All news with #news tag

🔐 In episode 439 of Smashing Security, Graham Cluley and guest Annabel Berry examine a reported critical infrastructure hack that allegedly exploited default passwords and featured perpetrators boasting on Telegram. They probe how basic misconfigurations can cascade into major incidents and spotlight the human cost of defending organisations — stress, burnout, and leadership failures. The show pairs this sober analysis with lighter cultural asides, including music and media reflections.

🎧 Hosts Graham Cluley and Mark Stockley review episode 72 of The AI Fix, covering GPT-5’s disputed training data, Irish police warnings about AI-generated home-intruder pranks, Jeff Bezos’s proposal for gigawatt-scale data centres in orbit, OpenAI’s drag-and-drop Agent Kit, and a Chinese company’s ultra-lifelike robot head. The episode questions corporate AI hype and highlights rising public disclosures of AI risk, urging attention to data provenance and realistic deployment expectations.

🔒 Fortinet underscores its leadership within the World Economic Forum’s Cybercrime Atlas, promoting cross-sector intelligence sharing and coordinated disruption to combat cybercriminal networks. The 2025 Impact Report, released ahead of the WEF Annual Meeting on Cybersecurity 2025, details operational support for INTERPOL-led Operations Serengeti and Serengeti 2.0 and quantifies arrests, takedowns, and recovered illicit funds. Fortinet stresses the need for accountability at scale and continued expansion of collaborative capacity-building.

🔒 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions include CVE-2016-7836 (SKYSEA Client View), CVE-2025-6264 (Rapid7 Velociraptor), CVE-2025-24990 and CVE-2025-59230 (Microsoft Windows), and CVE-2025-47827 (IGEL OS). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the designated due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

🛡️ As of October 14, 2025, Microsoft has ended support for non‑LTSC releases of Windows 10, leaving installations without default security patches unless organizations purchase Extended Security Updates (ESUs). CrowdStrike advises inventorying assets, evaluating ESU costs, and prioritizing migration while ensuring continuous endpoint protection. The Falcon platform delivers cloud‑native detection, behavioral AI, and visibility across mixed Windows environments to help reduce risk during transition. Note that EDR complements but does not replace operating system updates.

🔐 The Council of Europe has authorized the European Commission and EU member states to sign the United Nations Convention against Cybercrime, adopted by the UN General Assembly in December 2024, which sets common global standards for cybercrime and the cross-border exchange of electronic evidence. The treaty requires harmonization of criminal offenses, including computer fraud, illegal interception and measures targeting online child sexual abuse, grooming and non-consensual dissemination of intimate images, while including explicit safeguards to protect human rights. The Convention will be open for signature from October 25, 2025 until December 31, 2026 and enters into force ninety days after the fortieth ratification; the EU Presidency will prioritize finalizing a Council decision to enable conclusion of the instrument and seek the European Parliament's consent.

🚀 Google outlines designs for agile, fungible data centers to meet explosive AI demand, advocating modular, interoperable architectures and late-binding of facility resources. It highlights Project Deschutes liquid cooling, +/-400Vdc power proposals with Mt. Diablo side-car designs, and open efforts like Caliptra 2.0 and OCP L.O.C.K.. The post calls for community standards across power, cooling, telemetry, networking, and security to improve resilience, sustainability, and operational flexibility.

🛡️Amazon Relational Database Service (Amazon RDS) now supports the latest General Distribution Release (GDR) and Cumulative Update packages for Microsoft SQL Server, including SQL Server 2016 SP3+GDR (KB5065226), 2017 CU31+GDR (KB5065225), 2019 CU32+GDR (KB5065222) and 2022 CU21 (KB5065865). These updates address multiple security vulnerabilities tracked as CVE-2025-47997, CVE-2025-55227 and CVE-2024-21907. AWS recommends that customers upgrade their RDS SQL Server instances using the Amazon RDS Management Console, AWS SDKs or the AWS CLI and follow the RDS SQL Server upgrade guidance.

🔐 Microsoft frames security culture as a company-wide movement driven by people and operationalized through the Secure Future Initiative (SFI). The company overhauled employee education—launching the Microsoft Security Academy, refreshing the Security Foundations series, and requiring three annual sessions (90 minutes total)—to address AI-enabled attacks, deepfakes, and identity threats. Leadership mandates, linked compensation, measurable training outcomes (99% completion; rising satisfaction and relevancy scores), new identity and AI guides, Deputy CISOs in engineering, and embedded DevSecOps are highlighted as evidence of measurable cultural change.

