Agregátor RSS

US politicians and Israeli officials among the top targets for the IRGC’s cyber unit

Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign.…

For almost as long as it has existed, Google has been at the center of controversies around its data strategy, ranging from privacy concerns, data retention with its related cybersecurity implications, and compliance, to the debate about what kind of limits there should be for leveraging data.

A series of Google internal documents, which were entered as exhibits in an ongoing United States prosecution of the company on antitrust issues, shines a light on the data giant’s strategy and positioning. The documents are roughly seven years old, so these memos may not reflect Google’s current thinking, but they do give IT leaders a peek into Google’s candid views on data strategies.

The Google documents are part of the United States Vs. Google litigation being heard in the US District Court for Virginia’s Eastern District, and were made public August 6.

The internal documents made clear Google’s enthusiasm for coordinating all possible data about users so that they could sell the most focused details to advertisers. Google said that it needs to “use a combination of advertiser data such as email subscription lists, Google signed-in data such as web traversal data, Gmail data such as receipts, and subscribed newsletters, to target users across multiple devices.” 

It also showed a fondness for various corporate-speak euphemisms for spying on users, such as “sharing of conversational corpus” and “being able to harvest the conversation signals that could improve ad timeliness and applicability will be important to stay competitive.” 

Google said that it needed to invest more heavily “to improve our understanding of the message that is being exchanged between the parties. To be used to better understand the funnel position of a user and as well as broad quality uplift.”

Google also wrote that it needed to “evaluate tradeoffs between user happiness and shorter-term revenue gains.”

The notes also revealed hesitation by some at Google to push data usage too far, saying, “The capabilities of Gmail ads format has remained a quite limited set over the last couple of years, mostly due to security concerns by the consumer Gmail team.”

One document did express corporate worries about privacy, but it was not involving the privacy of users. It involved the privacy of Google itself. 

“Once again, the privacy protections here are key. We would never allow audiences generated with Google data to leave the Google ecosystem, nor impression level reports based on those media buys,” it said. “Ad tech vendors or agencies could then use these reports and the ability to activate media from them within their own systems. We suggest we require Google-branded, or alternatively white-labeled or otherwise branded by the partner.”

The documents also show that Google at the time was starting to see the need to focus more on what users were doing online and less on where they were doing it. Google said that it wanted to focus on “geo-targeting based on weather/travel searches, not IP address, auto make/model/year, e-commerce product catalogs, user profile/ transaction data, etc.”

Google strategists elaborated on these possibilities as they evaluated efforts by various companies that were luring away Google advertisers. 

“Services have enough data — typically location, logged-in users, intent data — to offer unique targeting aligned with their brand. Weather.com can command a premium with weather data, Pandora can optimize based on what type of music someone listens to, etc. TripAdvisor can target based on destination searches. Commerce companies can even expand into audience extension, buying third-party inventory on behalf of advertisers. We lost Wayfair because AppNexus is better at this than us,” the documents said.

“Audio services like Pandora and Spotify are heavily subscription-driven and many content companies are pursuing subscriptions with increasing success. NYT [New York Times] makes as much from subscriptions as ads and wants to emulate Netflix’s sophistication with upsells. Conde Nast is trying to build a universal subscriber ID to manage on-site subscription offers.”

The documents also included management discussions about Google’s strategic weaknesses, pointing out that some advertisers who had left Google fared significantly better.

“Weather.com ended exclusivity with Google and is seeing 30%+ revenue lift,” it said.

The documents also looked at Gmail’s global challenges at the time, under “coverage shortcomings,” noting:

“Gmail lacking strong penetration in Apple devices. No obvious differentiator from Apple Mail to merit standalone download, unlike data differentiator in Maps. Gmail lacking footprint in key countries/regions. China: no Google products. Japan: Yahoo mail is the leading provider. Russia: Mail.ru is the key player.”

The Virginia case, one of multiple antitrust actions involving Google at the moment, is heading to a jury trial. Many more documents, some of them much more recent, are expected to be published soon. Those are likely to shed even more light on Google’s data strategies.

Obrázková sociální síť Instagram navyšuje počet fotek a videí, které mohou uživatelé publikovat v rámci jednoho příspěvku. Každý příspěvek může nyní obsahovat až 20 fotek nebo videí, zatímco od roku 2017 až dosud mohli uživatelé přidat maximálně 10 položek. Podrobnosti přináší magazín ...

Po sadě dvou jednočipletových Ryzenů jdou na trh i vícečipletové modely, dnes se podíváme na vrcholový model pro socket AM5.

Ukrajinci použili vodíkový palivový článek ze zničeného automobilu Toyota Mirai k sestrojení malé improvizované bomby. Podrobnosti přinesl portál Euromaidan Press. Dotyčná bomba po svém dokončení vážila zhruba 200 kilo, v důsledku čehož nemohla být shozena ze vzdušného dronu. Proto se vojáci ...

Microsoft’s facial matching verification system, Face Check, is now available. The feature, part of Entra Verified ID, offers a new way to confirm a user’s identity and protect against unauthorized login attempts, Microsoft said. 

Face Check works by comparing selfie footage taken on a user’s smartphone in real-time with a verified photo held on Microsoft’s servers — a passport photo or driver’s license, for example. The real-time selfie footage won’t be stored after a verification attempt, Microsoft said.

A successful match will confirm a user’s identity and authorize a login to an account. This could be useful for purposes such as remote employee onboarding or password changes, the company said. 

Microsoft’s Azure AI Vision Face API is used to power the face detection and recognition. The software can also conduct a “liveness” check, which helps prevent the use of a static photo or 2D video to trick the verification system, Microsoft said, so deepfakes shouldn’t be effective.  

Customer organizations can choose the level of confidence required to accept a Face Check login attempt. The higher the confidence score threshold, the less likely Face Check will incorrectly verify an impersonator. The default score is a 50% match, which equates to a one in 100,000 chance of getting a false positive; at 90%, the chances are  one in a billion, Microsoft said. (A higher confidence score requirement also increases the likelihood a legitimate login attempt will be rejected.)

Changes in a user’s appearance compared to the verified photo — a different haircut, for example –—could lower the match score, as well as differences in surroundings, such as lighting.

Microsoft Entra ID customers can access Face Check as a standalone service (which costs 25 cents per verification) or with a subscription to the Entra Suite paid add-on ($12 per user each month).  

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerabilityRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Ruská prokuratura požaduje zákaz distribuce počítačové hry Last Train Home (ProtonDB Platinum), kterou vyvinulo brněnské studio Ashborne Games. Hra o československých legionářích podle ruských úřadů podněcuje nenávist vůči vládě v Moskvě a vojákům Rudé armády.

Tails (The Amnesic Incognito Live System) offers hope to privacy activists and anyone seeking anonymity online. A live operating system and secure Linux distro that can be started from any USB stick or DVD, Tails provides anonymity by routing internet connections through Tor and leaving no trace on computers being used unless explicitly asked by the user.

Na Kickstarteru běží kampaň na podporu zařízení CrowView Note aneb notebooku bez procesoru a paměti aneb přenosného monitoru s klávesnicí. Objednat si lze i rozšiřující desky pro snadné připojení Raspberry Pi 5 a Jetson Nano Dev Kit.

He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated

A Russian national is taking a trip to prison in the US after being found guilty of peddling stolen credentials on a popular dark web marketplace.…

Alza zlevnila monitor MSI Pro MP223 na 1590 Kč, loni na podzim přišel na trh s o 900 Kč vyšší cenou. A levněji než nyní dosud nebyl. Výhodněji nekoupíte ani žádnou alternativu Monitor má 21,5 palce při rozlišení 1920 × 1080 px a využívá panel typu VA s podporou 8bitových barev. Slibuje 99% ...

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hollywood actors’ union SAG-AFTRA said it has signed an agreement with talent marketplace Narrativ to let advertisers buy the rights from actors to recreate their voices using AI.

According to Reuters, the agreement allows the actors themselves to set the price for the digital voice copy, provided that it is at least equivalent to SAG-AFTRA’s minimum wage for audio-based advertising. Brands must also obtain consent from the actor for any ad that uses a digital voice copy.

“It is understandable that not all members will be interested in taking advantage of the opportunities that licensing their digital voice copies can offer. But for those who want to, you now have a safe alternative,” SAG-AFTRA official Duncan Crabtree-Ireland said in a statement.

It’s long been possible to encrypt the contents of a Windows PC using the included BitLocker encryption tool. Beginning this fall, with the newest update of Windows 11 (version 24H2), the encryption will be activated by default during re- or new installations, according to The Verge.

Microsoft also plans to lower the system requirements for BitLocker; for example, the computer no longer needs to support Hardware Security Test Interface (HSTI) or Modern Standby.

In a normal update, encryption will not be turned on automatically, meaning users shouldn’t run into trouble accessing files if they update from Windows 11 23H2 to 24H2, for example.

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help