Agregátor RSS

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

The Hacker News - 15 Duben, 2025 - 06:39

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacksRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Kategorie: Hacking & Security

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

The Hacker News - 15 Duben, 2025 - 06:10

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Kategorie: Hacking & Security

Hra zdarma: Metro 2033 Redux

AbcLinuxu [zprávičky] - 15 Duben, 2025 - 05:14

Na Steamu i GOG lze do středy 16. dubna do 17:00 získat zdarma počítačovou hru Metro 2033 Redux. Napořád. Dárek u příležitosti 15. výročí vydání této hry.

Kategorie: GNU/Linux & BSD

Microsoft releases out-of-band updates to fix reporting error

Computerworld.com [Hacking News] - 15 Duben, 2025 - 03:55

Microsoft has released emergency patches to fix an apparent reporting error in Active Directory (AD) Group Policy, which allows administrators to manage and configure user and computer settings in Windows.

The company reported in a Microsoft 365 message center update that the status of local audit logon/logoff policies might be incorrectly displayed, with audits showing as not occurring when they were actually running in the background.

The issue is occurring across various Windows and Windows Server versions, including Windows 11. The out-of-band (OOB) updates only need to be installed by impacted organizations, and can be downloaded and installed from the Microsoft Update Catalog.

“The issue is that the setting to audit logon and logoff events may be disabled (set to ‘no auditing’) and yet still produce log entries for events of this type,” explained Fred Chagnon, principal research director at Info-Tech Research Group. “These events are triggered by users or devices authenticating to the local Active Directory when joining the domain.”

Potentially confusing reports

Out-of-band updates address urgent issues outside of regular release cycles, often for security or other critical issues. They require manual download and installation because they do not impact all users.

The AD Group Policy inconsistency is visible in the Local Group Policy Editor (where administrators manage policy settings on a local computer) and Local Security Policy (where administrators manage security settings on individual computers). The ‘audit logon events’ policy setting allows system administrators to track logon and logoff events and create new entries in audit logs that register all user and service activities. It is typically used in security and compliance scenarios.

The issue is that ‘audit logon events’ is set to ‘no auditing’ even if audits are indeed running in the background.

In the this case, “the downstream effect is potentially confusing reports where such events are displayed alongside other more interesting events, despite an administrator’s attempt to filter them out,” said Chagnon. “Or that the setting merely appears disabled when it is actually acting as enabled.”

Last Friday, Microsoft released updates to address the glitch: