News

News

• July 22, 2015 22 Jul'15

  Hackers targeting .NET shows the growing pains of open source security

  According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.

• July 21, 2015 21 Jul'15

  Microsoft releases out-of-band patch for Windows zero-day

  A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.

• July 20, 2015 20 Jul'15

  Black Hat and Google speak out against Wassenaar Arrangement

  The Wassenaar Arrangement is a multilateral export control association aimed at controlling a wide range of goods, including intrusion software. However, Black Hat and Google believe the proposed rules will have a negative impact on security.

• July 17, 2015 17 Jul'15

  DOJ takes down Darkode, but for how long?

  The U.S. Department of Justice, in coordination with 20 countries, has taken down the computer hacking forum known as Darkode, but experts say the community is already rebuilding.

• July 17, 2015 17 Jul'15

  Subway app reverse engineering highlights uptick in mobile app safety

  News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• July 16, 2015 16 Jul'15

  Flash Player security failures turn up the hate

  There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.

• July 15, 2015 15 Jul'15

  More Flash zero-day bugs follow Hacking Team breach

  Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.

• July 14, 2015 14 Jul'15

  July 2015 Patch Tuesday: Microsoft and Adobe attack Hacking Team zero-days

  July 2015's Patch Tuesday shows both Microsoft and Adobe working fast to patch four Hacking Team zero-day vulnerabilities exposed in the past week.

• July 14, 2015 14 Jul'15

  Windows Server 2003 end of life leaves many at risk

  The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.

• July 10, 2015 10 Jul'15

  FBI: We don't want a government backdoor, just access to encrypted data

  News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.

• July 10, 2015 10 Jul'15

  OPM hackers stole 21.5 million records, 1.1 million fingerprints

  Investigators for the OPM data breach find that 21.5 million personal records were stolen in the attack, including 1.1 million fingerprints. The White House is still considering its response.

• July 10, 2015 10 Jul'15

  Homeland Security chief calls for federal breach reporting law

  The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws.

• July 08, 2015 08 Jul'15

  Industrial espionage group hacked Apple, Facebook, Microsoft

  A mysterious hacker group has hit a number of major U.S. companies with the intent of committing industrial espionage, according to new security research reports.

• July 08, 2015 08 Jul'15

  Adobe patches Flash zero-day found in Hacking Team data breach

  Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.

• July 07, 2015 07 Jul'15

  Critical OpenSSL patch coming Thursday

  The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.

• July 06, 2015 06 Jul'15

  Hacking Team internal documents released after massive data breach

  Controversial Italian surveillance software firm, Hacking Team, was attacked, resulting in a 400 GB leak of sensitive data. The response from the Hacking Team was threatening, but may have been part of the attack.

• June 30, 2015 30 Jun'15

  US government passwords stolen and leaked around the Web

  A report reveals that many stolen US government agency passwords traveled across the Web, including credentials from OPM, which was recently breached due to stolen passwords.

• June 26, 2015 26 Jun'15

  DNS vulnerability found in RubyGems software packaging client

  RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.

• June 26, 2015 26 Jun'15

  Click fraud to ransomware: Study highlights dangers of malware lifecycle

  New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!

• June 25, 2015 25 Jun'15

  Stolen passwords to blame for OPM breach; director may take the fall

  The OPM director told a Senate hearing that passwords stolen from a contractor led to the OPM breach. Now, her job is on the line and the number of breached records could be on the rise.

• June 23, 2015 23 Jun'15

  Adobe releases emergency Flash zero-day patch

  Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.

• June 23, 2015 23 Jun'15

  Study: government compliance-based vulnerability remediation is failing

  In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.

• June 23, 2015 23 Jun'15

  NIST guidance: Better security from federal contractors

  With the recent OPM breach raising questions about the security of federal data within the government, NIST has issued new guidelines in order to secure data stored by federal contractors outside government facilities.

• June 19, 2015 19 Jun'15

  Apple sandbox flaws allow password stealing, communication interception

  News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.

• June 17, 2015 17 Jun'15

  Samsung vulnerability affects up to 600 million Android devices

  A flaw in the default keyboard found on many Samsung Galaxy Android devices may leave as many as 600 million devices at risk for a man-in-the-middle attack.

• June 16, 2015 16 Jun'15

  New Android Security Rewards program aims for end-to-end improvements

  Google launches new Android Security Rewards program that goes beyond traditional bug bounties and offers monetary rewards for security development.

• June 15, 2015 15 Jun'15

  White House pushes government cybersecurity changes

  As the estimated number of current and former federal employees affected by the OPM data breach triples, the White House pushes new government cybersecurity changes to avoid another breach.

• June 12, 2015 12 Jun'15

  White House, Apple join the fight for HTTPS encryption

  News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?

• June 11, 2015 11 Jun'15

  Dark Web scanner promises to cut data breach detection time to seconds

  As the focus of security moves to detection and response, a new product aims to find stolen corporate data within seconds or minutes of a data breach occurring by crawling the dark Web, but one expert questions the need for such a product.

• June 11, 2015 11 Jun'15

  FIDO Alliance gains momentum, adds government support

  Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.

• June 11, 2015 11 Jun'15

  Duqu malware makes a comeback and infiltrates Kaspersky systems

  The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign.

• June 09, 2015 09 Jun'15

  June 2015 Patch Tuesday brings critical IE security fix, Flash update

  Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Plus: Adobe releases fix for 13 Flash vulnerabilities.

• June 05, 2015 05 Jun'15

  Government data breach puts EINSTEIN defense system under question

  The FBI is investigating a government data breach in which up to 4 million records may have been stolen and China-based hackers are the prime suspects, but the efficacy of the DHS EINSTEIN defense system has been put under question.

• June 05, 2015 05 Jun'15

  Vulnerability study questions accuracy of CVSS scores

  A new study claims social media may be a useful indicator of vulnerability risk and lead to more accurate CVSS scores and prioritization.

• June 05, 2015 05 Jun'15

  Facebook, Google, Mozilla raise the bar with new user privacy controls

  News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?

• June 03, 2015 03 Jun'15

  Adversaries never sleep: unknown malware downloaded every 34 seconds

  In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.

• June 02, 2015 02 Jun'15

  Insecure mobile cloud backups leave millions of credentials exposed

  Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed.

• June 02, 2015 02 Jun'15

  Malware analysis beyond the sandbox

  Researchers estimate that 70% of organizations will have implemented virtual servers by the end of 2015, representing a tipping point in enterprises’ adoption of virtualization. Virtual machines (VMs) must be protected from malware like other ...

• May 29, 2015 29 May'15

  IRS breach shows the importance of PII security

  A breach of the IRS' Internet tax form service "Get Transcript" exposed the personal information and tax filings of thousands of people.

• May 29, 2015 29 May'15

  Cybersecurity threat discussion (finally) in boardroom

  News roundup: Cybersecurity is finally garnering attention at the boardroom table, but not necessarily for the right reasons. Plus: Ponemon's "Cost of Data Breach"; D-Link vulnerabilities; NitlovePOS; bad bots.

• May 29, 2015 29 May'15

  Smartphone security threats plague Android and iPhone alike

  As the global smartphone market slows, it's becoming readily apparent that the rise of smartphone security threats isn't slowing -- and no OS is safe.

• May 28, 2015 28 May'15

  President urges Senate to act on Section 215 question

  With Section 215 of the Patriot Act meeting its demise on June 1, President Obama calls for the Senate to get busy.

• May 26, 2015 26 May'15

  NetUSB router vulnerability puts devices in jeopardy

  A newly discovered router vulnerability could leave millions of connected devices open to denial-of-service attacks and remote code execution.

• May 22, 2015 22 May'15

  2015 DDoS attacks on the rise, attackers shift tactics

  News roundup: New research highlights the changing nature of DDoS attack frequency and methodology. Plus: New malware strains double in second half of 2014; two new address bar spoofing vulnerabilities.

• May 22, 2015 22 May'15

  Government backdoor security concerns prompt letter to president

  As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.

• May 21, 2015 21 May'15

  Too many false positives, security alerts inundate enterprise, study says

  A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.

• May 20, 2015 20 May'15

  Google changes Chrome extension policy amid security concerns

  Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store.

• May 20, 2015 20 May'15

  Logjam flaw crimps TLS encryption; NSA may have used it

  A newly discovered TLS vulnerability that affects thousands of websites, servers and browser users could allow attackers to bypass encryption.

• May 19, 2015 19 May'15

  Fortinet, DHS form security information sharing partnership

  Network security vendor Fortinet and DHS signed an agreement on security information sharing for better cyber protection in the public and private sectors.

• May 18, 2015 18 May'15

  Alleged airplane hack creates more questions than answers

  As details emerge about a security researcher's alleged hack -- and subsequent denial -- of an airplane, more questions are being asked than answers given.

• May 15, 2015 15 May'15

  Will Microsoft Edge security features make up for past sins?

  News roundup: Microsoft released security details of its new Edge browser, but is enough to restore user confidence? Plus: Millennial security threats; new ransomware, GPU-based malware; black hat cybersecurity services.

• May 13, 2015 13 May'15

  Security ethics survey shows honesty is a tricky business

  A security ethics survey conducted at the 2015 RSA Conference indicates that infosec professionals may be wary of media attention in breach and vulnerability reporting.

• May 12, 2015 12 May'15

  AlienVault updates SIEM platforms after vulnerabilities exposed

  Security software maker AlienVault scrambled to patch two of its products after a security researcher exposed longstanding vulnerabilities in them.

• May 12, 2015 12 May'15

  May 2015 Patch Tuesday isn't all about critical patches, experts say

  Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.

• May 11, 2015 11 May'15

  Intel's Security Connected aims to be the glue for enterprise security

  Intel Security wants to offer a full set of security products, but believes highest value may come from being a bridge. Security Connected aims to integrate non-Intel products and place Intel at the center, although experts worry about complexity.

• May 08, 2015 08 May'15

  How the WordPress XSS vulnerability was patched so quickly

  WordPress was found to have two new zero-day XSS vulnerabilities that were being exploited, but a patch has already been issued to mitigate the issues.

• May 08, 2015 08 May'15

  Mobile malware statistics highlight unknown state of mobile threats

  News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.

• May 07, 2015 07 May'15

  Malware detection tool tackles medical device security

  WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.

• May 06, 2015 06 May'15

  Experts debate the value and future of data loss prevention tools

  Data loss prevention tools have been on the market for close to 10 years, but adoption and deployment are still inconsistent. Experts point to a shift in how enterprises will deploy DLP moving forward.

• May 06, 2015 06 May'15

  Microsoft debuts password-free Windows Hello, PatchTuesday changes

  Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.

• May 05, 2015 05 May'15

  Local Administrator Password Solution aims to stop credential replay

  Microsoft has released its Local Administrator Password Solution for a common admin login account across all domain-joined computers in hopes that it will decrease pass-the-hash attacks.

• May 04, 2015 04 May'15

  Anti-sandbox capabilities found in Dyre malware

  Seculert research discovers that a new version of the financial malware Dyre is avoiding sandbox detection by counting the number of cores.

• May 01, 2015 01 May'15

  Subscription model for SSL certificates could be easier and cheaper

  A Utah-based startup hopes to change the way enterprises buy SSL certificates to a subscription model, and one expert thinks it could work as long as enterprises can trust the security.

• May 01, 2015 01 May'15

  Government cybersecurity flounders as cybersecurity bills pass House

  News roundup: Many believe the government should help avert cybersecurity woes, yet two House-approved cybersecurity bills are frowned upon. Plus: DDoS increase linked to IoT; Google password alert; 70% put networks at risk with undocumented changes.

• April 30, 2015 30 Apr'15

  How WestJet Airlines nixed network complexity, boosted security

  At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence.

• April 30, 2015 30 Apr'15

  Government agencies struggling with security data analytics

  Security data analytics are a must-have for government agencies to stay one step ahead of cyber attackers, according to a study conducted by MeriTalk.

• April 29, 2015 29 Apr'15

  Port monitoring critical to detecting, mitigating attacks using SSL

  As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.

• April 29, 2015 29 Apr'15

  Secunia: End-of-life software posing a big security risk

  Secunia's quarterly Personal Software Inspector (PSI) report shows that while OS and application patching has remained steady, users may be ignoring end-of-life software and the risks associated with it.

• April 29, 2015 29 Apr'15

  IT security and compliance: Get leadership on board to find balance

  At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation.

• April 29, 2015 29 Apr'15

  RSA Conference 2015 recap: Record attendance, record stakes

  This year's RSA Conference once again broke the previous year's attendance record. Is the show getting too big for San Francisco? Plus key takeaways and final words from our executive editor.

• April 28, 2015 28 Apr'15

  Comparing the top SSL VPN products

  Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.

• April 28, 2015 28 Apr'15

  Open source threat model aims to make enterprise safer with less work

  An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.

• April 28, 2015 28 Apr'15

  Despite benefits, skepticism surrounds bug bounty programs

  Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics.

• April 28, 2015 28 Apr'15

  Insider threat programs need people, not technology

  A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.

• April 27, 2015 27 Apr'15

  DevOps explained: Why experts call DevOps and security a perfect match

  At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends.

• April 27, 2015 27 Apr'15

  New study shows enterprise security confidence high but defenses low

  A new study from network security firm Fortinet shows that enterprise security confidence levels are high despite a lack of comprehensive security measures.

• April 27, 2015 27 Apr'15

  WordPress vulnerable to stored XSS bug, researchers find

  A researcher has released a proof-of-concept exploit for a WordPress vulnerability leveraging stored XSS, which could lead to remote code execution on affected servers.

• April 27, 2015 27 Apr'15

  On healthcare data security, not all security pros see unique challenges

  At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals.

• April 24, 2015 24 Apr'15

  Long-duration advanced persistent threat attacks now the norm, say experts

  Threat experts at RSA Conference 2015 say today's most dangerous attack techniques reflect a shift toward long-duration attacks that are often nearly impossible to detect.

• April 24, 2015 24 Apr'15

  Clarity needed to cultivate next-gen cybersecurity workforce

  Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails -- and if they have the proper training for it.

• April 24, 2015 24 Apr'15

  NIST wants help building the one ID proofing system to rule them all

  The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.

• April 24, 2015 24 Apr'15

  Insecure SSL coding could lead to Android man-in-the-middle attacks

  Researchers have found thousands of apps that feature insecure coding practices in implementing SSL protocols, which could lead to Android man-in-the-middle attacks.

• April 23, 2015 23 Apr'15

  Opportunity abounds for those with both business, security skills

  Executives now listen to their security managers but experts speaking at the RSA Conference 2015 say infosec leaders must learn business security skills and think long term.

• April 23, 2015 23 Apr'15

  RSA attendees ponder how to trim bloated security portfolios

  At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios.

• April 23, 2015 23 Apr'15

  Effective data breach response plans hinge on human preparedness

  Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered.

• April 23, 2015 23 Apr'15

  Pescatore on security success: Breach prevention is possible

  At RSA Conference 2015, John Pescatore offered real-world case studies proving that information security technologies can help prevent data breaches.

• April 22, 2015 22 Apr'15

  Industry experts warn only cyberliability insurance covers breaches

  Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks.

• April 22, 2015 22 Apr'15

  Can supply chain security assuage Huawei security concerns?

  Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor.

• April 22, 2015 22 Apr'15

  Mobile malware is not a serious threat, Damballa shows

  An Atlanta-based threat prevention company says the chances of acquiring mobile malware infection are as slim as the chance of being struck by lightning.

• April 22, 2015 22 Apr'15

  Government cybersecurity experts push for better information sharing

  At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector.

• April 22, 2015 22 Apr'15

  Threat intelligence programs maturing despite staffing, tech obstacles

  A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.

• April 21, 2015 21 Apr'15

  Yoran: RSA, information security industry needs 'radical change'

  New RSA President Amit Yoran says business as usual isn't stopping the evolving threat landscape, and hints at radical changes coming to the information security industry and within RSA itself.

• April 21, 2015 21 Apr'15

  Raytheon cybersecurity bolstered by Websense acquisition

  Vista sells majority stake in security provider Websense to boost Raytheon cybersecurity defense amidst copious information breaches.

• April 21, 2015 21 Apr'15

  Waratek grabs RSA Innovation Sandbox honors

  Runtime application self-protection startup Waratek wins coveted RSA Innovation award.

• April 21, 2015 21 Apr'15

  SIMDA botnet down: 770,000 infected computers rescued

  INTERPOL collaborated with Trend Micro, Microsoft and Kaspersky to take down botnet affecting 770,000 users.

• April 20, 2015 20 Apr'15

  Successful women in security tout need for mentoring, encouragement

  Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way.

• April 20, 2015 20 Apr'15

  Hiring millennials key to reducing security workforce shortage

  At RSA Conference 2015, speakers at an (ISC)2 panel said attracting and hiring millennials is a huge key to alleviating the worsening information security workforce shortage.

• April 17, 2015 17 Apr'15

  Machine versus the bots: Does your website pass the Turing 2.0 test?

  New Web security models use browser behavior and polymorphism to protect against data theft and fraud.

• April 17, 2015 17 Apr'15

  Patch Tuesday's Windows HTTP.sys flaw under attack

  A critical vulnerability in Windows HTTP.sys was detailed as part of Microsoft's April Patch Tuesday, and the flaw is already being actively exploited in the wild.

• April 17, 2015 17 Apr'15

  Microsoft cybersecurity strategy: Time for another Bill Gates email

  Opinion: Executive Editor Eric Parizo says Microsoft's security strategy may have once been the benchmark for other vendors to emulate, but in 2015 the software giant's priorities lie elsewhere.