Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

How to use iCloud with Windows

Computerworld.com [Hacking News] - 1 min 20 sek zpět

If you have an Apple ID, you can use iCloud with Windows, which means you can access your email, videos, photos, calendars, bookmarks, files and other iCloud data from your PC – useful when you’re at your desk or traveling without an Apple device, or if you are inside Boot Camp on your Mac.

How to use iCloud with Windows

There are two ways to use iCloud with Windows: via a browser or using a dedicated application called iCloud for Windows, but there are differences between the two:

The browser

On the surface, the most straightforward approach to using iCloud with Windows systems might appear to be accessing your iCloud account from your favorite web browser.

The app

That’s great up to a point, but to unlock the power of sync across all the devices you have logged into your iCloud account, including your Windows systems, it is far better to download and install Apple’s iCloud for Windows software on your PC. The software is available for free download directly from Microsoft’s app store.

Once installed and set up, you’ll be able to use iCloud to get to all your photos, documents and bookmarks on your Windows PC to update automatically across all your Apple devices, and vice versa, which is what you get when you use iCloud for Windows

Borrowed from One Drive

The most recently published version of iCloud for Windows uses Microsoft’s Cloud Files API, (One Drive’s Files On Demand feature) which makes the solution more robust and faster.

This means new assets will swiftly sync across all your devices, “enabling users to be more productive offline on mobile devices and quickly share files on iOS,” according to Microsoft Engineering General Manager Giorgio Sardo. In part, this is because the system is smart enough to just download a “breadcrumb” (around 1k in size) of each of your files, downloading the full item on request.

How does iCloud Drive work?

If you already use iCloud Drive, you’ll be familiar with what it does. If not, then the easiest way to understand the feature is as online storage for all the files and projects you are working on. Anything you save into any folder of the iCloud Drive will sync across all your Apple ID devices (it’s very like Dropbox in this). You will also be able to access items saved to iCloud Drive on your Mac, iPhone, or iPad within this folder on your PC using File Explorer. Fully searchable, the service also lets you share your files with others.

How do I access iCloud using a browser?

At those times when it makes sense to use the browser to access your iCloud data — such as when travelling and using a borrowed machine.  It’s easy: just navigate to iCloud.com using your browser and log in using your Apple ID and password. 

In a neat touch, any active Reminders you might have will appear at the top of the iCloud main page when you log in. You’ll also find an icon-based set of links to take you to your  iCloud apps and services, including your iCloud Drive.

  • Mail
  • Contacts
  • Calendar
  • Photos
  • iCloud Drive
  • Notes
  • Reminders
  • Find iPhone
  • Account Settings

You’ll also find fully functional online versions of Pages, Numbers and Keynote, which you can use to create documents compatible with both Mac and PC. You may also find News Publisher, if you have enabled that app.

NB: There are a small number of useful tasks you can only achieve using iCloud via your browser, such as creating rules to help improve email management across all your systems.

Accessing iCloud using a browser is especially useful on borrowed machines, during emergencies, while visiting Internet cafes or even using a machine you don’t own that you happen to have access to. Just remember to log out.

Of course, the beauty of iCloud is its ability to sync across all your devices, but to sync from a Windows system you need to install iCloud for Windows.

How to set up iCloud for Windows

Apple’s iCloud for Windows software should install automatically once downloaded. If it does not, open File Explorer, launch iCloud Setup and restart your PC. 

Setting up the app will create iCloud Photos and iCloud Drive folders on your Windows 10 device. These will sync with your iCloud account and connected devices, and should automatically appear in File Explorer’s Quick Access menu.

What are the system requirements?

The current iteration of iCloud for Windows requires that you are running at least Windows 10 and that you re signed into your Microsoft account. You’ll also need Outlook and a web browser (Microsoft Edge, Firefox, Chrome).

If you use Windows 7 or Windows 8, you can download compatible versions of iCloud for Windows directly from the Apple website. (Some iCloud services might work differently, as detailed here.)

