Narratively sandwiched between two renowned movies by Ridley Scott and James Cameron sits Alien: Romulus, a hybrid of the claustrophobic horror of Alien and the wild action of Aliens directed by Fede lvarez. The story revolves around a crew on an intergalactic hauler attempting to steal equipment from a derelict, orbiting space station and in the process, encounters a malevolent endoparasitoid extraterrestrial lifeform. Boarding the seventh instalment [not including the two crossovers with Predator] of the franchise that made the xenomorph an iconic cinematic creature is VFX Supervisor Eric Barba, who previously supervised the visual effects work on Tron: Legacy and Terminator: Dark Fate.It was a fun two years, notes Barba. Ive been fortunate that the movies Ive been able to work on have been flashbacks to my youth with Tron, Terminator and now Alien. When I first saw Alien, it literally scared the shit out of me! I had nightmares. Those creatures that Ridley Scott created are so iconic. Then Jim hit it out of the park with Aliens. Its such a fun movie. I love David Fincher having worked with him so much. Alien 3 is probably my third favorite, and then they fall off and become forgettable. Although I loved the way Prometheus looked. Fede lvarez wanted to go back to its roots and make it feel like this was set at the same time. I called it going back to the analog future.Enjoy the final Red Band trailer:Blocking was done in previs by NVIZ and two inhouse artists. They would block out sequences of basic action and Fede would give notes, Barba says. But it wasnt a shot-by-shot thing, which would be a traditional previs, because Fede likes to lens everything himself and tell the story the way he wants to. We would hand those scene files back to him in the 3ds Max format and then Fede would hand us back shots that he liked. It gives the film a singular perspective as far as the storytelling because it is his hand behind not just the live-action but all the shots that we had to do in CG as well.The film took advantage of miniatures, animatronics, stop-motion animation, and digital effects. According to Barba, It comes down to Fedes love for filmmaking and wanting to shoot, and work with the actors as much as humanly possible. That was the mantra. Weve all heard that from other directors and when they get in the cutting room things change. But because Fede believed that and had this group of young actors we did try to shoot as much as possible. Then you get into zero-G where you have multiple facehuggers running along the floors and lots of xenomorphs. It becomes almost impossible to do with practicals, so we need our CG versions. We approached it from that way. What is going to work with the actors, what is going to give us the best bang for the buck and that scary, Alien feeling that we all love from those first two films. The length on screen of any CG shot is critical to believability. If you use more than what were used to you give the gag away, notes Barba. When you think about Alien, Ridley used a guy in a suit for his xenomorph. Those shots are so quick. Some are half a second, but it scares the bejesus out of you because your mind connects the dots. Fede felt strongly about keeping our shots quick so that the audience doesnt see a guy in a suit or an animatronic or a CG version.Adding to the scariness is that the xenomorph is a creature of the shadows because of its black colorization. You cant see it in the dark, observes Barba. You dont know what is going on back there. Galo Olivares, our DP, did an amazing job giving us this palette and imagery to work from. From day one of shooting, what came up on our monitors looked beautiful and felt scary and dark like that Alien world. Were always matching the CG to the live drool. Were always taking notes on the way things are lit, looking at how Galo did things. Our onset team shot tons of HDRIs and set photography so that our visual effects partners could help. HDRIs were captured for the chestbursters, facehuggers and xenomorphs. HDRIs were taken from those positions so we get the same quality of light captured, Barba explains. When the CG teams put the characters back, theyre able to sample that actual lighting and get the same color tone and dynamic range. Then its trying to match. The dynamic range is what makes it work when highlights get bright and get the blacks falling into nothing because Galo liked to let it go that way. Noting it was difficult achieving the proper interaction, Barba adds, Artistically getting CG and compositing artists to match the look of what Galo did took a long time. It took versions, trials and errors, and less is more. We tend to over light things in CG because we make all these wonderful things and people want to see what theyve done. Appearing both in Alien and Alien: Romulus is a generic android science officer produced by nefarious corporate conglomerate Weyland-Yutani. We had to take some license because this isnt actually Ash from Alien, who was destroyed in the explosion of Nostromo, says Barba. This is maybe from the same assembly line or a model that came after that has a likeness of Ash, but obviously its a different robot. Rook has gone through his own unfortunate series of events, including being burnt in half and hit with him. Its a slightly different personality. Rook is meant to remind us that these androids are out there. We used the likeness of Ian Holm but of course hes no longer with us. We had another actor give us the performance that Fede wanted for Rook. That immediately led to a different personality and look because even when we retarget someones performance to a different likeness - this is the problem with the recreation of Peter Cushing and Carrie Fisher for Rogue One: A Star Wars Story - it changes the likeness. Even though it starts off as one character, the second character doesnt move the way you expect it to because we all have different facial movements and timings.Machine learning streamlined the process in cinematically resurrecting Ian Holm. Having done The Curious Case of Benjamin Button [for which Barba won an Oscar] where everything was horse and buggy, notes Barba, everything had to be done by hand. If you fast forward to the way Rook was done it is leaning on a machine. Its not perfect. The tools are being written and worked on as we speak, and every day are getting better. Its so much faster, better results, and certainly more affordable for shows with modest budgets. The team at Metaphysic.AI did a great job in adding new tools. For example, we had a head camera performance that had to drive a machine learning solve as well as redirect the eyeline and make other adjustments from our live-action. So, it was a blend. Deepfake stops here. We had to take it much further and they did a great job helping us do that.One major action sequence that brought multiple departments together unfolded in an elevator shaft. Humans perceive an elevator shaft as being vertical, remarks Barba. We built a five-story elevator that was put on its side because we had rails to