By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A major teaching hospital in London, UK, is using the Microsoft HoloLens on its COVID-19 wards to keep doctors safer as they help patients with the virus. Staff at Imperial College Healthcare NHS Trust are wearing the HoloLens with Dynamics 365 Remote Assist using Microsoft Teams to send a secure live video feed to a computer screen in a nearby room, allowing healthcare teams to see everything the doctor treating Covid-19 patients can see while remaining at a safe distance. This has resulted in a fall in the amount of time staff are spend in high-risk areas of up to 83% and it has also significantly reduced the amount of personal protective equipment (PPE) being used, as only the doctor wearing the headset has to dress in PPE by up to 700 items of PPE per ward, per week. James Kinross, a consultant surgeon at Imperial College Healthcare and senior lecturer at Imperial College London, said: “Protecting staff was a major motivating factor for this work, but so was protecting patients. If our staff are ill they can transmit disease and they are unable to provide expert medical care to those who needed it most.”Kinross, who had used the HoloLens for surgery before, noted that it had unique features, such as being a hands-free solution that could be used with PPE, and that it already featured telemedicine capabilities.“It solved a major problem for us during a crisis, by allowing us to keep treating very ill patients while limiting our exposure to a deadly virus. Not only that, but it also reduced our PPE consumption and significantly improved the efficiency of our ward rounds,” he noted. Using Remote Assist, doctors wearing HoloLens on the Covid-19 wards can hold hands-free Teams video calls with colleagues and experts anywhere in the world. They can receive advice, interacting with the caller and the patient at the same time, while medical notes and X-rays can also be placed alongside the call in the wearer’s field of view. “We’re now looking into other areas where we can use HoloLens because it is improving healthcare without removing the human; you still have a doctor next to your bed, treating you,” Kinross said. “Patients like it, too. They are interested in this new piece of technology that’s helping them.” HoloLens is also being used to teach students at Imperial College London’s medical school, regarded as one of the best in the world after the Covid-19 pandemic led to the academic areas to close “practically overnight”, Kinross said. Students can use laptops and mobile devices at home to watch a live feed from lecturers wearing HoloLens and learn about a range of topics including anatomy, surgery, and cardiology. Read more on OUR FORUM.

Today marks the second anniversary of the introduction of the EU's General Data Protection Regulation (GDPR). With privacy in the spotlight at the moment due to COVID-19 tracing apps, we got the views of some industry experts on the effect that GDPR has had on our individual privacy and on the way businesses handle data. "While it's the second anniversary of GDPR, being GDPR-compliant isn't about a point in time," says Steve Grewal CTO of data management firm Cohesity. "Compliance is an on-going process that requires organizations to take the utmost care in managing and protecting personal data. This means minimizing data volumes, reducing data fragmentation, and -- absent standardized policies in the US across all 50 states on personal data and privacy -- taking a proactive approach to ensure data is secure and protected. In 2020, it’s imperative that organizations are good stewards of customer data. Failing to make compliance a key part of an overall data management strategy can severely damage trust and erode brand reputations." Grewal also believes any erosion of privacy due to tracing apps will be temporary, "Just as individuals were asked to trade privacy to access social networks, individuals are being asked to consider a lower level of personal privacy while being under lockdown, as governments are exploring the use of tracking apps to track the spread of the virus. Though Europe's laws are strict, exemptions for public-health crises are written into EU data protection rules. Any use of data must be proportionate and fall away once the crisis has passed." Bob Swanson, a security research consultant at SOAR company Swimlane believes GDPR enforcement has yet to fully bite, "When we look at the introduction of GDPR everyone was focused on proposed fines. But have the actual fines issued lived up to that? No they have not. How you institute change is through collaboration and accountability, specifically among the largest most influential organizations. Take Google for example. Of the millions in fines issued in 2019, the majority of those were issued to Google. However when you compare Google's 2019 issuance of $57 million in fines to annual revenue, some would say this fine more closely resembles a slap on the wrist, versus a mechanism to institute change among the tech giants. These types of organizations will be the ones to truly influence the adoption, adaptation, and staying power of such legislation." Others though think GDPR has been a success. Grant Geyer, chief product officer of operational technology platform Claroty believes, "Just as important as the principles the regulation stands for, the European Union’s global enforcement of blatant and willful violations of the rights of European citizens to have their personal data safeguarded has raised its prominence to the gold standard of data protection regulations worldwide. In today's global economy, GDPR has swiftly created a replicable regulatory blueprint that represents a win for citizens to maintain ownership over their personal data.  That's a sacred right in a digital economy where for many years personal data has been abused and monetized without awareness, consent, or recourse." "It is clear GDPR has so far been a success," says Paul Breitbarth, director, EU policy, and strategy at privacy management company TrustArc. "Companies around the world have become much more aware of the importance of privacy compliance, updating their approach to how their customers’ data is collected, used, and safeguarded." To learn more, visit OUR FORUM.

