Agregátor RSS

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. [...]

Meta is the latest company to trim its workforce as a result of the growing use of AI within the industry. The company laid off 8,000 employees earlier this week, while also moving 7,000 more to AI-focused roles.

“AI is the most consequential technology of our lifetimes,” Zuckerberg said in a memo that he sent to employees, informing them of the cuts.  “The companies that lead the way will define the next generation,” he added.

The company has not revealed too much detail of the changes in the workforce, but it’s clear that jobs focused on AI infrastructure will be protected.

Meta is not alone in announcing cuts. In a blog this month, Cisco said it was cutting 4,000 jobs and Microsoft is looking at inciting employees to take voluntary retirement for the first time.

The Meta reorganization is following the trend that businesses that don’t adapt to AI usage will struggle. Earlier this year, PwC US CEO Paul Griggs caused consternation when he suggested that executives who failed to get to grips with AI had a limited future in the company.

While workforces are increasingly dependent on AI as a path to progress, IT departments are not necessarily on top of the game. A Dataiku survey earlier this year revealed that 74% of CIOs were fearful that their career paths were dependent on AI outcomes.

European authorities have cracked down on a VPN that has been used for various criminal activities.

The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large-scale fraud, data theft, and other serious offences.

While First VPN’s fates seems well-deserved, there are concerns about wider attempts by governments and law enforcers to clamp down on users of VPN services. Various legislations have tried to implement new laws restricting access to the internet, in particular, those seeking to limit minors from accessing social media and other sites deemed inappropriate by authorities. Australia has already brought in such a law and the UK is looking to follow suit. However. VPNs providers have fought back, claiming that their offerings are a vital tool in the preservation of the internet as a free and open service — and in securing regular business activities for many enterprises.

Ina recent blog post Mozilla said, “Blunt interventions like mandatory age assurance and restricting access to tools like VPNs are not effective in improving the protection afforded to young people online, while undermining the fundamental rights of all users.”

Any restrictions against VPNs in the US are likely to fall foul of the First Amendment. Attempts by lawmakers to prohibit their use, such as the one proposed in Utah, are looking unlikely to succeed.

Europoslankyně Markéta Gregorová (Piráti) poodhaluje zákulisí přípravy nařízení Chat Control 2.0. Kdyby bylo schváleno, umožnilo by technologickým firmám plošně sledovat naši komunikaci. Před pár týdny skončila platnost první verze, která ukázala neefektivitu přístupu. Ani Evropský soud pro lidská ...

A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI age, attackers can find and exploit system vulnerabilities at a dangerously fast rate.

While widely reported, the proof-of-concept exploit was of limited significance because it required direct physical access to the target device; what matters most is that it is a very real illustration of the new security reality.

AI doesn’t care whose side you’re on

AI boosts productivity for everyone, including attackers. In this case, the technology augmented the human security research team’s efforts, enabling them to identify a weakness in Apple’s security system. This won’t be the first time AI gets used to identify hard-to-find bugs and certainly won’t be the last.

This should be a real concern to any platform provider, as it means the most well-resourced attackers will be leaning deep into AI to help them find vulnerabilities. And as AI improves, the capacity it provides will inevitably become more dangerous.

That’s even before you consider that some attackers work for the kind of state and state-adjacent entities that can afford aircraft carriers. 

When nation-states come knocking

Access to such extensive resources means future AI-augmented attacks will have at their disposal the most powerful computational AI money can buy, which probably boils down to quantum computers.

The threat of quantum computers has been discussed since the 1990s. These systems are expected to be quite capable of breaking the encryption keys on which digital existence is built, and things will not be the same when they do. We don’t have long to wait until that threat becomes real. Google recently warned quantum computers will be able to hack into some, though not all, encrypted systems by 2029. 

Once Q-Day breaks, there will be no going back. And just as Mythos AI was able to help security researchers break into Apple’s core security today, quantum computer-augmented AI is likely to open even more dangerous security frontiers. The Global Risk Institute warns organizations “should take immediate action to address this significant cyber risk.”

What you can do while the industry catches up

What actions can we take now? We have to look to the tech firms to develop tech to protect us against tech:

• Google, for example, is investing in post-quantum cryptography (PQC) digital signature protection and will put similar protections in place across its own authentication services in the next couple of years. 
• Apple says it has also deployed quantum-secure cryptography across a wide range of protocols, “prioritizing applications involving sensitive user information where attackers could harvest encrypted communications at scale.” 
• Cisco is deep into developing quantum-secure networks, working with network partners such as Orange Business to protect enterprise and public-sector data from future quantum threats.