bring the actors back and forth. In order for the audience to believe it was zero-G, we had to look at our camera and always use different angles to help sell it. There was also a two-story vertical set that we cut in-between. We added CG bits of atmospherics and things flying like nuts and bolts to help sell the zero-G. Then just as Jim did in Aliens with Sigourney Weaver, Cailee Spaeny was constantly bombarded with wind so that her hair didnt necessarily go in one direction.At times the live-action actors are taken over by digital doubles. Cloth moves in a certain way in reality and maybe it doesnt move exactly like that in our CG simulations, states Barba. The same with hair. Those little things can be telltale. Weve got a few shots in this film where we go from live-action Cailee to CG Cailee and CG xenomorph back to the live-action Cailee. We even had a shot where the arms of David Jonsson had to be taken off, put CG arms on him, adjusted his body a tiny bit and gave him a pulse rifle to finesse what we shot in live-action to get things to line up. Its tricky. Fede made some of the executives at the visual effects companies a little nervous with trying to get those details as we asked for maybe more versions than they were comfortable with. But they were all happy with the end result. Sometimes pushing it along the way is what we do. In addition to CG, miniatures were part of the creative equation for the exterior Corbelan IV spaceship shots and the probe that opens the film. Fede wanted us to build miniatures to shoot all of the space shots, reveals Barba. That became a shot design and a budgetary problem. We agreed that we should still build them, and it was my push to build them because model builders bring an artistry that is different than a CG artist will bring to the table. The way they finish things, the paint, and details, its an art all its own. Part of us wanting to go back to the analog future meant we needed some of that hand artistry brought to our models. We had amazing designs and then Ian Hunters team built us two amazing miniatures. We scanned the Corbelan IV and the probe, then ILM built them. There are two shots in the movie where we actually did shoot the Corbelan IV in front of an LED screen but the rest of them are CG. The miniature gave the CG artists another level to hit that helped to sell those shots.Much of the film takes place aboard the derelict Renaissance Space Station, owned by Weyland-Yutani Corporation, that is on a collision course with the planetary rings of LV-410. When Fede and I first started talking about this, I had some ideas about what we should do and he had some thoughts, but nothing was completely thought out, Barba reveals. There wasnt much of the rings in the concept art because we see rings and it can be simplistic, like what we are used to seeing from Saturn. But I came across this BBC special called How Saturn Got Its Rings and it was fascinating because there is CG showing how this happened with some closeup shots. This woman was doing the narration explaining a lot of things. It gets to the point where I was blown away by some of the imagery that came back from the Cassini-Huygens probe of Saturns rings. It was spectacular. That was our creative inspiration for our rings. In total, 1,400 visual effects shots were created over a period of 10 months. Initially, because ILM is one of our sister companies at 20th Century Studios and Disney, they were brought in to be our lead vendor, states Barba. As time went on and the shot count grows, which it always does, we brought in Wt FX to support our third act. Then we had a number of others like Image Engine, Fin Design + Effects, Wylie Co., Metaphysic.AI, and Atomic Arts to assist us as we needed to split the work up in order to hit our timeframe. It doesnt always go to plan because there is this thing called the almighty rebate which tends to drive some of our financial decisions to help us meet our budgets and get the shots that the studio and director want. But in this case I did want to keep all our xenomorph and facehugger work at the same companies because it becomes a performance issue. Once a team understands how a xenomorph moves and the director is happy with it, which he was specific about things and picky, you dont want to then pass it off to another team or different company because you have to go through all of that again.Having said that, he continues, we did end up having to do that with Wt FX helping us out because of timing issues. Its casting and trying to get the right people. We brought in Andy Jones, who is an amazing animation director, to assist us with our xenomorph work at ILM. We kept all the offspring work with Wt FX for those reasons. However, there were shared shots. The Corbelan IV was shared between Wt FX and ILM.Alien: Romulus offers a different spin on the franchise that will generate a new audience. What Fede brought was building that world of Alien again but adding his own twists and turns with the zero-G moments contributing some new thrills to our action, remarks Barba. We all want to know what happened after the xenomorph gets pushed out of the airlock in Alien. Now we actually know, and there is so much more backstory to Weyland-Yutanis nefarious plans. Also, we introduce a whole new young cast. As anticipated, the zero-G sequences proved to be one of the biggest challenges. Thats because trying to shoot in harnesses and rigs in sets that allow you to do so means we have to roll this wall out but allow for this much stunt rigging and the performances must always be adjusted if something is not quite right. Every actor reacts differently to the harnesses. Planning those sequences I originally felt would be the hardest. Rook underwent a last-minute alteration, which became a big challenge because of time and money. According to Barba, Its a big endeavor having been down that road. I didnt want to go down it again and have a lack of time and resources because you need time. Its about being able to flesh it all out, look at it, put it together in the sequence, look at it again, make adjustments, and fine tune. Its not something you finalize shot by shot and hope it all works out in the end. Its much more challenging.Tippett Studio was responsible for the stop-motion animation such as a rat being crushed and regenerated. The Tippett team was amazing. I was so thrilled when they sent us their version, Barba says. We had conversations where Fede would tell what he wanted. However, Fede was also like, You know what youre doing. Have fun and show us what youre thinking. I wish that we had done more of those shots in the film because editorially we had more to work with. But the way it was cut works for the film., However, they did some fun stuff. Barba concludes, We had great teams that put their heads down and knew what they needed to do and worked hard to get it there. Trevor Hogg is a freelance video editor and writer best known for composing in-depth filmmaker and movie profiles for VFX Voice, Animation Magazine, and British Cinematographer.

