Agregátor RSS

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo JacobNewsroomhttp://www.blogger.com/profile/[email protected]

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 Newsroomhttp://www.blogger.com/profile/[email protected]

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks.…

A decision by Microsoft to start retiring Office 365 connectors within Microsoft Teams has resulted in a firestorm of negative reaction.

According to a blog post released last week by Microsoft, starting August 15, all new “connector creation will be blocked within all clouds” and effective October 1, “all connectors within all clouds will stop working.”

Office connectors in Microsoft Teams, the blog notes, deliver content and service updates directly from third-party services into a Teams channel, allowing team members to stay informed and in sync. The connectors link to services such as Trello, GitHub, RSS feeds, BitBucket, and Azure DevOps, giving users the ability to, for example, collaborate and manage software projects online, manage and collaborate on code projects, receive RSS feeds, and allow a user to receive notifications when videos are created, all within Teams.

To replace the connectors, authors of the blog wrote, “We recommend Power Automate workflows as the solution to relay information into and out of Teams.” Known as Microsoft Flow until late 2019, the SaaS platform optimizes and automates workflows and business processes.

Judging from the bulk of the 127 comments posted in response to the blog post by late afternoon Tuesday, people are outraged. One asked Microsoft if it has not learned from “insufficient transition deadlines. You have given users three months, two of which are during peak holiday season where many staff will be on annual leave for parts of it, to move service integrations away from connector format to possibly something they have never even looked at it. Why?”

Another wrote, “what are you doing? This is a major change for us, coming in the middle of the summer vacation. You should show more respect and not make such changes during the vacation when most people are away from work. Very disappointing!”

Other reactions ranged from “this timeline is a joke, hopefully there was a typo and you meant October ’25” to “the transition time is insufficient. More importantly, Power Automate does not currently replace the functionality of Connectors. I vote that Microsoft delays this transition by at least one year.”

Jeremy Roberts, senior analyst at Info-Tech Research Group, said today, “it is not entirely clear why they are choosing to do  this. They say it is about scale and depth, but there are certainly some kinks they will have to work out. (For example, you can’t send a message to a private channel, which is going to be a whole thing.) I do not know that their user base was begging for the sort of scale they would get from Power Automate replacing their basic connectors. The cynic in me says they derive benefit from pushing Power Automate premium licensing.”

Microsoft, he said, ”has been under some heightened anti-trust scrutiny, and they have done things like unbundling Teams. Perhaps this is a response to increasing regulatory pressure? Teams sits at the nexus of a bundled offering, or at least that was its initial promise. Perhaps introducing this further complexity is a way to demonstrate to regulators, especially in Europe, that Teams is not far and away the market leader? That is a bit conspiratorial but the thought had crossed my mind.”

He described Power Automate as “powerful, but it is more complex than a simple webhook. I could see a situation where the effort required to build and maintain in Power Automate exceeds the value of the notification into the Teams channel that the webhook provided.”

In reaction to the short transition period, Roberts noted “the many complaints about this in Microsoft and other sysadmin communities. A few months for something like this does feel rushed, though maybe it is best to rip the band-aid off.”

Overall, he said, the move “feels anti-consumer, though Microsoft would probably argue that Power Automate brings greater opportunities for consumers. The question is, do they want to put the time, effort and money in to realize those opportunities?”

More Microsoft news:

• Why Microsoft keeps adding new features to Windows 10
• Microsoft begins to phase out ‘classic’ Teams
• Microsoft delays Recall launch amid privacy concerns

Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Patch Tuesday  Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation.…

RT News snarks back after it's accused of building social nyet-work for Kremlin

The FBI and cybersecurity agencies in Canada and the Netherlands say they have taken down an almost 1,000-strong Twitter bot farm set up by Russian state-run RT News that used generative AI to spread disinformation to Americans and others.…

Podle belgické spotřebitelské organizace Testaankoop routery Linksys Velop Pro 6E a Velop Pro 7 při instalaci posílají SSID nakonfigurované Wi-Fi sítě a příslušné heslo v otevřeném tvaru na servery Amazonu (AWS) [Stack Diary, Testaankoop].

„Pojistnou smlouvu už mám dlouho a ani nevím, co v ní mám zahrnuto. A možná ji vůbec nepotřebuji.“ Ukážeme si pojištění nemovitosti a domácnosti v praxi a číslech. Proč má někdo levné pojistné pro domácnost a nemovitost a jiný třeba desetkrát dražší?

Dnes se podíváme ne pomocníka pro práci s objekty v Kubernetes, vyzkoušíme osobního digitální asistenta pro organizaci práce a nakonec budeme analyzovat data ze sledování pohybu očí.

Smart Factory je továrna nového typu. Řídí ji umělá inteligence, která vnímá výrobní proces, rozhoduje se, podle potřeby zasahuje a také se autonomně vyvíjí, aby co nejlépe plnila zadání, tedy výrobu skládacích telefonů MIX Fold 4 a MIX Flip, které se brzy objeví na trhu. Smart Factory je dotek budoucnosti.

Oxid uhličitý je skleníkový plyn. Metan je ještě horší skleníkový plyn. Přesto by přeměna oxidu uhličitého na metan mohla pomoci úsilí zvládnout oteplování klimatu. Nová metoda elektrokatalýzy s využitím nanoshluků mědi jako velmi účinného katalyzátoru by to mohla zařídit.

