Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: security Clear Filter

Frequent reauth doesn't make you more secure

news.ycombinator.com Unknown 2025-09-15 14:05:12

Frequent reauth doesn't make you more secure You're happily working away, fingers flying, deep in flow, and suddenly, boink, your session has expired. You sigh, re-enter your password (again), complete an MFA challenge (again), maybe approve an email notification (again), and finally — access restored. Until next time. This wasn't so bad when it was just passwords; we all got pretty fast at retyping our passwords. But all those MFA challenges really slow us down. And MFA fatigue attacks, a gro

Topics: authentication device like screen security
Read More
Shop Amazon

Microsoft fixes first known zero-click attack on an AI agent

techspot.com Kishalaya Kundu 2025-09-15 22:48:00

TL;DR: Microsoft has patched a critical zero-click vulnerability in Copilot that allowed remote attackers to automatically exfiltrate sensitive user data simply by sending an email. Dubbed "EchoLeak," the security flaw is being described by cybersecurity researchers as the first known zero-click attack targeting an AI assistant. EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, Excel, Outlook, PowerPoint, and Teams. Accordin

Topics: ai aim echoleak microsoft security
Read More
Shop Amazon

Can You Legally Record Audio or Video on Your Security Camera? I Focus on These Rules

cnet.com See Full Bio 2025-09-15 22:30:00

If you're thinking about installing a new security camera in your home, a legal question appears: Is it legal for you to record audio and video anywhere you want in your home? Are there limitations or the possibility of lawsuits from your neighbors? This is something I've thought about a lot as I've tested security cameras in all parts of my home for years. Owners must know when and where it's legal to record everything from their front yard and streets to friends, babysitters, and pet sitters.

Topics: audio cameras consent record security
Read More
Shop Amazon

Conveyor uses AI to automate the painful process of vendor security reviews and RFPs with AI

techcrunch.com Marina Temkin 2025-09-16 02:00:00

Selling software to companies is such a time-consuming process. Even after customers are convinced a product is right for their organization, they still need to ensure the software meets all their security requirements. Chas Ballew realized just how painfully slow and tedious the vendor security and compliance review process was when he was running Aptible, a hosting platform for healthcare companies that he co-founded in 2013. “What we saw was that every time one of our customers was trying to

Topics: ai conveyor customers process security
Read More
Shop Amazon

Two exploits are threatening Secure Boot, but Microsoft is only patching one of them

techspot.com Alfonso Maruccia 2025-09-16 06:23:00

Facepalm: Microsoft and the PC industry developed the Secure Boot protocol to prevent modern UEFI-based computers from being hacked or compromised during the boot process. However, just a few years later, the technology is plagued by a steady stream of serious security vulnerabilities. Cybercriminals are currently having a field day with Secure Boot. Security experts have uncovered two separate vulnerabilities that are already being exploited in the wild to bypass SB's protections. Even more co

Topics: boot cve microsoft secure security
Read More
Shop Amazon

Security Service Edge(SSE): Powering the Modern Hybrid Workplace

computer.org Laurel Tweed 2025-09-15 20:00:40

The way we work has fundamentally shifted. Hybrid models, where employees split their time between the office and remote locations, are no longer a niche trend but a widespread reality. This evolution offers numerous benefits, including increased flexibility and improved work-life balance. However, it also presents significant challenges for IT and security teams tasked with ensuring seamless access to applications and protecting sensitive data outside the traditional corporate perimeter. Securi

Topics: access secure security sse work
Read More
Shop Amazon

Think before you click: Experts warn email "Unsubscribe" links pose security risks

techspot.com Alfonso Maruccia 2025-09-17 00:10:00

In a nutshell: A common rule of thumb advises unsubscribing from commercial emails if they are annoying or outright spam. However, some experts caution against this advice, as clicking the "unsubscribe" button can expose users to additional risks and security issues. According to TK Keanini, CTO at DNSFilter, the "click to unsubscribe" option found at the bottom of many commercial emails can become a security risk over time. Users often click these links blindly in an attempt to stop the flood

Topics: email security trust unsubscribe users
Read More
Shop Amazon

‘Generative AI helps us bend time’: CrowdStrike, Nvidia embed real-time LLM defense, changing how enterprises secure AI

venturebeat.com Louis Columbus 2025-09-16 23:39:08

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Generative AI adoption has surged by 187% over the past two years. But at the same time, enterprise security investments focused specifically on AI risks have grown by only 43%, creating a significant gap in preparedness as AI attack surfaces rapidly expand. More than 70% of enterprises experienced at least one AI-related breach in the pa

Topics: ai crowdstrike falcon nvidia security
Read More
Shop Amazon

ConnectWise rotating code signing certificates over security concerns

bleepingcomputer.com Unknown 2025-09-16 04:17:53

ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. Digital certificates are used to sign executables so those downloading the files know they come from a trusted source. This ensures that code has not been tampered with before it reaches the end user. According to ConnectWise, the decision was taken after a third-party security researcher raised conc

Topics: automate certificates connectwise screenconnect security
Read More
Shop Amazon

Switch 2 Blows Past Records to Reach 3.5 Million Sales in Just 4 Days

cnet.com See Full Bio 2025-09-17 03:36:00

Tyler Lacoma Editor / Home Security For more than 10 years Tyler has used his experience in smart home tech to craft how-to guides, explainers, and recommendations for technology of all kinds. From using his home in beautiful Bend, OR as a testing zone for the latest security products to digging into the nuts and bolts of the best data privacy guidelines, Tyler has experience in all aspects of protecting your home and belongings. With a BA in Writing from George Fox and certification in Technic

Topics: best experience home security tyler
Read More
Shop Amazon

Senators Warn DOGE’s Social Security Administration Work Could Break Benefits

wired.com Makena Kelly 2025-09-16 21:32:32

Democratic senators have concerns that the so-called Department of Government Efficiency (DOGE) could break the Social Security Administration’s tech infrastructure. In a new letter addressed to SSA commissioner Frank Bisignano, senators Elizabeth Warren and Ron Wyden say that DOGE’s plans to “hastily upgrade” Social Security IT systems could disrupt the delivery of benefits or result in mass data losses. The warning comes after WIRED reported in March that DOGE officials were planning to rebui

Topics: doge plans security senators ssa
Read More
Shop Amazon

Security Bite: Apple’s push for chip independence will benefit device security the most

9to5mac.com Arin Waichulis 2025-06-01 21:23:33

Since the launch of the M-series processors and now the C1 cellular modem, Apple has been slowly but surely moving toward complete chip independence. The company is even working on its own Bluetooth and Wi-Fi solution, which is reportedly coming with new Home products and the iPhone 17 lineup in the Fall. One obvious benefit of developing chips in-house is energy efficiency. Apple toated this with the introduction of Apple Silicon what feels like a hundred years ago, and this week with its firs

Topics: apple devices fi security wi
Read More
Shop Amazon

DOGE’s USDS Purge Included the Guy Who Keeps Veterans’ Data Safe Online

wired.com Lily Hay Newman 2025-06-01 21:58:10

When the so-called Department of Government Efficiency recently fired dozens of people from the US Digital Service—the agency DOGE subsumed last month—it may not have realized the extent of the collateral damage. The USDS doesn't operate in a vacuum; part of its longtime mandate is to consult with federal agencies to help improve their digital platforms and websites. So when DOGE terminated Jonathan Kamens in its agency purge, it may not have fully grasped that it was firing the security lead f

Topics: cybersecurity gov kamens va veterans
Read More
Shop Amazon

Apple pulls data protection tool after UK government security row

feeds.bbci.co.uk Unknown 2025-06-02 01:15:32

Apple pulls data protection tool after UK government security row 12 minutes ago Zoe Kleinman • @zsk Technology editor Getty Images Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data. Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption. But earlier this month th

Topics: apple data government security uk
Read More
Shop Amazon

CISA flags Craft CMS code injection flaw as exploited in attacks

bleepingcomputer.com Unknown 2025-06-01 22:57:50

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites and custom digital experiences. Not many technical details about CVE-2025-23209 are available, but exploitation isn't easy,

Topics: 2025 craft cve key security
Read More
Shop Amazon

If COBOL is so problematic, why does the US government still use it?

zdnet.com Steven Vaughan-Nichols 2025-06-01 23:26:16

Matthew Busch for The Washington Post via Getty Images Some people think tens of millions of dead people are collecting Social Security checks. That's not true. What's really going on is people don't understand its old, underlying technology. The saga of 150-year-old Social Security recipients is a tale that intertwines aging technology, government systems, and modern misunderstandings by the youthful Department of Government Efficiency (DOGE) IT people. At the heart of this story lies COBOL,

Topics: cobol government old security social
Read More
Shop Amazon

Apple pulls data protection tool after UK government security row

news.ycombinator.com Unknown 2025-06-01 22:05:24

Apple pulls data protection tool after UK government security row 10 minutes ago Zoe Kleinman • @zsk Technology editor Getty Images Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data. Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption. But earlier this month th

Topics: apple data government security uk
Read More
Shop Amazon

Apple Says ‘No’ to UK Backdoor Order, Will Disable E2E Cloud Encryption Instead

gizmodo.com Thomas Maxwell 2025-06-01 23:50:53

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law enforcement to access the cloud data of any iPhone user around the world. Apple has for many years marketed its products as being the most safe and secure personal electron

Topics: apple data encryption end security
Read More
Shop Amazon

Invisible, autonomous and hackable: The AI agent dilemma no one saw coming

venturebeat.com Emilia David 2025-06-01 19:00:00

This article is part of VentureBeat’s special issue, “The cyber resilience playbook: Navigating the new era of threats.” Read more from this special issue here. Generative AI poses interesting security questions, and as enterprises move into the agentic world, those safety issues increase. When AI agents enter workflows, they must be able to access sensitive data and documents to do their job — making them a significant risk for many security-minded enterprises. “The rising use of multi-agent

Topics: access agent agents ai security
Read More
Shop Amazon

AI vs. endpoint attacks: What security leaders must know to stay ahead

venturebeat.com Louis Columbus 2025-06-01 19:00:00

This article is part of VentureBeat’s special issue, “The cyber resilience playbook: Navigating the new era of threats.” Read more from this special issue here. Enterprises run the very real risk of losing the AI arms race to adversaries who weaponize large language models (LLMs) and create fraudulent bots to automate attacks. Trading on the trust of legitimate tools, adversaries are using generative AI to create malware that doesn’t create a unique signature but instead relies on fileless exe

Topics: ai cato endpoint powered security
Read More
Shop Amazon

Milliseconds to breach: How patch automation closes attackers’ fastest loophole

venturebeat.com Louis Columbus 2025-06-01 19:00:00

This article is part of VentureBeat’s special issue, “The cyber resilience playbook: Navigating the new era of threats.” Read more from this special issue here. Procrastinating about patching has killed more networks and damaged more companies than any zero-day exploit or advanced cyberattack. Complacency kills — and carries a high price. Down-rev (having old patches in place that are “down revision”) or no patching at all is how ransomware gets installed, data breaches occur and companies are

Topics: management patch patching security time
Read More
Shop Amazon

US healthcare org pays $11M settlement over alleged cybersecurity lapses

bleepingcomputer.com Unknown 2025-06-01 20:47:21

Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. The U.S. government contracted HNFS to provide managed healthcare support services for TRICARE's North region, covering 22 states. The contract required compliance with cybersecurity standards, specifically 48 C.F.R. § 252.204-7012 and 51

Topics: allegations compliance cybersecurity health hnfs
Read More
Shop Amazon

Integrating LLMs into security operations using Wazuh

bleepingcomputer.com Unknown 2025-06-01 22:01:11

Artificial intelligence (AI) is the simulation of human intelligence in machines, enabling systems to learn from data, recognize patterns, and make decisions. These decisions can include predicting outcomes, automating processes, and detecting anomalies. Large Language Models (LLMs) are specialized AI models designed to process, understand, and generate human-like text. Large Language Models (LLMs) are trained on diverse and extensive textual data. They are designed to understand language and a

Topics: llms operations security threat wazuh
Read More
Shop Amazon

Researchers Find Elon Musk's New Grok AI Is Extremely Vulnerable to Hacking

futurism.com Unknown 2025-06-01 22:28:54

Researchers at the AI security company Adversa AI have found that Grok 3, the latest model released by Elon Musk's startup xAI this week, is a cybersecurity disaster waiting to happen. The team found that the model is extremely vulnerable to "simple jailbreaks," which could be used by bad actors to "reveal how to seduce kids, dispose of bodies, extract DMT, and, of course, build a bomb," according to Adversa CEO and cofounder Alex Polyakov. And it only gets worse from there. "It’s not just ja

Topics: ai cybersecurity grok model polyakov
Read More
Shop Amazon
Trending Topics
Hot Now
ai 1473 apple 1087 new 893 content 839 google 671
Popular
zdnet 644 amazon 643 like 634 does 525 reviews 518 company 518 editorial 504 day 489 app 477 prime 445
Emerging
said 443 data 439 samsung 393 phone 390 pro 378 game 378 just 368 android 349 deals 336 galaxy 320
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]