These protections will help secure some of the most important elements of the computing experience, but they won’t cover everything, leaving a less certain threat environment in which many of the least-resourced software developers are exposed.

Legacy systems, particularly around critical infrastructure and key industries like health or finance, will be particularly exposed. You really, really don’t want key systems at your hospital or bank to rely on insecure and unsupported Windows 10 machines, for example. (You’d be better of with a MacBook Neo — truly, you would.)

Apple is not a badly resourced developer, which means it has no choice but to invest heavily in additional security to protect its platforms against both quantum and AI threats. We’ve also got to prepare for even more complex attacks down the road, as the two powerful technologies converge (to the detriment of security).

Gather ye while you can

We know nation-state actors are already hoovering up huge quantities of encrypted data, as they hope to be able to decrypt it once quantum capability matures. (There’s even a name for this, HNDL, which stands for Harvest Now, Decrypt Later.)

You don’t need to panic. These new breed attacks will be massively expensive to put together, which suggests they’ll be used against the same high-value targets Apple built Lockdown Mode to protect. What we saw happen with the NSO Group, which made the Pegasus attack you can now buy on the dark web, and other similar exploits that leaked over time, show that sophisticated attacks will inevitably seep into general use over time.

For now you can choose to use quantum ready messaging services such as iMessage and, while we wait for PQC-compliant password managers to ship, at least make sure to use highly secure passwords for key apps and services. And monitor the news for AI-augmented security exploits against Apple equipment. And as always, never leave your Mac unattended anywhere people you don’t know or trust can reach it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government entities using compromised accounts. It's been

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government entities using compromised accounts. It's been Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik.

Agentic AI will help with completing multi-step tasks such as filling in forms, navigating sites, or gathering information from different tabs, all using enterprise-managed tools, the company said.

And a new tab page will pull together calendar entries, files and Copilot prompts, reducing the need to switch between tools, it said.

A key feature of the new browser version will be its ability to protect corporate data. Enterprises will be able to block the use of copy and paste, and all AI prompts and responses will stay within their Microsoft 365 tenant and will not be used to train models, the company said. They will also be able to audit prompts and block sensitive uploads. The protections will apply as soon as users sign into Edge for Business.

Enterprises will be able to keep track of users who are not following policy: Microsoft’s compliance tool, Purview, will analyze all file uploads to check for sensitive data being uploaded. Enterprises will then have the ability to block the action.

To access the new features, enterprises must sign up for the limited preview.

Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]

Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years.

The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said.

“We’re intentionally building the EY forward deployed engineer (FDE) capability through close collaboration and training with Microsoft, while maintaining integrated EY-Microsoft teams in the field,” he said in an email. “Clients will continue to experience this as one combined team, bringing together engineering depth and transformation expertise.”

EY has acted as “client zero” in this initiative, embedding AI in all facets of its organization while it validated ways of working with Microsoft’s technologies. After an initial trial of Microsoft Copilot with 150,000 users, it is now rolling it out through Microsoft 365 E7 to all 400,000 staff.

Its combined offering with Microsoft will be fully integrated, with shared governance and accountability across both organizations, it said. Initial services will cover finance, tax, risk, HR and supply chain activities within the financial services, industrials and energy, consumer and retail, government, and health care sectors.

Pain and suffering

The company’s status as client zero is important here, said Greyhound Research Chief Analyst Sanchit Vir Gogia. “It gives EY a proving ground, not just a reference story. The firm can test AI across its own global workforce, professional services processes and regulated client delivery environment before taking the patterns outward. That gives it a sharper commercial proposition: not ‘we understand AI’, but ‘we have suffered through the operating friction before you’. In enterprise technology, lived pain is often more valuable than polished optimism.”

EY is not merely reselling Microsoft’s AI story, he added. “It is positioning itself as the interpreter between Microsoft’s engineering depth and the client’s messy operational reality.”

Technology analyst Carmi Levy said the challenges of scaling AI solutions are monumental, so it makes sense for vendors to bolster their own support capabilities to allow customers to capture maximum value from their AI investment.

“The forward deployed engineer seems like an ideal solution to this vexing problem, a ready-made, vendor-provided, fully trained resource whose sole job is to help customers crack the AI code and turn its potential into realizable gains,” he said. “FDEs can help tune a given agentic system to the organization’s unique requirements and reduce near- and long-term risk by better aligning the vendor’s technologies to the customer’s internal systems.”

Forward-deployed engineers are having a moment, with both Anthropic and OpenAI putting them at the forefront of their AI sales strategies.

