The UK government has announced its intention to introduce a Cyber Security and Resilience Bill aimed at updating the country's cybersecurity regulations. This new legislation will include mandatory reporting requirements for companies hit by ransomware, in response to increasing ransomware incidents. While originally ambitious plans proposed by the Home Office would have required all ransomware victims to report and seek authorization before making extortion payments, the current bill restricts new rules to regulated entities and possibly managed service providers, leaving out broader private sector requirements. The bill aims to enhance the protection for digital services and supply chains, particularly critical public services, and includes measures to improve incident reporting standards and empower regulators to ensure cyber safety. The Department for Science, Innovation and Technology is spearheading the effort, though the introduction date to parliament remains unspecified.

UK to introduce watered-down version of mandatory reporting for ransomware attacks The Record

An investigation by Proof News has revealed that several major AI companies, such as Apple, Nvidia, and Salesforce, have leveraged subtitles from 173,536 YouTube videos to train their AI models, despite YouTube’s rules against unauthorized data harvesting. This dataset, known as YouTube Subtitles, includes transcripts from educational channels like Khan Academy and Harvard, as well as popular shows and channels like MrBeast, Marques Brownlee, and PewDiePie. Creators were not notified or compensated for the use of their content, which has sparked concerns about consent and fair use within the creator community. AI companies argue that the data was publicly available and did not violate YouTube's terms directly. However, there are ongoing legal debates about the ethical implications and potential hazards of using such data without explicit permission from content creators. The case raises important questions about data use, copyright, and compensation in the age of AI.

Apple, Nvidia, Anthropic Used Thousands of Swiped YouTube Videos to Train AI Proof News

Cisco announced a critical vulnerability in its Smart Software Manager On-Prem devices, allowing unauthenticated remote attackers to change any user's password, including administrators'. The vulnerability, identified as CVE-2024-20419 and rated with the highest severity score of 10, stems from improper password change process implementation. Exploiting it via crafted HTTP requests grants the attacker web UI or API access with the compromised user’s privileges. No immediate workarounds are available, but a security update has been released that addresses the issue. Cisco reports no current evidence of active exploitation.

Vulnerability in Cisco Smart Software Manager lets attackers change any user password arstechnica

A recent report by the West Health-Gallup Healthcare Affordability Index reveals that only 55% of Americans can now afford and access prescription drugs and quality healthcare, marking a six-point drop since 2022. The most significant declines were observed among adults aged 50-64 and those 65 and older, with younger adults under 50 experiencing the highest affordability challenges. The report categorizes Americans based on their ability to pay for and access healthcare into Cost Secure, Cost Insecure, and Cost Desperate groups. Forty-five percent of adults fall into the Cost Insecure or Cost Desperate categories, with significant disparities across age, race, and gender. Despite the negative trend, some optimism is tied to forthcoming policy changes, such as Medicare's enhanced ability to negotiate drug prices, which could stabilize healthcare costs. The survey's findings are based on responses from over 5,000 adults across the United States, collected between November 2023 and January 2024.

Americans' ability to afford healthcare hits new low in 2024 News-Medical.net