Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Max severity RCE flaw discovered in widely used Apache Parquet

Bleeping Computer - 3 Duben, 2025 - 23:29
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. [...]
Kategorie: Hacking & Security

Hunters International shifts from ransomware to pure data extortion

Bleeping Computer - 3 Duben, 2025 - 23:06
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. [...]
Kategorie: Hacking & Security

Tariff war throws building of data centers into disarray

Computerworld.com [Hacking News] - 3 Duben, 2025 - 22:55

Enterprise IT leaders are facing a double-whammy of uncertainties complicating their data center building decisions: The ever-changing realities of genAI strategies, and the back-and-forth nature of the current tariff wars pushed by the United States.

“This is obviously a fluid situation. The stated goal of the [US] administration is to bring more development into the US,” said Forrester Senior Analyst Alvin Nguyen. “But with some of these activities, there is the potential that it draws some manufacturing and other capabilities of the data center away from the US.”

Nguyen, who advises enterprises on data center strategies, said the tariffs are adding complexity and uncertainty into the already volatile genAI data center strategies.

“Right now, there’s too much variability. With all of the tariffs, this may be the thing that slows down AI,” Nguyen said. “And if you slow down AI, that will slow down the data centers.”

Kategorie: Hacking & Security

Microsoft urges Office users to upgrade to 365 — or face doom

Computerworld.com [Hacking News] - 3 Duben, 2025 - 22:32

Microsoft is urging Office 2016 and 2019 customers to upgrade to Microsoft 365 before support ends Oct. 14, but analysts said viable alternatives are available outside Microsoft’s walled garden.

“Continuing to use unsupported software can expose your organization to security vulnerabilities, compliance risks, and operational disruptions,” the company warned in a blog post.

Microsoft 365 is the cloud-based version of Microsoft Office, which also includes Teams, Copilot and web-based collaborative features. It is available only by subscription, with prices starting at $9.99 a month, or $99.99 a year for the Personal edition.

The alternative, a standalone desktop version of Microsoft Office, doesn’t have the AI and collaboration features, nor does it have Copilot or Teams. Users looking to replace Office 2016 or 2019 could also opt for the convenience of a one-time purchase of Office 2024, which costs $149. 

Microsoft in the blog post talked only about upgrading to M365, which never expires. Office 2024 support ends in October 2029.

Analysts said enterprise customers might find upgrading to Microsoft 365 worthwhile for its generative AI (genAI) tools, collaborative features and security. Or, depending on enterprise AI and productivity needs, they could jump ship for rivals such as Google Workspace

For enterprise customers worried about data privacy in the cloud, the desktop edition of Office or free open-source alternatives such as LibreOffice might be more attractive. The $149 price of Office 2024 might also be cheaper than Microsoft 365 in the long run, analysts said.

Microsoft wants to move customers to Microsoft 365 subscription services, said Jason Wong, vice president at Gartner for on app design and development.

“This makes support easier and lowers the cost of products for Microsoft, while at the same time it opens up many up-sell and cross-sell opportunities such as security products, the Power Platform tools, and of course M365 Copilot,” Wong said.

Basic Microsoft 365 editions for home users or business users don’t include Teams. But users can get features that include Intune, Defender, Clipchamp and Loop at higher subscription prices.

For those who only need Microsoft Office apps that include PowerPoint and Word, the standalone option could be attractive, especially if they already use something like Google or Zoho for mail, calendar, and document storage, said Irwin Lazar, principal analyst at Metrigy.

“For those wishing to take advantage of AI, an upgrade to M365 is a requirement. I expect that for [small and mid-sized businesses], Microsoft now offering M365 without Teams at a lower price could prove attractive,” Lazar said. 

Metrigy in a recent study noted that about 25% of Microsoft customers were evaluating the unbundled option. The study, Employee Experience Optimization: 2025, was published in November.

“Google’s recent price increases for Workspace are likely to help Microsoft, especially for SMBs, though Google includes Gemini AI now with Workspace,” Lazar said.

Enterprises would see value in moving from legacy on-prem, disconnected apps to Microsoft 365 though at this point those were probably Lotus or legacy on-prem Exchange/Sharepoint customers.  “The savings is likely to be minimal if customers are already using cloud-based services for document, email, and calendar,” Lazar said.

Some organizations are resisting the push to the cloud — primarily European-based companies with stricter data requirements and regulations. “Cost also plays a factor in staying on-premise, but typically organizations realize they won’t be getting the latest features and capabilities, like generative AI and Copilot, if they choose this path,” Wong said. 

Gartner sees clients evaluating rival suites to see what life looks like outside of the Microsoft ecosystem. “It typically comes down to familiarity of products and features for the workers, and the overall security and cost of ownership for IT to consider whether to switch or not,” Wong said.

Microsoft, for its part, painted a doomsday scenario to get users to upgrade to Microsoft 365 if they don’t quit Office 2016 or 2019 by the time support expires. 

“You may have started noticing limitations,” the company wrote. “Your apps are stuck on your desktop, limiting productivity anytime you’re away from your office. You can’t easily access your files or collaborate when working remotely or traveling, creating unnecessary friction for your team. Perhaps you’ve seen your company’s IT expenses creep upwards as you’ve added separate solutions for email, file storage, and virtual meetings.”

Kategorie: Hacking & Security

Microsoft starts testing Windows 11 taskbar icon scaling

Bleeping Computer - 3 Duben, 2025 - 22:04
​Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. [...]
Kategorie: Hacking & Security

CISA warns of Fast Flux DNS evasion used by cybercrime gangs

Bleeping Computer - 3 Duben, 2025 - 21:37
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. [...]
Kategorie: Hacking & Security

How To Accelerate Digital Transformation

Computerworld.com [Hacking News] - 3 Duben, 2025 - 20:59

Your weekly round-up of the questions asked by readers of CIO, Computerworld, CSO, InfoWorld, and Network World sees us learn how culture impacts digital transformation, the rise of cloud-based ERP, and desktop-based office software.

Transform Faster

Disruptive forces dictate the need for speed when it comes to key digital initiatives. This week we reported 12 ways in which IT leaders are overhauling strategies and processes to streamline IT for quicker success. We explained how to transform: faster.  

Transformation is not only a question of technology, of course. And the readers of CIO were keen to understand how big a part organizational culture plays in transformation projects. According to Smart Answers: a lot.  

It says that organizational culture impacts time to business outcomes and the development of digital core competencies. And that a culture committed to digital transformation, such as a cloud-committed culture, can accelerate the adoption of digital technologies. Transformation requires a change in mind set, and culture is a big part of that. 

Find out: How does organizational culture impact digital transformation speed?  

SAP is Rising

Last week we reported on problems in migrations to SAP’s S4/HANA. This week we brought the better news that SAP adoption is surging (in Europe at least) as enterprises embrace cloud. But why? What is driving the trend of cloud ERP adoption? 

The accepted answer would be that organizations are looking to accelerate digital transformation efforts and seek greater operational efficiency through advanced technologies. Smart Answers takes that ball and runs with it, adding other factors: a broader shift toward scalable and efficient IT infrastructure; SAP’s RISE with SAP program, designed to facilitate cloud migration; and the cost savings from not having to refresh systems is another factor driving the adoption of cloud-based ERP systems. 

Find out: What is driving the trend of cloud ERP adoption?  

The Price of Productivity

Recently we reported that LibreOffice downloads are on the rise as users look to avoid subscription costs. We said that the free open-source Microsoft Office alternative is being downloaded by nearly 1 million users a week.  

It makes sense, right? Something free is better than something expensive. But is it a fair comparison. Readers of Computerworld wanted to know if a desktop productivity suite could compete with a cloud-based solution such as O365. The answer is yes… but Microsoft’s desktop software is the best solution. At least that is the opinion of Smart Answers.  

Find out What are the advantages of using a desktop office productivity suite over a cloud-based one?  

About Smart Answers 

Smart Answers is an AI-based chatbot tool designed to help you discover content, answer questions, and go deep on the topics that matter to you. Each week we send you the three most popular questions asked by our readers, and the answers Smart Answers provides.  

Developed in partnership with Miso.ai, Smart Answers draws only on editorial content from our network of trusted media brands—CIO, Computerworld, CSO, InfoWorld, and Network World—and was trained on questions that a savvy enterprise IT audience would ask. The result is a fast, efficient way for you to get more value from our content. 

Kategorie: Hacking & Security

Ivanti patches Connect Secure zero-day exploited since mid-March

Bleeping Computer - 3 Duben, 2025 - 19:43
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. [...]
Kategorie: Hacking & Security

Apple feels gravity as the Trump tariff hammer falls

Computerworld.com [Hacking News] - 3 Duben, 2025 - 19:43

Apple’s leadership is no doubt scrambling to identify a silver lining (if there is one) as the storm of US President Donald J. Trump’s punishing range of global tariffs rains heavily across the company’s supply chain. Even Apple’s attempt to mitigate the impact of anticipated tariffs on Chinese goods with big investments in manufacturing in IndiaThailand, and elsewhere wasn’t enough. 

Most of the world will be affected by Trump’s tariffs, which the company is unlikely to be able to swallow whole without raising product prices.

The scale is huge — 54% (the 34% hike announced last night in addition to an existing 20% tariff) on Chinese imports; India gets a 26%, tariff, Vietnam, 46%, Taiwan, 25%, and Thailand gets a 36% slap.

Insert synonym for ‘ouch’ here

These tariffs are consequential. 

Rosenblatt analyst Barton Crocket estimates Apple must realistically prepare itself for an additional $39.5 billion in costs as a result, which will directly impact iPhones sold in its biggest market (the US) and made in China. This will also affect China’s economy in terms of lost sales.

Naturally, Apple’s stock price fell, and was off a dramatic 8.9% by early afternoon today.

To claw that cash back, the company will have little choice but to boost hardware prices across the board, including those goods outside the US. When it does, it will no doubt lean in on its services business in an attempt to help mitigate the consequences of these tariffs. What else can a business with a responsibility to its shareholders do?

One thing it will do is try to win exemptions on the application of these tariffs against its products. Perhaps, for example, Apple can point to the investment it and its partners are making in processor manufacturing in the US. The argument: any tariff should be waved as that component will eventually be made in the US, but the factories aren’t ready yet. Perhaps that is part of the reason semiconductors are to be exempted from reciprocal tariffs.

Apple might also consider shifting more production to India, particularly if the government there secures positive trade deals with the US. Other responses, according to analyst Ming-Chi Kuo could include raising iPhone Pro prices as consumers of those products might be more accepting. The company could also increase carrier subsidies, he said, as well as cutting trade-in values and, of course, squeezing suppliers for lower costs.

Another thing Apple can do is use this moment as a golden opportunity to re-purchase its shares. It announced a $90-billion-share repurchase budget in January, and the state-mandated damage its stock is currently taking means it will be able to buy more shares for the same money — assuming it doesn’t use some of this capital to defer the impact of the tariffs (unlikely).

Why manufacturing won’t come back

What Apple won’t be able to do is move all of its manufacturing to the US. There are several reasons, but perhaps the most significant one is that there is nothing like enough trained staff for some of the most advanced manufacturing jobs available in the US. There’s been little investment in training up people for those jobs, and there is no way that training can be delivered before the tariffs strike later this week. 

That means any manufacturer, including Apple, rushing to migrate more manufacturing to the US will choose to deploy automation and AI in their factories. Make no mistake, Apple and its manufacturers already make copious use of smart manufacturing systems, which means any manufacturing facilities they open in the US will be automated. Not only this, but there’s a matter of scale. There are physical, financial, and human limits to how many manufacturing lines can physically be built in any given time frame. As a result, building enough factories within a stone’s throw of the “Gulf of America” at the scale needed to meet US market demands is probably not going to happen. 

The art of the deal

Despite this, Apple may have one positive thing it can achieve on the back of these Trump taxes (which will soon be felt by US consumers in the form of higher prices): the new tariff against India can be directly seen as a challenge for the tariff-led protectionism that exists in that market. Ironically, India and other nations hit by these tariffs may now think dropping their own tariffs on US goods could help them at least reduce the tariff applied to their exports. That certainly seems to be the point of these taxes.

Will they work? 

Realistically, it is possible the US can convince some other nations to submit to its approach to taxation, though it could just as easily fan the flames of nativist nationalism, fostering retaliatory tariffs from others and further raising prices for US consumers. No man is an island, after all, and we are all involved in the economy mankind makes.

Follow the money

In my view, a lot now depends on how the administration chooses to deploy the tens of billions it raises through the exercise. Will this money be fed directly into the US economy in a positive way, or does the government simply intend to build up a huge pile of currency for bragging rights or tax cuts?

I don’t know the answer. But in the short term I do think it reasonable to predict Apple, like every manufacturer, must become accustomed to a higher cost of doing business in America.

While we wait, Apple’s stock is down sharply — economic gravity in action.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Kategorie: Hacking & Security

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

The Hacker News - 3 Duben, 2025 - 19:39
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with TheRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Texas State Bar warns of data breach after INC ransomware claims attack

Bleeping Computer - 3 Duben, 2025 - 17:43
The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. [...]
Kategorie: Hacking & Security

Oracle privately confirms Cloud breach to customers

Bleeping Computer - 3 Duben, 2025 - 17:26
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]
Kategorie: Hacking & Security

Oracle reportedly confirms Oracle Cloud breach to customers

Bleeping Computer - 3 Duben, 2025 - 17:26
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]
Kategorie: Hacking & Security

Recent GitHub supply chain attack traced to leaked SpotBugs token

Bleeping Computer - 3 Duben, 2025 - 16:46
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. [...]
Kategorie: Hacking & Security

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

The Hacker News - 3 Duben, 2025 - 14:22
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

The Hacker News - 3 Duben, 2025 - 13:25
The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—[email protected]
Kategorie: Hacking & Security

The future of AI search is Google’s to lose

Computerworld.com [Hacking News] - 3 Duben, 2025 - 12:35

When Google unveiled a new neural network design in 2017 called the Transformer architecture, it probably had no idea this would threaten Google Search’s dominance within seven years.

When OpenAI applied Google’s Transformer architecture to generative language models, the GPT was born. (GPT stands for “Generative Pre-trained Transformer.”)

OpenAI then took the GPT concept and created a chatbot by incorporating reinforcement learning from human feedback, ranked responses, dialogue optimizations, and safety measures. The result was ChatGPT, which OpenAI made public on Nov. 30, 2022. 

ChatGPT changed the world. 

Now, AI chatbots like ChatGPT, Meta’s Meta AI, Microsoft’s Copilot, Anthropic’s Claude AI, Perplexity AI’s Perplexity, xAI’s Grok, and even Google’s own Gemini are changing how people search for information online. Instead of relying on Google, some users are turning to AI chatbots.

To stop bleeding users, Google has been planning to integrate its own AI technology into the Google Search Experience for the general public, first with AI Overviews in May 2024, which now reportedly has more than 1 billion users, and more recently with AI Mode (March 2025).

AI Mode is an “experimental” service available to people who signed up for Google Search Labs. It’s based on a customized version of Google’s Gemini 2.0.

Note that AI Overviews, which many users found initially problematic (recommending glue for pizza recipes or suggesting the health benefits of eating rocks), was based on Gemini 1.5 Flash until March when it was updated to Gemini 2.0.

In its current state, Google’s AI Mode is truly great. It’s better than most comparable chatbots in several respects, especially two very important ones.

Why attribution matters

The best feature is that Google surfaces attribution. Just last week, I co-hosted a TWiT podcast about AI called “Intelligent Machines,” where I advocated for RAG-based chatbots (Retrieval-Augmented Generation systems like Perplexity that use data from searches in their results, rather than just the old data in their training datasets) showing their links conspicuously on the right side of the search. I’m in favor of highlighting and offering the easiest access to the actual sources of information rather than stolen knowledge being genericized, commoditized, and buried by AI chatbots.

What I described and advocated for in that podcast is exactly what Google Search’s AI Mode does.

Like Perplexity, Google AI Mode is a RAG system that performs a Google Search (Perplexity uses Google’s PageRank, too), then gets its information for the result from the pages on the other side of those links. 

But Google AI Mode does a better job showing the main links used for information provided in the answer, complete with an image for each link drawn from the source, where available. This is important for the reasons I’ve already detailed. AI chatbots are threatening to bury and replace the very sources they’re built on. By highlighting the sources with links, users can explore those original sources from the chatbot response — you know, like a search engine.

Still, Google understands that even with highlighted sourcing, people are far less likely to click through to linked sources than with Google Search.

Less is more

Another surprising AI Mode virtue is brevity. Unlike most AI chatbots, which often provide long-winded explanations that go off into tangents and background content, Google’s AI Mode gets right to the point with very concise responses.

Results tend to be very high quality. AI Mode uses what’s called a “query fan-out” technique to handle complex searches. It turns a prompt into multiple related queries targeting different subtopics and data sources, and the results are then combined into a single, detailed response that covers more ground than a traditional search.

It also uses a method called agentic reinforcement learning, developed with Google’s DeepMind group, to improve the accuracy of its AI-generated responses. This technique rewards the model for producing statements that are more likely to be correct and supported by reliable sources, such as Google’s Knowledge Graph or live web data, while also encouraging the retrieval of additional factual information.

Despite all this, Google warns that AI Mode can hallucinate, lie, give opinions instead of facts, and generally misbehave in the ways AI chatbots sometimes do. 

AI Mode offers a surprisingly appealing user interface with a responsive design and fluid layout. And it’s fast. Besides these qualities, AI Mode has other, more standard benefits found elsewhere, including multimodal queries support, meaning it accepts voice, text, or image inputs.

If the subject of the prompt is deemed controversial or problematic in some way, AI Mode throws up its conceptual hands and delivers a list of URLs like old-fashioned Google Search rather than a typed-out response. 

When AI Mode becomes the leading search option offered by Google — and I think that’s likely — the book on SEO will have to be torn up and re-written. At this point, it’s not clear how, exactly. Beyond that, the rules for advertising will also need to be re-written. 

AI Mode is currently a fantastic search replacement. But in the future, how Google handles monetization will make or break the service. 

Advertising and the future of search

Google isn’t exactly sure how it will integrate ads into AI Mode searches. If AI Overviews suggests a direction, then Google’s AI Mode will likely show ads under the AI answer and will be labeled “Sponsored.” The ads will come from the same places as normal Google ads, like Search and Shopping, and will try to match the content searched for. The ads should link to things that are helpful for your search. For example, if you search for how-to information like “how to get wine stains out of a shirt,” ads for Wine Away and other such products will appear below or within the results.

Ultimately, it’s advertising that’s likely to lead AI Mode astray, given how Google Search itself has evolved over time.

Ads now often blend seamlessly with organic search results, making it harder for users to distinguish between paid content and genuine information. The prominence of ads pushes organic content further down the page, especially on mobile devices, reducing visibility for non-sponsored links and forcing users to scroll more to find unbiased results. Google’s strategy of embedding ads within organic listings also disrupts the traditional flow of search results, subtly prioritizing monetization over clarity and usability.

So, while AI Mode is a refreshing change from plain old Google Search and clearly one of the best AI chatbots out there, I’m pessimistic that Google will be able to monetize the feature without making the user experience much worse.

It’s a real challenge, because the company really depends on search-based ad revenue. How Google can keep making money on search ads in the age of AI, smart glasses and other trends isn’t yet clear. 

But changes are coming. And it will be interesting to see how Google navigates the future of AI search and advertising.

Kategorie: Hacking & Security

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

The Hacker News - 3 Duben, 2025 - 12:34
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security [email protected]
Kategorie: Hacking & Security

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

The Hacker News - 3 Duben, 2025 - 10:21
Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed byRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

The Hacker News - 3 Duben, 2025 - 09:34
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.  Triada is the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah