Kategorie
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Sky ECC encrypted service distributors arrested in Spain, Netherlands
Google’s latest genAI shift is a reminder to IT leaders — never trust vendor policy
Every enterprise CIO knows they cannot — and should not — ever trust a vendor’s policy position. Whether that’s because a vendor might not strictly adhere to its policies or can change policies anytime without notice, it doesn’t matter.
Google’s move last week to back away from assurances it would not help make weapons or engage in surveillance was utterly unsurprising. Companies are motivated by revenue, profits and market share and if corporate leaders can improve any of those financial metrics by helping to make weapons of mass destruction — or helping a government poison its people — that’s what can happen.
But enterprise CIOs are the customers— customers with big budgets that give them major clout. If companies want your dollars, they must agree to whatever you have in your RFP and your contract.
Why would these massive vendors agree? Because they fear that one of their competitors will do so if they don’t. That could cost them market share and revenue.
Suddenly, you have their C-suite’s rapt attention.
As for Google in this case, what was the original language the company felt it needed to avoid? Last year’s statement gave a list of “AI applications we will not pursue.”
This is part of that list: “Technologies that cause or are likely to cause overall harm. Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks, and will incorporate appropriate safety constraints. Weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people. Technologies that gather or use information for surveillance violating internationally accepted norms. Technologies whose purpose contravenes widely accepted principles of international law and human rights.”
Then, in an eerily predictive point, it added: “As our experience in this space deepens, this list may evolve.”
It did evolve. It got a lot shorter.
If a lot of money can be made doing those things, Google now says, in effect, “Human suffering and death and maiming can be trumped by higher profits and marketshare. Ethics, morality and humanity don’t keep the lights on, buddy!”
You’ll also notice that the company has bagged its “Don’t be evil” tagline; Google apparently ditched it 10 years ago. Maybe they could update it now to something like this: “Google. Where we never let avoiding evil stand in the way of making a profit.”
I was recently discussing this issue with two executives at Phoenix Technologies, a Swiss cloud provider. They made the argument that enterprise CIOs shouldn’t rely on vendor promises, especially for large language model (LLM) making, including how they’re trained and used.
“If you are reliant on the model makers and their terms and conditions state that they can service anybody, you have to be willing to deal with the fallout,” said Peter DeMeo, the Phoenix group chief product officer. “You really can’t trust the model makers,” especially when they need revenue from government contracts.
His colleague, Phoenix group CTO Nunez Mencias, applauded Google for removing the restriction, given that it was unlikely it could ever be relied on. “The model makers “can always change their policies, their rules.”
But there’s a big difference between being unable to rely on a vendor’s self-stated rules and being powerless to discourage AI use in areas your company might not be comfortable with.
Just remember: Entities out there doing things you don’t like are always going to be able to get generative AI (genAI) services and tools from somebody. You think large terrorist cells can’t use their money to pay somebody to craft LLMs for them?
Even the most powerful enterprises can’t stop it from happening. But, that may not be the point. Walmart, ExxonMobil, Amazon, Chase, Hilton, Pfizer and Toyota and the rest of those heavy-hitters merely want to pick and choose where their monies are spent.
Big enterprises can’t stop AI from being used to do things they don’t like, but they can make sure none of it is being funded with their money.
If they add a clause to every RFP that they will only work with model-makers that agree to not do X, Y, or Z, that will get a lot of attention. The contract would have to be realistic, though. It might say, for instance, “If the model-maker later chooses to accept payments for the above-described prohibited acts, they must reimburse all of the dollars we have already paid and must also give us 18 months notice so that we can replace the vendor with a company that will respect the terms of our contracts.”
From the perspective of Google, along with Microsoft, OpenAI, IBM, AWS and others, the idea is to take enterprise dollars on top of government contracts. If they were to believe that’s suddenly an either/or scenario, they might suddenly reconsider.
Given that Google has decided that revenue is more important than morality, the answer is not to appeal to their morality. If money is all they care about, speak that language.
Fortunately for enterprises, there are plenty of large companies willing to handle your genAI needs. Perhaps now is the time to use your buying power to influence who else they work with and limit what they do.
Apple fixes zero-day exploited in 'extremely sophisticated' attacks
Hacker pleads guilty to SIM swap attack on US SEC X account
Musk furious as judge shuts down DOGE access to Treasury payment system
The US Treasury Department’s payment servers hold the tax returns, social security data and bank account numbers of every adult citizen of the United States.
They are, one would assume, among the most highly secured servers on earth and yet it seems that all the employees of Elon Musk’s Department of Government Efficiency (DOGE) needed to do to access these systems after January 20 was to walk into Treasury Department offices and demand access to the servers’ credentials.
We learn of these extraordinary if still hazy and unconfirmed events by reading between the lines of a weekend ruling by US District Judge Paul Engelmayer in response to a suit brought by 19 states against the actions of the DOGE team.
In the ruling, Engelmayer blocked access by DOGE staff to the Treasury’s payment servers for the time being and ordered that any data downloaded to date by team members should immediately be deleted.
Allowing DOGE access in its current form violated the Administrative Procedure Act (APA), a statutory requirement, as well as the doctrine of the separation of powers and the Take Care Clause of the US Constitution, he ruled.
Further access for unauthorized DOGE staff risked “irreparable damage,” a technical term for serious consequences which can’t be easily remedied through subsequent legal action.
“That is both because of the risk that the new policy presents of the disclosure of sensitive and confidential information and the heightened risk that the systems in question will be more vulnerable than before to hacking,” the ruling continued.
In short, allowing unauthorized personnel to access these servers without monitoring risked data disclosure, also known as a data breach.
“Utterly insane”The ruling traces the outline of an unexpected fault line that has appeared since President Trump’s inauguration: how far should Presidential appointees be allowed to go when executing executive orders if that risks breaking existing laws and rules around security?
Engelmayer’s answer, for now at least, is not far at all: only staff within the Treasury with the correct security clearance should be granted access to servers containing sensitive citizen and personal data.
Not surprisingly, as it continues its campaign to refashion and downsize the federal workforce, the White House was derisive of the ruling and the legal suit that precipitated it.
“Grandstanding government efficiency speaks volumes about those who’d rather delay much-needed change with legal shenanigans than work with the Trump Administration of ridding the government of waste, fraud, and abuse,” White House spokesperson Harrison Fields said in a statement released to media outlets.
Musk, meanwhile, took to his personal mouthpiece, X, to condemn at length the financial waste he claimed the DOGE access had uncovered within the system.
“Yesterday, I was told that there are currently over $100B/year of entitlement payments to individuals with no SSN or even a temporary ID number. If accurate, this is extremely suspicious,” he tweeted. “This is utterly insane and must be addressed immediately.”
The counter-argument to this is that it’s not the intention behind the access that’s at issue so much as the principle that security clearance should still apply to people tasked with investigating alleged waste.
Fact vacuumAs is often the case, the ruling doesn’t reveal the full context of what occurred. According to Michel Chamberland, founder of IT services and consulting company IntegSec, this made it hard to judge how far security was bent for the sake of convenience.
“We do not have exact details of what systems were accessed, what specific data they have access to and what level of access they were provided. I think when we hear people’s social security numbers may have been compromised by the DOGE team, it is complete speculation,” he told Computerworld.
One remedy would be for DOGE to explain the nature of their access more clearly:
“I think the first thing they could do is provide more transparency as to what exactly they access, how they do it and the level of access provided,” said Chamberland.
“We also need to hear about the classification of these systems. Not all systems within a government agency will be highly classified. It is possible DOGE was able to do most or all their work without accessing systems that do require a security clearance,” he said.
However, Chamberland agreed that background checks for staff were essential.
“DOGE sharing this information with the public could go a long way to reduce security concerns.”
This is not the first time Musk’s DOGE has upset people enough to provoke legal action. Two weeks ago, a private class action alleged that his team sent emails to the federal workforce from the Office of Personnel Management (OPM) in a way that broke the E-Government Act of 2002 and was insecure.
Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
Cyberattack disrupts Lee newspapers' operations across the US
Apple’s upcoming iPhone SE 4 likely to offer major improvements
IT purchasers might be interested to learn that Apple is preparing to introduce a new entry-level and more affordable next edition iPhone SE. What sets this iteration apart is that it should be powerful enough to run Apple Intelligence.
