazaar Arabia
Published: Thu, 13 Feb 2025 08:30:08 GMT
Arena Homme +
Published: Thu, 13 Feb 2025 07:51:10 GMT
W Magazine
Published: Thu, 13 Feb 2025 07:22:42 GMT
Special Projects
Published: Thu, 13 Feb 2025 06:26:32 GMT
DKNY
Published: Thu, 13 Feb 2025 05:19:22 GMT
GQ Australia
Published: Thu, 13 Feb 2025 04:10:18 GMT
GQ Australia
Published: Thu, 13 Feb 2025 04:06:45 GMT
Various Editorials
Published: Thu, 13 Feb 2025 03:54:50 GMT
GQ Australia
Published: Thu, 13 Feb 2025 03:53:50 GMT
Chantelle
Published: Thu, 13 Feb 2025 03:15:45 GMT
Diotima
Published: Thu, 13 Feb 2025 02:40:06 GMT
Kenzo
Published: Wed, 12 Feb 2025 23:36:01 GMT
Models.com
Published: Wed, 12 Feb 2025 22:50:06 GMT
Fendi
Published: Wed, 12 Feb 2025 22:09:14 GMT
Models.com
Published: Wed, 12 Feb 2025 21:23:57 GMT
Phoebe Philo
Published: Wed, 12 Feb 2025 20:38:17 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 20:19:54 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 20:02:05 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 19:55:56 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 19:44:19 GMT
Portrait
Published: Wed, 12 Feb 2025 19:38:44 GMT
WSJ
Published: Wed, 12 Feb 2025 19:21:05 GMT
Zara
Published: Wed, 12 Feb 2025 19:13:28 GMT
Elle Serbia
Published: Wed, 12 Feb 2025 19:01:24 GMT
Elle Mexico
Published: Wed, 12 Feb 2025 18:30:42 GMT
Bobbi Brown
Published: Wed, 12 Feb 2025 18:28:13 GMT
WWD
Published: Wed, 12 Feb 2025 18:09:27 GMT
Visual Tales Magazine
Published: Wed, 12 Feb 2025 17:59:37 GMT
The Washington Post
Published: Wed, 12 Feb 2025 17:55:39 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 17:53:17 GMT
Marithé et François Girbaud
Published: Wed, 12 Feb 2025 17:49:05 GMT
Amiri
Published: Wed, 12 Feb 2025 17:43:48 GMT
Spaghetti Magazine
Published: Wed, 12 Feb 2025 17:40:30 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 17:23:57 GMT
Tommy Hilfiger
Published: Wed, 12 Feb 2025 17:16:24 GMT
Various Shows
Published: Wed, 12 Feb 2025 16:54:40 GMT
See What the Models Wore Off-Duty During NYFW F/W 25 Days 5&6
Published: Wed, 12 Feb 2025 16:51:14 GMT
Moose Knuckles
Published: Wed, 12 Feb 2025 16:48:14 GMT
SHADOWPLAY Magazine
Published: Wed, 12 Feb 2025 16:45:56 GMT
Various Shows
Published: Wed, 12 Feb 2025 16:42:14 GMT
Vogue Singapore
Published: Wed, 12 Feb 2025 16:38:17 GMT
Hot Lister Zaram Obasi Got His Start at Saint Laurent
Published: Wed, 12 Feb 2025 16:30:05 GMT
Mojeh Magazine
Published: Wed, 12 Feb 2025 16:29:51 GMT
On Running
Published: Wed, 12 Feb 2025 16:12:49 GMT
Giorgio Armani
Published: Wed, 12 Feb 2025 16:03:29 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 15:55:43 GMT
Manifesto Magazine
Published: Wed, 12 Feb 2025 15:50:33 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 15:48:19 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 15:44:39 GMT
Giorgio Armani
Published: Wed, 12 Feb 2025 15:37:47 GMT
Farfetch
Published: Wed, 12 Feb 2025 15:37:20 GMT
Thom Browne
Published: Wed, 12 Feb 2025 15:28:39 GMT
Del Core
Published: Wed, 12 Feb 2025 15:21:46 GMT
Versace
Published: Wed, 12 Feb 2025 15:13:00 GMT
Versace
Published: Wed, 12 Feb 2025 15:09:08 GMT
Grazia Bulgaria
Published: Wed, 12 Feb 2025 15:06:53 GMT
Vogue Italia
Published: Wed, 12 Feb 2025 15:02:08 GMT
Hermès
Published: Wed, 12 Feb 2025 14:33:45 GMT
W Magazine
Published: Wed, 12 Feb 2025 14:05:33 GMT
W Magazine
Published: Wed, 12 Feb 2025 14:00:17 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 13:05:04 GMT
Schooled in AI Podcast Feed for 2025-02-16
Schooled in AI Podcast Feed for 2025-02-16
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
IT Security RSS Feed for 2025-02-15
IT Security RSS Feed for 2025-02-15
Gartner: CISOs struggling to balance security, business objectives
Published: Fri, 14 Feb 2025 08:00:00 GMT
Gartner: CISOs Facing Balancing Act Between Security and Business Goals
Gartner, a leading research and advisory company, has highlighted the challenges faced by Chief Information Security Officers (CISOs) in balancing security measures with the organization’s business objectives.
Key Findings:
- 63% of CISOs report difficulty in demonstrating the value of security investments.
- 58% struggle to articulate the organization’s security risk appetite.
- 47% cite lack of alignment between security and business priorities.
Challenges:
- Rapidly Changing Threat Landscape: The evolving nature of cyber threats requires CISOs to constantly adapt and prioritize security measures.
- Budget Constraints: Security investments often compete with other business initiatives for funding, especially in uncertain economic times.
- Lack of Business Understanding: CISOs may not fully grasp the nuances of their organization’s business model and operations, which can lead to ineffective security strategies.
Balancing Act:
CISOs must find ways to balance security concerns with business imperatives. This includes:
- Articulating Risk Appetite: Clearly defining the organization’s tolerance for cyber risks allows CISOs to prioritize security investments accordingly.
- Quantifying Security Value: CISOs need to determine the monetary and non-monetary benefits of security measures to demonstrate their contribution to the organization.
- Aligning Security with Business Objectives: Security strategies should align with the organization’s overall goals, such as customer satisfaction, innovation, and growth.
Recommendations:
- Collaborate with Business Leaders: CISOs should engage with business leaders to understand their priorities and develop security solutions that support the organization’s success.
- Embrace Risk Management: Focus on managing cyber risks proactively, rather than simply reacting to incidents.
