Agregátor RSS

Fixes have been made, it appears, but disclosure or discussion is invisible

Column  Found a bug? It turns out that reporting it with a story in The Register works remarkably well ... mostly. After publication of my "Kryptonite" article about a prompt that crashes many AI chatbots, I began to get a steady stream of emails from readers – many times the total of all reader emails I'd received in the previous decade.…

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News.

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News. Newsroomhttp://www.blogger.com/profile/[email protected]

Povedená a kompletně bezplatná aplikace se postará o velmi rychlé skrytí citlivých částí fotografie bez obav o soukromí. Použití je jednoduché a data z aplikace nejsou nikam odesílána.

Povedená a kompletně bezplatná aplikace se postará o velmi rychlé skrytí citlivých částí fotografie bez obav o soukromí. Použití je jednoduché a data z aplikace nejsou nikam odesílána.

Freeware AutoIt also used to hide entire PowerShell environments in scripts

A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.…

Služba Copernicus Climate Change Service (C3S) publikovala na svých stránkách pravidelnou měsíční zprávu o stavu klimatu. Většina poznatků vychází ze souboru dat, který využívá miliardy měření ze satelitů, lodí, letadel a meteorologických stanic po celém světě. Aktuální výsledky bohužel nejsou ...

Výkonnostní údaje o nové generaci procesorů Arrow Lake, které Intel prezentuje partnerům, nepůsobí příliš přesvědčivě. Mezigenerační posun výkonu připomíná půlgeneraci Zen → Zen+ od AMD…

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo JacobNewsroomhttp://www.blogger.com/profile/[email protected]

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 Newsroomhttp://www.blogger.com/profile/[email protected]

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks.…

A decision by Microsoft to start retiring Office 365 connectors within Microsoft Teams has resulted in a firestorm of negative reaction.

According to a blog post released last week by Microsoft, starting August 15, all new “connector creation will be blocked within all clouds” and effective October 1, “all connectors within all clouds will stop working.”

Office connectors in Microsoft Teams, the blog notes, deliver content and service updates directly from third-party services into a Teams channel, allowing team members to stay informed and in sync. The connectors link to services such as Trello, GitHub, RSS feeds, BitBucket, and Azure DevOps, giving users the ability to, for example, collaborate and manage software projects online, manage and collaborate on code projects, receive RSS feeds, and allow a user to receive notifications when videos are created, all within Teams.

To replace the connectors, authors of the blog wrote, “We recommend Power Automate workflows as the solution to relay information into and out of Teams.” Known as Microsoft Flow until late 2019, the SaaS platform optimizes and automates workflows and business processes.

Judging from the bulk of the 127 comments posted in response to the blog post by late afternoon Tuesday, people are outraged. One asked Microsoft if it has not learned from “insufficient transition deadlines. You have given users three months, two of which are during peak holiday season where many staff will be on annual leave for parts of it, to move service integrations away from connector format to possibly something they have never even looked at it. Why?”

Another wrote, “what are you doing? This is a major change for us, coming in the middle of the summer vacation. You should show more respect and not make such changes during the vacation when most people are away from work. Very disappointing!”

Other reactions ranged from “this timeline is a joke, hopefully there was a typo and you meant October ’25” to “the transition time is insufficient. More importantly, Power Automate does not currently replace the functionality of Connectors. I vote that Microsoft delays this transition by at least one year.”

Jeremy Roberts, senior analyst at Info-Tech Research Group, said today, “it is not entirely clear why they are choosing to do  this. They say it is about scale and depth, but there are certainly some kinks they will have to work out. (For example, you can’t send a message to a private channel, which is going to be a whole thing.) I do not know that their user base was begging for the sort of scale they would get from Power Automate replacing their basic connectors. The cynic in me says they derive benefit from pushing Power Automate premium licensing.”

Microsoft, he said, ”has been under some heightened anti-trust scrutiny, and they have done things like unbundling Teams. Perhaps this is a response to increasing regulatory pressure? Teams sits at the nexus of a bundled offering, or at least that was its initial promise. Perhaps introducing this further complexity is a way to demonstrate to regulators, especially in Europe, that Teams is not far and away the market leader? That is a bit conspiratorial but the thought had crossed my mind.”

He described Power Automate as “powerful, but it is more complex than a simple webhook. I could see a situation where the effort required to build and maintain in Power Automate exceeds the value of the notification into the Teams channel that the webhook provided.”

In reaction to the short transition period, Roberts noted “the many complaints about this in Microsoft and other sysadmin communities. A few months for something like this does feel rushed, though maybe it is best to rip the band-aid off.”

Overall, he said, the move “feels anti-consumer, though Microsoft would probably argue that Power Automate brings greater opportunities for consumers. The question is, do they want to put the time, effort and money in to realize those opportunities?”

More Microsoft news:

• Why Microsoft keeps adding new features to Windows 10
• Microsoft begins to phase out ‘classic’ Teams
• Microsoft delays Recall launch amid privacy concerns

Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Patch Tuesday  Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation.…

RT News snarks back after it's accused of building social nyet-work for Kremlin

The FBI and cybersecurity agencies in Canada and the Netherlands say they have taken down an almost 1,000-strong Twitter bot farm set up by Russian state-run RT News that used generative AI to spread disinformation to Americans and others.…

Podle belgické spotřebitelské organizace Testaankoop routery Linksys Velop Pro 6E a Velop Pro 7 při instalaci posílají SSID nakonfigurované Wi-Fi sítě a příslušné heslo v otevřeném tvaru na servery Amazonu (AWS) [Stack Diary, Testaankoop].

„Pojistnou smlouvu už mám dlouho a ani nevím, co v ní mám zahrnuto. A možná ji vůbec nepotřebuji.“ Ukážeme si pojištění nemovitosti a domácnosti v praxi a číslech. Proč má někdo levné pojistné pro domácnost a nemovitost a jiný třeba desetkrát dražší?

Dnes se podíváme ne pomocníka pro práci s objekty v Kubernetes, vyzkoušíme osobního digitální asistenta pro organizaci práce a nakonec budeme analyzovat data ze sledování pohybu očí.

Smart Factory je továrna nového typu. Řídí ji umělá inteligence, která vnímá výrobní proces, rozhoduje se, podle potřeby zasahuje a také se autonomně vyvíjí, aby co nejlépe plnila zadání, tedy výrobu skládacích telefonů MIX Fold 4 a MIX Flip, které se brzy objeví na trhu. Smart Factory je dotek budoucnosti.