That means you can expect a good quantity of storage, as Apple Intelligence presently requires around 7GB of space. You also get a much faster and more powerful processor and a good chunk of memory, which together mean all the apps you already in use on your existing device should work much better.
This will make the device suitable for deployment in a wider range of scenarios than in the past. It should also help the company stimulate interest among price-conscious consumers who, while they might aspire to purchase Apple’s best iPhones, remain price-sensitive.
What we know about the upcoming iPhone SEMuch of the speculation pertaining to this device has been reported on before. Additional information is coming from Bloomberg and seemingly leaked by case manufacturer Spigen.
Based on what we think we know currently, it will have:
- An A18 (possibly an A17) chip. The current iPhone 16 range also runs on an A18 processor.
- An Apple-designed 5G modem — the first deployment of this important component.
- A notch, which suggests support for Face ID. The current SE uses Touch ID. Dynamic Island may not be a feature in this device.
- A single-lens 48MP camera with flash and auto-focus.
- Possibly a 2x optical zoom.
- An Action button on the left-hand side.
- A 6.1-in. OLED display, up from the 4.7-in. on the current model.
- A USB-C port.
- Pricing under $500, though likely more expensive than the current $429 for the outgoing model.
Summing up these improvements, there is no doubt that this is a significant improvement compared to the last generation SE. If you are upgrading from a previous SE, you can bank on much longer battery life and a device that is far better at handling intensive tasks.
This will also be the first significant mass test of Apple’s first 5G modem. Apple has spent years of research and billions of dollars developing this part, which will eventually replace Qualcomm’s 5G chips across all Apple’s products.
Apple’s intelligence on Apple IntelligenceApple’s decision to introduce another iPhone also means it will have all the excuse it needs to aggressively re-promote Apple Intelligence, which is now available in most major English-speaking nations and should be available in Chinese, English (India), English (Singapore), French, German, Italian, Japanese, Korean, Portuguese, Spanish, Vietnamese and other languages this year.
While we don’t yet know who Apple will partner with for Apple Intelligence in China, the inclusion of localized English support in India could be a big boost. IDC recently told us that Apple has seen 35% growth in India, which has become its fourth-largest market for sales. Expanding Apple Intelligence availability with a lower-cost device in that market could stimulate additional growth — and it’s also likely that a large number of these devices will actually be Made In India (though designed in Cupertino).
Protecting Apple’s storyElsewhere, with consumers in other nations feeling the pinch, the new model is likely to put a little wind in Apple’s sails as it navigates what is traditionally one of its slower quarters. Apple management surely feels the company needs to boost momentum somehow, given the battering its stock has suffered because of regulatory problems in some markets.
There also continue to be pervasive reports claiming Apple plans a new and thinner device, a so-called “iPhone 17 Air,” this year.
You can follow me on social media! Join me on BlueSky, LinkedIn, Mastodon, and MeWe.
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Microsoft raises rewards for Copilot AI bug bounty program
Microsoft Teams is becoming more like Facebook
Microsoft Teams users can expect a slew of new features in an upcoming update that is currently in full testing, including Storyline, a Facebook-like feed where users can share messages, news, or congratulations. Users can also follow people via Storyline, much as they would on Facebook
According to The Verge, Storyline is considered a successor to Viva Engage.
Users will also get several Copilot-related novelties, such as the ability to summarize the most important parts of a Word document or a PowerPoint presentation.
Your ‘new’ Seagate data center hard drive is likely a used one
A growing number of buyers have reported purchasing supposedly new Seagate data center-grade hard drives, only to discover that they had been previously used for thousands of hours.
A recent investigation by German news portal Heise has uncovered that used Seagate data center-grade hard drives, originating from cryptocurrency mining farms, are being sold as new.
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
Don't Overlook These 6 Critical Okta Security Configurations
Tech unemployment jumps, even as job openings increase
The unemployment rate among tech workers leaped almost a full percentage point from December to January, according to an analysis of US Bureau of Labor Statistics (BLS) data released Friday.
The unemployment rate for tech workers rose from 2.0% to 2.9%, according to IT industry association CompTIA, even as tech firms boosted employment by a net 6,787 positions in January. Despite the jump, the tech unemployment rate remained significantly below the nation’s overall unemployment rate of 4.0%, which was down from 4.1% the previous month.
Overall hiring slowed in the US, with payroll employment up by 143,000 in January, according to BLS data. The number of unemployed workers nationally remained relatively steady, at 6.8 million.
“[The] jobs report reflects a market that continues to show sluggishness and remains challenging for those looking for new jobs. 2025 is shaping up to be another year of significant changes,” said Ger Doyle, US country manager for global staffing firm ManpowerGroup.
CompTIA
New employer job listings for tech positions increased in January by 51,756 to more than 220,000, according to CompTIA. Active tech job postings in January totaled 476,000, with 8.4% of those jobs AI-related.
There were about 40,000 active AI-related job postings in January, up 1,500 from December. Among all tech roles, 45% of job listings didn’t require a four-year degree. And in some areas, college degrees were even less in demand; 83% of network support specialist listings required no degree; for tech support specialists, that number was 71%; for computer programmers, 57%; for web and digital interface designers, 53%; and for network systems administrators, it was 51%.
“Employers continue to balance the need for foundational tech talent and skills with the push into next-gen fields,” said Tim Herbert, CompTIA’s chief research officer.
One possible explanation for the increase in tech unemployment even as job postings and hiring increased is that some people might have temporarily paused their job search in December and were more actively looking for work in January, according to Herbert.
“So for BLS purposes, these individuals would not have been counted as unemployed in December when their job search was inactive, but were counted as unemployed in January because they were actively seeking work,” he said.
Herbert highlighted “robust hiring” of personnel in IT services and software development occupations (up 13,700) which offset reductions in telecommunication jobs (down 7,900). Overall, tech occupations throughout the broader economy increased by 228,000.
Kye Mitchell, head of tech recruitment at IT staffing firm Experis North America, said January’s jobs report shows a shift in demand as the generative AI (genAI) race goes from “wow” to “how.”
Elsewhere, executive management positions actually rose 16% from December, and project manager specialists soared by a whopping 587% from last year, which reflects businesses’ need for leadership to drive and implement AI initiatives effectively, according to Mitchell.
CompTIA
Who’s not in the labor force?Overall in January, 5.5 million people not in the labor force wanted a job, unchanged from the previous month, according to BLS data. The number of workers who wanted a job was steady at 1.6 million, and 592,000 of them were “discouraged” as they felt there were no jobs available for them.
“We’re entering an era where the traditional career ladder in tech has become a career web,” Mitchell said. “The most successful organizations will be those that can offer their technology talent not just competitive compensation, but the opportunity to work at the intersection of AI innovation and business strategy. The challenge isn’t just hiring — it’s creating an environment where top tech talent can continually evolve their skills and impact.”
Traditional tech careers followed a linear path: junior developer to senior, then lead, then architect. Success once meant deep technical expertise, but today’s top professionals thrive by bridging disciplines, according to Mitchell. For example, a cloud engineer now influences business decisions on data governance, sustainability, and costs. AI developers go beyond building models—they collaborate to find impactful use cases and ensure responsible AI deployment.
To thrive in this new environment, technology professionals should focus on developing three key areas:
Technical Foundation with AI Integration
* Maintaining core technical expertise while developing practical AI skills
* Understanding how to integrate AI tools into existing systems and workflows
* Staying current with emerging technologies like large language models and generative AI
Business and Strategic Thinking
* Building financial acumen to evaluate technology investments
* Understanding industry trends and competitive dynamics
* Developing skills in translating technical concepts for business stakeholders
Human-Centric Skills
* Leading cross-functional teams and managing stakeholders
* Focusing on ethical technology implementation
* Developing strong communication and collaboration capabilities
The most successful tech professionals will balance execution with strategy, understanding both the “how” and “why” of their work, Mitchell explained. That means tackling new challenges, learning from business leaders, and expanding into areas like product management and strategy.
“This shift creates vast opportunities for those who combine technical skills with strategic thinking and human insight, driving innovation and shaping the future of tech,” Mitchell said. “What’s particularly notable is how human-centric capabilities have moved from ‘nice-to-have’ to essential. The ability to lead diverse teams, navigate stakeholder relationships, and champion ethical technology implementation has become as important as technical expertise.”
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Do Androidů se sama instaluje aplikace, která má hlídat explicitní obsah. Možná o ní ani nevíte, ale můžete ji smazat
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »
