Image: Getty Images / Westend1 Almost a third of chief information security officers (CISOs) and IT security managers in the UK and US are considering leaving their current organization, according to new research. Not only that, but a third are planning to quit their jobs within the next six months. Cybersecurity firm BlackFog surveyed over […] More

Pros Good price FIDO2 and FIDO U2F support Cons Some setup required No NFC or biometric optionsMany devices now use biometrics to let you log in without the inconvenience of remembering and typing a password: it’s more secure, but it usually adds a little to the price of the device. If you use any devices that don’t have Windows Hello, Face ID or a fingerprint sensor then you must have a password on your account anyway.   If you want to use two-factor authentication (2FA) or even go full passwordless but you still have older devices with no biometric hardware (or you prefer not to use biometrics), a FIDO2 hardware key will let you use the same cross-platform authentication that’s built into Windows, MacOS, iOS, Android, ChromeOS, Linux (although you may need to do a little more setup) and an increasing number of online services like Microsoft 365, Azure AD, Google Drive and more.  More

A new data strategy was announced by the federal government on Tuesday morning, outlining a goal for Australia to have a modern, data-driven society by 2030. The data strategy, a first for Australia, will focus on initiatives based around maximising the value of data, trust and protection, and enabling data use. The strategy sits alongside an action plan that sets out those initiatives and their expected delivery timeframes up to 2025. At the end of 2025, the federal government will then update the data strategy to implement new initiatives up to 2030, said Stuart Robert, the Minister responsible for digital transformation. Robert said the strategy was developed in consultation with private, research, and not-for-profit sectors. “The data strategy is part of our commitment to deliver better services to all Australians, and it will power our national ambition to become a modern, data-driven society by 2030,” Robert said. In relation to the strategy’s focus of maximising the value of data, the government will look to create a new “front door” for accessing Australian government open data, communicating about data better, and implementing the Data Availability and Transparency Scheme. “Access to the right data and analytics can help government and private decision-makers tailor how they deliver these services. For example, Census data can not only be used to identify where services are needed, but also how to best tailor those services for the needs of Australians,” the strategy outlines.

Practically, this will entail transitioning the data.gov.au website to become the “one-stop shop” for all Australians interacting with Australian government data by the end of next year. On the trust and protection front, the strategy has called for the continued expansion of the consumer data right, as well as a review of the Privacy Act to see whether its enforcement mechanisms are fit for purposes in the digital age. The AU$40 million investment into extending the National Disability Data Asset announced last week also falls under the strategy’s scope. Other initiatives within the data strategy include measuring the data maturity of government agencies, developing guidance on embedding data professional roles within all parts of Australian government agencies, investigating new and enhanced data collection and reporting methods, and establishing a new International Data Policy function within the Australian Public Service. The national data strategy’s release comes a fortnight after the federal government updated its digital government strategy, which saw it place more emphasis on uplifting digital ecosystems and reusing technologies to deliver more value for money. When the digital government strategy refresh was announced, the federal government had been receiving backlash by a Senate committee for its lack of progress in auditing its IT capabilities, especially as it did not have a central data collection process related to IT expenditure across government.   Related Coverage More

Malware developers are increasingly turning to unusual or “exotic” programming languages to hamper analysis efforts, researchers say. 

According to a new report published by BlackBerry’s Research & Intelligence team on Monday, there has been a recent “escalation” in the use of Go (Golang), D (DLang), Nim, and Rust, which are being used more commonly to “try to evade detection by the security community, or address specific pain-points in their development process.” In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.  BlackBerry’s team says that first-stage droppers and loaders are becoming more common in order to avoid detection on a target endpoint, and once the malware has circumvented existing security controls able to detect more typical forms of malicious code, they are used to decode, load, and deploy malware including Trojans.  Commodity malware cited in the report includes the Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.  Some developers, however — with more resources at their disposal — are rewriting their malware fully into new languages, an example being Buer to RustyBuer. Based on current trends, the cybersecurity researchers say that Go is of particular interest to the cybercriminal community. 

According to BlackBerry, both advanced persistent threat (APT) state-sponsored groups and commodity malware developers are taking a serious interest in the programming language to upgrade their arsenals. In June, CrowdStrike said a new ransomware variant borrowed features from HelloKitty/DeathRansom and FiveHands, but used a Go packer to encrypt its main payload.  “This assumption is based upon the fact that new Go-based samples are now appearing on a semi-regular basis, including malware of all types, and targeting all major operating systems across multiple campaigns,” the team says.  While not as popular as Go, DLang, too, has experienced a slow uptick in adoption throughout 2021. By using new or more unusual programming languages, the researchers say they may hamper reverse-engineering efforts and avoid signature-based detection tools, as well as improve cross-compatibility over target systems. The codebase itself may also add a layer of concealment without any further effort from the malware developer simply because of the language in which it is written.  “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” commented Eric Milam, VP of Threat Research at BlackBerry. “This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Screenshot: Asha Barbaschow/ZDNet
Google has announced a new setting that allows users to control whether data within Gmail, Meet, and Chat can be used to serve up suggestions across its suite of products.
It’s calling the function “Smart” features.
“Think: tabbed inbox, Smart Compose, and Smart Reply in Gmail; reminders when your bills are due in the Google Assistant; and restaurant reservations in Google Maps,” it wrote in a blog post penned by product manager Maalika Manoharan.
See also: Most consumers will trade their data for personalization
Although the ability to turn some of these options on isn’t new, Google is now bundling it up into a more user-friendly feature, saying it gives clearer choice over the data processing that makes them possible.
“This new setting is designed to reduce the work of understanding and managing that process, in view of what we’ve learned from user experience research and regulators’ emphasis on comprehensible, actionable user choices over data,” the search giant said.
Google reiterated the user remains in control of their data. It said the smart features served up are the result of automated algorithms, not manual review.

“And, Google ads are not based on your personal data in Gmail, no matter which choice you make,” it added.
“If you decide not to use smart features and personalization, you will still be able to use Gmail and our other products. And if you decide later on that these features are helpful and you’d like to turn them on, you can do so in your Gmail settings.”
MORE FROM GOOGLE
Google’s Recommendations AI now in public beta
The fully-managed service enables retailers to use AI to give customers personalized product recommendations.
Google unveils revamped Google Analytics with new ML models, more granular data controls
With the redesign, Google said it’s aiming to provide a more modern approach to data analytics and measurement.
Google launches Chrome extension for ad transparency, Trust Token API
Google has taken new steps towards its grand master plan to revamp the online advertising ecosystem. More