New rules from the US government on H-1B visas could damage national cybersecurity.

The tech industry faces new Department of Homeland Security (DHS) rules starting Dec. 15 requiring that H-1B visa applicants make their social media activity public. It’s a move that is unlikely to generate much goodwill from overseas workers looking to come to the US and could be detrimental to tech interests in Silicon Valley.

Shake up. As Cecilia Esterline, Niskanen Center senior immigration policy analyst, told IT Brew earlier this month, the new rules mean there is “this uncertainty and unpredictability that has been introduced into an otherwise somewhat predictable program.”

“Right now, we’re not in the normal, in terms of normal H-1B procedures,” Esterline added. “I think not relying on past experiences, or what has worked for a company in the past, but continuing to update those practices to meet the new moment is what will be required.”

Check the procedure.—EH

What if we took a large language model (LLM) and made it…smaller? Experts are mixed on if such small language models (SLMs) could deliver LLM-sized results at a reduced cost. For IT pros, the decision to use SLMs could have a sizable impact on their organizations.

Tom Bachant, the CEO of Unthread, a company that provides AI-powered technical solutions and assistance via Slack, doesn’t see SLMs as the answer to organizations’ needs for chatbots and other AI tools, especially with consumer expectations so high, thanks to LLMs like OpenAI’s ChatGPT and Google’s Gemini.

“You need to give a large language model access to some of this data, and that’s not inherently a bad thing,” Bachant said. “Companies [are] already doing this today. They connect all their tools through Workato or Zapier, or these different tools where there is access and that’s shared across different platforms.”

Size matters.—CN

IT help desks need to brace for an evolving threat that sounds like an unofficial sequel to the Pirates of the Caribbean franchise.

In December, Okta Threat Intelligence released a threat advisory detailing how malicious actors can gain unauthorized access to payroll software. These threats are widely known as payroll pirate attacks.

Pirates of the payroll. According to VP of Okta Threat Intelligence Brett Winterford, these attacks often began with adversaries calling a company’s help desk, posing as a user and requesting a password reset.

“Typically, what the adversary will do is then come back to the help desk, probably to someone else on the phone, and say, ‘Well, I have my password, but I need my MFA factor reset,’” Winterford said. “And then they enroll their own MFA factor, and from there, gain access to those payroll applications for the purposes of committing fraud.”

Follow the map.—BM

After conquering Go, AlphaGo’s legacy lives on in today’s AI revolution. DeepMind’s David Silver explains how lessons from a 3,000-year-old game are powering modern breakthroughs—and why collaboration, not competition, is the key to progress.