Po výsledku dvanáctijádrového Ryzen 9 9900X se v databázi Geekbench objevil i osmijádrový Ryzen 7 9700X a šestijádrový Ryzen 5 9600X. Zvlášť ten vypadá zajímavě…

Každý měsíc vybíráme nejlepší mobily v několika kategoriích • Smartphony dělíme podle výbavy a ceny, aby si mohl vybrat každý • Nezapomínáme ani na tablety a tlačítkové telefony

OpenAI models are still accessible through Microsoft Azure’s cloud in China despite the fact that the company has banned the use of these models in the region. The backdoor access to the models is part of a changing dynamic in China’s tech space, where emerging players hope to fill the gap the ban is poised to leave in the market, even as US-based tech firms look to circumvent growing trade restrictions.

Azure China operates as a joint venture with local company 21Vianet in China, which offers OpenAI’s service, according to an exclusive report by The Information on Monday. Three Azure customers in China also confirmed to the publication that they still have access to OpenAI’s models; two claimed they’ve used OpenAI’s API to train AI models sold to Chinese customers.

Microsoft confirmed to Computerworld Tuesday that Azure regions operated by 21Vianet are physically separated instances from Microsoft’s global cloud, though they are built on the same cloud technical base as its global peers. A company spokesperson said via email that “there has been no change” to its Azure OpenAI service offerings in China, and eligible customers can still receive access “via models deployed in regions outside China.”

Two weeks ago OpenAI sent letters to Chinese users warning it plans to cut off its AI development software and tools starting in July, according to multiple reports, incuding oneby Time magazine. This caused a rush by other China-based AI companies to incentivize developers using OpenAI to switch to their platform. 

“Already we see Baidu, Tencent, Alibaba and many other Chinese companies stepping in with heavy discounts in an attempt to pick up current OpenAI users in China,” said Brad Shimmin, chief analyst, AI and data analytics, at Omdia.

Baidu, for example, has promised free AI model fine-tuning and expert guidance on its flagship Ernie model, along with 50 million free tokens developers can use to query the bot, according to the Time report. Alibaba and Tencent posted ads encouraging the move, while Chinese technology pioneer Kai-fu Lee’s 01.AI is promoting heavy discounts to use its service, Time reported.

Meanwhile, at the World AI Conference in Shanghai last week, another Chinese AI company, SenseTime, unveiled its latest model — SenseNova 5.5; like Baidu, it offered companies 50 million free tokens to use the model, according to a separate report by The Guardian. SenseNova also promised to deploy staff for free to help new clients migrate from OpenAI to SenseTime’s AI tools.

Getting around trade restrictions

Microsoft invested billions of dollars in OpenAI in January 2023 and is closely aligned with the ChatGPT maker, integrating its technology through its own AI chatbot called Copilot, which is hosted on Azure and an integral part of its own products and services.

Microsoft did not provide a motive for allowing access to OpenAI in China through Azure. Shimmin, however, noted that China is a “sizeable market opportunity” for “mega-brands” like Microsoft, Google, Meta and Apple, “one worth the additional cost of establishing sometimes complex operating policies in order to do business in-country.”

For many companies operating within China’s borders, restrictions on technology and other products from US vendors are nothing new given the long-term battle between the two nations over tech supremacy. “Many companies have and are actively circumventing in-house blocks from the government using VPN services,” Shimmin said. 

The US most recently imposed a series of tight restrictions on the export of microprocessors to China. However, US President Joseph R. Biden Jr. made it clear last year that the tech trade war with China extends to other technology, including AI.

A competitive advantage

In addition to OpenAI, a number of US-based AI services aren’t currently operating in China, including Anthropic, which does not support mainland China or Hong Kong, and Amazon Bedrock from AWS, which is only available in the region in Singapore, Japan, and Australia, Shimmin said.

Microsoft’s circumvention of the OpenAI ban “underscores its commitment to the region and to its customers,” Shimmin said. 

It also could help the company maintain its competitive edge and market share, not only in AI but also in China’s lucrative cloud services market, even while keeping its relationship with OpenAI on track, said Stephen Kowski, Field CTO at SlashNext Email Security+.

“By offering continued access to OpenAI models, Microsoft can attract and retain enterprise customers seeking advanced AI capabilities,” he said. “This approach allows Microsoft to balance its partnership with OpenAI and its business interests in China.”

When given the choice to access OpenAI GPT models directly from OpenAI or via Microsoft OpenAI Azure Service, most enterprise customers would likely opt for Microsoft, Shimmin noted, “because they can access GPT without worrying about issues like data leakage or model privacy/security.”

More OpenAI news:

• OpenAI announces new multimodal desktop GPT with new voice and vision capabilities
• OpenAI unveils ‘Model Spec’: A framework for shaping responsible AI
• Is OpenAI’s Sam Altman becoming a liability for Microsoft?

Google v květnu oznámil novou podobu služby Find My Device • Při porovnání s Apple Find My doslova pohořela • Lokátory pro Android tahají za kratší konec, a to kvůli Googlu

Microsoft has ordered its staff in China to use iPhones for their work starting in September.

The decision effectively bars the use of Android smartphones by the tech giant’s Chinese staffers, Bloomberg reports.

The decision has more to do with standardising use of the Microsoft Authenticator and Identity Pass app among all personnel rather than security concerns about the Android mobile operating system.

Recently, open-source security was rocked by the discovery of an alarming Remote Code Execution (RCE) vulnerability within the Ghostscript document conversion toolkit '' CVE-2024729510 . This security breach poses a severe threat and can compromise countless Linux systems worldwide. To help you understand and protect against this threat, I'll walk you through how this flaw works, its impact, and practical strategies for mitigating your risk.

Evropský kosmický průmysl čekal na raketu dlouhé roky • Po ukončení programu Ariane 5 jsme byli odkázání na SpaceX • Pokud se to dnes podaří, Evropa se vrátí do první raketové ligy