Agregátor RSS

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. [...]

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server. [...]

Které aplikace, případně rovnou zdroje dat, vám připadají nejspolehlivější? Které dokážou informace co nejsrozumitelněji podat? A které mají nejvíce funkcí? Protože na tyto otázky neexistuje jedna odpověď, dnešní anketa bude bez hlasování. Budeme řešit pouze to, které aplikace (či weby) používáte ...

​Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. [...]

It’s been a few weeks since EU regulators put pressure on Apple, but that brief reprieve is over as they begin an investigation that might affect Apple’s iPad in Europe. 

On the surface, it’s relatively straightforward. Apple’s iPad OS was declared to be a “gatekeeper” under Europe’s Digital Market Act earlier this year. The significance of this is that Apple is required to open up aspects of its operating system in order to foster the chimera of open competition, which might or might not benefit users.

“Apple must, among others, allow users to set the default web browser of their choice on iPadOS, allow alternative app stores on its operating system, and allow accessory devices, like headphones and smart pens, to effectively access iPadOS features,” the Commission said. 

Failure to meet those DMA requirements means the European Commission can fine Apple up to 10% of its annual global revenue (or 20% for repeat infringements), so the company is under serious pressure to get its response right.

What Apple has done is explained in a document

With that in mind, Apple has made or is making multiple changes to its tablet operating system, just as it has with iOS. The company has explained those changes in a compliance report it was forced to publish under European law. That 12-page document was released Nov. 1 and is available for review here.

In it, Apple stresses that some of the changes to the system bring greater risks to customers. Those risks include exposure to potential malware, fraud, malicious apps, and lack of support if a user is impacted by issues with apps downloaded outside of the App Store.

The company has attempted to protect against such problems by insisting that developers, including those selling apps outside the store, notarize their apps to provide some degree of protection. The report explains how it supports third-party stores, some of the limitations in that support, the tools it provides, and more, including some discussion around cost.

The report also confirms upcoming changes, some of which may be less well known, for example (most verbatim from Apple’s report):

• In an update later in 2024, iOS and iPadOS will include the following updates to app deletion: the App Store, Messages, Camera, Photos, and Safari apps will be deletable for users in the EU. Only Settings and (on iOS) Phone will not be deletable. 
• By the end of the year, Apple intends to introduce a secure solution for users to authorize developers to access data related to their users’ personal data (to the extent it is available to Apple and users have consented to their personal data being shared with the developer). 
• Also scheduled for introduction by the end of the year, Apple is building a browser switching solution for exporting and importing relevant browser data into another browser on the same device. 
• Apple is also developing a solution that helps mobile operating system providers develop more user-friendly solutions to transfer data from an iPhone or iPad to a non-Apple phone or tablet. Apple aims to make this solution available by fall 2025.
• The company also suggests it will allow users in the EU to set default navigation and translation apps beginning in the spring of 2025.

Apple’s report confirms it has put a DMA Compliance team together to help maintain compliance with European law, and created a mediation process that’s independent and free of charge to developers following the company’s newly introduced appeals process for DMA compliance.

Now, Europe plans to check Apple’s homework

Now that Apple has shared its approach to compliance, EU antitrust regulators will take a look to make sure that approach meets the demands of the Digital Markets Act. While it sounds alarming, this also feels like a relatively normal step — Apple published its approach, and regulators will now assess it

In a statement, the European Commission said: “The Commission will now carefully assess whether the measures adopted for iPad OS are effective in complying with the DMA obligations.”  It will also consider input from third parties about Apple’s approach.

Hopefully during the review, regulators will work with Apple to rectify any identified lacks, but the Commission does warn that if it decides the solutions Apple has put forward are not compliant it will take “formal enforcement action as foreseen in the DMA.”

The way that is articulated somewhat suggests that the time for negotiation may be over, but, as Apple’s own report observes, “Apple has already announced changes to its compliance plan to address stated concerns which are being implemented across iOS and iPadOS.”

Apple has also hinted that Apple Intelligence will be introduced in Europe next year, which itself suggests some ongoing dialog. All the same, the kiss of death will be if Europe’s regulators choose to use the power they have to reduce the value of Apple’s platforms to end users, who already have a choice of platform to use.

Unfortunately, it seems the Apple-versus-regulation game will run and run.

Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.

UK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. [...]

Victims were placed in serious danger following highly sensitive data dump

The City of Columbus, Ohio, has confirmed half a million people's data was accessed and potentially stolen when Rhysida's ransomware raided its systems over the summer.…

** Používání smartphonů je při řízení auta zakázáno ** Zpomaluje vaše reakce na to, co se děje na cestě před vámi** V tomto simulátoru si vyzkoušíte, o kolik pomalejší budete vy...

** Používání smartphonů je při řízení auta zakázáno ** Zpomaluje vaše reakce na to, co se děje na cestě před vámi** V tomto simulátoru si vyzkoušíte, o kolik pomalejší budete vy...

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. [...]

Rozhodnout se, zda fotovoltaiku potřebujete, bude těžší než konfigurace jejích parametrů. Samé výhody přináší jen na první pohled, v mnoha případech je tomu naopak. Možná přijdete na to, že ji vůbec nechcete.

** Apple vydává pravidelné aktualizace operačního systému iOS ** Někdy přináší nové funkce, vždy pak opravy chyb a zabezpečení ** V tomto článku shrnujeme ty nejpodstatnější novinky

Weak and reused credentials continue to plague users and organizations. Learn from Specops software about why passwords are so easy to hack and how organizations can fortify their security efforts. [...]

​The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. [...]

Americká společnost Nvidia odladila objevené chyby v nové generaci svých čipů pro umělou inteligenci označované jako Blackwell a může se pustit do jejich masové výroby a prodeje. Předchozí verze AI čipů z Nvidie díky nástupu umělých inteligencí typu ChatGPT od OpenAI udělaly podnik s hodnotou přes ...

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Provozovatel populárního cloudového úložiště Dropbox se dostal do centra pozornosti kvůli oznámení o velkém propouštění. Generální ředitel Drew Houston na konci října informoval zaměstnance o plánu snížit počet pracovníků o celých 20 %, což se dotkne 528 zaměstnanců po celém světě . Tento krok je ...