Security firm Rapid7 has detected eight software vulnerabilities that can be exploited to give criminals access to your network. The flaws impact 689 different Brother printers with the big one being that the default password for the printer can be easily derived. Even though the password is unique, it is generated using the device’s serial…
Category: Security
Cybersecurity accountability is everyone’s problem
After many years of reporting on cybersecurity, there’s an often-repeated phrase that I want focus on: cybersecurity is a team sport. The premise is that everyone has a role to play in effective cybersecurity. It’s not just about technical experts and complicated software and hardware solutions. It’s also about user behaviour. But I also think…
Apple issues security updates for most of its core software
Apple has issued security updates for many of its operating platforms. iOS and iPadOS 18.4.1, macOS 15.4.1, tvOS 18.4.1 and visionOS 2.4.1 address a vulnerability that has been active exploited in the wild. The updates address two vulnerabilities. The CoreAudio update, CVE-2025-31200, addresses a vulnerability during the processing of an audio stream in a maliciously…
Apple explains how it builds LLMs while protecting privacy
One of the biggest criticisms of generative AI is that many of the models used to train these systems comes from data that was obtained without the explicit consent of the content creators or, in some cases allegedly, the outright theft of intellectual property. Apple says it takes a different approach although how this fits…
CSIRO calls out ineffective deepfake detection tools
A study by CSIRO, Australia’s national science agency, and South Korea’s Sungkyunkwan University (SKKU) assessed 16 leading detectors and found none could reliably identify real-world deepfakes. The international team of researchers is calling for urgent improvements in deepfake detection technologies. Deepfakes are artificial intelligence (AI) generated synthetic media that can manipulate images, videos, or audio…
Apple v The UK Government continues
Just a couple of weeks after Apple turned off Advanced Data Protection in the UK, following that government’s decision to try to compel Apple to weaken encryption, the saga has taken another turn. The Financial Times [paywall] reports that Apple is appealing the order but with the whole process meant to be kept under wraps…
US officials lobbying to block UK access to encrypted iCloud
Members of the US Congress, from both sides of the political spectrum, are lobbying newly installed National Intelligence Director Tulsi Gabbard demand that the United Kingdom retract its order. The order, which was recently revealed, compels Apple to handover access to any encrypted iCloud data regardless of its location, the owner’s location or their citizenship. …
Apple release iOS 18.3.1, iPadOS 18.3.1 and macOS 15.3.1
Apple has let fly with a slew of system updates for its major operating platforms. watchOS also gets a minor refresh with version 11.3.1 and visionOS isn’t left out. iOS 17, macOS 14, and macOS 13 all get a minor update as well. Apple has provided its usual, less-than-detailed description of what’s been fixed saying…
UK government wants to break personal privacy for the whole world
Security agencies in the United Kingdom have ordered Apple to give them full access to encrypted data on iCloud drives regardless of the data owner’s country of origin or location. Typically, law enforcement orders demanding access to encrypted data pertain to a specific case but the recently revealed order would go much further. Apple was…
The CrowdStrike lesson – risk recognition, single points of failure and Zero Trust
It’s been a couple of months since the CrowdStrike incident occurred and the world is starting to resume some sort of normality after massive technology outage that was caused by a flawed software update being sent to millions of computers. The update of a “sensor configuration update” rendered impacted Windows systems useless. These updates are…