Once the software is installed and open, you’ll be asked to enter your Apple ID to sign into iCloud, and you’ll then need to choose which iCloud features you want to use. To do this, you’ll be shown a window in which you check or uncheck each feature:

  • iCloud Drive,
  • Photos & videos, including sharing albums of images and videos.
  • Mail, Contacts, Calendars, Tasks
  • Bookmarks.

As you enable each of these categories, iCloud for Windows will create folders for those categories in File Explorer, so you can dive in to access or add to your iCloud content. You can also share and collaborate on files held in your iCloud Drive from within File Explorer, with edits synced across your devices.

Here is how to use each of these features:

How does iCloud Photos work?

When enabled, iCloud for Windows creates an iCloud Photos folder in File Explorer. Any images of videos you add to this folder will then be synced across all the devices you own that logged into this Apple ID. You can share galleries of images using iCloud Photo Sharing.

iCloud for Windows will keep lightweight copies of your images on your PC, only downloading full-res versions on request.

When you set yourself up with iCloud for Windows you’ll see an ‘Options’ item appear beside Photos. Tap this and you’ll find the following choices:

  • iCloud Photo Library: Enable this and any images/videos saved to the iCloud Photos folder on your Windows device will be stored in iCloud. You can also change which folders are used for photo and video sync.
  • My Photo Stream: Downloads all your most recent images from your devices to your Windows system.
  • Download new photos and videos to my PC: This option appears when you enable iCloud Photo Library, and is self explanatory.
  • Keep high-efficiency originals if available: Check this if you have plenty of drive space.
  • Upload new photos and videos from my PC: Disable this if you only want to view items captured by your other iCloud devices.
  • iCloud Photo Sharing: You can view items shared with you by others.
Mail, Contacts, Calendars, Tasks and Bookmarks

The final selection of iCloud items you can access using Windows. Once you enable this all your iCloud mail (typically sent to [email protected]) will be made available in the folder pane on Outlook. You’ll also find all your other calendaring data there, and bookmarks will be made available through your browser.

Apple recently made an extension available for the Chrome browser on Windows to ensure it remains compatible with iCloud and iCloud for Windows. Once the new version is installed, users should find a new “Passwords” section in the app with an iCloud Keychain logo.

Everything else

If you have any problems with these features, please refer to Apple’s extensive Support pages that should help you resolve them. (Don’t forget, you won’t receive email if you failed to create an iCloud email address when setting up your Apple ID).

There are some iCloud services that just don’t work on Windows: Find My iPhone, Back to My Mac, Backup, Notes and Reading List. All these require deeper OS integration, though in the case of Find My iPhone you will be able to track lost devices using iCloud in your browser.

However, if you have valuable data that you want to sync between your Macs, iOS devices and Windows PC, iCloud for Windows should help – though that 5GB of storage Apple supplies remains miserly at best.

(Find out more on how to synchronize iCloud — and what to do when it won’t sync.)

Can I use a Managed Apple ID?

Unfortunately, iCloud for Windows isn’t yet supported if you use a Managed Apple ID.

More useful iCloud tips

Here is a short collection of what may be useful tips for iCloud users on any platform, not just Windows:

Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me on Twitter so I can let you know about new articles I publish and reports I find.

Kategorie: Hacking & Security

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

The Hacker News - 4 hodiny 1 min zpět
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which responded to
Kategorie: Hacking & Security

What is DevSecOps and Why is it Essential for Secure Software Delivery?

The Hacker News - 4 hodiny 54 min zpět
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.
Kategorie: Hacking & Security

What is a CAIO — and what should they know?

Computerworld.com [Hacking News] - 6 hodin 20 min zpět

Though it’s a relatively new title, the role of chief artificial intelligence officer (CAIO) is gaining prominence at organizations deploying generative AI (genAI) technology — whether they’re moving deliberately or plowing ahead quickly.

By last October, 11% of midsize and large organizations had already filled a CAIO role, according to research firm IDC — and another 21% were actively seeking one. Just over half of 97 CIOs surveyed last fall said their organization had plans to have an individual leader responsible for AI and about half of those CIOs expect that person to be part of the C-Suite, IDC said.

Newly hired or appointed CAIOs “are not only part of an organization’s C-suite, but they are expected to be one of the most strategic members of the organization,” IDC said in its report.

IDC

As organizations chase efficiency and the productivity promise of AI, the CAIO title is expected to emerge on LinkedIn and other social media feeds, according to Forrester Research Analyst Zeid Khater. In fact, the role could soon surface in one out of eight executive leadership teams. 

In a recent Forrester survey, 12% of companies said their CAIO is primarily responsible for the overall enterprise AI strategy; only 2% attributed that responsibility to a chief data officer (CDO). “This doesn’t mean that CDOs are on the verge of extinction,” Khater wrote in a blog post. “Data is still a vital and often unleveraged resource within organizations due to challenges around quality, governance, and access.”

He urged companies to “ensure your AI and data leaders are in lockstep to spin data straw into insights gold. The CAIO brings technical knowledge, while the CDO provides quality data. It’s a powerful partnership for AI success.”

One big factor every CAIO will have to consider is cost; deploying AI models is expensive because cloud providers and proprietary genAI use cases require a lot of computing power — high-end, expensive computing power. And the chips that power learning and inference processes in large language models can cost thousands of dollars. (Nvidia makes most of the GPUs for the AI industry, and its primary data center workhorse chip costs $10,000; the company’s lock on the AI chip market is, however, being challenged by others who hope to undercut it with lower chip prices.)

All federal agencies will have CAIOs

It’s not just private companies looking to hire. In March, US President Joseph R. Biden Jr. gave all federal agencies two months to appoint CAIOs who be responsible for promoting AI innovation, coordinating with other agencies, and managing risks associated with the technology. The 60-day deadline highlighted the urgent need for governance as AI continues its meteoric adoption.

“While AI is improving operations and service delivery across the Federal Government, agencies must effectively manage its use,” Biden’s memo said. “The risks… esult from any reliance on AI outputs to inform, influence, decide, or execute agency decisions or actions, which could undermine the efficacy, safety, equitableness, fairness, transparency, accountability, appropriateness, or lawfulness of such decisions or actions.”

Twenty-four federal agencies had appointed CAIOs by the May 30 deadline. In all, the Biden administration plans to hire 100 AI professionals by this summer and is requiring all federal agencies to establish AI governance boards to coordinate adoption efforts and establish rules for the use of AI and genAI.

“The decision to institutionalize the role of CAIOs demonstrates a clear acknowledgment of AI’s strategic significance,” Joel Meyer, former deputy assistant secretary of the US Department of Homeland Security, said in a recent Fedscoop article. (Meyer led the creation of DHS’s AI Task Force.)

Lt. Gen. John Shanahan, who co-authored the article with Meyer and was the nation’s first director of the Department of Defense Joint Artificial Intelligence Center, said one CAIO responsibility “is to identify low-hanging fruit. AI pilots can be chosen thoughtfully to demonstrate hypotheses that can then be affirmed in each department’s AI strategy. These quick wins can build momentum for broader AI strategy implementation.”

Because federal agencies were given latitude to define the organization under CAIOs, there’s a lot of variety between them in terms of authority, budgets, and what how the role would be executed, according to Amy Jones, US Public Sector AI Market Lead with Ernst & Young.

“Day to day responsibilities [are] pretty varied,” she said. “I think a CAIO’s success would be agency literacy. We all use the internet and email every day, and that requires literacy on both how to use them safely and securely and also how to use them optimally.”

The same is true for genAI technology.

IDC

Data quality matters

One known hurdle for genAI rollouts is the quality of data used to train LLMs. As the saying goes: garbage in, garbage out. It’s both challenging and costly to obtain high-quality, unbiased, and representative data, according to Andrew Rabinovich, who recently took the new position as Head of AI at freelance job platform Upwork.

According Robinovich, key considerations for new CAIOs looking to deploy AI include:

  • Careful planning and consideration for how the technology will deliver real customer impact rather than moving forward just for the sake of it or to keep pace with the hype cycle.
  • A clear understanding of business objectives and specific customer pain points to solve with AI before launch. 
  • Evaluating and ensuring the quality and reliability of the AI models being created, whether home-grown or by a third-party provider.
  • Ensuring that LLMs are trained on diverse and representative datasets to avoid bias, while consistently monitoring for iterative improvements.

“Ensuring data cleanliness and accuracy often requires extensive pre-processing, which is both time-consuming and resource-intensive — and that’s if you even have access to the right datasets,” Robinovich said.

CAIOs and others tasked with overseeing AI deployments play an essential role in “shaping an organization’s strategic, informed and responsible use of AI,” he said. “There are many responsibilities baked into the role, but at its core, it’s about steering the direction of AI initiatives and innovation to align with company goals. AI leads must also create a culture of collaboration and continuous learning.”

“All teams across all functions within an organization should be thinking about how they can collaborate on AI projects, experiment with the technology and explore how to equip their teams with the right knowledge, skills and tools to harness AI,” he said.

IDC

At Upwork, Robinovich is overseeing the company’s use of the GPT-4 LLM to create an AI-powered platform called Uma It will power a “Best Match” job search site (currently in beta); a job post generator to create job post drafts for employers seeing candidates; the creation of job proposal tips to surface the most applicable skills and write proposals for them; and an ‍Upwork Chat Pro designed to help internal employees complete repetitive tasks faster.

“We’re developing Uma to underpin our entire platform and, increasingly, serve as a conversational Upwork companion to our customers,” Rabinovich said.

For genAI to function reliably, CAIOs will need to figure out how to utilize AI and data optimization techniques for improved efficiency, data quality, and ethical considerations. “On paper, [you need] baseline compliance — making sure they [LLMs and genAI] are within regulatory and policies, creating [your] own policy within the agency that’s specific to the mission, [and] identification of inventory of use cases,” Jones said.

Robinovich agreed. The quality of data used to train AI models is an important aspect of the development process, but it can be hard to obtain high-quality, unbiased, and representative data, he noted.

“Ensuring data cleanliness and accuracy often requires extensive pre-processing, which is both time-consuming and resource-intensive — and that’s if you even have access to the right datasets,” Robinovich said.

A dedicated CAIO or one with shared duties?

Jenn Kosar, a partner at PricewaterhouseCoopers (PwC), said while most organizations have not yet designated CAIOs as an official C-suite role and title, from a functional perspective a significant number of organizations are filling the role today without the title. Most often, the position is one notch below a CIO, she said.

“Today, we often seen CTOs and CISOs taking this [genAI responsibility] on,” Kosar said. “And that may be OK for where we are today. But the strategic [planning], the change management, the innovation, the ability to take an organization through a transformation — these are really critical skills to the success of this role.

“Unfortunately, what we’re seeing in most instances it’s not a full-time job. In other words, they [CAIOs] have other roles. We believe it should be a dedicated role. They’re being held accountable for how an organization is moving forward with AI.”

While CAIOs might not always be seated at the C-suite table, those who are there are keenly focused on genAI and its potential to drive efficiencies and profits. Without an executive guiding those deployments, achieving the performance and ROI organizations seek will be tough, she said.

“It’s hard to imagine how pieces come together and how you’d bring together so many players,” Kosar said, noting that PwC has more than a dozen different LLMs running internally to power AI tools and products in virtually every business unit.

“You have to have the ability to do short-term and long-term planning and balance the two and stay focused on innovation,” she continued. “At the same time, you need to recognize the pace of change while not getting distracted by the latest shiny object.”

Getting AI right is important because of how much it will be a part of everyday life by the end of the decade, Robinovich said. By 2030, he believes virtually everyone will interact with AI and the tech will perform in roles varying from personal assistants and tutors to therapists and accountants — even lawyers.

“AI will help humans uplevel and enhance societies, because it’ll enable humans to focus on solving ever more complex problems,” Robinovich said.

Kategorie: Hacking & Security

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

The Hacker News - 9 hodin 52 min zpět
Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German
Kategorie: Hacking & Security

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

The Hacker News - 9 hodin 52 min zpět
Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

NiceRAT Malware Targets South Korean Users via Cracked Software

The Hacker News - 11 hodin 9 min zpět
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst
Kategorie: Hacking & Security

NiceRAT Malware Targets South Korean Users via Cracked Software

The Hacker News - 11 hodin 9 min zpět
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

The Hacker News - 16 Červen, 2024 - 06:31
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the
Kategorie: Hacking & Security

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

The Hacker News - 16 Červen, 2024 - 06:31
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

The Hacker News - 15 Červen, 2024 - 11:51
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is
Kategorie: Hacking & Security

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

The Hacker News - 15 Červen, 2024 - 11:51
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal isNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

The Hacker News - 15 Červen, 2024 - 10:13
A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written in Golang and is designed to infect Linux systems. "It is a modified version of the public project
Kategorie: Hacking & Security

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

The Hacker News - 15 Červen, 2024 - 10:13
A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written in Golang and is designed to infect Linux systems. "It is a modified version of the public project Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

The Hacker News - 15 Červen, 2024 - 09:49
Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and
Kategorie: Hacking & Security

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

The Hacker News - 15 Červen, 2024 - 09:49
Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft delivers a light Patch Tuesday for June

Computerworld.com [Hacking News] - 14 Červen, 2024 - 21:24

Microsoft this week released 49 updates (including two recent additions) on Patch Tuesday with no reported zero-day flaws, public disclosures, or newly released working exploits for the Microsoft ecosystem. This came as welcome news and is paired with low-risk changes to Microsoft Office. The company’s development platforms saw minor updates to Visual Studio, and both SQL Server and Microsoft Exchange were patch free for the month.

The team at Readiness has provided a useful infographic outlining the risks associated with each of the updates. 

Known issues 

Each month, Microsoft publishes a list of known issues that are part of the latest update cycle, including the following reported minor issues:

  • After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Microsoft is still working on this one. In the meantime there is a workaround that involves setting the Cache Hostname to 1. 

We recognize and respect Microsoft’s recent efforts with artificial intelligence (note, I did not say “AI” as that is an Apple thing now) but it would be nice if Microsoft resolved the profile picture (that you can’t change) known issue soon. 

Major revisions 

Microsoft published the following major revisions to past security and feature updates including:

  • CVE-2024-30080: (see below for mitigations). This patch was updated late in the June release cycle. As this was an information update, no further action is required, unless you want to action the Microsoft recommended mitigations.
Mitigations and workarounds

Microsoft published the following vulnerability-related mitigations:

  • CVE-2024-30070: DHCP Server Service Denial of Service Vulnerability. Microsoft (helpfully) notes that if you’re not using DHCP, you are not affected by this potential vector for DDOS attacks. 
  • CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Message Queuing security issues are tough to find, mitigate and test, so this might need some careful attention from your internal developers. At the very least, ensure that you have changed your ports from the MSMQ listening default (1801) to help reduce your attack surface. Microsoft also recommends you check to see whether the MSMQ HTTP-Support feature is enabled.

The team at Readiness analyzed the latest Patch Tuesday updates to provide detailed, actionable testing guidance based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact.

For this cycle, we have grouped the critical updates and required testing efforts into different functional areas including:

Microsoft Office
  • Microsoft SharePoint will require basic document opening and multi-user access tests this month.
Microsoft .NET and Developer Tools
  • There are no updates to Microsoft .NET requiring application portfolio testing this month.
Windows

The following core Microsoft features have been updated:

  • Changes to Secure Boot will require testing of all third-party drivers.
  • Code integrity policies need to be verified for Windows Lockdown (WLDP), Windows Defender Application Guard (WDAG) and the Windows Driver Policy for Intune deployments. We recommend you test your Windows desktop sandbox and ensure that it boots correctly.
  • Changes to Windows networking will require testing at least two DHCP servers.
  • Remote desktop-related updates will require VPN connection tests. Try some administrative commands from the Microsoft Management console (MMC) such as adding, connecting and disconnecting VPN connections.