132 Delancey Street, New YorkThrough December 24Circle, Square, Triangle: Houses I Never Lived In. The Residential Work of Myron Goldfinger 1963-2008Paul Rudolph Institute for Modern ArchitectureThrough March 22, 2025exhibition at the Metropolitan Museum of Art, a show that I (and others) found rather thin and predictable. More stimulating and unexpected are a pair of exhibitions at the Brutalist masters namesake venue, the Paul Rudolph Institute for Modern Architecture (PRIMA), and the Mitchell Algus Gallery: Both showcase the work of the recently deceased Myron Goldfinger, a prolific and singularly talented designer whose portfolio merits and rewards fresh examination. Circle, Square, Triangle: Houses I Never Lived In. The Residential Work of Myron Goldfinger 1963-2008 at PRIMAs home in the Rudolph-designed Modulightor building features Goldfingers residential projects, which constitute most of his built work. Downtown, the Mitchell Algus Gallery hosts Circle, Square, Triangle: A World I Wanted to Live in. The Public and Unbuilt Work of Myron Goldfinger 1963-2008, which demonstrates Goldfingers work on more varied building types and at larger scale.1969.03 The Goldfinger Residence, designed by Myron Goldfinger in 1969 for Waccabuc, New York. ( The Estate of Myron Goldfinger)The shared titling of these exhibitions references Goldfingers self-professed infatuation with Platonic geometric form. Strong geometry was an inspiration for many practitioners in the 1960s and 70sthink of the New York Fivebut Goldfingers bold compositions of cubes, cylinders, and triangular blocks take the predilection to near-fetishistic extremes. His best work accrues a monumentality that bears the influence of Louis Kahn, under whom he studied at the University of Pennsylvania (where he was a student also of Paul Rudolph, whom Goldfinger always admired). To my eyes, the clarity of Goldfingers designs is a welcome respite after enduring the irrational computer-generated form making that has taken over architectural production in recent years. Goldfinger grew up in a working-class neighborhood of Atlantic City. After graduating from Penn in 1955, he worked at Skidmore, Owings & Merrill and in the office of Philip Johnson before establishing his own practice in 1966. That same year he married June Matkovic, an interior designer who worked alongside him for the duration of his career. Goldfinger made an early splash with the construction of his own home in the woods at Waccabuc, New York; the residence is a towering stack of cubes and triangular volumes clad in vertical cedar siding. The project was selected by the editors of Architectural Record for its 1971 edition of Record Houses.1970.04 The Matkovic Residence, designed by Myron Goldfinger in 1970 for Sands Point, New York. ( The Estate of Myron Goldfinger)At the same time, Goldfinger produced a much grander house for Junes parents, sited on the water in Sands Point, New York; the semicircular bays of which were meant to evoke the decks of boats owned by Mr. Matkovics shipping company. These early projects were followed by numerous commissions for houses in the New York area and, later, on the island of Anguilla, where Goldfinger became involved in the development of a resort community.1976.05 The McGrath Residence, designed by Myron Goldfinger in 1976 for Patterson, New York. ( Norman McGrath)Goldfingers geometric compositions with their sharp play of light and shadow are naturally photogenic, and the exhibition at PRIMA includes many black and white images by Norman McGrath. McGrath, who surely knew every architect in town, selected Goldfinger to design his own home in Patterson, New York. The sculptural quality of Goldfingers houses is celebrated by several models built for the show by students at Pratt Institute, where Goldfinger taught for many years alongside Sybil Moholy-Nagy.The photos and models are wonderful, but the stars of these two shows, as at the Rudolph exhibition at The Met, are the drawings. Goldfinger produced exuberant perspectives hand-rendered in pencil that convincingly and expressively place the houses in their sites and reveal the drama of their interiors. For me, seeing these drawings took me back to the mid-1970s when I was in school (at Penn, like Goldfinger) and we tried to emulate the drawing styles of the masters, including Romaldo Giurgola, Steve Izenour (at Venturi, Rauch and Scott-Brown) and, of course, Rudolph.Installation view of Circle, Square, Triangle: The Houses I Never Lived In. The Residential Work of Myron Goldfinger 1963-2008. (Kelvin Dickinson/Courtesy the Paul Rudolph Institute For Modern Architecture)I applaud the decision by curators Kelvin Dickinson, president of PRIMA, and Eshaan Mehta to include several sheets of pencil-on-vellum working drawings that illustrate Goldfingers attention to detail and the handcrafting of architecture by drawing. June Goldfinger told me that while the finished presentation renderings were usually done by studio employees, Goldfinger was intimately involved in the drafting of the working drawings. I am grateful that I learned (at Davis, Brody & Associates) how buildings get built by tracing and adapting construction details and pity todays interns who learn little more than to copy and paste in AutoCAD.The Mitchell Algus Gallery hosts Circle, Square, Triangle: A World I Wanted to Live in. The Public and Unbuilt Work of Myron Goldfinger 1963-2008. (Kelvin Dickinson/Courtesy the Paul Rudolph Institute For Modern Architecture)The mixed-media presentation of Goldfingers architecture looks right at home in the hyper-designed, residential-scaled setting on the top two floors of the Modulightor building. In the more conventional loft space of the Mitchell Algus Gallery, Goldfingers unbuilt work is, as one would expect, represented by drawings hung museum-style on well-lit walls. For me the stand-out piece is the expansive seagulls-eye view of Goldfingers proposal for a huge residential development on Roosevelt Island, produced in 1975 for a competition that attracted entries by some 250 architects; Goldfingers was one of thirty-five published semifinalists. (This rendering and the best of others in the two shows are by Manuel Castedo, who worked for Goldfinger for several years before establishing his own successful practice.) Less dramatic but also ambitious is a series of plans and axonometrics for a system of prefabricated modular housing that recycled the cubic and triangular forms from his own house, illustrating Goldfingers interest in economical mass housing.The twin Circle, Square, Triangle shows initiate a fruitful exploration of Myron Goldfingers legacy. Its also a turning point for PRIMA, which until recently had been called the Paul Rudolph Heritage Foundation. With the cataloging, scanning, and display of the Goldfinger archive taking place in-house at PRIMA, with Junes participation, the effort validates its newly broadened mission to identify, study, and advocate for the preservation of the work of other modern architects of Rudolphs and later generations, most of whom will likely not get exhibitions at The Met like Rudolph but who, like Goldfinger, have much to offer todays scholars and practitioners.Belmont Freeman is the founding principal of the New York Citybased firm Belmont Freeman Architects.

