Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Qantas discloses cyberattack amid Scattered Spider aviation breaches

Bleeping Computer - 2 Červenec, 2025 - 02:54
Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. [...]
Kategorie: Hacking & Security

Apple reaches out to OpenAI, Anthropic to build out Siri technology

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 22:52

Apple’s many AI setbacks are now forcing the company to look at Anthropic and OpenAI for help powering its Siri voice assistant technology, according to a Bloomberg report.

The company has been building out its own AI technology called Apple Intelligence that it intends to use in Siri, but has also reached out to companies to develop alternatives that could be used instead.

Apple previously centered its AI-powered Siri around its home-grown technology. But over the past year or so it has  faced a variety of leadership and technological challenges developing Apple Intelligence, which is based on in-house foundation models. 

The more personalized Siri technology with more personalized AI-driven features is now due in 2026, according to a statement by Apple to Daring Fireball in March. But it was originally showcased last year and expected to be in users’ hands by now.

Siri already integrates technology from OpenAI’s ChatGPT and it is unusual for Apple to turn to outside vendors to build core features for its products.

previous Bloomberg report in March said Apple did not provide the resources needed for the company to develop an AI-powered Siri. Apple had not focused on AI until OpenAI’s ChatGPT changed the tech landscape in late 2022, which set Apple (and other companies) scrambling.

Kategorie: Hacking & Security

AT&T rolls out "Wireless Lock" feature to block SIM swap attacks

Bleeping Computer - 1 Červenec, 2025 - 22:23
AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...]
Kategorie: Hacking & Security

Microsoft open-sources VS Code Copilot Chat extension on GitHub

Bleeping Computer - 1 Červenec, 2025 - 21:11
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. [...]
Kategorie: Hacking & Security

Kelly Benefits says 2024 data breach impacts 550,000 customers

Bleeping Computer - 1 Červenec, 2025 - 19:28
Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. [...]
Kategorie: Hacking & Security

Aeza Group sanctioned for hosting ransomware, infostealer servers

Bleeping Computer - 1 Červenec, 2025 - 19:09
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. [...]
Kategorie: Hacking & Security

New FileFix attack runs JScript while bypassing Windows MoTW alerts

Bleeping Computer - 1 Červenec, 2025 - 18:37
A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. [...]
Kategorie: Hacking & Security

US Senate crushes attempt to ban state AI regulations

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 17:55

In a stunning 99–1 rebuke, the US Senate on Tuesday torched President Donald J. Trump’s push for a 10-year ban on state AI regulations, yanking the controversial provision from his so-called “Big Beautiful Bill.”

The lopsided vote delivered a sharp slap to Silicon Valley’s dream of dodging local oversight over the fast-evolving technology.

The proposed measure stated that “no State or political subdivision thereof may enforce any law or regulation regulating artificial intelligence models, artificial intelligence systems, or automated decision systems.”

Sen. Ted Cruz, (R-TX), and tech companies like Google, OpenAI, Microsoft, Meta, and Amazon had supported a moratorium on state rules to prevent what they consider a fragmented regulatory landscape — arguing it would slow AI adoption and complicate nationwide deployment. Congressional backers had argued that a regulatory ban would give the US a competitive edge over China because there were be fewer hurdles. They have also compared the restriction on state regulations to the Internet Tax Freedom Act, which helped the early internet grow.

But there are key differences, according to Travis Hall, director for state engagement for the nonprofit Center for Democracy & Technology (CDT), which last month joined others in signing a letter in opposition to the move. The groups warned that removing AI protections would leave Americans vulnerable to current and emerging AI risks.

The 1990s internet needed unity to thrive, Hall said in reference to the Internet Tax Freedom Act, while AI is a diverse set of tailored technologies — meaning varied regulations won’t splinter it. Hall’s comments came in an earlier interview with Computerworld.

On Tuesday, Alexandra Reeve Givens, the CDT’s president and CEO, said the overwhelming vote to strike the AI moratorium from the budget bill reflects just how unpopular it is among voters and state leaders of both parties. “Americans deserve sensible guardrails as AI develops, and if Congress isn’t prepared to step up to the plate, it shouldn’t prevent states from addressing the challenge,” she said. “We hope that after such a resounding rebuke, Congressional leaders understand that it’s time for them to start treating AI harms with the seriousness they deserve.”

Sen. Marsha Blackburn, (R-TN), and Sen. Maria Cantwell, (D-WA), had criticized Congress for inaction on AI deepfakes, discrimination and online privacy issues, saying states have been forced to fill the gap. That prompted praise for Blackburn from an unlikely ally: Sen. Bernie Sanders (I-VT), who praised her for “leading the charge” to protect states’ rights to regulate AI.

In a failed attempt to rescue the ban, GOP lawmakers tied federal funding for rural broadband projects to AI regulation, allowing subsidies only for states that eased their rules and cut the regulatory moratorium from 10 years to five. That did little to mollify critics, however.

The proposed moratorium was a double-edged sword, according to Abhivyakti Sengar, a research director with the Everest Group. “On one hand, it aims to prevent a fragmented regulatory environment that could stifle innovation; on the other hand, it risks creating a regulatory vacuum, leaving critical decisions about AI governance in the hands of private entities without sufficient oversight,” she had said in an earlier interview.

State and local lawmakers, along with AI safety advocates, had sharply criticized the effort, calling it a favor to an industry seeking to avoid accountability. Led by former Trump press secretary and now Arkansas Gov. Sarah Huckabee Sanders, most GOP governors sent a letter to Congress opposing it.

Red and blue states alike — including ArkansasKentucky, and Montana — have passed bills governing the public sector’s AI procurement and use. Several states, including ColoradoIllinois, and Utah, have consumer protection and civil rights laws governing AI or automated decision systems. This year alone, about two-thirds of US states have proposed or enacted more than 500 laws governing AI technology.

Trump’s budget bill, which mainly consists of spending cuts and tax breaks, was narrowly passed by the Senate in a 51-50 vote with Vice President J.D. Vance breaking the tie. Three Republicans opposed the bill — Sens. Thom Tillis of North Carolina, Susan Collins of Maine, and Rand Paul of Kentucky. The measure now goes back to the US House of Representatives.

Kategorie: Hacking & Security

International Criminal Court hit by new 'sophisticated' cyberattack

Bleeping Computer - 1 Červenec, 2025 - 16:21
On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week. [...]
Kategorie: Hacking & Security

US disrupts North Korean IT worker "laptop farm" scheme in 16 states

Bleeping Computer - 1 Červenec, 2025 - 15:56
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. [...]
Kategorie: Hacking & Security

Esse Health says recent data breach affects over 263,000 patients

Bleeping Computer - 1 Červenec, 2025 - 15:04
Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. [...]
Kategorie: Hacking & Security

Ubuntu 25.10 Brings Rust-Based Tools to Security-Conscious Admins

LinuxSecurity.com - 1 Červenec, 2025 - 14:29
Anyone following the trajectory of Ubuntu over the past few years could have seen this coming: Canonical isn't just iterating; it's evolving. And with its 25.10 release ''aptly named Questing Quokka''Ubuntu takes a decisive step in reinforcing its reputation as the go-to Linux distribution for secure, reliable environments. If you're an admin with a sharp eye on system security or someone deeply vested in the intersection of programming trends and operational resilience, this is the release to sit up and pay attention to.
Kategorie: Hacking & Security

Johnson Controls starts notifying people affected by 2023 breach

Bleeping Computer - 1 Červenec, 2025 - 13:47
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. [...]
Kategorie: Hacking & Security

Google fixes fourth actively exploited Chrome zero-day of 2025

Bleeping Computer - 1 Červenec, 2025 - 12:59
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. [...]
Kategorie: Hacking & Security

Zuckerberg announces Meta Superintelligence Labs

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 12:26

Meta Platforms CEO Mark Zuckerberg has formally announced the creation of Meta Superintelligence Labs (MSL) in a memo to employees.

The labs will be run by Alexandr Wang, until recently CEO of Scale AI, the data labelling company in which Meta bought a 49% stake for $14.8 billion last month.

Wang’s title at Meta will be chief AI officer, according to Bloomberg, which reviewed Zuckerberg’s memo announcing the move.

The creation of the lab to pursue “superintelligence and Wang’s role in it is no surprise, having been widely anticipated since the Meta-Scale AI deal was struck.

MSL will oversee Meta’s efforts on AI products and applied research, where Wang will be supported by Nat Friedman, previously CEO of GitHub, Zuckerberg wrote in the memo according to Bloomberg.

The company announced 11 new hires for MSL, including staff poached from rival AI groups at Anthropic, Google, and OpenAI.

“As the pace of AI progress accelerates, developing superintelligence is coming into sight. I believe this will be the beginning of a new era for humanity, and I am fully committed to doing what it takes for Meta to lead the way,” Zuckerberg wrote, according to the report.

