Agregátor RSS

Jaderné noviny – přehled za leden 2025

AbcLinuxu [články] - 6 Únor, 2025 - 06:00

Přehled lednových vydání Jaderných novin: stav vydání jádra, citáty týdne a seznam článků týkajících se jádra.

Kategorie: GNU/Linux & BSD

Democrats demand to know WTF is up with that DOGE server on OPM's network

The Register - Anti-Virus - 6 Únor, 2025 - 02:49
Are you trying to make this easy for China and Russia?

Who bought it, who installed it, and what's happening with the data on it.…

Kategorie: Viry a Červi

Legislators demand truth about OPM email server

Computerworld.com [Hacking News] - 6 Únor, 2025 - 02:09

Two members of the US House of Representatives want answers from the US Office of Personnel Management (OPM) over allegations that a “server of unknown nature” was used last month to “access sensitive government data without regard for crucial security and privacy protections.”

In a letter sent Tuesday to Charles Ezell, acting director of the OPM, an independent agency that manages the US federal civil service, Gerald Connolly, ranking member of the Committee on Oversight and Government Reform, and Shontel Brown, ranking member of the Subcommittee on Cybersecurity, Information Technology and Government Innovation, wrote that on Jan. 24, “millions of federal employees received an email from a new email address, [email protected], stating that it was a ‘test of a new distribution and response list.’”

It went on to say that “the email address sent several additional tests before sending a mass email to the federal workforce with the subject ‘Fork in the Road’ detailing a potentially illegal resignation offer for federal employees.”

In addition, they wrote, “several days prior to the first test, OPM did not have the capability to email a distribution list of this scale. Acquiring such a capability securely and in compliance with federal cybersecurity, privacy, and procurement laws would likely not have been possible in such a short timeframe.”

Connelly and Brown added that “compounding our concerns, other reports suggest that allies of Elon Musk recently installed at OPM have revoked senior career employee access to OPM computer systems containing extremely sensitive information, including the dates of birth, Social Security numbers, home addresses, pay grades, and appraisals of millions of government workers.”

At best, the letter stated, the Trump administration’s actions at OPM to date “demonstrate gross negligence, severe incompetence, and a chaotic disregard for the security of our public. At worst, we fear that Trump Administration officials know full well that their actions threaten to break our government and put our citizens at risk of foreign adversaries like China and Russia gaining access to our sensitive data.”

Its authors wrote that the lack of security and oversight associated with the new “email system and data management practices threatens to expose federal workers to personalized social engineering or spear phishing attacks to gain access to government systems. For example, it appears the effort to distribute the mass Fork in the Road email may have subverted cybersecurity controls in the National Oceanic and Atmospheric Administration (NOAA) email system, leading to the agency’s 13,000 employees receiving a flood of inappropriate and spam email.”

While the letter requested records and logs, as well as “all emails, documents, and communications relevant planning and execution of the initiative,” it also asked that Ezell present the information to the Committee on Oversight and Government Reform on Feb. 14. To date, no such meeting has been scheduled.

Computerworld reached out to the OPM press office regarding the letter and was told via email, “we do not have a comment on this.” Will McDonald, the communications director for Brown, who represents Ohio’s 11th Congressional District, was also contacted, and he said there has as yet been no response to the letter from OPM.

Potential privacy and security risk

Erik Avakian, security counselor at Info-Tech Research Group said the “recent development regarding OPM and the alleged issues regarding an email server being deployed on the agency network and emails being distributed by the agency to federal employees raise potential security and privacy concerns that, if substantiated, could be out of sync with well-defined cybersecurity best practices and privacy regulations.”

Most important, he said, would be the way in which the system had been deployed onto the federal network, “particularly in light of the many existing US federal government-required processes, procedures, and checks a system would need to undergo before receiving green light approval for such a fast-tracked deployment. There could be fast-track processes in place for such instances.”