A series of immersive artworks recently took over Belfast, activating pockets within the Northern Ireland capital for three days. The city-wide exhibition, Red Sky at Night, featured five temporary, site-specific installations by Polish, Thai, Palestinian, Greek, and Irish artists. It was curated by Household, a women-led collective. Participating artists included Zuza Goliska, Kanich Khajohnsri, Kasper Lecnim, Irmina Rusicka, Dina Mimi, Aisling OBeirn, and Leandros Ntolas. The exhibitions name was derived from the ancient mariners maxim: Red sky at night, sailors delight. Red sky at morning, sailors take warning.The five locations in Belfast where the artworks unfolded were a park, a church, an old bank, an iron warehouse, a palatial Victorian chamber, and a botanic garden from 1840.Lament was a collaboration between Goliska, musician Jack Wilson, and singers from the St. Annes Cathedral Choir. (Chad Alexander/Courtesy Household)At Bank of Irelands abandoned locale on the corner of North Street and Royal Avenue, Lament by Warsaw-based Zuza Goliska offered a meditation on modern architecture, protest movements, music, and gentrification. The mixed-media ensemble took place within a handsome 5-story, art deco tower by Joseph Vincent Downes, completed in 1930.Banks Take Our Houses, So We Take Their BuildingsNot long ago, Household invited artists like Goliska to Belfast to meet the city. Artists had the chance to meander around town, and choose the sites they wanted to work with, culminating in the city-wide exhibition last November.Goliska took an interest in this particular Bank of Ireland building because, in 2012, protesters occupied it during Occupy Belfast, an Occupy Wall Street offshoot, to raise awareness about rising inequity. Banks take our houses, so we take their buildings, one of the protesters told a local reporter during the movement. Occupy Belfast held court at the Bank of Ireland building for ten months, until its electricity was cut, and the police raided it that October. The art deco building has been empty ever since. In the next few years, however, a major development will transform the blocks surrounding the Downes building, which will be repurposed as a tourism center, threatening its historical memory.Lament featured a live musical performance inside the Bank of Ireland. (Chad Alexander/Courtesy Household)Lament was a collaboration between Goliska, musician Jack Wilson, and singers from the St. Annes Cathedral Choir. It was conceptualized as a love song for the former Bank of Ireland building before it enters its last gentrified state and becomes a tourist centre, the curators said. For Lament, Wilson and St. Annes Cathedral Choir played a rearranged version of a 1993 song by the Cranberries, Linger, transforming the epic love anthem into a lamentation. I fell in love with the building on the corner of North Street and Royal Avenue during my first trip to Belfast, Goliska said. Together with a group of artists, we got invited by the Household team for our first research trip, and we were housed around the corner at Donegall Street. It looked exceptional with the tower topped with a clock facing directly towards the crossing of the streets, its placement and height giving it a slightly dominating position over the surrounding buildings, Goliska continued. The former Bank of Ireland building is undeniably also lingering. In its current state, it is in between functions: after its public utility phase and occupied period but before its tourist-driven future.Today, the building is empty, but it will be repurposed into a tourism center. (Chad Alexander/Courtesy Household)Kanich Khajohnsris POSSESSION was sited at the Palm HouseBotanic Garden, an 1840 building designed by Charles Lanyon, a prominent British architect. Khajohnsri, a Thai artist, made sound, photography, and sculpture pieces scattered throughout Lanyons crystal palace. POSSESSION is about finding commonalities between Thai and Northern Ireland cultures, namely how both societies approach burial, death, and spirituality, and how these practices connect peoples to their land, Khajohnsri said.Exterior view of Palm HouseBotanic Garden, a building from 1840 designed by Charles Lanyon. (Simon Mills/Courtesy Household)The choice to stage POSSESSION inside the Lanyon building was fitting. The steel and glass structure was built in Victorian Belfast to demonstrate the British Empires industrial might. The piece by Khajohnsri challenges the imperialist architecture where it sits, and asks visitors to consider new, anti-colonial means of land stewardship. This makes the artwork especially ripe, given the years of anti-colonial organizing against the British Empire set in Belfast for Irish unification.Khajohnsris contribution was similar to one by Irish artist Aisling OBeirn in Waterworks Park. Suggestions for Stargazing was based on a long-term research project by OBeirn that engages astronomers, writers, environmentalists, council workers and residents of Belfast to draw attention to light pollution and [advocate] for darker skies.POSSESSIONS had photography, sound installations, and sculptures. (Simon Mills/Courtesy Household)The contribution by Dina Mimi, a Palestinian artist based in Jerusalem and Amsterdam, was a harrowing narrative that centered men and women who had been incarcerated. The Sound We Longed For was an expos into how the human body responds to incarceration. It took place inside the atmospheric Riddels Warehouse in Belfast. Much like Goliskas piece, which washed an atrium in green light, the work by Mimi used red light to heighten the industrial architecture of Riddels Warehouse. For that artwork, Mimi said she was particularly intrigued by the sensory experiences of imprisonment, posing questions such as: What sounds did you long for? What did you hear and smell? Through these inquiries, she seeks to capture these fading memories through the senses.Mimis contribution centered men and women had been previously incarcerated. (Simon Mills/Courtesy Household)Common Point Exercises by Polish artists Irmina Rusicka and Kasper Lecnim was a rumination on play, set inside 2 Royal Avenue, a palatial building from Victorian Belfast. There, the artist duo concocted an indoor public park for children.The immersive intervention by Rusicka and Lecnim also featured bespoke sculptures meant for children to interact with. Rolls of drawings made by elementary school students were scattered throughout 2RA.Common Point Exercises created an indoor public park for children. (Simon Mills/Courtesy Household)Inside Carlisle Memorial Church, Leandros Ntolas, a Greek artist, delivered Benign Land. That artwork was an exploration of the artists long standing research into perception, architecture and light. Ntolas collaborated with John DArcy, a Belfast-based sound artist and lecturer, to create an audio installation to accompany the production.Benign Land, a sound installation by Leandros Ntolas (Simon Mills/Courtesy Household)Red Sky at Night took place in Belfast between November 13.

It is not always the architect-designed, high-style buildings that give a place character. The North End is a neighborhood almost entirely built of working-class tenement housing, but its density, immigrant history, and vernacular, make it one of the most visited and unique in the city. Michael Slattery, an Irish-born teamster, and his son, William, a grocer, developed this handsome block of tenement housing on North Margin Street in the North End neighborhood of Boston. The row of apartments stands out for its elevated design elements, including the projecting metal oriels with decorative wreath and swag motifs, arched openings, and brick corbeling at the cornice. The apartments here were rented by the Slattery family until the mid-1920s when the buildings were sold to Italian-Americans who continued to rent the buildings to lower-income residents. There is something about the North Ends vernacular that is so charming.

Located across the street from Regina Pizza in Bostons North End, the Vermont Building stands as one of the most ornate and decorated buildings in the neighborhood. Designed by Boston architects Arthur H. Bowditch and Edward B. Stratton and constructed in 1904, the Vermont Building is a six-story brick commercial building with marble detailing. The building was erected as a personal investment by Redfield Proctor, U. S. Senator from Vermont and partner in his familys marble company based in Proctor, VT, with the building used for light manufacturing, a warehouse, and storefronts. The building has since been converted to housing as lofts.