This month’s update also affects several core systems such as Kernel32 and Win32K.SYS sub-systems. Unfortunately, these changes affect how applications behave at a fundamental level, which makes testing not just hard, but broad and expansive across your application portfolio. The Readiness team suggests that the following general application tests be performed against all of your core line-of-business applications.

  • Test as many windows and pop-ups as possible.
  • Check window title bars for errors, or poorly formatted text.
  • Check for unusual items in the Windows taskbar.
  • Thoroughly test File explorer (sorry about that).
  • Test multiple applications, with multiple windows.

Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line-of-business apps, getting the application owner (doing UAT) to test and approve the results is essential. 

Windows lifecycle update 

This section contains important changes to servicing (and most security updates) to Windows desktop and server platforms.

  • Windows 10 Enterprise and Education, Version 21H2 will no longer be serviced as of June 11, 2024

For those planning ahead, Oct. 8, 2024, is a big day as Microsoft will no longer offer general servicing for the following desktop platforms:

  • Windows 11 Enterprise and Education, Version 21H2
  • Windows 11 Home and Pro, Version 22H2
  • Windows 11 IoT Enterprise, Version 21H2

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

  • Browsers (Microsoft IE and Edge)
  • Microsoft Windows (both desktop and server) 
  • Microsoft Office
  • Microsoft Exchange Server 
  • Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
  • Adobe (if you get this far) 
Browsers

Microsoft has released seven minor updates to the Chromium-based browser (Edge), while the Chromium project has added six additional updates this week. These updates should have minor to negligible impact on applications that integrate and operate on Chromium. Add these updates to your standard patch release schedule. 

Windows

This month, Microsoft released one critical update (CVE-2024-30080) and 32 patches rated as important for Windows, covering the following key components: 

  • Windows Win32 Kernel Subsystem, GRFX and drivers
  • Networking (Wii-fi) and DHCP
  • Storage and Error Reporting
  • Crypto and BitLocker

The critical-rated patch relates to the core, but not often used, Message Queuing service (MSMQ) that could affect internal applications. Unusually, this patch has already been updated since the main release on Tuesday. That said, the Readiness team believes all these Windows patches can be added to your standard release schedule.

Microsoft Office 

There were no critical updates for Office this month, and only five patches rated as important. All five have low potential for exploitability (no worms, add-in vulnerabilities or Word macro issues) and should be added to your regular Microsoft Office update schedule.

Microsoft Exchange Server 

No updates for Microsoft Exchange Server or SQL Server this month, which, of course, is a good thing. 

Microsoft development platforms 

Microsoft released just three updates to Microsoft Visual Studio. These patches affect versions of the Microsoft developer platform from 2017 to 2022. All of the proposed changes are low risk and application specific. Add these updates to your standard developer release schedule.

Adobe Reader (if you get this far) 

We are back to the usual state of things, and Microsoft has not chosen to include any Adobe products this release cycle. This is a very good thing.

Kategorie: Hacking & Security

Everything Apple Intelligence will do for you (so far)

Computerworld.com [Hacking News] - 14 Červen, 2024 - 17:31

While the arrangement between OpenAI and Apple is attracting a lot of attention, Apple has put together a sizable number of its own large language model (LLM) tools that will run on a compatible device or in its secure cloud, Private Cloud Compute

Apple Vice President Craig Federighi calls Apple Intelligence, “the personal intelligence system that puts powerful generative models right at the core of your iPhone, iPad, and Mac.”

To achieve this, it draws on what your device knows about you and on-device intelligence, or, where necessary, in the cloud via the highly secure Private Cloud Compute system. At all times, Apple says it’s working to protect user privacy, which means your data is protected unless you choose to use a third-party AI, such as ChatGPT. 

In making these solutions, Apple has paid particular heed to creating tools that offer truly useful help. The critical idea is that they get things done for you without getting in the way of the easy user interaction you usually enjoy with your Apple product. 

Tools to help you write better

To help you write, Apple Intelligence can proofread and rewrite your text anywhere across your system, including within third-party apps. Apple Intelligence will also summarize a meeting transcript, long email, and website content; pretty much any large block of text can be made bite-sized.

Be warned, for some of these functions Apple Intelligence might need to use ChatGPT, but you’ll be told if that is the case and can cancel the request rather than sharing your information with a third-party service provider.

Mail is getting better

We wrote a little more to explain how Mail works here.

  • The system works to figure out which of your incoming emails are most essential and places those emails at the top of your Inbox.
  • AI will also create what it thinks are appropriate replies for you — you don’t have to use them and do get to approve them before they are despatched.
Meetings, now with AI assistants

Tap record when making a call or when inside a Note to capture audio recordings and transcripts. Once the call or meeting ends, Apple Intelligence will quickly generate a summary of the transcript.

Tools to help you stay focused

There’s a new automated Focus mode that reduces interruptions but is also intelligent enough to let important notifications break through. Apple Intelligence will also get to know which of your notifications matter to you most and make sure those are at the top of your notifications list. The idea is to optimize your attention so you can stay on top of the things.

Making images

Apple’s on-device LLM engine will create original images for you based on a typed request. Usefully, it will also remove unwanted objects in an image on request. And a new Image Playground app lets you experiment with ideas and try different image styles to create your own images.

Photos gets better at helping you find your stuff

AI features in Photos include far more powerful and contextually-aware Search results and the ability to create a Memories video based on such a search.

Introducing, Genmoji

If like me you have problems finding precisely the right emoji or aren’t really certain if any that you do choose to have a double meaning, then salvation is at hand! Genmoji makes it possible to create completely original emoji on demand; just tell your Apple device what you want and up it will pop.

Wave your Image Wand

This feature needs an Apple Pencil. It works like this: Open a Note, draw a circle where you want your generated image to appear in that Note, and Apple’s intelligence will make you a custom image that reflects the contents of it.

Siri gets serious attention

We’re being promised lots of improvements in Siri; not only will it be able to better understand more complex or poorly articulated requests, but it also gains the kind of contextual understanding you need to figure out answers to complex questions such as “Show me the recipe Sacha sent me the other day.” 

That has several implications, including:

  • Siri knows what you are looking at and you can make requests that reference that, such as adding an address to your Contacts, or adding something to a note in a different app.
  • The assistant can also now answer questions about any of your Apple devices or operating system features, like an Apple Genius in your pocket.
  • Siri also now understands typed requests — double tap the bottom of the display and a keyboard pops up.
  • Sometimes your device might need to use ChatGPT to fulfill some requests; you will be told if that is the case and can cancel the request.
  • Apple has also given asking Siri questions a new vibe; when you do so, your device now will show a glowing light all around the borders of the screen. 
Is there more to come? Probably

It is likely there will be additional features in place by the time Apple Intelligence is made available in the fall product software updates. This is because developers can use App Intents to make features available within their apps also available across the system. Meanwhile, developers get to use Xcode Complete to work smarter.

Apple is also thought to be pushing other genAI firms beyond OpenAI to offer their services on its platforms, while the company hopes to generate new income streams as developers build and make available additional LLMs on its platforms.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

Download our AI as a service (AIaaS) enterprise buyer’s guide

Computerworld.com [Hacking News] - 14 Červen, 2024 - 17:00

From the editors of Computerworld, this enterprise buyer’s guide helps IT staff understand what the various AI-as-a-service (AIaaS) options can do for their organizations and how to choose the right solution.

Kategorie: Hacking & Security

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

The Hacker News - 14 Červen, 2024 - 15:21
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done
Kategorie: Hacking & Security
Syndikovat obsah