However, even in such cases, said Avakian, “any deployment of systems or tools would certainly, as best practice, need to be reviewed for security vulnerabilities, and its architecture checked and hardened, at a minimum, to be aligned with the federal security requirements for systems deployed on the network prior to going live.”

The question would be whether the processes were followed, he said. “In any case, there could be quite a checklist of issues regarding Compliance with Cybersecurity Frameworks, Best Practices, and the Federal Government’s Memo regarding the Implementation of Zero Trust, to name a few, as well as numerous privacy laws.”

Aside from asking Ezell to appear at a briefing, the letter also asked that the OPM provide:

  • A list of any information technology equipment installed at OPM between January 21, 2025, and January 24, 2025, and used to support the distribution of the “Fork in the Road” emails, including a description of how such equipment was procured.
  • A list of the individuals who installed and/or accessed the equipment, including whether they were OPM employees at the time of their installation/access of the equipment and, if so, under what authority they were hired; and  what background investigation and clearance processes they underwent as part of the hiring process.
  • What steps were taken to “safeguard the privacy of the millions of federal employees included in those databases and repositories.”
  • A description of the types of IT assets, software systems, code, or other tools used to collect information.”

Avakian said that in terms of process and procedures, one question raised was whether the deployment of the email system underwent a Privacy Impact Assessment (PIA) before deployment of such a system on the production network.

If not, “the omission of the PIA could imply non-compliance with established federal cybersecurity practices and privacy laws such as the E-Government Act of 2002, mandating that all US federal agencies conduct PIAs before implementing systems, particularly those that store or handle Personally Identifiable Information (PII). “

The PIA, said Avakian, “would account for and amount to an example of just one of the assessments a system would need to undergo before deployment. While there is the possibility of OPM to submit a retroactive PIA, it would still position OPM’s initial failure to perform this assessment as a significant issue and potential legal hurdle.”

Mass ‘deferred resignation’ offer could cause loss of critical expertise

According to a release, a letter sent by Connolly and other Democratic members of the oversight committee to President Donald Trump on Monday requested “documents and information regarding his ‘deferred resignation’ offer sent en masse to the federal workforce, and urging him to rescind the offer.”

They wrote that it “would precipitate a mass exodus of the most experienced and capable federal employees, leaving our agencies severely understaffed and incapable of fulfilling their responsibilities. The consequence of this brain drain will be felt by every American.”

Committee members argued, “without the expertise and institutional knowledge that so many federal employees bring to their work, our government will be incapable of responding effectively to national emergencies, serving the American public, or even carrying out routine operations. The resignation offer sets the stage for an unparalleled crisis in our government’s ability to deliver for the American people.”

Kategorie: Hacking & Security

DuckDB 1.2.0

AbcLinuxu [zprávičky] - 6 Únor, 2025 - 01:34
Databáze DuckDB (Wikipedie) byla vydána ve verzi 1.2.0. S kódovým názvem Histrionicus (kačka strakatá). Z novinek lze vypíchnout, že například 🦆 může být nově použita jako vícebajtový oddělovač sloupců. 😂
Kategorie: GNU/Linux & BSD

Robocallers who phoned the FCC pretending to be from the FCC land telco in trouble

The Register - Anti-Virus - 6 Únor, 2025 - 01:04
Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator

In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FCC staffers via the VoIP telco.…

Kategorie: Viry a Červi

New Microsoft script updates Windows media with bootkit malware fixes

Bleeping Computer - 6 Únor, 2025 - 00:16
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]
Kategorie: Hacking & Security

Microsoft script updates bootable media for BlackLotus bootkit fixes

Bleeping Computer - 6 Únor, 2025 - 00:16
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]
Kategorie: Hacking & Security

Mixing Rust and C in Linux likened to cancer by kernel maintainer

The Register - Anti-Virus - 6 Únor, 2025 - 00:09
Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree

Updated  Developers trying to add Rust code to the Linux kernel continue to face opposition from kernel maintainers who believe using multiple languages is an unwelcome and risky complication.…

Kategorie: Viry a Červi

Zúčtování daní: Co teď donést do práce účetní, abyste mohli využít všechny daňové výhody?

Lupa.cz - články - 6 Únor, 2025 - 00:00
Blíží se termín, do kterého musíte do účtárny doručit dokumenty prokazující nárok na daňové slevy a odpočty od základu daně. Co od vás bude zaměstnavatel potřebovat, aby vám udělal daně?
Kategorie: IT News

Programovatelné IO na mikrořadičích RP2040 v Raspberry Pi Pico

ROOT.cz - 6 Únor, 2025 - 00:00
Dnes se seznámíme s unikátní vlastností Raspberry Pi Pico. Tyto jednodeskové mikropočítače obsahují PIO (Programmable IO), což jsou bloky ovládající vstupně-výstupní piny (GPIO). Ty se chovají jako samostatně programovatelné procesory.
Kategorie: GNU/Linux & BSD

Dohoda o provedení práce 2025. Jaká jsou nová pravidla výkonu práce a nároky zaměstnance, které musí zaměstnavatel zajistit

Lupa.cz - články - 6 Únor, 2025 - 00:00
Jaká jsou aktuální pravidla pro výkon práce na základě dohody o provedení práce po změnách v minulých letech? Na co všechno mají nyní zaměstnanci nárok podobně jako ti v pracovním poměru? A na co nárok nemají?
Kategorie: IT News

Monitoring, vizualizace a automatizace sítí, hlavní témata z CSNOG 2025

ROOT.cz - 6 Únor, 2025 - 00:00
Na setkání CSNOG 2025 se odborníci zaměřili na inovace v monitorování sítí, vizualizaci, automatizaci datových center a evoluci k SRv6. Diskutovalo se také o významu merchant siliconů a statistikách.
Kategorie: GNU/Linux & BSD

Nový čínský fúzní rekord slibuje zrychlení příchodu fúzní elektrárny

OSEL.cz - 6 Únor, 2025 - 00:00
Začátkem roku 2025 překonal čínský tokamak EAST svůj dřívější celosvětový rekord v délce udržení fúzního plazmatu. Poprvé v historii se podařilo překonat dobu tisíc sekund. Jde o další krok, který přibližuje dobu využívání fúzní energie. Čína intenzivně pracuje na dalších zařízeních a dostává se do čela i v této oblasti.
Kategorie: Věda a technika

Taiwan, klenot polovodičového priemyslu na dostrel

OSEL.cz - 6 Únor, 2025 - 00:00
Keď čínske vojnové lode plávajú niekoľko desiatok kilometrov od závodov TSMC na Taiwane, ktoré vyrábajú asi polovicu svetovej produkcie vyspelých čipov, taiwanská armáda je v pohotovosti a USA dvíhajú varovný prst. Dôvod na znepokojenie je jednoznačný: ak by tieto závody prestali pracovať, dôsledky pre svet by sa najmenej vyrovnali ropnej kríze z roku 1973.
Kategorie: Věda a technika

GeForce RTX 5070 Ti: Recenze 19. února, dostupnost 20. února

CD-R server - 6 Únor, 2025 - 00:00
Do vydání GeForce RTX 5070 Ti zbývají dva týdny. Karta, která je v zásadě ořezanou verzí GeForce RTX 5080
Kategorie: IT News

Workday to cut 1,750 jobs, shift focus to AI and global expansion

Computerworld.com [Hacking News] - 5 Únor, 2025 - 22:34

Workday said Wednesday it will lay off 1,750 employees, roughly 8.5% of its workforce, as part of a restructuring plan to invest more heavily in artificial intelligence (AI) and accelerate international growth.

The California-based company disclosed the layoffs in a filing with the US Securities and Exchange Commission, attributing the decision to its focus on what its leaders call “durable growth.” While details on specific departments affected were not provided in the filing, executives emphasized that artificial intelligence initiatives and overseas markets represent key areas where the company will continue hiring.

“Companies everywhere are reimagining how work gets done, and the increasing demand for AI has the potential to drive a new era of growth for Workday,” Carl Eschenbach, CEO of Workday, said in a memo to employees included with the filing.

Concern about customer support

Some industry observers are concerned about how Workday’s layoffs affect customer support. John Yensen, who leads the managed IT services firm Revotech Networks, said he believes customers will likely face disruptions to their support and service soon.

“AI could help offset this by automating routine inquires and streamlining the customer service process, but the largest concern, as in all similar cases, is whether AI support will able to handle and improve the level of service that enterprise clients expect and have become accustomed to,” he said.

Timothy DeStefano, associate professor of research at Georgetown University’s McDonough School of Business, suggested that the outcome will largely depend on the company’s approach to the restructuring.

“One way to try to prevent layoffs from affecting the level and quality of customer support is to avoid eliminating positions that are customer-facing or critical to customer engagement,” DeStefano said. “It may also be helpful for the business to cross-train employees so that the remaining workers can handle multiple roles during the transition.”

Workday did not immediately respond to a request for comment.

Strategy suggests a ‘careful realignment of resources’

Workday’s leadership has pointed to artificial intelligence as a central reason for the reallocation of resources. While the AI transition presents challenges, DeStefano noted that the investment could pay off: “Making investments in technology, particularly AI, is not cheap, but an accumulation of empirical evidence suggests that, if done correctly, performance improvements and efficiency gains can be achieved. However, it takes time and restructuring to implement new technologies, and thus, there may be some hiccups along the way.”

International expansion is another priority for Workday, which plans to seize the growing demand for cloud-based HR solutions outside the United States. DeStefano noted that the company is taking a three-pronged approach to ensure financial stability: “cost reductions, market expansion overseas, and investing in tools designed to enhance decision-making and improve efficiency. This is particularly relevant given the increasing competition within the market, increased consolidation through firm acquisitions, and the potential for slower demand due to higher interest rates.”

While specific regional targets weren’t disclosed, DeStefano observed that the company’s strategy suggests a careful realignment of resources. “Based on their statements, they have decided to close certain locations while opening new ones. This suggests that the geographical reorganization is designed to restructure their regional footprint to keep pace with evolving consumer demand across their markets,” he said. “Additionally, while the company is laying off employees, they are not enacting a hiring freeze. Instead, they have stated that they will add workers to critical locations and roles within the company, along with making AI investments, to maintain and enhance its applications for consumers throughout the transition and in the long run.”

Workday faces intense competition in HR software from both established firms and startups, according to Janice Quek, an analyst at investment research firm CFRA.

“However, the AI opportunity is clear, and the company will need to innovate in order to remain competitive in the enterprise software space,” Quek said. “On that front, it has released several AI products, including AI agents, that will unlock capacity for its users, with more solutions in the pipeline. We expect [Workday] to also leverage AI internally to alleviate talent gaps, streamline workflows, and automate their operational processes and services to smooth its transition and enhance its own execution.”

Kategorie: Hacking & Security

Robocallers posing as FCC fraud prevention team call FCC staff

Bleeping Computer - 5 Únor, 2025 - 22:26
The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. [...]
Kategorie: Hacking & Security

Ransomware payments fell by 35% in 2024, totalling $813,550,000

Bleeping Computer - 5 Únor, 2025 - 21:34
Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $813.55 million, down from $1.25 billion recorded in 2023. [...]
Kategorie: Hacking & Security

DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system

The Register - Anti-Virus - 5 Únor, 2025 - 20:30
CEO of Cloud Software a 'special government employee' probing for Team Elon

The US Treasury has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has "read-only" access to a vital federal government payment system that disburses trillions of dollars annually.…

Kategorie: Viry a Červi

CISA orders agencies to patch Linux kernel bug exploited in attacks

Bleeping Computer - 5 Únor, 2025 - 19:58
​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. [...]
Kategorie: Hacking & Security
Syndikovat obsah