In 2024, Computer Weeklys data and ethics coverage continued to focus on the various ethical issues associated with the development and deployment of data-driven systems, particularly artificial intelligence (AI).This included reports on the copyright issues associated with generative AI (GenAI) tools, the environmental impacts of AI, the invasive tracking tools in place across the internet, and the ways in which autonomous weapons undermine human moral agency.Other stories focused on the wider social implications of data-driven technologies, including the ways they are used to inflict violence on migrants, and how our use of technology prefigures certain political or social outcomes.1. AI likely to worsen economic inequality, says IMFIn ananalysispublished 14 January 2024, the IMF examined the potential impact of AI on the global labour market, noting that while it has the potential to jumpstart productivity, boost global growth and raise incomes around the world, it could just as easily replace jobs and deepen inequality; and will likely worsen overall inequality if policymakers do not proactively work to prevent the technology from stoking social tensions.The IMF said that, unlike labour income inequality, which can decrease in certain scenarios where AIs displacing effect lowers everyones incomes, capital income and wealth inequality always increase with greater AI adoption, both nationally and globally.The main reason for the increase in capital income and wealth inequality is that AI leads to labour displacement and an increase in the demand for AI capital, increasing capital returns and asset holdings value, it said.Since in the model, as in the data, high income workers hold a large share of assets, they benefit more from the rise in capital returns. As a result, in all scenarios, independent of the impact on labour income, the total income of top earners increases because of capital income gains.2. GenAI tools could not exist if firms are made to pay copyrightIn January, GenAI company Anthropic claimed to a US court that using copyrighted content in large language model (LLM) training data counts as fair use, and that todays general-purpose AI tools simply could not exist if AI companies had to pay licences for the material.Anthropic made the claim after, a host of music publishers including Concord, Universal Music Group and ABKCO initiated legal action against the Amazon- and Google-backed firm in October 2023, demanding potentially millions in damages for the allegedly systematic and widespread infringement of their copyrighted song lyrics.However, in asubmissionto the US Copyright Office on 30 October (which was completely separate from the case), Anthropic said that the training of its AI model Claude qualifies as a quintessentially lawful use of materials, arguing that, to the extent copyrighted works are used in training data, it is for analysis (of statistical relationships between words and concepts) that is unrelated to any expressive purpose of the work.On the potential of a licensing regime forLLMs ingestion of copyrighted content, Anthropic argued that always requiring licences would be inappropriate, as it would lock up access to the vast majority of works and benefit only the most highly resourced entities that are able to pay their way into compliance.In a40-page document submitted to the courton 16 January 2024 (responding specifically to apreliminary injunction requestfiled by the music publishers), Anthropic took the same argument further, claiming it would not be possible to amass sufficient content to train an LLM like Claude in arms-length licensing transactions, at any price.It added that Anthropic is not alone in using data broadly assembled from the publicly available internet, and that in practice, there is no other way to amass a training corpus with the scale and diversity necessary to train a complex LLM with a broad understanding of human language and the world in general.Anthropic further claimed that the scale of the datasets required to train LLMs is simply too large to for an effective licensing regime to operate: One could not enter licensing transactions with enough rights owners to cover the billions of texts necessary to yield the trillions of tokens that general-purpose LLMs require for proper training. If licences were required to train LLMs on copyrighted content, todays general-purpose AI tools simply could not exist.3. Data sharing for immigration raids ferments hostility to migrantsComputer Weekly spoke to members of the Migrants Rights Network (MRN) and Anti-Raids Network (ARN) about how the data sharing between public and private bodies for the purposes of carrying out immigration raids helps to prop up the UKs hostile environment by instilling an atmosphere of fear and deterring migrants from accessing public services.Published in the wake of the new Labour governmentannouncinga major surge in immigration enforcement and returns activity, including increased detentions and deportations, areport by the MRNdetails how UK Immigration Enforcement uses data from the public, police, government departments, local authorities and others to facilitate raids.Julia Tinsley-Kent, head of policy and communications at the MRN and one of the reports authors, said the data sharing in place coupled with government rhetoric about strong enforcement essentially leads to people self-policing because theyre so scared of all the ways that you can get tripped up within the hostile environment.She added this is particularly insidious in the context of data sharing from institutions that are supposedly there to help people, such as education or healthcare bodies.As part of the hostile environment policies, the MRN, the ARN and others have long argued that the function of raids goes much deeper than mere social exclusion, and also works to disrupt the lives of migrants, their families, businesses and communities, as well as to impose a form of terror that produces heightened fear, insecurity and isolation.4. Autonomous weapons reduce moral agency and devalue human lifeAt the very end of April, military technology experts gathered in Vienna for a conference on the development and use of autonomous weapons systems (AWS), where they warned about the detrimental psychological effects of AI-powered weapons.Specific concerns raised by experts throughout the conference included the potential for dehumanisation when people on the receiving end of lethal force arereduced to data points and numbers on a screen; the risk of discrimination during target selection due to biases in the programming or criteria used; as well as the emotional and psychological detachment of operators from the human consequences of their actions.Speakers also touched on whether there can ever be meaningful human control over AWS, due to the combination of automation bias and how such weapons increase the velocity of warfare beyond human cognition.5. AI Seoul Summit reviewThe second global AI summit in Seoul, South Korea saw dozens of governments and companies double down on their commitments to safely and inclusively develop the technology, but questions remained about who exactly is being included and which risks are given priority.The attendees and experts Computer Weekly spoke with said while the summit ended with some concrete outcomes that can be taken forward before the AI Action Summit due to take place in France in early 2025, there are still a number of areas where further movement is urgently needed.In particular, they stressed the need for mandatory AI safety commitments from companies;socio-technical evaluations of systemsthat take into account how they interact with people and institutions in real-world situations; and wider participation from the public,workersand others affected by AI-powered systems.However, they also said it is early days yet and highlighted the importance of the AI Safety Summit events in creating open dialogue between countries and setting the foundation for catalysing future action.Over the course of the two-day AI Seoul Summit, a number of agreements and pledges were signed by the governments and companies in attendance.For governments, this includes the European Union (EU) and a group of 10 countries signing the Seoul Declaration, which builds on theBletchley Decelerationsigned six months ago by 28 governments and the EU at theUKs inaugural AI Safety Summit. It also includes theSeoul Statement of Intent Toward International Cooperation on AI Safety Science, which will see publicly backed research institutes come together to ensure complementarity and interoperability between their technical work and general approaches to AI safety.The Seoul Declaration in particular affirmed the importance of active multi-stakeholder collaboration in this area and committed the governments involved to activelyinclude a wide range of stakeholders in AI-related discussions.A larger group of more than two dozen governments also committed to developing shared riskthresholds for frontier AI models to limit their harmful impacts in theSeoul Ministerial Statement, which highlighted the need for effective safeguards and interoperable AI safety testing regimes between countries.The agreements and pledges made by companies include16 AI global firms signing the Frontier AI Safety Commitments, which is a specific voluntary set of measures for how they will safely develop the technology, and 14 firms signing theSeoul AI Business Pledge, which is a similar set of commitments made by a mixture of South Korean and international tech firms to approach AI development responsibly.One of the key voluntary commitments made by the AI companies was not to develop or deploy AI systems if the risks cannot be sufficiently mitigated. However, in the wake of the summit, a group of current and former workers from OpenAI, Anthropic and DeepMind the first two of which signed the safety commitments in Seoul said these firms cannot be trusted to voluntarily share information about their systems capabilities and risks with governments or civil society.6. Invasive tracking endemic on sensitive support websitesDozens of university, charity and policing websites designed to help people get support for serious issues such as sexual abuse, addiction or mental health are inadvertently collecting and sharing site visitors sensitive data with advertisers.A variety of tracking tools embedded on these sites including Meta Pixel and Google Analytics mean that when a person visits them seeking help, their sensitive data is collected and shared with companies like Google and Meta, which may become aware that a person is looking to use support services before those services can even offer help.According to privacy experts attempting to raise awareness of the issue, the use of such tracking tools means peoples information is being shared inadvertently with these advertisers, as soon as they enter the sites in many cases because analytics tags begin collecting personal data before users have interacted with the cookie banner.Depending on the configuration of the analytics in place, the data collected could include information about the site visitors age, location, browser, device, operating system and behaviours online.While even more data is shared with advertisers if usersconsentto cookies, experts told Computer Weekly the sites do not provide an adequate explanation of how their information will be stored and used by programmatic advertisers.They further warned the issue is endemic due a widespread lack of awareness about howtracking technologies like cookies work, as well as the potential harms associated with allowing advertisers inadvertent access to such sensitive information.7. AI interview: Thomas Dekeyser, researcher and film directorComputer Weekly spoke to author and documentary director Thomas Dekeyser about Clodo, a clandestine group of French IT workers who spent the early 1980s sabotaging technological infrastructure, which was used as the jumping off point for a wider conversation about the politics of techno-refusal.Dekeyser says a major motivation for writing his upcoming book on the subject is that people refusing technology whether that be the Luddites, Clodo or any other radical formation are all too often reduced to the figure of the primitivist, the romantic, or the person who wants to go back in time, and its seen as a kind of anti-modernist position to take.Noting that technophobe or Luddite have long been used as pejorative insults for those who oppose the use and control of technology by narrow capitalist interests, Dekeyser outlined the diverse range of historical subjects and their heterogenous motivations for refusal: I want to push against these terms and what they imply.For Dekeyser, the history of technology is necessarily the history of its refusal. From the Ancient Greek inventor Archimedes who Dekeyser says can be described as the first machine breaker due to his tendency to destroy his own inventions to the early mercantilist states of Europe backing their guild members acts of sabotage against new labour devices, the social-technical nature of technology means it has always been a terrain of political struggle.8. Amazon Mechanical Turk workers suspended without explanationHundreds of workers on Amazons Mechanical Turk (MTurk) platform were left unable to work after mass account suspensions caused by a suspected glitch in the e-commerce giants payments system.Beginning on 16 May 2024, a number of US-based Mechanical Turk workers began receiving account suspension forms from Amazon, locking them out of their accounts and preventing them from completing more work on thecrowdsourcingplatform.Owned and operated by Amazon, Mechanical Turk allows businesses, or requesters, to outsource various processes to a distributed workforce, who then complete tasks virtually from wherever they are based in the world, including data annotation, surveys, content moderation and AI training.According to those Computer Weekly spoke with, the suspensions were purportedly tied to issues with the workers Amazon Payment accounts, an online payments processing service that allows them to both receive wages and make purchases from Amazon. The issue affected hundreds of workers.MTurk workers from advocacy organisation Turkopticon outlined how such situations are an on-going issue that workers have to deal with, and detailed Amazons poor track record on the issue.9. Interview: Petra Molnar, author of The walls have eyesRefugee lawyer and author Petra Molnar spoke to Computer Weekly about the extreme violence people on the move face at borders across the world, and how increasingly hostile anti-immigrant politics is being enabled and reinforced by a lucrative panopticon of surveillance technologies.She noted how because of the vast array of surveillance technologies now deployed against people on the move - entire border-crossing regions have beentransformed into literal graveyards, while people are resorting toburning off their fingertipsto avoid invasive biometric surveillance; hiding in dangerous terrain to evadepushbacksor being placed inrefugee campswith dire living conditions; andliving homelessbecause algorithms shielded from public scrutiny are refusing them immigration status in the countries theyve sought safety in.Molnar described how lethal border situations are enabled by a mixture of increasingly hostile anti-immigrant politics and sophisticated surveillance technologies, which combine to create a deadly feedback loop for those simply seeking a better life.She also discussed the inherently racist and discriminatory nature of borders, and how the technologies deployed in border spaces are extremely difficult, if not impossible, to divorce from the underlying logic of exclusion that defines them.10. AIs environmental cost could outweigh sustainability benefitsThe potential of AI to help companies measure and optimise their sustainability efforts could be outweighed by the huge environmental impacts of the technology itself.On the positive side, speakers at the AI Summit London outlined, for example, how the data analysis capabilities of AI can assist companies with decarbonisation and other environmental initiatives by capturing, connecting and mapping currently disparate data sets; automatically pin point harmful emissions to specific sites in supply chains; as well as predict and manage the demand and supply of energy in specific areas.They also said it could help companies better manage their Scope 3 emissions (which refers to indirect greenhouse gas emissions that occur outside of a companys operations, but that are still a result of their activities) by linking up data sources and making them more legible.However, despite the potential sustainability benefits of AI, speakers were clear that the technology itself is having huge environmental impacts around the world, and that AI itself will come to be a major part of many organisations Scope 3 emissions.One speaker noted that if the rate of AI usage continues on its current trajectory without any form of intervention, then half of the worlds total energy supply will be used on AI by 2040; while another pointed out that,at a time when billions of people are struggling with access to water, AI-providing companies are using huge amounts of water to cool their datacentres.They added AI in this context could help build in circularity to the operation, and that it was also key for people in the tech sector to internalise thinking about the socio-economic and environmental impacts of AI, so that it is thought about from a much earlier stage in a systems lifecycle.Read more about data and ethicsUN chief blasts AI companies for reckless pursuit of profit: The United Nations general secretary has blasted technology companies and governments for pursuing their own narrow interests in artificial intelligence without any consideration of the common good, as part of wider call to reform global governance.Barings Law plans to sue Microsoft and Google over AI training data: Microsoft and Google are using peoples personal data without proper consent to train artificial intelligence models, alleges Barings Law, as it prepares to launch a legal challenge against the tech giants.UK Bolt drivers win legal claim to be classed as workers: Employment Tribunal ruling says Bolt must classify its drivers as workers rather than self-employed, putting drivers in line to receive thousands of pounds in compensation from the ride-hailing and delivery app.

