Security News

Some 73% of companies prefer to purchase from technology providers that are transparent and proactive in helping organizations manage their cybersecurity risk, a study released Monday by Intel finds. "Security doesn't just happen. If you are not finding vulnerabilities, then you are not looking hard enough," said Suzy Greenberg, vice president of Intel product assurance and security, in a statement.

The first "Quad summit" of leaders from Australia, India, Japan, and the USA has announced the group will create a "Critical and Emerging Technology Working Group". The joint "Spirit of the Quad" statment said the group will: "Respond to the economic and health impacts of COVID-19, combat climate change, and address shared challenges, including in cyber space, critical technologies, counterterrorism, quality infrastructure investment, and humanitarian-assistance and disaster-relief as well as maritime domains."

Organizations have invested millions in new technology over the past year, yet fewer than one in 10 businesses have trained staff in to use these tools. Despite soaring technology budgets, research suggests that workers still have not been trained to use new tools properly - and employees are finding themselves on the firing line.

The Biden administration has named China as the most threatening nation the United States faces, on grounds that it can combine its technological and other capabilities like no other. That assessment was offered in a new Interim National Security Guidance [PDF] issued on Wednesday, in which the administration also outlines plans to seek more regulation of advanced technologies and an intention to strike back after cyberattacks.

An artificial intelligence commission led by former Google CEO Eric Schmidt is urging the U.S. to boost its AI skills to counter China, including by pursuing "AI-enabled" weapons - something that Google itself has shied away from on ethical grounds. "We have to develop technology that preserves our Western values, but we have to be prepared for a world in which not everyone is doing that," said Andrew Moore, a commissioner and the head of Google Cloud AI. The group has the ear of top lawmakers from both parties, but has attracted criticism for including many members who work for tech companies with big government contracts, and who thus have a lot at stake in federal rules on emerging technology.

A new extension for Google Chrome has made explicit how most popular sites on the internet load resources from one or more of Google, Facebook, Microsoft and Amazon. The extension, Big Tech Detective, shows the extent to which websites exchange data with these four companies by reporting on them.

Leading technology companies said Tuesday that a months-long breach of corporate and government networks was so sophisticated, focused and labor-intensive that a nation had to be behind it, with all the evidence pointing to Russia. In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope.

People returning to work following the long pandemic will find an array of tech-infused gadgetry to improve workplace safety but which could pose risks for long-term personal and medical privacy. Tech giants and startups are offering solutions which include computer vision detection of vital signs to wearables which can offer early indications of the onset of Covid-19 and apps that keep track of health metrics.

Any mis-step in the curation of any of the packages you rely upon, by any one of the hundreds or even thousands of coders in the community whose programming, testing and software publishing skills you have implicitly chosen to trust, could lead to a security disaster. Worse still, updated packages that are fetched and installed by your dependency manager can introduce malware into the heart of your coding ecosystem even if the source code in the package itself remains the exactly the same.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.