Kategorie: Hacking & Security

Download the ‘AI-ready data centers’ spotlight report

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 12:00

Download the July 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.

aria-label="Embed of AI-ready data centers.">AI-ready data centersDownload
Kategorie: Hacking & Security

Download the ‘AI-ready data centers’ spotlight report

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 12:00

Download the July 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.

aria-label="Embed of AI-ready data centers.">AI-ready data centersDownload
Kategorie: Hacking & Security

That ‘One Big Beautiful Bill’ tried to tie genAI deregulation to broadband funding

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 12:00

(Editor’s note: After this story was posted, the US Senate dropped the controversial measure from the spending bill.)

There is so much to hate about the “One Big Beautiful Bill” now making its way through Congress. And among the things near the top of my list is how it deals with various tech industry issues — especially the proposed freeze on state and local governments’ ability to regulate generative AI (genAI). 

If passed, it would prevent states from enacting or enforcing laws aimed at curbing genAI-related harms, such as deep fakes, algorithmic discrimination, and misuse of personal likenesses. Its supporters, such as Senate Commerce Chair Ted Cruz, (R-TX), say it’s a way to prevent a fragmented regulatory landscape that, they argue, could stifle innovation and US competitiveness against China. 

Yeah, right. It’s really just a giveaway to genAI companies to do whatever they want with any of your data they can hoover up. Given that the courts have recently decided that these companies can essentially get away with ignoring copyright laws, I foresee great times ahead for them, while everyone else gets taken to the cleaners.

I’m far from the only one who’s ticked off. Even some Republicans aren’t crazy about giving genAI companies a blank check for your data. Over the weekend, the provision was revised after negotiations between Cruz and Sen. Marsha Blackburn (R-TN). The latest version reduces the ban from 10 years to five.

The new language also introduces exemptions for state laws targeting unfair or deceptive practices, child safety, child sexual abuse material, and publicity rights. However, the states of Alabama, Arizona, California, Delaware, Hawaii, Indiana, Montana, and Texas have already made it illegal to distribute deceptive genAI-generated political ads and “news,” and would likely see their laws rendered ineffective. Funny that, eh? 

In addition, the stick being used to ensure states don’t try to get in genAI’s way is that if they do, they won’t get $500 million in new federal funds for AI infrastructure and deployment. On top of that, broadband funding from the $42.5 billion Broadband Equity, Access, and Deployment (BEAD) program is also being held hostage.

Under Cruz’s proposal, states that enact or enforce AI regulations risk losing access to both new and already-allocated BEAD funds. If they don’t kowtow to Republicans and their genAI supporters, they can’t improve your broadband.

In other words, if states pass genAI regulations, they can’t have BEAD money to bring broadband access to poor and rural residents. The provision triggered an extraordinary backlash from state officials. In early June, 260 state lawmakers from all 50 states, Democrats and Republicans alike, sent a letter to Congress condemning the moratorium as an assault on state sovereignty and consumer protection. 

They argue that states have been at the forefront of regulating genAI to address real-time harms and that a years-long federal preemption would “cut short democratic discussion of AI policy in the states with a sweeping moratorium that threatens to halt a broad array of laws and restrict policymakers from responding to emerging issues.”

The opposition is not limited to state-level Republicans. Hard-line Republicans, including Marjorie Taylor Greene, (R-A.), Josh Hawley, (R-MO), Rand Paul, (R-KY), and Ron Johnson, (R-WI), have joined Democrats in calling the provision federal overreach that undermines states’ rights. I never thought I would agree on anything with Greene and the rest, but here we are. She has threatened to withdraw her support for the entire bill over the issue. 

The timing of the provision is particularly obnoxious; after years of delay, $42.5 billion in BEAD funding had finally been allocated under the Biden administration. Then in June, the Trump administration rewrote BEAD’s rules and dumped all the previously awarded contracts. 

Now, internet service providers (ISPs) that had been awarded funding must re-bid for the same contracts. Worse still, under President Donald J. Trump’s “tech-neutral” approach, companies such as Elon Musk’s Starlink will now get billions more. How much more? Under the original BEAD rules, Starlink would have gotten up to $4.1 billion. The new Musk-friendly approach could boost Starlink’s share to as much as $20 billion. 

It must be nice to have friends in the White House. 

Of course, in the meantime, poor and rural users will still be denied access to high-speed broadband for another few years because of the BEAD delays. The Senate parliamentarian has ruled that the genAI rules moratorium can remain in the reconciliation bill, provided it is tied only to the new $500 million in funding — not the broader $42.5 billion BEAD allocation. Even so, a close reading of the bill’s language suggests that states could still be at risk of losing BEAD funding. In short, as Sen. Maria Cantwell, (D-WA), pointed out earlier, this provision “forces states receiving BEAD funding to choose between expanding broadband or protecting consumers from AI harms for 10 years.”  

So, what’s going to happen? Well, for one thing, that Big Beautiful Bill won’t pass by the 4th of July. Sorry Trump. Even if the Senate does manage to pass it in the next few days, the Senate and House still have to hammer out the differences between their bills and then pass the final revision. There’s simply not enough time.

Ultimately, though, some version of the legislation will pass. Very few Congress members are willing to stand up to Trump when push comes to shove. And that means  AI companies will be allowed to operate without any legal guardrails, and rural broadband will continue to roll out at an ever slower pace.  

Kategorie: Hacking & Security

Cloudflare offers to make AI pay to crawl websites

Computerworld.com [Hacking News] - 1 Červenec, 2025 - 12:00

Cloudflare will block AI crawlers from accessing new customers’ websites without permission starting July 1 and is testing a way to make AI pay for the data it gathers.

Furthermore, website owners can now decide who crawls their sites, and for what purpose, and AI companies can reveal via Cloudflare whether the data they gather will be used for training, inference, or search, to help owners decide whether to allow the crawl.

The company began enabling its customers to choose to block AI crawlers in July 2024. Since then, it said, over one million customers have opted in.

“For decades, the Internet has operated on a simple exchange: search engines index content and direct users back to original websites, generating traffic and ad revenue for websites of all sizes. This cycle rewards creators that produce quality content with money and a following, while helping users discover new and interesting information,” Cloudflare said in its announcement. “That model is now broken. AI crawlers collect content like text, articles, and images to generate answers, without sending visitors to the original source — depriving content creators of revenue, and the satisfaction of knowing someone is reading their content. If the incentive to create original, quality content disappears, society ends up losing, and the future of the Internet is at risk.”

Pay per crawl

Cloudflare is testing a new mechanism payment mechanism, pay per crawl, that enables website owners to decide whether they will permit AI crawlers to access their content, and if that access will be free or they will charge for it. The technology, now in private beta, integrates with existing web infrastructure to create a framework to enable site owners to require payment, and tell the crawler the price via an HTTP “402 payment required“ response code.

The site owner can currently set a single price for the site or choose to let certain crawlers access it at no charge, but Cloudflare expects the feature to evolve over time, perhaps to allow dynamic pricing, or charge different amounts for various types of content.

“The true potential of pay per crawl may emerge in an agentic world,” the company said in a blog post about the new feature. “What if an agentic paywall could operate at the network edge, entirely programmatically? Imagine asking your favorite deep research program to help you synthesize the latest cancer research or a legal brief, or just help you find the best restaurant in Soho — and then giving that agent a budget to spend to acquire the best and most relevant content.”

Cloudflare acts as the merchant of record for the purchases, billing the crawlers and distributing the funds to the site owners.

If the crawler doesn’t yet have a billing relationship with Cloudflare, it is blocked but receives an error message indicating that with such a relationship it might gain access to the content.

Cloudflare has invited both crawlers interested in paying for content and content owners who wish to be paid to sign up for the beta; existing enterprise customers can also contact their account executive.

A win-win

Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, sees the approach as a positive move which addresses concerns about unauthorized use of content by AI crawlers..

“By giving website owners control over how their content is accessed and used by AI crawlers, this solution empowers content creators to protect their intellectual property and potentially monetize their content more effectively,” he said. “The requirement for AI companies to disclose the purpose of their crawlers introduces a level of transparency and accountability that has been lacking in the industry, helping to build trust between content creators and AI companies.”

But he does see unresolved issues that need addressing, such as how to handle what he called “legacy” information that had already been scooped up by crawlers.

Jean-Louis favors industry-driven solutions over punitive regulations: “This move by Cloudflare could indicate a shift in the industry toward supporting a fair and sustainable digital ecosystem, balancing the needs of content creators and AI innovators: a win-win situation.”

Kategorie: Hacking & Security

U.S. warns of Iranian cyber threats on critical infrastructure

Bleeping Computer - 1 Červenec, 2025 - 00:24
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. [...]
Kategorie: Hacking & Security
Syndikovat obsah