TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Building Effective Security Programs Requires Strategy, Patience, and Clear VisionBuilding Effective Security Programs Requires Strategy, Patience, and Clear VisionCapital One executives share insights on how organizations should design their security programs, implement passwordless technologies, and reduce their attack surface.Dark Reading, Staff & ContributorsMay 15, 20251 Min ReadNatee Jindakum via ShutterstockCISOs are facing a growing array of threats, including ransomware, business email compromise, identity-based attacks, phishing attacks, and data breaches. Patience and adaptability are required to build, implement, and maintain an effective security program that addresses the gamut of these risks.Many technologies and security measures are available to tackle the various problems organizations face, but they take time and resources to implement properly. One way to do so is to treat the organization's security program as a product, said Capital One cybersecurity CTO Mike Benjamin at last month's RSAC Conference in San Francisco. Like products, security programs have customers, meet a need, deliver something of value, and can be purchased, he said. Some may argue that security programs are not like products but more like a cost center because they are required or have unclear deliverables."People who voted no, a security program is not a product, in everything we see are things we would all argue is a security program that needs help," Benjamin said. "The company only does it because it's required. Does anyone want their program to be thought of in that way? We all strive for it to be something that the company values, to be a core component of how it operates, not a thing that just has to be done."Strong programs balance technology with internal work and overall risk management. Striking an effective balance can be difficult, especially when it comes to application security programs. Security teams must ensure there are no vulnerabilities without slowing down business operations.Read the Full Article on Dark ReadingAbout the AuthorDark ReadingStaff & ContributorsDark Reading: Connecting The Information Security CommunityLong one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.See more from Dark ReadingWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Apple is launching a brand new Home product in the coming year. I’ve been calling it ‘HomePad,’ and these are five of the core features it will bring with it. 7-inch square display Originally, Mark Gurman reported that the HomePad would have “a roughly 6-inch screen.” More recently though, in his big overview of 2025 products, Gurman bumped the expected size to 7 inches. The device reportedly looks a lot like a square iPad, and is somewhat equivalent to two iPhone 16 Pro Max models placed side by side. Smaller than some might want, but that should help keep the cost lower. Brand new OS Apple’s HomePad will come with a brand new operating system, likely dubbed ‘homeOS.’ Gurman says the interface “looks like a blend of the Apple Watch operating system and the iPhone’s recently launched StandBy mode.” It will also dynamically adjust based on how close or far away you are. For example, from far away it might display status update-type info, but if you get close it would change to offer controls. Unsurprisingly, based on Gurman’s ‘StandBy’ reference, the HomePad is expected to support widgets. You’ll reportedly be able to add these to the Home Screen, just like you can on iPhone and iPad. It’s unclear yet if third-party widgets will be supported, but there’s a good chance they will be. Apple has already built tech into macOS that lets you run iPhone widgets there, so extending that feature to the HomePad seems like a no-brainer. Accessories for fitting in anywhere On its own, the HomePad will look like a simple smart display. But Apple is building various bases and attachments that will make it fit into the different spaces of your home. Gurman writes: Apple has designed different attachments for the device, including ones that affix the screens onto walls like a classic home-security panel. There will be bases with additional speakers that can be placed in the kitchen, on a nightstand or on a desk. These additional accessories seem like another attempt at keeping the HomePad’s cost from ballooning (assuming they’re separate purchases). Importantly though, they also acknowledge the reality that different home spaces will require different HomePad setups. AI-infused Siri Apple’s current Home products, the HomePod, HomePod mini, and Apple TV 4K, don’t support any Apple Intelligence features. This means they’re all stuck with the ‘old’ Siri. But HomePad will offer the new, AI-infused Siri that’s more powerful already (mainly thanks to ChatGPT) but will get substantially more so this fall with iOS 19. Siri will be able to perform hundreds of new in-app and cross-app actions, understand your personal context, and more. If it works as expected, there should be far fewer times Siri has to say, “I’m sorry” on the HomePad—a too-frequent occurrence on HomePod. Apple’s HomePad is expected to offer a lot more functionality than what’s outlined above, including serving as a smart home controller, FaceTime device, and more. But the five features I’ve mentioned provide a solid overview of what to expect from HomePad’s core functionality. Are you interested in buying the HomePad? Why or why not? Let us know in the comments. Best HomeKit smart home accessories Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Valve has responded to this week's reports of user data being breached via 2FA methods, saying "We have examined the leak sample and have determined this was NOT a breach of Steam systems"Tech11:08, 15 May 2025Updated 11:08, 15 May 2025Make sure you follow Valve's adviceWell, that's a relief. PC gamers panicked yesterday when reports suggested that Steam user accounts for millions of users had been breached, seemingly from a 2FA vendor.The storefront, which is widely regarded as the best place to buy PC games, was reportedly breached by an entity that had gained access to user data, possibly via two-factor authentication (2FA) methods.‌At the time, it was suggested that the information had spilled from a 2FA vendor, and now Valve has broken its silence on the matter.‌Posting an update on Steam itself, Valve said "You may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.Steam is the most popular PC gaming platform(Image: AFP via Getty Images)"We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.Article continues below"The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data."Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."So that's that then, right? Not quite. Valve still acknowledges there was a leak, and is still investigating, but has offered some advice for customers.‌You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious," it said, pointing to the authorised devices section of a user's account info."We also recommend setting up the Steam Mobile Authenticator if you haven’t already, as it gives us the best way to send secure messages about your account and your account’s safety."This writer uses the Steam Mobile Authenticator and can confirm it's an easy way to add additional security to your Steam account and is a breeze to get set up.Article continues belowFor the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.‌‌‌

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Building Effective Security Programs Requires Strategy, Patience, and Clear VisionBuilding Effective Security Programs Requires Strategy, Patience, and Clear VisionCapital One executives share insights on how organizations should design their security programs, implement passwordless technologies, and reduce their attack surface.Dark Reading, Staff & ContributorsMay 15, 20251 Min ReadNatee Jindakum via ShutterstockCISOs are facing a growing array of threats, including ransomware, business email compromise, identity-based attacks, phishing attacks, and data breaches. Patience and adaptability are required to build, implement, and maintain an effective security program that addresses the gamut of these risks.Many technologies and security measures are available to tackle the various problems organizations face, but they take time and resources to implement properly. One way to do so is to treat the organization's security program as a product, said Capital One cybersecurity CTO Mike Benjamin at last month's RSAC Conference in San Francisco. Like products, security programs have customers, meet a need, deliver something of value, and can be purchased, he said. Some may argue that security programs are not like products but more like a cost center because they are required or have unclear deliverables."People who voted no, a security program is not a product, in everything we see are things we would all argue is a security program that needs help," Benjamin said. "The company only does it because it's required. Does anyone want their program to be thought of in that way? We all strive for it to be something that the company values, to be a core component of how it operates, not a thing that just has to be done."Strong programs balance technology with internal work and overall risk management. Striking an effective balance can be difficult, especially when it comes to application security programs. Security teams must ensure there are no vulnerabilities without slowing down business operations.Read the Full Article on Dark ReadingAbout the AuthorDark ReadingStaff & ContributorsDark Reading: Connecting The Information Security CommunityLong one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.See more from Dark ReadingWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

AI agents will fundamentally change the value of content and the way people work with data and files, said Aaron Levie, CEO of Box, during a Wednesday webcast that was part of the company’s Content+AI Virtual Summit. The traditional approach to managing content is fundamentally changing with AI, Levie said. Over the last two decades, Box has changed its focus from file storage to extracting value from content in those files. The company provides collaborative tools and integrates popular apps for users to work with those files and data. Extracting value from the content in stored files will take on new meaning with AI. The amount of unstructured data within files has grown at an exponential pace over the last few decades, but most of the data is underutilized, Levie said. AI will provide instant answers from unstructured data, fundamentally changing the value of content stored in systems. It will also automate workflows and introduce an AI-first culture, Levie said. “We have the opportunity to drive an incredible amount of new experiences,” Levie said. “We need a better and modern way to manage information.” Box has kept up with various stages in AI evolution, with integration of AI models and more recently AI agents. As AI advances, the vendor is allowing its clients to do more advanced data extraction, multi-step reasoning, and more complex task planning. “We didn’t think about AI as an add-on capability on the side,” but as central to the Box platform, Levie said. For example, the Box interface has an agent that can answer queries and work with content within specific folders. It provides multimedia responses to queries, linking to videos, charts, and citations within files stored in the system. The company on Wednesday launched a series of new AI agents that serve different objectives, including a “Search” agent for basic results from files and a “Deep Research” agent that digs deeper into information for more comprehensive answers. The Deep Research agent works with large volumes of enterprise content in files, summarizes findings, and provides links to relevant files. Box is also integrating a new AI agent for Microsoft 365 Copilot, allowing users of Word, PowerPoint, and other software to work with data stored in Box systems. In the coming years, Microsoft plans to integrate thousands of agents from third parties such as Box and Adobe to improve user productivity. Many of Box’s competitors are also offering their own AI technology, though agent-to-agent integrations between vendors are growing. Forrester Research has a roadmap for broad adoption of various agent technologies in coming years. It shows helper-style agents like the ones announced by Box taking off gradually in 2026. Helper-style AI agents will see broad adoption by next year, according to Forrester. More complex agents capable of executive decision-making will take a little longer. Forrester Research But as AI agents advance to solving problems and making executive decisions, things will get more complex, said Craig Le Clair, vice president and principal analyst at Forrester. There’s a huge gap between vendors of AI agents and the actual adoption profile of users and buyers, Le Clair said. “The gap that exists there is astounding,” he said. Companies are advancing with AI agents, but it’s much more complex when it comes to sophisticated solvers and managing agents, Le Clair said. “If you’re in a financial institution, you’ve built all these layers of process, control, risk mitigation, and reporting around the technology underneath. And you don’t change that easily, because it takes legal, compliance, meetings, security. It takes longer to change the processes that sit above the technology,” Le Clair said.

A group of Republican lawmakers are urging the Trump administration to ban sales of TP-Link networking products, including the company’s popular Wi-Fi routers. The Commerce, Defense, and Justice Departments have reportedly been investigating TP-Link for national security risks. On Wednesday, the lawmakers—including 12 GOP senators—wrote to the Commerce Department to voice support for its investigation, and called on the White House to block further sales of TP-Link products in the US. “TP-Link’s deep ties to the Chinese Communist Party (CCP), use of predatory pricing to eliminate trusted US alternatives, and role in embedding foreign surveillance and destructive capabilities into our networks render it a clear and present danger,” they wrote to Secretary Howard Lutnick.The lawmakers claim TP-Link is a security threat because Chinese state-sponsored hackers have exploited the company’s routers and networking devices before, giving them a way to conduct cyberespionage within the US. The letter doesn’t include any evidence showing TP-Link has been deliberately aiding Chinese hackers. Still, the lawmakers alleges that TP-Link has been offering low “predatory” prices for its products to help it capture “nearly 60% of the US retail router and Wi-Fi system market.” In turn, the Chinese government can allegedly piggy back off TP-Link’s hardware to launch future cyberattacks on the US. (Photo by: Bildagentur-online/Schoening/Universal Images Group via Getty Images)“For these reasons, Commerce should immediately prohibit future sales of TP-Link SOHO (small and home office) networking equipment in the United States. Each day we fail to act, the CCP wins while American competitors suffer, and American security remains at risk,” the letter adds. The FBI has long been concerned that Chinese state-sponsored hackers are laying the groundwork to disrupt US critical infrastructure in the event conflict breaks out between China and the US. Recommended by Our EditorsAlthough a ban would be drastic, some former US security officials want a crackdown on TP-Link, saying it's imperative the country remove such devices before they become a threat. Other former federal officials have also said a ban would send a message to Beijing that its state-sponsored hacking will have consequences for China-based companies that may be involved. However, TP-Link says the letter is based on misinformation. “The allegations are categorically false, and we look forward to setting the record straight about our company,” the vendor told PCMag, adding: “To be clear, TP-Link is not a state-sponsored company, has no 'deep ties' to, and is completely independent from, the Chinese Communist Party.” Last year, TP-Link went as far to establish a new global headquarters in Irvine, California, although it was founded in Shenzhen, China, and still has a headquarters there. As a result, TP-Link also told PCMag: “As a US company, no foreign country or government, including China, has access to or control over the design and production of our products.”TP-Link also says it only has around a 35% share of the US market rather than 60%. “The allegation that bad actors from China used our routers for cyberattacks is misleading and disingenuous – routers made by many companies have been targets of attacks,” the company added. “TP-Link has been the victim of a smear campaign, driven by the goal of removing a competitor from the marketplace.”The Commerce Department didn’t immediately respond to a request for comment. In the meantime, TP-Link says it’s confident the Commerce Department’s investigation will lead it to “recognize the security of TP-Link’s operations and products.” TP-Link added that it has not received any inquiries from the Justice Department.

Valve confirms Steam data leak but denies it’s a serious problem GameCentral Published May 15, 2025 12:07pm Updated May 15, 2025 12:07pm Valve says there’s nothing to worry about (Valve) Steam users are in a panic about a supposed data breach, but according to Valve nothing significant has actually happened. Data breaches at big companies are hardly a rarity, in the video game world or elsewhere, so when talk of a ‘massive’ breach at Steam started to appear online it wasn’t necessarily that surprising. Warnings spread that customers should immediately change their passwords, phone numbers, and payment details, with reports that personal data had been stolen by hackers. However, according to Steam owner Valve, the whole story is overblown and only ‘older text messages’ have been accessed, that are no help in breaking into Steam accounts. As such, they insist that this is ‘NOT a breach of Steam systems’ and nothing is at risk. The rumours of a breach started with a LinkedIn post which, for some reason, everyone decided to believe, even though the talk of a ‘dark web forum’ and the hacker demanding only $5,000 (£3,700) for ‘89 million user records’ sounded extremely made-up. Valve’s explanation of the situation is confusingly written but it does seem to confirm that text messages were acquired illegally, even if they’re of no use to anyone. The breach was supposedly achieved by getting access to two-factor authentication SMS logs, but as Valve points out those messages are only good for 15 minutes and according to them all the ones that have been leaked are old. ‘We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit and routed through multiple providers on the way to your phone,’ reads the statement on Steam. More Trending ‘The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.’ Importantly, they insist that: ‘You do not need to change your passwords or phone numbers as a result of this event.’ Given the extreme bad publicity that would result if Valve were found to be underplaying the leak there doesn’t seem any reason not to take their comments at face value, especially given the more absurd elements of the initial LinkedIn post. As they point out though, you should always treat any security messages you have not requested as extremely suspicious. They also recommend the Steam Mobile Authenticator app for added security. It sounds like Dr Evil made the ransom demands (Valve) Email gamecentral@metro.co.uk, leave a comment below, follow us on Twitter, and sign-up to our newsletter. To submit Inbox letters and Reader’s Features more easily, without the need to send an email, just use our Submit Stuff page here. For more stories like this, check our Gaming page. GameCentral Sign up for exclusive analysis, latest releases, and bonus community content. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy

IS IT REAL OR IS IT AI-GENERATED? FBI warns of ongoing scam that uses deepfake audio to impersonate government officials Warning comes as the use of deepfakes in the wild are rising. Dan Goodin – May 15, 2025 5:06 pm | 18 Credit: Getty Images Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more The FBI is warning people to be vigilant of an ongoing malicious messaging campaign that uses AI-generated voice audio to impersonate government officials in an attempt to trick recipients into clicking on links that can infect their computers. “Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts,” Thursday’s advisory from the bureau’s Internet Crime Complaint Center said. “If you receive a message claiming to be from a senior US official, do not assume it is authentic.” Think you can’t be fooled? Think again. The campaign's creators are sending AI-generated voice messages—better known as deepfakes—along with text messages “in an effort to establish rapport before gaining access to personal accounts,” FBI officials said. Deepfakes use AI to mimic the voice and speaking characteristics of a specific individual. The differences between the authentic and simulated speakers are often indistinguishable without trained analysis. Deepfake videos work similarly. One way to gain access to targets' devices is for the attacker to ask if the conversation can be continued on a separate messaging platform and then successfully convince the target to click on a malicious link under the guise that it will enable the alternate platform. The advisory provided no additional details about the campaign. The advisory comes amid a rise in reports of deepfaked audio and sometimes video used in fraud and espionage campaigns. Last year, password manager LastPass warned that it had been targeted in a sophisticated phishing campaign that used a combination of email, text messages, and voice calls to trick targets into divulging their master passwords. One part of the campaign included targeting a LastPass employee with a deepfake audio call that impersonated company CEO Karim Toubba. In a separate incident last year, a robocall campaign that encouraged New Hampshire Democrats to sit out the coming election used a deepfake of then-President Joe Biden’s voice. A Democratic consultant was later indicted in connection with the calls. The telco that transmitted the spoofed robocalls also agreed to pay a $1 million civil penalty for not authenticating the caller as required by FCC rules. Thursday’s advisory provided steps people can take to better detect these sorts of malicious messaging campaigns. They include: Verify the identity of the person calling you or sending text or voice messages. Before responding, research the originating number, organization, and/or person purporting to contact you. Then independently identify a phone number for the person and call to verify their authenticity. Carefully examine the email address; messaging contact information, including phone numbers; URLs; and spelling used in any correspondence or communications. Scammers often use slight differences to deceive you and gain your trust. For instance, actors can incorporate publicly available photographs in text messages, use minor alterations in names and contact information, or use AI-generated voices to masquerade as a known contact. Look for subtle imperfections in images and videos, such as distorted hands or feet, unrealistic facial features, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, voice call lag time, voice matching, and unnatural movements. Listen closely to the tone and word choice to distinguish between a legitimate phone call or voice message from a known contact and AI-generated voice cloning, as they can sound nearly identical. AI-generated content has advanced to the point that it is often difficult to identify. When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help. The guidance is helpful, but it doesn't take into account some of the challenges targets of such scams face. Often, the senders create a sense of urgency by claiming there is some sort of ongoing emergency that requires an immediate response. It's also not clear how people can reliably confirm that phone numbers, email addresses, or URLs are authentic. The bottom line is that there is no magic bullet to ward off these sorts of scams. Admitting that no one is immune to being fooled is key to defending against them. Dan Goodin Senior Security Editor Dan Goodin Senior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 18 Comments

Apple TV+ just seems to know how to churn out good shows, and Murderbot is no exception. The series has debuted with a 98% critics’ score on Rotten Tomatoes, and seems to be the latest critical success for the streaming service. The show, which is adapted from a series of novels by Martha Wells, tells the story of a security robot who acquires free will. After discovering that he can think for himself, he agrees to take on a dangerous mission protecting a group of scientists, even though all he really wants to do is binge-watch TV. Starring Alexander Skarsgard, the series has earned praise for its light, witty tone and for his central performance. Recommended Videos “Murderbot isn’t an exact recreation of the books — and it’s too irreverent to be the kind of thing Murderbot would enjoy — but it’s very fun and satisfying as its own thing,” Rolling Stone’s Alan Sepinwall wrote in his review of the first season. “Murderbot is the latest example of a trend I’ve noticed on streaming TV — exquisitely produced science fiction and fantasy shows that may not be seen outside of a small-yet-passionate fanbase,” Eric Deggans of NPR added. Apple has proven to be particularly adept at adapting sci-fi stories, having already had success with shows like Silo, For All Mankind, and of course, Severance. Murderbot seems to have a slightly different tone from each of those shows, but thankfully, it seems to work pretty well on its own merits. The show is set to hit Apple TV+ starting on May 16.