🔐 Google will transition in November 2025 from overwrite-based media sanitization to cryptographic erasure, using default encryption to render data unrecoverable by securely deleting encryption keys rather than overwriting drives. Recognized in NIST SP 800-88, this method is faster and better suited to modern storage technologies. Google says it will apply a layered, defense-in-depth model with independent verification, key rotations, and protections for device secrets to maintain strong safeguards.

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.

💡 Developers are accelerating AI adoption across industries by using copilots and agentic workflows to compress the software lifecycle from idea to operation. Microsoft positions tools like GitHub, Visual Studio, and Azure AI Foundry to connect models and agents to enterprise systems, enabling continuous modernization, migration, and telemetry-driven product loops. The shift moves developers from manual toil to intent-driven design, with agents handling upgrades, tests, and routine maintenance while humans retain judgment and product vision.

📢 AWS is updating the availability status of a range of services and features across three lifecycle categories: moving to Maintenance, entering Sunset, and reaching End of Support. Services moving to maintenance will stop accepting new customers on Nov 7, 2025, while current customers can continue using them as they evaluate alternatives. Several services, including Amazon FinSpace, AWS IoT Greengrass v1, and AWS Proton, are entering sunset with documented timelines (typically ~12 months). AWS Mainframe Modernization App Testing has reached end of support as of Oct 7, 2025. AWS provides migration guides and support resources to help customers transition.

🏆 CIO and CSO ASEAN have named the finalists for the CIO100 ASEAN and CSO30 ASEAN 2025 Team Awards, recognising leading technology and cybersecurity teams across Southeast Asia. Selected by a panel of CIO and CSO executive editors, finalists span six categories including CIO Innovation, CIO Customer Value and CSO Public-Private Partnership. The in-person Gala Night will take place in Singapore on 12 November 2025 to celebrate winners and foster networking among industry leaders.

🔁 Amazon Connect now supports copy and bulk edit for agent scheduling configuration, making it faster to create and maintain schedules. Administrators can copy existing scheduling configurations—such as a weekday shift profile to create a weekend variant—or clone a full schedule from one agent to multiple new hires. Bulk edits allow selective updates to fields like time zone and start date without altering weekly working hours, reducing manager time spent on configuration and improving operational efficiency.

🔔 Amazon Connect now supports agent schedule adherence notifications, enabling supervisors to receive automated alerts by email or text (via EventBridge) when agents fall outside defined adherence thresholds. You can create rules—such as alerting when adherence drops below 85% in a trailing 15‑minute window—to notify supervisors proactively. These automated notifications remove the need for constant dashboard monitoring and help teams intervene before service levels decline.

🤖 In episode 71 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a wide-ranging mix of AI and robotics stories, from a giant robot spider that went 'backpacking' to DoorDash's delivery 'Minion' and a TikToker forcing an AI to converse with condiments. The episode highlights technical feats — GPT-5 winning the ICPC World Finals and Claude Sonnet 4.5 coding for 30 hours — alongside quirky projects like a 5-million-parameter transformer built in Minecraft. It also investigates a security flaw that left Unitree robot fleets exposed and discusses an alarming estimate that training a frontier model could require the power capacity of five nuclear plants by 2028.

🔒 it-sa 2025 opened in Nuremberg on October 7, with organizers reporting 990 exhibitors — a 15% increase over last year — and an expected attendance record to be announced at the close. At the opening press conference, BSI President Claudia Plattner said the agency will implement the Cyber Resilience Act in Germany and exercise market surveillance powers. Industry leaders highlighted strong market growth, rising cybercrime losses, and calls to increase corporate security budgets while supporting European security startups.

🔒 The 2015 Cybersecurity Information Sharing Act (CISA 2015) has expired after lawmakers failed to extend legal safe-harbors for voluntary threat sharing via the Automated Indicator Sharing program (AIS). Amid a congressional funding standoff and a resulting partial government shutdown, industry leaders warn the lapse exposes companies to litigation and may deter intelligence exchange. Security executives say reduced sharing could create blind spots, elevate software supply-chain risk and slow development of AI-driven defenses.

⚠️A new primer, Scam GPT, surveys how generative AI is being adopted by criminals to automate, scale, and personalize scams. It maps which communities are most at risk and explains how broader economic and cultural shifts — from precarious employment to increased willingness to take risks — amplify vulnerability to deception. The author argues these threats are social as much as technical, requiring cultural shifts, corporate interventions, and effective legislation to defend against them.