Just days after the monthly Patch Tuesday Windows security update, unpatched system file zero-day vulnerabilities have been publicly disclosed. Every month, Microsoft fixes a bunch of security vulnerabilities across the product range on Patch Tuesday. The latest round of fixes has already been and gone, addressing a total of 111 security vulnerabilities. Some sixteen of these were rated as critical, and, crucially, there were no zero-days. A zero-day vulnerability is one that remains unpatched by the vendor, leaving a window of opportunity for those who would exploit it using a zero-day attack. That's good news. The bad news is that no less than four new zero-days affecting Microsoft Windows have now been publicly disclosed. Three of them impact a core Windows system file. Trend Micro's Zero Day Initiative (ZDI) is a bug bounty program founded in 2005 which encourages the reporting of zero-day vulnerabilities by financially rewarding security researchers. "We make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw, which leaves researchers free to go find other bugs," the about ZDI page states. It also says that no technical details about any vulnerability are made public until the vendor has released a patch. ZDI gives vendors a 120-day window in which to address the vulnerability, after which a "limited advisory," which includes mitigation advice, is published if a patch has not been forthcoming. The Microsoft Windows zero-days that were publicly disclosed in such a fashion on May 19 mostly impact a core Windows system file called splwow64.exe, which is a printer driver host for 32-bit apps. The Spooler Windows OS (Windows 64-bit) executable enables 32-bit applications to be compatible with a 64-bit Windows system. CVE-2020-0915, CVE-2020-0916, and CVE-2020-0986 all impact that splwow64 Windows system file. All three are classified as high on the CVE severity scoring system with a 7.0 rating. If exploited by an attacker, these vulnerabilities would allow them to escalate privileges on the targeted Windows computer. "The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer," the ZDI advisory states, "An attacker can leverage this vulnerability to escalate privileges from low integrity and execute code in the context of the current user at medium integrity."Learn more about this zero-day vulnerability by visiting OUR FORUM.

Huawei Technologies Co. warned the latest U.S. curbs on its business will inflict a “terrible price” on the global technology industry, inflaming tensions between Washington and Beijing while harming American interests. China’s largest technology company said it will be “significantly affected” by a Commerce Department decree barring any chipmaker using American equipment from supplying Huawei without U.S. government approval. That means companies like Taiwan Semiconductor Manufacturing Co. and its rivals will have to cut off the Chinese company unless they get waivers -- effectively severing Huawei’s access to cutting-edge silicon it needs for smartphones and networking gear. Washington’s decision drew condemnation from Beijing, which regards Huawei as a national champion because of its success in dominating global networking technology. China and Huawei have threatened retaliation but Rotating Chairman Guo Ping on Monday refrained from commenting on a possible Beijing response -- a departure from just two months ago when the company warned Washington risked opening a “pandora’s box” and Chinese countermeasures if it chose to go ahead with additional restrictions. “Our business will significantly be impacted,” Guo said at a company briefing with analysts in Shenzhen. “Given the changes in the industry over the past year, it dawned on us more clearly that fragmented standards and supply chains benefit no one. If further fragmentation were to take place, the whole industry would pay a terrible price,” he added. Huawei is still assessing the potential fallout of the latest restrictions and couldn’t predict the impact on revenue, for now, Guo said. On Monday, a swathe of Huawei’s suppliers from TSMC to AAC Technologies Holdings Inc. plunged in Asian trading. Guo was far less vocal than colleague Richard Yu, who runs the consumer division responsible for smartphones. The outspoken executive said the restrictions that ostensibly aim to allay U.S. cybersecurity concerns are really designed to safeguard American dominance of global tech. “The so-called cybersecurity reasons are merely an excuse,” Yu, head of the Chinese tech giant’s consumer electronics unit, wrote in a post to his account on messaging app WeChat earlier on Monday. “The key is the threat to the technology hegemony of the U.S.” posed by Huawei, he added. Yu also posted a link to a Chinese article circulating on social media with part of its headline asking: “Why Does America Want to Kill Huawei?” Follow this and more news on Huawei on OUR FORUM.

Microsoft president and chief legal counsel Brad Smith has taken his turn at admitting Microsoft's former stance on open source put it on the "wrong side of history". In 2001 former Microsoft CEO Steve Ballmer famously said, "Linux is cancer that attaches itself in an intellectual property sense to everything it touches." Shortly after that and for the same reason, Microsoft co-founder Bill Gates described the open-source GPL (GNU General Public License) as "Pac-Man-like". Ballmer has since made peace with open source, and now Smith, who was one of Microsoft's top lawyers during its war on open source, has admitted he too was wrong about its approach to technology. "Microsoft was on the wrong side of history when open source exploded at the beginning of the century, and I can say that about me personally," he said in a talk about hot computing topics at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). "The good news is that, if life is long enough, you can learn … that you need to change." Of course today – with an eye on cloud developers and as the owner of a code-sharing site GitHub – Microsoft approaches open source completely differently, even shipping Windows 10 with a custom Linux kernel for developers who use the Windows Subsystem for Linux. "Today, Microsoft is the single largest contributor to open-source projects in the world when it comes to businesses," said Smith. "When we look at GitHub, we see it as the home for open-source development, and we see our responsibility as its steward to make it a secure, productive home for [developers]." Smith also said that in 2013 president Obama warned top execs from Google, Microsoft, Apple, and Facebook that they too would soon face scrutiny over privacy. Obama made the prediction at a roundtable with tech executives who were pushing for surveillance reforms following Edward Snowden's NSA leak, reminding them they held more data about people than the government did. Smith said the "political watershed moment" arrived with the Cambridge Analytica scandal, which affected tens of millions of Facebook users and resulted in huge fines for Facebook. Tune into OUR FORUM to learn more.   

Apple recently confirmed one of the longest-running vulnerabilities in iOS history, affecting millions of iPhone users. And now new information reveals it just got bigger. In April, Apple acknowledged that every iPhone released in the last eight years was vulnerable to remote attacks through the iOS Mail app. At the time, the company played down the severity of this saying it had seen ‘no evidence’ of exploits but now ZecOps, the security specialist which discovered the flaw, has contacted me with new information that not only is it being triggered in the wild but that the first potential triggers existed a decade ago and every iPhone ever made is vulnerable (Apple confirmed there are 900M active iPhone last year). 05/12 Update: Apple has responded to me saying it will be sticking to its original statement regarding this vulnerability (found here) and is crediting ZecOps for its discovery. As it stands, Apple is not commenting on ZecOps' additional discoveries of vulnerabilities and real-world triggers dating back to 2010. Apple will deliver a fix in iOS 13.5, but there is currently no commitment to patch previous versions of iOS to protect older iPhones. Needless to say, I will keep this post updated with further developments on both sides. As it stands, further developments appear inevitable. 05/13 Update: while Apple continues to play down this vulnerability, significant action is being taken elsewhere. For example, Germany's Federal Office for Information Security (BSI) has issued a statement recommending the removal of the iOS Mail app. BSI President Arne Schönbohm states: “The BSI assesses these vulnerabilities as particularly critical. It enables the attackers to manipulate large parts of the mail communication on the affected devices. Furthermore, there is currently no patch available. This means that thousands of iPhones and iPads are at acute risk from private individuals, companies, and government agencies. We are in contact with Apple and have asked the company to find a solution for the security of their products as soon as possible.” iOS 13.5 cannot arrive soon enough. "Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.” “We continued our research of the MailDemon vulnerability,” said ZecOps CEO Zuk Avraham. “We were able to prove that this vulnerability can be used for Remote Code Execution. Unfortunately, a patch is still not available.” For more visit OUR FORUM.