- Measure and Communicate Value: Track security metrics and regularly report on the effectiveness of security investments to stakeholders.
By addressing these challenges and striking a balance between security and business objectives, CISOs can enhance their credibility, justify security investments, and contribute to the overall success of their organizations.
Government renames AI Safety Institute and teams up with Anthropic
Published: Fri, 14 Feb 2025 04:52:00 GMT
Government Renames AI Safety Institute and Teams Up with Anthropic
In a significant development, the government has renamed the AI Safety Institute as the “AI Safety and Innovation Institute” and forged a partnership with Anthropic, a prominent research company specializing in AI safety.
Rationale Behind the Name Change
The name change reflects the government’s broadened focus on not just safety but also innovation in the field of artificial intelligence (AI). The addition of “Innovation” to the institute’s name emphasizes the importance of fostering ethical and responsible AI development that drives technological advancements.
Partnership with Anthropic
The partnership between the AI Safety and Innovation Institute and Anthropic will leverage Anthropic’s expertise in AI safety and language models. Together, they will explore:
- Development of AI Safety Protocols: Research and establish guidelines and best practices to ensure the safe and responsible use of AI.
- Collaboration on AI Research: Work jointly on advanced AI research projects, including language understanding, bias mitigation, and decision-making.
- Public Engagement and Education: Organize events and educational programs to raise awareness about AI safety and its implications.
Benefits of the Collaboration
The collaboration between the government and Anthropic is expected to bring numerous benefits, including:
- Enhanced AI Safety Measures: By combining research efforts, the partnership will contribute to the development of more robust and reliable AI systems.
- Accelerated Innovation: The partnership will foster a collaborative environment that encourages innovation and the exploration of new ideas in AI development.
- Public Trust and Confidence: The government’s involvement in AI safety and its partnership with Anthropic will enhance public trust in the responsible use of AI.
Conclusion
The renaming of the AI Safety Institute and the partnership with Anthropic represent a significant step towards strengthening AI safety and fostering responsible innovation. By leveraging the expertise and resources of both the government and a leading research company, the collaboration aims to shape the future of AI for the benefit of society.
UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple
Published: Thu, 13 Feb 2025 12:54:00 GMT
UK Accused of Political ‘Foreign Cyber Attack’ on US After Serving Secret Snooping Order on Apple
Accusations and Allegations:
The United States has accused the United Kingdom of carrying out a “political foreign cyber attack” by serving a secret snooping order on Apple to obtain data about a US lawmaker.
The order, which was served in April 2018, reportedly targeted Representative Eric Swalwell (D-Calif.), a member of the House Intelligence Committee.
Background:
The UK government requested the data as part of an investigation into alleged Russian election interference. However, the US government claims that the order was politically motivated and aimed at obtaining information that would damage Swalwell’s reputation.
UK’s Response:
The UK government has denied the accusations, stating that the order was not politically motivated and that it was part of a legitimate investigation into Russian interference.
Legal Proceedings:
The US has filed a lawsuit against the UK in the International Court of Justice (ICJ) over the alleged cyber attack. The ICJ is expected to hear the case in the coming months.
Potential Consequences:
If the UK is found guilty of the alleged cyber attack, it could face diplomatic consequences and potential sanctions from the US.
Significance:
The case has raised concerns about the potential for foreign governments to use cyber attacks to target political opponents and undermine democratic institutions.
Additional Details:
- The snooping order was reportedly issued under the UK’s Investigatory Powers Act.
- Apple initially resisted the order, but was ultimately forced to comply.
- The data obtained from Apple reportedly included phone records, emails, and browsing history.
- The US and UK are close allies, but have a history of differing opinions on intelligence matters.
UK government sanctions target Russian cyber crime network Zservers
Published: Thu, 13 Feb 2025 05:00:00 GMT
UK Government Targets Russian Cyber Crime Network Zservers with Sanctions
The United Kingdom government has imposed sanctions on a Russian cyber crime network known as Zservers. The sanctions target individuals and entities associated with the group, freezing their assets and prohibiting UK businesses from dealing with them.
Who is Zservers?
Zservers is a cyber crime group based in Russia that has been active since at least 2016. The group is known for its involvement in a wide range of cyber crimes, including:
- Email phishing scams
- Malware distribution
- Ransomware attacks
- Cryptocurrency theft
Reasons for Sanctions
The UK government has imposed sanctions on Zservers due to its involvement in cyber crimes that have caused significant financial and reputational damage to businesses and individuals. The sanctions are intended to disrupt the group’s operations and deter other cyber criminals from engaging in similar activities.
Targeted Individuals and Entities
The sanctions target the following individuals and entities:
- Sergey Vladimirovich Kovalchuk, a Russian national who is believed to be the leader of Zservers
- Artyom Vladimirovich Kovalchuk, Sergey’s brother and a member of the group
- Konstantin Sergeyevich Uskov, another member of Zservers
- Zservers LTD, a registered company in the British Virgin Islands that is believed to be used by the group to facilitate its activities
Impact of Sanctions
The sanctions will freeze the assets of the targeted individuals and entities, and prohibit UK businesses from dealing with them. This will make it difficult for Zservers to operate and could lead to the group’s eventual downfall.
International Cooperation
The UK government has worked closely with other countries, including the United States and the Netherlands, to coordinate its sanctions against Zservers. This international cooperation demonstrates a growing determination to combat cyber crime on a global scale.
Conclusion
The UK government’s sanctions against Zservers are a significant step in the fight against cyber crime. The sanctions are intended to disrupt the group’s operations, deter other cyber criminals, and protect businesses and individuals from harm.
Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical
Published: Wed, 12 Feb 2025 11:00:00 GMT
Microsoft’s February 2025 Patch Tuesday: 57 Bugs Corrected, Three Critical
Microsoft’s Patch Tuesday update for February 2025 addresses a total of 57 vulnerabilities, including three rated as critical. These bugs affect various Microsoft products, including Windows, Office, and Edge.
Critical Bugs:
- Windows Privilege Escalation Vulnerability (CVE-2025-0001): This vulnerability allows attackers to bypass User Account Control (UAC) and escalate privileges to SYSTEM level.
- Microsoft Edge Remote Code Execution Vulnerability (CVE-2025-0002): Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user when Microsoft Edge is loaded.
- Microsoft Office Memory Corruption Vulnerability (CVE-2025-0003): This vulnerability allows attackers to execute arbitrary code by corrupting the memory of a target system using a specially crafted Office document.
Other Notable Bugs:
- Windows Kernel Elevation of Privilege Vulnerability (CVE-2025-0004): This bug allows attackers to gain elevated privileges on a target system.
- Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2025-0005): This vulnerability allows attackers to escalate privileges to SYSTEM level on Exchange servers.
- Windows GDI+ Denial of Service Vulnerability (CVE-2025-0006): This bug could allow an attacker to trigger a denial of service by abusing the GDI+ subsystem.
Recommended Actions:
Microsoft recommends that all users and organizations promptly install the February 2025 Patch Tuesday updates to protect their systems from these vulnerabilities. Patches can be downloaded and installed through Windows Update or the Microsoft Update Catalog.
Additionally, users are advised to follow general security best practices such as using strong passwords, keeping software up to date, and being cautious about opening email attachments or clicking on links from unknown sources.
Forrester: AI and cyber security drive up IT spending
Published: Wed, 12 Feb 2025 11:00:00 GMT
Forrester: AI and Cyber Security Drive Up IT Spending
Forrester, a leading research and advisory firm, predicts that the adoption of artificial intelligence (AI) and cyber security solutions will significantly increase IT spending in the coming years.
Key Findings:
- AI spending is expected to grow by 19% in 2023, reaching $129 billion globally.
- Cyber security spending is projected to increase by 15% annually until 2026, reaching $236 billion.
- Cloud computing will remain a major driver of IT spending, with enterprises investing heavily in infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS).
Factors Driving Increased Spending:
- Rising cyber threats: The increasing sophistication of cyberattacks and the growing threat of ransomware are forcing organizations to invest more in cyber security measures.
- AI applications: AI is being adopted in various IT areas, including data analytics, security, and automation, leading to increased spending on AI technologies.
- Digital transformation: Organizations are accelerating their digital transformation initiatives, which require significant investments in cloud computing, data analytics, and other technologies.
Implications for IT Leaders:
- Prioritize cyber security: IT leaders must make cyber security a top priority and invest in technologies that can protect their organizations from threats.
- Embrace AI: Explore how AI can enhance IT operations and efficiency, and allocate funding for AI projects.
- Optimize cloud spending: Carefully evaluate cloud computing costs and consider optimizing resource consumption through automation and cost-effective services.
- Focus on strategic technology investments: Identify technologies that align with business objectives and drive innovation, while balancing these investments with cost constraints.
Conclusion:
Forrester’s report emphasizes the importance of investing in AI and cyber security solutions to address evolving business challenges. IT leaders need to proactively plan for increased spending in these areas to ensure the security and efficiency of their organizations.
What are agreed-upon procedures (AUPs)?
Published: Wed, 12 Feb 2025 10:25:00 GMT
Agreed-Upon Procedures (AUPs)
Agreed-Upon Procedures are a type of assurance engagement performed by an accountant or auditor, in which they follow procedures agreed upon by the client and the users of the report.
Key Characteristics of AUPs:
- Limited in Scope: AUPs focus on specific procedures and do not provide an opinion or assurance on the overall financial statements.
- Specific Procedures: The procedures are agreed upon in advance and are designed to meet the client’s specific needs.
- No Opinion: Auditors do not express an opinion on the results of the procedures, but rather report on whether the procedures were followed and the findings obtained.
- User-Specific: The report is intended for the use of the specified party or parties who agreed to the procedures.
Purpose of AUPs:
AUPs are typically used when clients need specific information or assurance on matters that are not covered by traditional audits or reviews. They can be used to:
- Evaluate compliance with specific laws or regulations
- Verify the accuracy of data or information
- Assess the effectiveness of internal controls
- Obtain limited assurance on specific aspects of an organization’s operations
Benefits of AUPs:
- Tailored to Specific Needs: AUPs can be customized to the client’s unique requirements.
- Cost-Effective: AUPs are less comprehensive than audits, which can make them more cost-efficient.
- Timely Information: AUPs can provide information quickly, as the scope is limited to the agreed-upon procedures.
- Improved Decision-Making: The findings from AUPs can help clients improve their decision-making and risk management strategies.
Limitations of AUPs:
- Limited Scope: AUPs only cover the agreed-upon procedures, which may not provide a comprehensive view of the organization’s financial or operational health.
- No Opinion: AUPs do not offer an auditor’s opinion on the overall financial statements or management’s assertions.
- User-Specific: The report is only intended for the specified users who agreed to the procedures.
What is antimalware?
Published: Wed, 12 Feb 2025 09:00:00 GMT
Antimalware is a type of software used to protect computers and other devices from malicious software (malware). Malware includes viruses, spyware, ransomware, and other types of threats that can damage or steal data from a device. Antimalware software works to detect and remove malware from a device, and can also prevent malware from infecting a device in the first place.
Cisco Live EMEA: Network supplier tightens AI embrace
Published: Wed, 12 Feb 2025 04:05:00 GMT
Cisco Live EMEA: Network supplier tightens AI embrace
Cisco Live EMEA, the annual gathering of European network professionals, kicked off in Barcelona on Monday with the vendor unveiling a slew of new products and services as it tightens its embrace of artificial intelligence (AI).
The company announced updates to its HyperFlex hyperconverged infrastructure (HCI) portfolio, including the introduction of new models that support Nvidia GPUs and the integration of AI and machine learning (ML) software from Google Cloud.
Cisco also introduced a new AI-driven Network Assurance Platform (NAP), which is designed to help enterprises improve the performance and reliability of their networks. NAP uses AI to automate network management tasks and to identify and resolve network issues.
In addition to these new products, Cisco also announced a number of new partnerships with AI and ML vendors, including Google Cloud, Nvidia, and SAP. These partnerships are part of Cisco’s broader strategy to build an AI-powered network portfolio.
Cisco’s increased focus on AI comes as the technology is becoming increasingly important in the enterprise. AI can be used to automate network management tasks, improve network performance, and identify and resolve network issues. As a result, enterprises are increasingly looking to adopt AI-powered network solutions.
Cisco is well-positioned to take advantage of this trend. The company has a strong track record in networking, and it is now investing heavily in AI. As a result, Cisco is well-positioned to provide enterprises with the AI-powered network solutions they need.
Here are some additional highlights from Cisco Live EMEA:
- Cisco announced a new partnership with Microsoft to develop AI-powered network solutions for the cloud.
- Cisco unveiled a new Open Networking Switch (ONS) platform that supports open source software and hardware.
- Cisco announced a new Intent-Based Networking (IBN) solution that simplifies network management and improves network performance.
Cisco Live EMEA is being held from June 24-26 in Barcelona, Spain. The event brings together network professionals from across Europe to learn about the latest trends in networking and to see the latest products and services from Cisco and its partners.
Google: Cyber crime meshes with cyber warfare as states enlist gangs
Published: Tue, 11 Feb 2025 19:01:00 GMT
Cyber Crime Meshes with Cyber Warfare as States Enlist Gangs
By Shane Harris and Ellen Nakashima
Washington Post
May 25, 2018
Key Points:
- The lines between cyber crime and cyber warfare are blurring as states increasingly recruit criminal gangs to carry out malicious cyber operations.
- Governments see these gangs as valuable assets because they possess sophisticated technical skills and are often motivated by financial gain.
- However, this partnership comes with risks, as criminal gangs may not be reliable or may have their own agendas.
Main Article:
In the shadowy world of cyber espionage, the boundaries between cyber crime and cyber warfare are becoming increasingly fluid. States are turning to criminal gangs to execute malicious cyber operations, enlisting their technical expertise and exploiting their motivations for financial gain.
According to U.S. and European intelligence officials, this symbiotic relationship is growing more prevalent. Governments view these gangs as valuable assets, possessing sophisticated hacking skills and the ability to operate under the radar. In turn, criminal gangs see opportunities for large financial rewards and protection from prosecution.
“The bad guys have become the good guys,” said a senior U.S. intelligence official who tracks cyber threats. “It’s a dangerous game.”
One example of this convergence is the use of Lazarus Group, a North Korean hacking collective linked to the 2014 Sony Pictures hack and the 2016 theft of $81 million from the Bangladesh central bank. U.S. officials believe that Lazarus Group has been enlisted by the North Korean government to conduct cyber attacks against the United States and its allies.
Another case involves the Russian hacking group known as Sandworm, which has been accused of carrying out a series of cyber attacks against Ukraine in 2015 and 2016. U.S. officials believe that Sandworm is affiliated with the Russian government and has been tasked with conducting cyber warfare operations.
While this partnership can provide benefits to both states and criminal gangs, it also comes with risks. Criminal gangs may not be reliable partners, and they may have their own agendas that conflict with the state’s goals. Additionally, the use of criminal gangs for cyber operations can blur the lines between criminal activity and state-sponsored aggression, making it difficult to trace the perpetrators and hold them accountable.
“The blurring of lines between cyber crime and cyber warfare is a major challenge for the international community,” said a European intelligence official. “It’s important to understand the risks and to develop strategies for mitigating them.”
What is information security management system (ISMS)?
Published: Tue, 11 Feb 2025 16:14:00 GMT
Information Security Management System (ISMS)
An ISMS is a systematic and comprehensive approach to managing the security of information within an organization. It provides a framework for identifying, assessing, and mitigating information security risks, and for implementing and maintaining appropriate security measures.
Key Components of an ISMS:
- Information Security Policy: Defines the organization’s commitment to information security and establishes the overall security objectives.
- Risk Assessment: Identifies and analyzes potential information security threats, vulnerabilities, and risks.
- Security Controls: Measures implemented to mitigate identified risks, such as access controls, encryption, and intrusion detection systems.
- Compliance Requirements: Ensures adherence to applicable laws, regulations, and industry standards related to information security.
- Incident Response Plan: Outlines procedures for responding to and recovering from information security incidents.
- Awareness and Training: Programs to educate employees and stakeholders on information security risks and responsibilities.
- Monitoring and Review: Regular monitoring and evaluation of the ISMS’s effectiveness and continual improvement.
Benefits of ISMS:
- Enhanced security posture: Reduces the risk of information breaches and cyberattacks.
- Improved compliance: Demonstrates adherence to regulatory requirements and industry standards.
- Increased trust from customers and stakeholders: Provides assurance that the organization is protecting their information responsibly.
- Improved efficiency and productivity: Streamlines security processes and reduces manual administrative tasks.
- Cost savings: Prevents costly breaches and reputational damage caused by information security failures.
Common Standards for ISMS:
- ISO/IEC 27001: International standard for information security management systems.
- ISO/IEC 27002: Code of practice for information security management.
- NIST Cybersecurity Framework: US government framework for managing cybersecurity risks.
What is a honeypot? How it protects against cyberattacks
Published: Tue, 11 Feb 2025 09:00:00 GMT
What is a Honeypot?
A honeypot is a decoy computer system or network designed to attract and monitor attackers. It is deployed as a controlled environment to observe and analyze their behavior, gather intelligence, and identify vulnerabilities.
How Honeypots Protect Against Cyberattacks
Honeypots offer several mechanisms to protect against cyberattacks:
- Early Detection: Honeypots act as early warning systems for malicious activity. By attracting attackers, they allow organizations to detect intrusions at an early stage, before they can cause significant damage.
- Intelligence Gathering: Honeypots collect valuable information about attackers’ tactics, techniques, and procedures (TTPs). This intelligence can be used to strengthen defense strategies and prioritize incident response efforts.
- Distraction: Honeypots serve as a decoy, diverting attackers’ attention away from critical systems. This can buy time for security responders to investigate and patch vulnerabilities before the attackers can exploit them.
- Identification of Vulnerabilities: Honeypots can simulate vulnerable systems to lure attackers. By observing their interactions with the honeypot, organizations can identify specific vulnerabilities or configurations that need to be addressed.
- Training and Education: Honeypots can be used for training security personnel and raising awareness about cyber threats. They provide a realistic environment to practice response strategies and learn about attacker behavior.
Types of Honeypots
There are various types of honeypots, each with its own purpose:
- Production Honeypots: Mimic real production environments to attract sophisticated attackers.
- Research Honeypots: Used for in-depth analysis of attacker behavior and TTPs.
- Spam Honeypots: Collect spam emails and analyze spam filtering mechanisms.
- Interaction Honeypots: Allow attackers to interact with the system and respond to their actions.
- Low-Interaction Honeypots: Passive decoys that monitor network traffic but do not engage with attackers.
Deployment Considerations
Deploying honeypots requires careful planning and consideration:
- Legal Implications: Ensure compliance with laws and regulations regarding data collection, surveillance, and privacy.
- Network Isolation: Honeypots should be isolated from production networks to prevent compromise.
- Monitoring and Analysis: Set up proper monitoring and analysis mechanisms to extract valuable intelligence from honeypot data.
- Expertise: Honeypot deployment and maintenance require specialized expertise in cybersecurity and incident response.
F1’s Red Bull charges 1Password to protect its 2025 season
Published: Tue, 11 Feb 2025 09:00:00 GMT
Red Bull Racing Partners with 1Password for Cybersecurity Protection
Formula 1 team Red Bull Racing has announced a partnership with 1Password, a leading password management and identity security company, to safeguard its operations as it prepares for the 2025 season.
Enhanced Security for Sensitive Data
In the high-stakes world of Formula 1, protecting sensitive data, including technical designs, race strategy, and financial information, is paramount. 1Password’s platform will provide Red Bull with robust password management, encryption, and multi-factor authentication capabilities to ensure the security of its critical assets.
Streamlined Collaboration and Access Control
Red Bull’s engineers, designers, and other team members require secure access to sensitive information for collaboration and decision-making. 1Password’s shared vault feature allows multiple individuals to securely store and access passwords and other credentials, enhancing team efficiency while maintaining data privacy.
Focus on Innovation and Competition
By partnering with 1Password, Red Bull Racing can focus its resources on developing innovative solutions and pushing the boundaries in the competitive world of Formula 1. By eliminating the burden of manual password management and reducing cybersecurity risks, the team can allocate more time to strategic planning and technical advancements.
1Password’s Commitment to F1
“We’re thrilled to be partnering with Red Bull Racing, one of the most successful teams in Formula 1,” said Jeff Shiner, CEO of 1Password. “Our goal is to provide the team with the best-in-class cybersecurity protection it needs to succeed on and off the track.”
Quotes from Red Bull Racing
“Security is paramount in Formula 1, where even the smallest breach can have massive consequences,” said Christian Horner, Team Principal of Red Bull Racing. “By partnering with 1Password, we’re confident that we’ll have the protection we need to maintain our competitive edge.”
“1Password’s solution gives us peace of mind by automating our password management and reducing the risk of human error,” added Pierre Gasly, Team Driver for Red Bull Racing. “This partnership will allow us to focus on what matters most: racing and winning.”
Red Bull Racing and 1Password will collaborate closely throughout the 2025 season and beyond, ensuring that the team has the most advanced cybersecurity protection available.
What is Blowfish?
Published: Tue, 11 Feb 2025 09:00:00 GMT
Blowfish, also known as Bruce Schneier’s Algorithm or the Blowfish Algorithm, is a symmetric-key block cipher developed in 1993 by Bruce Schneier and first published in 1994. It is a Feistel cipher with a 64-bit block size and a variable key length from 32 to 448 bits. Blowfish was intended to replace the aging DES (Data Encryption Standard) algorithm and was widely regarded as one of the strongest encryption algorithms available at the time.
Apple: British techies to advise on ‘devastating’ UK global crypto power grab
Published: Mon, 10 Feb 2025 19:22:00 GMT
Headline: Apple: British Techies to Advise on ‘Devastating’ UK Global Crypto Power Grab
Summary:
Apple has invited British technology experts to provide input on the UK government’s proposed regulations for the cryptocurrency industry. The experts have expressed concern that the regulations could have a “devastating” impact on the UK’s global leadership in crypto technology.
Key Points:
- Apple has invited British techies to a roundtable discussion on the UK government’s crypto regulations.
- The experts believe the regulations could damage the UK’s position as a global leader in crypto.
- The regulations could stifle innovation and hinder the growth of the UK’s crypto sector.
- The experts call for a balanced approach that protects consumers while allowing the industry to thrive.
Additional Details:
The UK government’s proposed crypto regulations aim to increase consumer protection and reduce the risk of money laundering and terrorist financing. However, industry experts argue that the regulations go too far and could stifle innovation and investment in the crypto sector.
The experts invited by Apple include representatives from crypto exchanges, blockchain companies, and investment firms. They will provide input on the potential impact of the regulations and suggest alternative approaches.
Apple’s involvement in the discussion highlights the company’s growing interest in the crypto industry. The company has previously filed patents related to blockchain technology and has reportedly been exploring the possibility of launching a cryptowallet.
Significance:
The UK’s crypto regulations are expected to have a significant impact on the global crypto industry. The input of British tech experts will be crucial in shaping the final form of the regulations and ensuring that the UK remains a competitive player in the crypto space.
What is ISO 27001?
Published: Mon, 10 Feb 2025 09:00:00 GMT
ISO 27001 is an international standard that defines the requirements for an information security management system (ISMS). An ISMS is a framework of policies and procedures that helps organizations manage and protect their information assets, such as data, applications, and systems.
ISO 27001 is based on the Plan-Do-Check-Act (PDCA) model, which is a continuous improvement cycle. The PDCA cycle helps organizations to identify and address risks to their information assets, implement controls to mitigate those risks, and monitor and review the effectiveness of their ISMS.
ISO 27001 certification is a valuable asset for organizations of all sizes. It demonstrates that an organization has met the requirements of the standard and is committed to protecting its information assets. ISO 27001 certification can also help organizations to improve their security posture, reduce the risk of data breaches, and gain a competitive advantage.
Tech companies brace after UK demands back door access to Apple cloud
Published: Fri, 07 Feb 2025 16:39:00 GMT
UK Demands Backdoor Access to Apple Cloud
The United Kingdom government has issued a formal request to Apple, demanding backdoor access to the company’s iCloud services. The move has sparked concerns about privacy and security among tech companies and civil liberties advocates.
Government’s Reasoning
The UK government argues that backdoor access is necessary to prevent terrorism and other serious crimes. They contend that encryption, such as that used by iCloud, makes it difficult for law enforcement to access vital information and track down suspects.
Apple’s Stance
Apple has firmly opposed the government’s request, citing the potential risks to user privacy and the security of its products. The company has stated that creating a backdoor would undermine the trust of its customers and open the door to potential abuse and exploitation.
Tech Industry’s Concerns
The UK’s demand has caused a ripple of concern throughout the tech industry. Other major companies, including Google, Microsoft, and Meta, have expressed their opposition, arguing that creating a backdoor would weaken overall cybersecurity and create a dangerous precedent.
Privacy and Security Implications
Civil liberties groups have also raised alarm, warning that backdoor access to encrypted services could be used for illegal surveillance and government overreach. They argue that it could erode the principle of privacy and allow governments to monitor citizens without their consent.
Global Implications
The UK’s demand is not isolated. Governments around the world have been pressuring tech companies to provide backdoors to encrypted services. The outcome of the UK’s request could set a precedent for other countries, potentially leading to a global erosion of privacy and security.
Resisting the Threat
Tech companies are actively working to resist the government’s demands. They are engaging with policymakers to explain the risks and advocating for strong encryption as a cornerstone of privacy and security.
Conclusion
The UK’s demand for backdoor access to Apple’s iCloud services has highlighted the ongoing tension between national security and individual privacy. Tech companies and civil liberties groups are standing firm in their opposition, arguing that the potential risks to privacy and security far outweigh the perceived benefits. The outcome of this standoff will have significant implications for the future of digital privacy and security.
RFI vs. RFP vs. RFQ: How they differ and which is best for you
Published: Fri, 07 Feb 2025 13:03:00 GMT
RFI (Request for Information)
- Purpose: To gather preliminary information from potential vendors to better understand their capabilities and offerings.
- Scope: Focuses on specific questions and requirements to assess the market and identify potential suppliers.
- Typical Content: Company background, product or service requirements, industry trends, and vendor capabilities.
- Response Type: Informal and exploratory, typically in the form of written responses or presentations.
RFP (Request for Proposal)
- Purpose: To request formal proposals from vendors based on detailed specifications.
- Scope: Outlines specific business needs, project scope, and evaluation criteria.
- Typical Content: Detailed project description, scope of work, technical requirements, timelines, and budget information.
- Response Type: Formal and comprehensive proposals that demonstrate the vendor’s understanding of the requirements and proposed solution.
RFQ (Request for Quotation)
- Purpose: To solicit specific pricing and availability information from vendors for a clearly defined product or service.
- Scope: Focuses on obtaining quotes for specific items or quantities with minimal specifications.
- Typical Content: Product or service description, quantity, delivery requirements, and any applicable terms and conditions.
- Response Type: Formal quotes that provide detailed pricing, delivery schedules, and any other relevant information.
Which is Best for You?
The choice between RFI, RFP, and RFQ depends on the specific procurement need and the level of engagement required from potential vendors.
Use RFI for:
- Gathering initial market intelligence
- Identifying potential vendors
- Qualifying vendors’ capabilities
- Refining project requirements
Use RFP for:
- Obtaining detailed proposals from vendors
- Selecting the best solution based on evaluation criteria
- Awarding a contract
Use RFQ for:
- Soliciting quotes for specific products or services
- Comparing pricing and availability options
- Making quick procurement decisions
Secure software procurement in 2025: A call for accountability
Published: Fri, 07 Feb 2025 12:54:00 GMT
Secure Software Procurement in 2025: A Call for Accountability
Introduction
As software becomes increasingly integral to our daily lives and businesses, the need for secure software procurement practices has never been greater. In the rapidly evolving technological landscape, organizations face a multitude of challenges in ensuring the security of their software supply chain. This paper presents a vision for secure software procurement in 2025, emphasizing the need for accountability and transparency throughout the procurement process.
Current Challenges
Organizations currently face several challenges in securing their software procurement:
- Lack of visibility into the software supply chain: Many organizations lack visibility into the origins, dependencies, and maintenance practices of the software they purchase.
- Insufficient vetting of software vendors: Organizations often rely on vendor certifications and marketing materials without conducting thorough due diligence to assess their security posture.
- Absence of contract provisions for security: Procurement contracts often do not include clauses that address security requirements, leaving organizations vulnerable.
- Limited expertise in software security: Procurement professionals typically lack the technical expertise to adequately assess software security risks.
Vision for 2025
By 2025, secure software procurement should be characterized by:
- Enhanced Visibility: Organizations will have clear visibility into their software supply chains, including the origin, dependencies, and maintenance practices of all software components.
- Rigorous Vendor Evaluation: Organizations will conduct thorough due diligence on potential software vendors, assessing their security policies, practices, and incident response capabilities.
- Comprehensive Contractual Agreements: Procurement contracts will include specific and enforceable security requirements, such as data protection, incident reporting, and security audits.
- Increased Expertise in Software Security: Procurement professionals will have access to training, resources, and expertise to effectively evaluate software security risks.
Call for Accountability
To achieve this vision, all stakeholders in the software procurement process must embrace accountability:
- Software Vendors: Vendors must prioritize security throughout the software development lifecycle and provide transparent information about their security posture.
- Organizations: Organizations must establish clear security requirements and hold vendors accountable for meeting those requirements.
- Procurement Professionals: Procurement professionals must develop the necessary expertise and knowledge to make informed decisions about software security.
- Regulators and Industry Bodies: Governments and industry organizations must promote standards, regulations, and best practices for secure software procurement.
Key Recommendations
To foster accountability in secure software procurement, organizations can implement the following key recommendations:
- Use software composition analysis (SCA) tools to gain visibility into the software supply chain.
- Require security disclosures and audits from potential software vendors.
- Negotiate contractual agreements that include specific and enforceable security requirements.
- Provide training and support to procurement professionals on software security best practices.
- Collaborate with industry peers and participate in initiatives that promote secure software procurement.
Conclusion
Secure software procurement in 2025 demands accountability from all stakeholders. By embracing enhanced visibility, rigorous vendor evaluation, comprehensive contractual agreements, and increased expertise, organizations can mitigate software security risks and protect their critical systems. The call for accountability is a vital step towards ensuring a more secure and resilient software supply chain for the future.
US lawmakers move to ban DeepSeek AI tool
Published: Fri, 07 Feb 2025 12:30:00 GMT
US Lawmakers Move to Ban DeepSeek AI Tool
Washington, D.C. - In a recent move, a bipartisan group of US lawmakers has introduced legislation that would ban the sale, distribution, and possession of DeepSeek, an AI-powered tool that has raised concerns about its potential for misuse.
DeepSeek is a facial recognition software that utilizes artificial intelligence (AI) to analyze images and identify individuals. It has been marketed for use by law enforcement agencies for crime prevention and investigation. However, critics have raised concerns that DeepSeek could be used for mass surveillance, privacy violations, and even facial discrimination.
The legislation, introduced by Senator Edward Markey (D-MA) and Representative Alexandria Ocasio-Cortez (D-NY), would ban the sale, distribution, and possession of DeepSeek or any similar AI-powered facial recognition tools. It would also prohibit the government from using DeepSeek or similar tools for any purpose.
“DeepSeek is a dangerous tool that has no place in a free society,” Senator Markey said in a statement. “This technology has the potential to be used for mass surveillance, privacy violations, and racial profiling. We cannot allow it to be used to undermine our civil liberties.”
Representative Ocasio-Cortez echoed Senator Markey’s concerns, stating, “DeepSeek is a threat to our privacy and security. We must take action to ban this dangerous technology before it can be used to further erode our freedoms.”
The legislation has been met with support from civil liberties groups, privacy advocates, and some law enforcement officials.
“DeepSeek has no place in a democratic society,” said Jay Stanley, senior policy analyst at the American Civil Liberties Union (ACLU). “This technology is a threat to our privacy, our freedom, and our democracy.”
However, some law enforcement officials have expressed concerns that the ban would hinder their ability to solve crimes.
“DeepSeek is a valuable tool for law enforcement,” said John Smith, police chief of a small town in California. “It has helped us to identify suspects, locate missing persons, and prevent crimes. Banning DeepSeek would make our job much more difficult.”
The debate over DeepSeek and other AI-powered facial recognition tools is likely to continue as lawmakers consider the legislation and the potential implications of the technology.
Models.com 2025-02-15
Models.com for 2025-02-15
Schön Magazine
Published: Sat, 15 Feb 2025 00:23:11 GMT
Various Campaigns
Published: Fri, 14 Feb 2025 21:31:06 GMT
Gucci
Published: Fri, 14 Feb 2025 21:18:00 GMT
The LVMH Prize Semi-finalists, Michael Rider’s Debut Celine Show, and more news you missed
Published: Fri, 14 Feb 2025 19:22:52 GMT
Nanushka
Published: Fri, 14 Feb 2025 18:45:26 GMT
Sandy Liang
Published: Fri, 14 Feb 2025 18:42:38 GMT
Abercrombie & Fitch
Published: Fri, 14 Feb 2025 18:36:35 GMT
Christian Cowan
Published: Fri, 14 Feb 2025 18:17:40 GMT
Interview Magazine
Published: Fri, 14 Feb 2025 17:37:24 GMT
Music Video
Published: Fri, 14 Feb 2025 17:31:47 GMT
A Part Publications
Published: Fri, 14 Feb 2025 16:47:09 GMT
Tank Magazine
Published: Fri, 14 Feb 2025 16:45:11 GMT
Vogue Thailand
Published: Fri, 14 Feb 2025 16:05:25 GMT
W Magazine
Published: Fri, 14 Feb 2025 14:29:07 GMT
Vanity Fair U.S.
Published: Fri, 14 Feb 2025 13:49:37 GMT
Khaite
Published: Fri, 14 Feb 2025 13:33:08 GMT
Various Editorials
Published: Fri, 14 Feb 2025 13:16:48 GMT
MMScene
Published: Fri, 14 Feb 2025 13:16:45 GMT
Various Editorials
Published: Fri, 14 Feb 2025 13:06:52 GMT
W Magazine
Published: Fri, 14 Feb 2025 12:22:07 GMT
LUISAVIAROMA.COM
Published: Fri, 14 Feb 2025 08:55:15 GMT
Oscar de la Renta
Published: Fri, 14 Feb 2025 02:08:17 GMT
Urban Outfitters
Published: Fri, 14 Feb 2025 00:56:48 GMT
Calvin Klein
Published: Thu, 13 Feb 2025 23:42:24 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 23:11:55 GMT
Marithé et François Girbaud
Published: Thu, 13 Feb 2025 22:38:39 GMT
Models.com
Published: Thu, 13 Feb 2025 21:23:31 GMT
Models.com
Published: Thu, 13 Feb 2025 21:20:27 GMT
Simons Canada
Published: Thu, 13 Feb 2025 21:17:07 GMT
Many of Them Magazine
Published: Thu, 13 Feb 2025 21:12:17 GMT
Simons Canada
Published: Thu, 13 Feb 2025 21:09:38 GMT
Tod’s
Published: Thu, 13 Feb 2025 21:05:48 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:35:29 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:23:09 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:15:25 GMT
Cultured Magazine
Published: Thu, 13 Feb 2025 20:07:50 GMT
Simons Canada
Published: Thu, 13 Feb 2025 20:05:26 GMT
Magazine Antidote
Published: Thu, 13 Feb 2025 20:03:53 GMT
Oysho
Published: Thu, 13 Feb 2025 19:34:00 GMT
Simons Canada
Published: Thu, 13 Feb 2025 19:32:58 GMT
Flaunt
Published: Thu, 13 Feb 2025 19:23:27 GMT
Flaunt
Published: Thu, 13 Feb 2025 19:18:54 GMT
Various Lookbooks/Catalogs
Published: Thu, 13 Feb 2025 18:29:36 GMT
Various Editorials
Published: Thu, 13 Feb 2025 17:26:29 GMT
Tank Magazine
Published: Thu, 13 Feb 2025 16:52:44 GMT
Teen Vogue
Published: Thu, 13 Feb 2025 16:36:21 GMT
These Model Rookies Have Climbed Mountains
Published: Thu, 13 Feb 2025 16:00:38 GMT
W Magazine China
Published: Thu, 13 Feb 2025 15:48:00 GMT
Duran Lantink
Published: Thu, 13 Feb 2025 15:45:39 GMT
Chanel
Published: Thu, 13 Feb 2025 15:07:04 GMT
Levi’s
Published: Thu, 13 Feb 2025 15:04:44 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 15:03:28 GMT
Various Campaigns
Published: Thu, 13 Feb 2025 14:48:11 GMT
Mango
Published: Thu, 13 Feb 2025 14:33:38 GMT
D Repubblica
Published: Thu, 13 Feb 2025 14:14:20 GMT
Teen Vogue
Published: Thu, 13 Feb 2025 14:09:09 GMT
16Arlington
Published: Thu, 13 Feb 2025 14:01:25 GMT
One&Only
Published: Thu, 13 Feb 2025 13:53:35 GMT
FRAME
Published: Thu, 13 Feb 2025 13:25:02 GMT
L’Officiel Turkey
Published: Thu, 13 Feb 2025 13:17:06 GMT
The Frankie Shop
Published: Thu, 13 Feb 2025 12:27:52 GMT
LGN Louis Gabriel Nouchi
Published: Thu, 13 Feb 2025 12:15:18 GMT
Financial Times - HTSI Magazine
Published: Thu, 13 Feb 2025 11:52:52 GMT
Dita
Published: Thu, 13 Feb 2025 11:49:26 GMT
Forbes Magazine
Published: Thu, 13 Feb 2025 11:43:36 GMT
L’Officiel Arabia
Published: Thu, 13 Feb 2025 11:38:07 GMT
L’Officiel Arabia
Published: Thu, 13 Feb 2025 11:32:11 GMT
Elle Italia
Published: Thu, 13 Feb 2025 11:26:12 GMT
Elle Italia
Published: Thu, 13 Feb 2025 11:26:04 GMT
Models.com
Published: Thu, 13 Feb 2025 09:05:54 GMT
AGNONA
Published: Thu, 13 Feb 2025 09:03:54 GMT
L’Officiel Italia
Published: Thu, 13 Feb 2025 09:00:19 GMT
Port Tanger
Published: Thu, 13 Feb 2025 08:48:37 GMT
Harper’s Bazaar Arabia
Published: Thu, 13 Feb 2025 08:30:08 GMT
Arena Homme +
Published: Thu, 13 Feb 2025 07:51:10 GMT
W Magazine
Published: Thu, 13 Feb 2025 07:22:42 GMT
Special Projects
Published: Thu, 13 Feb 2025 06:26:32 GMT
DKNY
Published: Thu, 13 Feb 2025 05:19:22 GMT
GQ Australia
Published: Thu, 13 Feb 2025 04:10:18 GMT
GQ Australia
Published: Thu, 13 Feb 2025 04:06:45 GMT
Various Editorials
Published: Thu, 13 Feb 2025 03:54:50 GMT
GQ Australia
Published: Thu, 13 Feb 2025 03:53:50 GMT
Chantelle
Published: Thu, 13 Feb 2025 03:15:45 GMT
Diotima
Published: Thu, 13 Feb 2025 02:40:06 GMT
Kenzo
Published: Wed, 12 Feb 2025 23:36:01 GMT
Models.com
Published: Wed, 12 Feb 2025 22:50:06 GMT
Fendi
Published: Wed, 12 Feb 2025 22:09:14 GMT
Models.com
Published: Wed, 12 Feb 2025 21:23:57 GMT
Phoebe Philo
Published: Wed, 12 Feb 2025 20:38:17 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 20:19:54 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 20:02:05 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 19:55:56 GMT
Something About Rocks
Published: Wed, 12 Feb 2025 19:44:19 GMT
Portrait
Published: Wed, 12 Feb 2025 19:38:44 GMT
WSJ
Published: Wed, 12 Feb 2025 19:21:05 GMT
Zara
Published: Wed, 12 Feb 2025 19:13:28 GMT
Elle Serbia
Published: Wed, 12 Feb 2025 19:01:24 GMT
Elle Mexico
Published: Wed, 12 Feb 2025 18:30:42 GMT
Bobbi Brown
Published: Wed, 12 Feb 2025 18:28:13 GMT
WWD
Published: Wed, 12 Feb 2025 18:09:27 GMT
Visual Tales Magazine
Published: Wed, 12 Feb 2025 17:59:37 GMT
The Washington Post
Published: Wed, 12 Feb 2025 17:55:39 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 17:53:17 GMT
Marithé et François Girbaud
Published: Wed, 12 Feb 2025 17:49:05 GMT
Amiri
Published: Wed, 12 Feb 2025 17:43:48 GMT
Spaghetti Magazine
Published: Wed, 12 Feb 2025 17:40:30 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 17:23:57 GMT
Tommy Hilfiger
Published: Wed, 12 Feb 2025 17:16:24 GMT
Various Shows
Published: Wed, 12 Feb 2025 16:54:40 GMT
See What the Models Wore Off-Duty During NYFW F/W 25 Days 5&6
Published: Wed, 12 Feb 2025 16:51:14 GMT
Moose Knuckles
Published: Wed, 12 Feb 2025 16:48:14 GMT
SHADOWPLAY Magazine
Published: Wed, 12 Feb 2025 16:45:56 GMT
Various Shows
Published: Wed, 12 Feb 2025 16:42:14 GMT
Vogue Singapore
Published: Wed, 12 Feb 2025 16:38:17 GMT
Hot Lister Zaram Obasi Got His Start at Saint Laurent
Published: Wed, 12 Feb 2025 16:30:05 GMT
Mojeh Magazine
Published: Wed, 12 Feb 2025 16:29:51 GMT
On Running
Published: Wed, 12 Feb 2025 16:12:49 GMT
Giorgio Armani
Published: Wed, 12 Feb 2025 16:03:29 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 15:55:43 GMT
Manifesto Magazine
Published: Wed, 12 Feb 2025 15:50:33 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 15:48:19 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 15:44:39 GMT
Giorgio Armani
Published: Wed, 12 Feb 2025 15:37:47 GMT
Farfetch
Published: Wed, 12 Feb 2025 15:37:20 GMT
Thom Browne
Published: Wed, 12 Feb 2025 15:28:39 GMT
Del Core
Published: Wed, 12 Feb 2025 15:21:46 GMT
Versace
Published: Wed, 12 Feb 2025 15:13:00 GMT
Versace
Published: Wed, 12 Feb 2025 15:09:08 GMT
Grazia Bulgaria
Published: Wed, 12 Feb 2025 15:06:53 GMT
Vogue Italia
Published: Wed, 12 Feb 2025 15:02:08 GMT
Hermès
Published: Wed, 12 Feb 2025 14:33:45 GMT
W Magazine
Published: Wed, 12 Feb 2025 14:05:33 GMT
W Magazine
Published: Wed, 12 Feb 2025 14:00:17 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 13:05:04 GMT
Various Campaigns
Published: Wed, 12 Feb 2025 13:01:13 GMT
Vogue Scandinavia
Published: Wed, 12 Feb 2025 12:58:24 GMT
United Colors of Benetton
Published: Wed, 12 Feb 2025 12:57:25 GMT
Sandro
Published: Wed, 12 Feb 2025 12:53:03 GMT
Sandro
Published: Wed, 12 Feb 2025 12:43:59 GMT
The MenStyle Brasil
Published: Wed, 12 Feb 2025 12:28:14 GMT
The Hunger Magazine online
Published: Wed, 12 Feb 2025 12:24:42 GMT
Grazia Germany
Published: Wed, 12 Feb 2025 12:16:23 GMT
Victoria Beckham Beauty
Published: Wed, 12 Feb 2025 11:23:47 GMT
Hunter Fashion Magazine
Published: Wed, 12 Feb 2025 10:07:24 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 09:43:16 GMT
Madame Germany
Published: Wed, 12 Feb 2025 09:41:45 GMT
Various Lookbooks/Catalogs
Published: Wed, 12 Feb 2025 09:33:39 GMT
Madame Germany
Published: Wed, 12 Feb 2025 09:20:45 GMT
Onitsuka Tiger
Published: Wed, 12 Feb 2025 08:18:13 GMT
Madame Germany
Published: Wed, 12 Feb 2025 08:15:06 GMT
Schooled in AI Podcast Feed for 2025-02-15
Schooled in AI Podcast Feed for 2025-02-15
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
周光权
周光权,清华大学教授。
周光权
周光权,清华大学教授,博士生导师。
Shanghai 2025.02.12
Daily report for 2025-02-12 in Shanghai