But the concept isn’t new, said Matt Kimball, principal analyst at Moor Insights & Strategy. “When I was a state government CIO back in the early 2000s, I leveraged what is now being called an FDE and it reduced a project from weeks to hours,” he said. FDEs should have the domain expertise to be able to “walk into an enterprise and look at all of these moving parts associated with activating AI and develop (and execute) a comprehensive plan of attack,” covering technology, operations, people, and processes, he said.

However, said Bill Wong, research fellow at Info-Tech Research Group, enterprise leaders need to recognize that while they have the option to procure services to accelerate adoption, they must take ultimate responsibility for what’s built by defining, staffing and applying an AI governance program, and adapting it as AI capabilities evolve.

Forward thinking

Gogia said that many CIOs will bring in forward-deployed engineers for perfectly good reasons: scarce skills, urgency, board pressure, messy legacy systems and a widening gap between AI aspiration and operational delivery, but they should not abdicate responsibility to them.

“Use forward-deployed engineers where they create speed, learning and operational discipline. Do not use them as substitutes for internal architecture, governance or accountability,” he said. “Make them teach, make them document, make them transfer capability, make them design for audit, exit, and resilience from day one. If the engagement leaves behind only working software, it has not done enough.”

This article first appeared on CIO.

Workday conversational AI platform Sana for Workday is now ready to talk about IT Service Management (ITSM) automation as part of the company’s broader effort to help enterprises streamline workflows, especially across HR and finance, with autonomous AI agents.

The new Sana for ITSM capabilities are intended to automate workflows for employee on- and offboarding, access changes, and everyday IT requests.

Another new addition, the Travel agent, can help employees plan trips, book travel, and automatically manage expenses in one place, the company said.

The unification of cross-departmental workflows, according to Pareekh Jain, principal analyst at Pareekh Consulting, could provide significant advantages to CIOs: “If HR, finance, onboarding, access requests, payroll, travel, and IT support are tied together in one platform, enterprises can reduce friction, automate approvals faster, improve employee experience.”

“At the same time, Sana’s agentic backend will also get more organization context and can be more accurate, which is increasingly becoming important for CIOs trying to automate operations with agents,” Jain said. “Identity, reporting structures, cost centers, approvals, budgets, and role-based permissions become critical when AI starts automating tasks instead of just answering questions.”

However, Abhishek Mundra, associate practice leader at HFS Research, warned that CIOs evaluating ITSM for Sana should be wary of vendor lock-in. There’s value in linking the system running IT service workflows to the system of record holding workforce and financial data, but “it need not necessarily be owned by the system of record vendors,” he said.

Entrenched ITSM ecosystems could slow uptake

That debate around integration benefits versus platform concentration is also likely to influence enterprise uptake of the new ITSM automation capabilities, according to Jain.

“Early adopters will likely be existing Workday customers looking to simplify employee workflows and reduce tool fragmentation,” he said, adding that Workday could face challenges winning over large enterprises with deeply entrenched ITSM environments, given the maturity and breadth of established platforms such as ServiceNow.

ServiceNow’s recent acquisition of Moveworks also strengthens its position as an ITSM software provider, according to Bhupendra Chopra, chief revenue officer at IT consulting firm Kanerika.

“Moveworks is built for ITSM from the ground up. Sana for ITSM is built for consolidation. Those are different optimization functions. ITSM is harder than HR self-service. It requires understanding SLAs, escalation paths, technical constraints,” Chopra said.

“Most large enterprises with mature ITSM investments have workflows, integrations, and tribal knowledge baked into ServiceNow. Ripping that out for ‘better data context’ is a multi-year migration, not a switch,” he said.

Echoing Chopra, Jain said efforts to replace already-in-place, compliant ITSM systems could be expensive, risky and operationally disruptive. But, he said, mid-sized enterprises and AI-first enterprises may evaluate the new capabilities as a lighter alternative to complex traditional ITSM stacks, especially for employee support use cases.

Workday expects to offer Sana for ITSM early adopters in the second half of 2026, with broader general availability planned later in the year, the company said.

The Travel Agent is already available to early adopters and will also become generally available later this year, it said.

This article first appeared on CIO.

Americká nábytkářská společnost Herman Miller fungující už více než 100 let si udělala jméno designovými produkty nebo ergonomickými počítačovými křesly. Teď se chce v kancelářích a herních doupatech prosadit i výškově polohovatelným stolem. Gamingový model Coyl se začal prodávat tento týden od ...

Je to už letitý evergreen, během nočního přenosu z pokusu o dvanáctý let Starshipu to ale opět zaznělo – SpaceX znovu potvrdilo, že chystá misi s lidskou posádkou k Marsu. S moderátory ve studiu se během pauzy spojil investor Chun Wang, velitel soukromé mise Fram2 na polární oběžné dráze Země ...

Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]

Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. [...]

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. [...]