Security News

The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "Incoherent and muted" according to report by the House of Commons Foreign Affairs Committee. Published last week, the report, titled "Encoding values: Putting tech at the heart of UK foreign policy", follows up on previous policy work that recommended the UK ensure that its foreign policy recognize the value and importance of shaping technology industries and standards.

Tech companies could be fined $25 million - or ten percent of their global annual revenue - if they don't build suitable mechanisms to scan for child sex abuse material in end-to-end encrypted messages and an amended UK law is passed. The proposed update to the Online Safety bill [PDF], currently working its way through Parliament, states that British and foreign providers of a "Regulated user-to-user service" must report child sexual exploitation and abuse content to the country's National Crime Agency.

The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

Tech pros have low confidence in supply chain security. Security threats have heightened the supply chain challenges enterprises have faced over the past two years, and a new ISACA survey report finds only 44% of IT professionals surveyed have high confidence in the security of their organization's supply chain.

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “The Story of the Internet and How it Broke Bad: A...

The compliance risk report is based on a survey of 860 global compliance executives across 10 sectors - found that even as compliance pressures continue to increase at speed and scale, significant strides have been made toward establishing a working system that is more responsive and agile. A substantial number of compliance officers feel a greater emphasis on the function's stature is needed to truly strengthen compliance and uphold its mandate.

Eleven significant tech-aligned industry associations from around the world have reportedly written to India's Computer Emergency Response Team to call for revision of the nation's new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy. The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers' names, dates on which services were used, and even customer IP addresses, and store that data for five years.

Clear Skye and Gradient Flow announced the findings of their survey exploring the state of identity governance and security in the enterprise. Respondents from large companies and those who held IT roles favored more sophisticated methods, such as IT service management or workforce management platforms.

The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material and grooming behavior, raising worries that it could undermine end-to-end encryption. While instant messaging services like WhatsApp already rely on hashed versions of known CSAM to automatically block new uploads of images or videos matching them, the new plan requires such platforms to identify and flag new instances of CSAM. "Detection technologies must only be used for the purpose of detecting child sexual abuse," the regulator said.

The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation, a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative. Speaking at the Black Hat Asia conference, Saran said China's Communist Party sees tech as a means of exerting control and uses social media to deliberately interfere in the affairs of other nations.