In the latest deliberations on the Data Use and Access Bill in the House of Lords, I set out two amendments to offer well overdue updating to the Computer Misuse Act (CMA) of 1990. In preparing for committee stage of the bill I remain incredibly grateful to everyone involved with the CyberUp campaign, their analysis and commentary always so perfectly on point.I hardly think I need to rehearse the backdrop to the CMA, many people will be well aware of the act and its shortcomings. Curiously, in the intervening thirty-four and a half years, despite seismic changes in our society and technologies - crucially, including the rise of cyber security threats - the act remains unamended.Having said that though, Ive tempted myself a little as it is the case that the act was originally drafted to protect telephone exchanges in 1990, when only 0.5% of the population had access to the internet.The CMA was the UKs first computer crime law and came about following an attack on Prestel in the mid-1980s. Anyone under the age of 40 is probably wondering what Prestel was - a forerunner of internet-based online services launched by the Post Office in 1979 - which only serves to make the point.My amendments to the new Data Bill seek to achieve a very clear and materially significant change, to enable cyber security professionals to do what we have asked of them without the legislation tying at least one hand behind their back.Thirty-four years on, the CMA still governs how we tackle cyber criminals. As it is currently written, the act inadvertently criminalises legitimate cyber security research. This includes a large proportion of vulnerability research and threat intelligence activities which are critical in protecting the UK from increasingly sophisticated cyber attacks.Fundamentally, it restricts cyber security researchers from conducting essential work to protect the UK, including critical national infrastructure. While improving data access is a positive move, it is equally crucial to modernise cyber security laws to protect not just the data but also the systems that underpin it.The wording of my amendments in full is:Data use: definition of unauthorised access to computer programs or data In section 17 of the Computer Misuse Act 1990, at the end of subsection (5) insert c) they do not reasonably believe that the person entitled to control access of the kind in question to the program or data would have consented to that access if they had known about the access and the circumstances of it, including the reasons for seeking it, and (d) they are not empowered by an enactment, by a rule of law, or by order of a court or tribunal to access of the kind in question to the program or data. Data use: defences to charges under the Computer Misuse Act 1990 (1) The Computer Misuse Act 1990 is amended as follows. (2) In section 1, after subsection (3) insert (4) It is a defence to a charge under subsection (1) to prove that (a) the persons actions were necessary for the detection or prevention of crime, or (b) the persons actions were justified as being in the public interest. (3) In section 3, after subsection (6) insert (7) It is a defence to a charge under subsection (1) in relation to an act carried out for the intention in subsection (2)(b) or (c) to prove that (a) the persons actions were necessary for the detection or prevention of crime, or (b) the persons actions were justified as being in the public interest. As I said in the debate, dont take my word for it, the National Cyber Security Centre acknowledged the widening gap between the risks facing the UK and its ability to mitigate them in its 2024 annual review, clearly stating that updating this out-of-date legislation is a crucial step in closing this gap.Introducing a statutory defence would provide legal clarity and protection for ethical cyber security professionals undertaking legitimate vulnerability research and threat intelligence activities. Such a defence would align the UK with best practices internationally, ensuring that we keep pace with nations like the US and EU, which are moving to safeguard ethical cyber security work.To put some numbers to this, there have been nine million instances of cyber crime against UK businesses and charities since May 2021, according to the Department for Science, Innovation and Technologys 2024 cyber breaches survey, published April 2024. Half of businesses and 32% of charities suffered a cyber breach or attack last year, with 2.4bn estimated increased revenue potential post-update for the sector.Analysis based on CyberUps recent industry report suggests that 60% of respondents said the CMA is a barrier to their work in threat intelligence and vulnerability research, and 80% believed the UK was at a competitive disadvantage due to the CMA.Concluding my remarks, I asked whether the minister would be able to provide an update on the work to reform the Computer Misuse Act? I also asked her whether she believed that my amendments as drafted would provide the legal protection that we seek and, if so, why the government would not bring them into force via the means of the Data Bill.The ministers answers to both questions were largely the same - we must wait, the amendments are premature, there was not consensus among those who responded to last years consultation on the matter so the path forward must continue with no timeline or sense of when this most pressing of issues will be resolved.If the government needs some public support to increase its pace on this project, how about the fact that two-thirds of UK adults are inclined to support a change in the law to allow cyber security professionals to carry out research to prevent cyber attacks?There is also support for such a statutory change from the excellent report of the then chief scientific advisor, Patrick Vallance, earlier this year which concluded that, Amending the CMA to include a statutory public interest defence that would provide stronger legal protections for cyber security researchers and professionals.Other nations have already led in this area, not least France and the Netherlands. Belgium, Germany and Malta are currently amending their legal frameworks to this end. As I stated in the debate, its time to pass these amendments, its time to afford our cyber security professionals the safety they need to do the self-same thing for us, all of us. As has been the case for far too long - its time to CyberUp.Timeline: Computer Misuse Act reformJanuary 2020: A group of campaigners says the Computer Misuse Act 1990 risks criminalising cyber security professionals and needs reforming.June 2020: The CyberUp coalition writes to Boris Johnson to urge him to reformthe UKs 30 year-old cyber crime laws.November 2020: CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecutedjust for doing their jobs.May 2021: Home secretary Priti Patel announces plans to explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updatedto reflect the changed online world.June 2022: A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecutedin the course of their work.August 2022: A study produced by the CyberUp Campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakersas they explore its reform.September 2022: The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber professionalsfrom potential prosecution.January 2023: Cyber accreditation association Crest International lends its support to the CyberUp Campaign forreform to the Computer Misuse Act 1990.February 2023: Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act 1990, but campaigners who want the law changed to protect cyber professionalshave been left disappointed.March 2023: The deadline for submissions to the governments consultation on reform of the Computer Misuse Act is fast approaching, and cyber professionals need to make their voices heard,say Bugcrowds ethical hackers.November 2023: A group of activists who want to reform the UKs computer misuse laws to protect bona fide cyber professionals from prosecution have been left frustrated by a lack of legislative progress.July 2024: In the Cyber Security and Resilience Bill introduced in the Kings Speech, the UKs new government pledges to give regulators more teeth to ensure compliance with security best practiceand to mandate incident reporting.July 2024: The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated lawhinders legitimate work.December 2024: An amendment to the proposed Data (Access and Use) Bill that will right a 35-year-old wrong and protect security professionals from criminalisation is to be debated at Westminster.

Dec 20, 2024Ravie LakshmananCISA / VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user."BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user," CISA said.While the issue has already been plugged into customers' cloud instances, those using self-hosted versions of the software are recommended to update to the below versions -Privileged Remote Access (versions 24.3.1 and earlier) - PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2Remote Support (versions 24.3.1 and earlier) - RS patch BT24-10-ONPREM1 or BT24-10-ONPREM2News of active exploitation comes after BeyondTrust revealed that it was the victim of a cyber attack earlier this month that allowed unknown threat actors to breach some of its Remote Support SaaS instances.The company, which has enlisted the help of a third-party cybersecurity and forensics firm, said its investigation into the incident found that the attackers gained access to a Remote Support SaaS API key that allowed them to reset passwords for local application accounts.Its probe has since uncovered another medium-severity vulnerability (CVE-2024-12686, 6.6) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. The newly discovered flaw has been addressed in the below versions -Privileged Remote Access (PRA) - PRA patch BT24-11-ONPREM1, BT24-11-ONPREM2, BT24-11-ONPREM3, BT24-11-ONPREM4, BT24-11-ONPREM5, BT24-11-ONPREM6, and BT24-11-ONPREM7 (dependent on PRA version)Remote Support (RS) - RS patch BT24-11-ONPREM1, BT24-11-ONPREM2, BT24-11-ONPREM3, BT24-11-ONPREM4, BT24-11-ONPREM5, BT24-11-ONPREM6, and BT24-11-ONPREM7 (dependent on RS version)BeyondTrust makes no mention of either of the vulnerabilities being exploited in the wild. However, it has said that all affected customers have been notified. The exact scale of the attacks, or the identities of the threat actors behind them, is not known at present.The Hacker News has reached out to the company for comment, and will update the piece if we hear back.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 19, 2024Ravie LakshmananCloud Security / EncryptionThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines."Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," the agency said, adding the directive "will further reduce the attack surface of the federal government networks."As part of 25-01, agencies are also recommended to deploy CISA-developed automated configuration assessment tools to measure against the baselines, integrate with the agency's continuous monitoring infrastructure, and address any deviations from the secure configuration baselines.While the baselines are currently limited to Microsoft 365 (Azure Active Directory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online, OneDrive, and Microsoft Teams) the cybersecurity agency said it may release additional SCuBA Secure Configuration Baselines for other cloud products.The BOD, named Implementing Secure Practices for Cloud Services, primarily requires all federal agencies to meet a series of deadlines next year -Identify all cloud tenants, including tenant name and the system owning agency/component for each tenant no later than February 21, 2025 (to be updated annually)Deploy all SCuBA assessment tools for in-scope cloud tenants no later than April 25, 2025, and either integrate the tool results feeds with CISA's continuous monitoring infrastructure or report them manually on a quarterly basis Implement all mandatory SCuBA policies no later than June 20, 2025Implement all future updates to mandatory SCuBA policies within specified timelinesImplement all mandatory SCuBA Secure Configuration Baselines and begin continuous monitoring for new cloud tenants prior to granting an Authorization to Operate (ATO)CISA is also strongly recommending all organizations to implement these policies in order to reduce potential risks and enhance resilience across the board."Maintaining secure configuration baselines is critical in the dynamic cybersecurity landscape, where vendor changes, software updates, and evolving security best practices shape the threat environment," CISA said. "As vendors frequently release new updates and patches to address vulnerabilities, security configurations must also adjust.""By regularly updating security configurations, organizations leverage the latest protective measures, reducing the risk of security breaches and maintaining robust defense mechanisms against cyber threats."CISA Pushes for Use of E2EE ServicesNews of the Binding Operational Directive comes as CISA has released new guidance on mobile communications best practices in response to cyber espionage campaigns orchestrated by China-linked threat actors like Salt Typhoon targeting U.S. telecommunications companies."Highly targeted individuals should assume that all communications between mobile devices including government and personal devices and internet services are at risk of interception or manipulation," CISA said.To that end, individuals who are senior government or senior political positions are being advised to -Use only end-to-end encrypted (E2EE) messaging applications such as SignalEnable phishing-resistant multi-factor authentication (MFA)Stop using SMS as a second factor for authenticationUse a password manager to store all passwordsSet a PIN for mobile phone accounts to prevent subscriber identity module (SIM)-swapping attacksUpdate software on a regular basisSwitch to devices with the latest hardware to take advantage of critical security featuresDo not use a personal virtual private network (VPN) due to "questionable security and privacy policies"On iPhone devices, enable Lockdown Mode, disable the option to send an iMessage as a text message, secure Domain Name System (DNS) queries, activate iCloud Private Relay, and review and restrict app permissionsOn Android devices, prioritize getting models from manufacturers that have a track record of security commitments, use Rich Communication Services (RCS) only if E2EE is enabled, configure DNS to use a trusted resolver, enable Enhanced Protection for Safe Browsing in Google Chrome, make sure Google Play Protect is enabled, and review and restrict app permissions"While no single solution eliminates all risks, implementing these best practices significantly enhances protection of sensitive communications against government-affiliated and other malicious cyber actors," CISA said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 19, 2024Ravie LakshmananPrivacy / Data ProtectionThe Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix 4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data it collects from its users. This includes email addresses, telephone numbers, payment details, as well as information about what customers watch on the platform."Furthermore, customers did not receive sufficient information when they asked Netflix which data the company collects about them," the DPA said, adding these constitute violations of the General Data Protection Regulation (GDPR).Besides failing to clarify the purpose and legal basis for gathering the data, the company has also been accused of being unclear about what kinds of information are shared with third-parties and for what reasons, the data retention period, and security guarantees when it comes to transmitting the information to countries outside of Europe.Austrian privacy non-profit None of Your Business (noyb), which filed the complaint against Netflix in January 2019, said it's "happy" with the DPA's decision, while noting that it took almost five years to obtain it."Netflix didn't just fail to provide sufficient information about why it collects data and what it does with it," it said. "The company didn't even manage to provide a full copy of the complainant's data."Although the company has since updated its privacy statement and improved the information it provides to users, it's objecting to the fine, the DPA added."A company like that, with a turnover of billions and millions of customers worldwide, has to explain properly to its customers how it handles their personal data," Dutch DPA chairman Aleid Wolfsen said. "That must be crystal clear. Especially if the customer asks about this. And that was not in order."Noyb has also filed similar complaints against Amazon, Apple Music, Spotify, and YouTube, with the case against Spotify resulting in the music streamer facing a fine of around 5 million from the Swedish Data Protection Authority (IMY) in June 2023.The development comes as the Irish Data Protection Commission (DPC) imposed a monetary penalty of 251 million (around $263 million) on Meta for a 2018 data breach that impacted 3 million users in the European Union.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE