Agregátor RSS

Fedora 40 , the newest version of the Fedora operating system, is an efficient and lightning-fast release with various new and useful features. Compared to its previous releases, Fedora 40 is lightning-fast and offers maximum efficiency to users.

Keylogger attacks in network security have become more popular over time. Therefore, businesses must implement procedures and tactics to prevent these network security issues from harming a server.

Na Washingtonské státní univerzitě prováděli experimenty s elektronickým jazykem. Ten se sice z fyzického hlediska téměř vůbec nepodobá lidskému jazyku, nicméně je zajímavý tím, že dokázal překonat lidské smysly při detekci kontaminovaného vína. Podrobnosti přináší oficiální zpravodajství ...

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up “out-of-band” interactions regarding underground rail system simulator software helped deliver Green Lambert implants in the Middle East. And, in what seems to be a learned approach, the XZ Utils project penetration was likely a patient, multi-year approach, both planned in advance but somewhat clumsily executed.

This recently exposed offensive effort slowly introduced a small cast of remote characters, communications, and malicious code to the more than decade old open-source project XZ Utils and its maintainer, Lasse Collin. The backdoor code was inserted in February and March 2024, mostly by Jia Cheong Tan, likely a fictitious identity. The end goal was to covertly implement an exclusive use backdoor in sshd by targeting the XZ Utils build process, and push the backdoored code to the major Linux distributions as a part of a large-scale supply chain attack.

While this highly targeted and interactive social engineering approach might not be completely novel, it is extraordinary. Also extraordinary is the stunningly subtle insertion of malicious code leveraging the build process in plain sight. This build process focus during a major supply chain attack is comparable only to the CozyDuke/DarkHalo/APT29/NOBELIUM Solarwinds compromise and the SUNSPOT implant’s cunning and persistent presence – its monitoring capability for the execution of a Solarwinds build, and its malicious code insertion during any Solarwinds build execution. Only this time, it’s human involvement in the build process.

It’s notable that one of the key differentiators of the Solarwinds incident from prior supply chain attacks was the adversary’s covert, prolonged access to the source/development environment. In this XZ Utils incident, this prolonged access was obtained via social engineering and extended with fictitious human identity interactions in plain sight.

One of the best publicly available chronological timelines on the social engineering side of the XZ Utils incident is posted by Russ Cox, currently a Google researcher. It’s highly recommended reading. Notably, Cox writes: “This post is a detailed timeline that I have constructed of the social engineering aspect of the attack, which appears to date back to late 2021.”

A Singaporean guy, an Indian guy, and a German guy walk into a bar…

Three identities pressure XZ Utils creator and maintainer Lasse Collin in summer 2022 to provoke an open-source code project handover: Jia Tan/Jia Cheong Tan, Dennis Ens, and Jigar Kumar. These identities are made up of a GitHub account, three free email accounts with similar name schemes, an IRC and Ubuntu One account, email communications on XZ Utils developer mailing lists and downstream maintainers, and code. Their goal was to grant full access to XZ Utils source code to Jia Tan and subtly introduce malicious code into XZ Utils – the identities even interact with one another on mail threads, complaining about the need to replace Lasse Collin as the XZ Utils maintainer.

Note that the geographic dispersion of fictitious identities is a bit forced here, perhaps to dispel hints of coordination: Singaporean or Malaysian (possibly of a Hokkien dialect), northern European, and Indian. Misspellings and grammar mistakes are similar across the three identities’ communications. The “Jia Tan” identity seems a bit forced as well – the only public geolocation data is a Singaporean VPN exit node that the identity may have used on March 29 to access the XZ Utils Libera IRC chat. If constructing a fictitious identity, using that particular exit node would definitely be a selected resource.

Our pDNS confirms this IP as a Witopia VPN exit. While we might expect a “jiat75” or “jiatan018” username for the “Jia Tan” Libera IRC account, this one in the screenshot above may have been used on March 29, 2024 by the “JiaT75” actor.

One additional identity, Hans Jansen, introduced a June 2023 performance optimization into the XZ Utils source, committed by Collin, and later leveraged by jiaT75’s backdoor code. Jia Tan gleefully accepted the proposed IFUNC additions: “Thanks for the PR and the helpful links! Overall this seems like a nice improvement to our function-picking strategy for CRC64. It will likely be useful when we implement CRC32 CLMUL too :)”.

This pull request is the Jansen identity’s only interaction with the XZ Utils project itself. And, unlike the other two identities, the Jansen account is not used to pressure Collin to turn over XZ Utils maintenance. Instead, the Hans Jansen identity provided the code and then disappeared. Nine months later, following the backdoor code insertion, Jansen urged a major Linux vendor in the supply chain to incorporate the backdoored XZ Utils code in their distribution. The identity resurfaced on a Debian bug report on March 24, 2024, creating an opportunity to generate urgency in including the backdoored code in the Debian distribution.

Jia Tan Identity and Activity

The Jia Cheong Tan (JiaT75) GitHub account, eventually promoted to co-maintainer of XZ Utils, which inserted the malicious backdoor code, was created January 26, 2021. JiaT75 was not exclusively involved in XZ Utils, having authored over 500 patches to multiple GitHub projects going back to early 2022.

• oss-fuzz
• cpp-docs
• wasmtime
• xz

These innocuous patches helped to build the identity of JiaT75 as a legitimate open source contributor and potential maintainer for the XZ Utils project. The patch efforts helped to establish a relationship with Lasse Collin as well.

The first JiaT75 code contribution to XZ Utils occurred on October 29, 2021. It was sent to the xz-devel mailing list. It was a very simple editor config file introduction. Following this initial innocuous addition, over the next two years, JiaT75 authored hundreds of changes for the XZ project.

Yes, JiaT75 contributed code on both weekends and what appear to be workdays. However, an interesting anomaly is that the 2024 malicious commits occur out of sync with many previous commits. A Huntress researcher going by the alias “Alden” posted a visualization of the malicious Jia Tan commits to XZ Utils. JiaT75 commits the malicious code completely out of sync with prior work times on Feb 23–26, and March 8 and 9, 2024.

The time differences for the malicious commits is noticeable. What might this anomaly suggest? We speculate on several possibilities:

• the JiaT75 account was used by a second party to insert the malicious code, either known or unknown to the individual contributor.
• the JiaT75 individual contributor was rushed to commit the malicious backdoor code.
• the JiaT75 account was run by a team of individuals and one part of the team needed to work without interruption outside of the usual constructed work day.

Especially devious is the manner in which the obfuscated backdoor code is introduced in multiple separate pieces by JiaT75. Even though it was open-source, the bulk of the backdoor does not show up in the XZ source-code tree, is not human readable, and was not recognized.

Summer 2022 Pressure to Add a Maintainer

Multiple identities of interest pressured Lasse Collin to add a maintainer over the summer of 2022. The intensity of pressure on Collin varies per account, but they all create opportunities to pressure Collin and interact.

Name GitHub Account Email Creation Jia Tan/Jia Cheong Tan JiaT75 [email protected] January 26, 2021 Dennis Ens – [email protected] – Jigar Kumar – [email protected] –

If we take the first interaction on the xz-devel mailing list as the start of the campaign, Jia Tan sent a superficial code patch on September 29, 2021. This timestamp is eight months after the github account creation date. This initial contribution is harmless, but establishes this identity within the open-source project.

A year later, Jigar Kumar pressured Lasse Collin to hand over access to Jia Tan over the spring and summer of 2022 in six chiding comments over two different threads.

Wed, 27 Apr 2022 11:42:57 -0700 Re: [xz-devel] [PATCH] String to filter and filter to string Your efforts are good but based on the slow release schedule it will unfortunatly be years until the community actually gets this quality of life feature. Thu, 28 Apr 2022 10:10:48 -0700 Re: [xz-devel] [PATCH] String to filter and filter to string Patches spend years on this mailing list. 5.2.0 release was 7 years ago. There
is no reason to think anything is coming soon. Fri, 27 May 2022 10:49:47 -0700 Re: [xz-devel] [PATCH] String to filter and filter to string Over 1 month and no closer to being merged. Not a suprise. Tue, 07 Jun 2022 09:00:18 -0700 Re: [xz-devel] XZ for Java Progress will not happen until there is new maintainer. XZ for C has sparse
commit log too. Dennis you are better off waiting until new maintainer happens
or fork yourself. Submitting patches here has no purpose these days. The
current maintainer lost interest or doesn’t care to maintain anymore. It is sad
to see for a repo like this. Tue, 14 Jun 2022 11:16:07 -0700 Re: [xz-devel] XZ for Java With your current rate, I very doubt to see 5.4.0 release this year. The only
progress since april has been small changes to test code. You ignore the many
patches bit rotting away on this mailing list. Right now you choke your repo.
Why wait until 5.4.0 to change maintainer? Why delay what your repo needs? Wed, 22 Jun 2022 10:05:06 -0700 Re: [xz-devel] [PATCH] String to filter and filter to string “Is there any progress on this? Jia I see you have recent commits. Why can’t you
commit this yourself?”

The Dennis Ens identity sets up a thread of their own, and follows up by pressuring maintainer Collin in one particularly forceful and obnoxious message to the list. The identity leverages a personal vulnerability that Collin shared on this thread. The Jigar Kumar identity responds twice to this thread, bitterly complaining about the maintainer: “Dennis you are better off waiting until new maintainer happens or fork yourself.”

Thu, 19 May 2022 12:26:03 -0700 XZ for Java Is XZ for Java still maintained? I asked a question here a week ago
and have not heard back. When I view the git log I can see it has not
updated in over a year. I am looking for things like multithreaded
encoding / decoding and a few updates that Brett Okken had submitted
(but are still waiting for merge). Should I add these things to only
my local version, or is there a plan for these things in the future? Tue, 21 Jun 2022 13:24:47 -0700 Re: [xz-devel] XZ for Java I am sorry about your mental health issues, but its important to be
aware of your own limits. I get that this is a hobby project for all
contributors, but the community desires more. Why not pass on
maintainership for XZ for C so you can give XZ for Java more
attention? Or pass on XZ for Java to someone else to focus on XZ for
C? Trying to maintain both means that neither are maintained well.

Reflecting on these data points still leads us to shaky ground. Until more details are publicized, we are left with speculation:

• In a three-year project, a small team successfully penetrated the XZ Utils codebase with a slow and low-pressure campaign. They manipulated the introduction of a malicious actor into the trusted position of code co-maintainer. They then initiated and attempted to speed up the process of distributing malicious code targeting sshd to major vendor Linux distributions
• In a three-year project, an individual successfully penetrated the XZ Utils codebase with a slow and low-pressure campaign. The one individual managed several identities to manipulate their own introduction into the trusted position of open source co-maintainer. They then initiated and attempted to speed up the process of distributing malicious code targeting sshd to major vendor Linux distributions
• In an extremely short timeframe in early 2024, a small team successfully manipulated an individual (Jia Tan) that legitimately earned access to an interesting open-source project as code maintainer. Two other individuals (Jigar Kumar, Dennis Ens) may have coincidentally complained and pressured Collin to hand over the maintainer role. That leveraged individual began inserting malicious code into the project over the course of a couple of weeks.

Spring 2024 Pressure to Import Backdoored Code to Debian

Several identities attempted to pressure Debian maintainers to import the backdoored upstream XZ Utils code to their distribution in March 2024. The Hans Jansen identity created a Debian report log on March 25, 2024 to raise urgency to include the backdoored code: “Dear mentors, I am looking for a sponsor for my package “xz-utils”.”

Name Email address Hans Jansen [email protected] krygorin4545 [email protected] [email protected] [email protected]

The thread was responded to within a day by additional identities using the email address scheme name-number@freeservice[.]com:

Date: Tue, 26 Mar 2024 19:27:47 +0000 From: krygorin4545 <[email protected]> Subject: Re: RFS: xz-utils/5.6.1-0.1 [NMU] — XZ-format compression utilities Also seeing this bug. Extra valgrind output causes some failed tests for me. Looks like the new version will resolve it. Would like this new version so I can continue work Date: Tue, 26 Mar 2024 22:50:54 +0100 (CET) From: [email protected] Subject: Re: RFS: xz-utils/5.6.1-0.1 [NMU] — XZ-format compression I noticed this last week and almost made a valgrind bug. Glad to see it being fixed. Thanks Hans!

The code changes received pushback from Debian contributors:

Date: Tue, 26 Mar 2024 22:11:19 +0000 (UTC) From: Thorsten Glaser <[email protected]> Subject: new upstream versions as NMU vs. xz maintenance Very much *not* a fan of NMUs doing large changes such as
new upstream versions.But this does give us the question, what’s up with the
maintenance of xz-utils? Same as with the lack of security
uploads of git, which you also maintain, are you active? Are you well?

To which one of these likely sock puppet accounts almost immediately responded, in order to counteract any distraction from pushing the changes:

Date: Wed, 27 Mar 2024 12:46:32 +0000 From: krygorin4545 <[email protected]> Subject: Re: Bug#1067708: new upstream versions as NMU vs. xz maintenance Instead of having a policy debate over who is proper to do this upload, can this just be fixed? The named maintainer hasn’t done an upload in 5 years. Fedora considered this a serious bug and fixed it weeks ago (). Fixing a valgrind break across many apps throughout Debian is the priority here. What NeXZt?

Clearly social engineering techniques have much lower technical requirements to gain full access to development environments than what we saw with prior supply chain attacks like the Solarwinds, M.E.Doc ExPetya, and ASUS ShadowHammer incidents. We have presented and compared these particular supply chain attacks, their techniques, and their complexities, at prior SAS events [registration required], distilling an assessment into a manageable table.

Unfortunately, we expect more open-source project incidents like XZ Utils compromise to be exposed in the months to come. As a matter of fact, at the time of this writing, the Open Source Security Foundation (OSSF) has identified similar social engineering-driven incidents in other open-source projects, and claims that the XZ Utils social engineering effort is highly likely not an isolated incident.

Back in the 19th century, if the United States or some other military power wanted to bend a smaller country to its will, it would often display its might with a show of force, sending a fearsome display of gunboats just offshore its target. The naval display usually made its point: not a single shell had to be fired for the smaller nation to accede to the demands of the day. 

It was known as gunboat diplomacy.

Today, gunboats no longer rule the world. Tech (and, increasingly, generative AI) do. And Microsoft is now working hand in glove with the federal government to use its considerable genAI might to win what is being called a “tech Cold War” the US is waging against China.

The cooperation has just begun, but it’s already bearing fruit, getting a powerful genAI company based in the United Arab Emirates to cut its ties to China and align with the US. At first blush, it sounds like a win-win: What can possibly be bad about boxing out China from the Middle East, increasing US cooperation with Arab states, and showering profits on a US company for its help?

As it turns out, a lot could wrong. There are significant dangers when the most powerful (and wealthiest) nation on the planet works so closely and secretly with the world leader in AI. The biggest danger: by cooperating so closely with Microsoft, is the US giving up on ever trying to reign in genAI, which researchers have already warned could represent an existential threat to humanity if not regulated properly?

Let’s look at the how the federal government and Microsoft worked together to outmaneuver China and push it out of G42, the most influential AI company in the Middle East, and what that means for emerging plans to regulate genAI tools and platforms.

Boxing China out of the Middle East’s Best AI Company

The immediate target of this round of tech diplomacy is the United Arab Emirates-based G42, which is about as well-connected as any company can be. The New York Times describes it as “a crown jewel for the UAE, which is building an artificial intelligence industry as an alternative to oil income.” It’s controlled by Sheikh Tahnoon bin Zayed, the UAE’s national security adviser, who is among the most powerful members of Abu Dhabi’s royal family, according to Forbes.

The Times says G42 is right in the middle of US efforts to blunt  “China’s ambitions to gain supremacy in the world’s cutting-edge technologies, including artificial intelligence, big data, quantum computing, cloud computing, surveillance infrastructure and genomic research.”

Before the Microsoft deal, the US was especially concerned about G42’s connections to large Chinese tech firms, including telecommunications giant Huawei — which is under US sanctions — and possibly even the Chinese government.

According to the Times, US officials worried G42 was being used to siphon off advanced American technology to Chinese tech firms or to the Chinese government. “Intelligence reports have also warned that G42’s dealings with Chinese firms could be a pipeline to get the genetic data of millions of Americans and others into the hands of the Chinese government,” the Times reported.

Enter Washington’s most powerful officials and the point of its sharp spear, Microsoft. We don’t know exactly what happened behind the scenes. But we do know a deal was “largely orchestrated by the Biden administration to box out China as Washington and Beijing battle over who will exercise technological influence in the Persian Gulf region and beyond,” according to the Times.

US Commerce Secretary Gina Raimondo traveled twice to the Emirates to get the complex agreement done. It gave the US — and Microsoft — exactly what they wanted. Microsoft will invest $1.5 billion in G42, which will sell Microsoft services to train and tune genAI models. G42 will also use Microsoft’s Azure cloud services, and it agreed to a secret security arrangement, of which no details have been made public. 

Chinese technology, including from Huawei and others, will be stripped out of the company. Microsoft President Brad Smith will join G42’s board, and Microsoft will audit the company’s use of its technology. (It wouldn’t be a surprise if that auditing is designed in part to ensure the connection between G42 and Chinese companies and government has been completely severed.)

So, in essence, the US pushed China out of the most influential genAI company in the Middle East and Microsoft now has a significant foothold in a region that will be spending countless billions on AI as it pivots away from an oil economy. In the words of the Times, the deal could become “a model for how US firms leverage their technological leadership in AI to lure countries away from Chinese tech, while reaping huge financial awards.”

What happens next?

The G42 deal has largely flown under the radar, while much more public skirmishes have been fought in the tech Cold War between the US and China — including the battle over banning TikTok in the US and China’s decision to force Apple to pull WhatsApp, Threads and Signal from its Chinese App Store. But TikTok and the others are just a side show. The future is AI, not tweens watching 30-second videos about silly pranks and makeup tips.

That means Microsoft will have an increasingly close relationship with the US government, as will other genAI leaders, including Alphabet, OpenAI, Meta and Amazon. If the US is to thwart China’s AI and tech ambitions, it desperately needs those companies’ cooperation.

But that kind of cooperation comes at a price. The US has a terrible track record in reigning in tech. The Biden administration has been willing to use anti-trust laws to go after Big Tech, even though Congress has been unwilling to act. But it’s hard to imagine the government will continue to wield the Big Stick of anti-trust investigations and lawsuits if, at the same time, it’s asking Microsoft and others to do its bidding against China. 

The first victim of the tech Cold War against China might well be serious government oversight over the dangers of AI.

Generative AI, Government, Microsoft, Regulation, Technology Industry

Has there ever been something as simultaneously invaluable and irritating as our modern-day device notifications?

All the beeps, bloops, and blorps our various gadgets send our way serve an important purpose, of course — at least in theory. They keep us attuned to our professional and personal networks and everything around ’em to make sure we never miss anything important.

But they also demand our attention, interrupt what we’re doing, and annoy us endlessly, often with stuff that really doesn’t require any immediate acknowledgment or reaction.

And while Android’s notification systems offer plenty of nuanced control over how different alerts do and don’t reach you, it still seems virtually impossible to avoid swimming in a sprawling sea of stuff in your phone’s notification panel at the end of each day.

So what if there were a better way — a smarter system that could monitor your incoming Android notifications for you, condense all the less pressing noise down into a single alert, and make sure you see only the messages, meetings, and reminders that really matter?

[Get fresh practical knowledge in your inbox with my free Android Intelligence newsletter. Three new things to try every Friday!]

My friend and fellow Android-appreciating organism, have I got just the thing for you.

Meet your Android notification nanny

Brace yourself, dear biped: I’m about to draw your attention to one of the best and most powerful Android productivity tools out there — and one shockingly few mortal beings seem to be aware of.

Much like the Android app drawer enhancement we talked about the other day, it’s a perfect example of the type of advanced customization and efficiency-enhancing intelligence that’s possible only on Android. But you really have to be in the know to know about it.

Allow me to introduce you to a brilliant little somethin’ called BuzzKill.

BuzzKill is an Android app that, in the simplest possible terms, lets you create custom filters for your Android phone’s notifications — almost like Gmail filters, only for Android alerts instead of emails.

I’ve talked about BuzzKill before and shown you all the basics of how it works and what kinds of simple, insanely helpful things it can do for you. Today, I want to zone in on a specific new “experimental” feature the app recently started offering and why it might be worth your attention.

The feature is called Summarize. And it does exactly what you’d expect, from that name: It takes clusters of incoming notifications that meet certain conditions and then combines ’em together into a single, far less overwhelming and distraction-creating alert.

You might, for instance, ask BuzzKill to intercept all incoming notifications from your Android Messages app during the workday and combine ’em into one notification you can easily see at a glance when you’re ready to catch up. Or maybe you’d want it to collect all your incoming Slack alerts in the evenings and group those together to avoid a freeway-style backup at the top of your screen.

Heck, maybe you want it to watch for all notifications from Messages, Slack, and Gmail on the weekends, keep ’em all together in a single summarized notification, and then ding your phone incessantly if any of the incoming messages has a specific word or phrase indicating a need for immediate attention — something like, say, “urgent,” “broken,” or “holy humbuggery, what in the name of codswallop just happened?!”

Whatever the specifics, you’ll only have to think through and set up those parameters once. And from that moment forward, anytime notifications meeting your conditions come in, you’ll see something like this:

Android notifications, summarized — with minimal clutter and distraction.

JR Raphael, IDG

Just a single combined alert for all that activity — not bad, right?

If there’s nothing particularly important, you can swipe it away in one swift gesture, using any finger you like (hint, hint; choose carefully). If you want to explore any of the summarized contents further, you can tap the “Expand” command in the notification’s corner to — well, y’know…

My Android notifications expanded back into their standard, split-apart state.

JR Raphael, IDG

Kinda handy, wouldn’t ya say?

Where BuzzKill’s powers really come into play are with all the extenuating circumstances you can set up — and how impossibly easy the app makes it to manage it all. All I did to get the above going was create a super-simple “if this, then that”-style rule within BuzzKill, like so:

The behind-the-scenes magic that makes my Android notification summarizing happen.

JR Raphael, IDG

And then, to build in a supplementary rule that makes sure certain high-priority notifications stand out from that summary and grab my immediate attention, I created a second “if this, then that” guideline:

BuzzKill understands that there’s an exception to every rule.

JR Raphael, IDG

See? Told ya it was easy!

And make no mistake about it: All of this all just scratching the surface of what BuzzKill can accomplish. One of my favorite ways to use it, for instance, is to keep low-priority notifications from interrupting me at all during the workday and instead have ’em batched together into a single evening-time delivery.

All my Photos alerts arrive in one batch daily, thanks to this nifty notification rule.

JR Raphael, IDG

I also rely on it to prevent rapid-fire back-to-back messages from buzzing my phone 7,000 times in seven seconds — a problem Android 15 appears poised to address, too, albeit in a much less nuanced and customizable way.

Take that, rapid-fire short-message texters!

JR Raphael, IDG

The app’s new experimental notification summarization option is so interesting and packed with potential, though, I just had to share it with you once I really started exploring it and thinking through all the ways it could be helpful.

BuzzKill costs four bucks, as a one-time up-front payment. The app doesn’t require any unusual permissions, doesn’t collect any form of data from your phone, and doesn’t have any manner of access to the internet — meaning it’d have no way of sharing your information even if it wanted to.

It’s yet another illuminating illustration of the incredible productivity power Android provides us — a power anyone can embrace, with the right set of know-how.

And now, you have it. Happy filtering!

Learn all sorts of useful tech tricks with my free Android Intelligence newsletter. Three new things try every Friday — straight from me to you.

Android, Google, Mobile Apps, Productivity Software

Slabé prodeje z prvního čtvrtletí 2024 reportovala Tesla už začátkem dubna, teď přidává hospodářské výsledky. Ani v tomto ohledu se nedařilo. Tržby se propadly o 9 %, nejvíce od roku 2012 (z 23,33 na 21,3 miliardy dolarů) Příjmy z prodeje samotných automobilů poklesly o 13 % Čistý zisk dosáhl ...

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security Newsroomhttp://www.blogger.com/profile/[email protected]

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and The Hacker Newshttp://www.blogger.com/profile/[email protected]

Že nemá pátý PlayStation co nabídnou? Ale kdeže. S exkluzivitami to sice tuto generaci není tak silné, ale stále se na nejnovější konzoli královsky zabavíte.

Oficiální výkonnostní údaje o procesorech Qualcomm Snapdragon X Plus / Elite jsou na světě. V některých zátěžích dosahují výkonu na úrovni mobilních produktů AMD a Intelu…

Oživeno 24. 4. | Předseda představenstva HP Tronicu Daniel Večera v rozhovoru pro Seznam Zprávy uvedl další podrobnosti spojení se se slovenskou skupinou Nay. Vize je taková, že Electro World by měl v Česku co nejrychleji přejmenovat na Datart a ze slovenských Datartů se stane Nay. Tím si majitel ...

One wonders why are there adverts on public-sector portals at all

Exclusive  At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims.…

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed Newsroomhttp://www.blogger.com/profile/[email protected]

V Česku působí čtyři moderní platformy nabízející přepravu osob. Podívali jsme se na jejich výhody i nevýhody.

Americký Národní úřad pro letectví a vesmír (NASA) na svých stránkách ohlásil poměrně ojedinělou kosmickou událost. Hvězdný systém, který se nachází 3000 světelných let od Země, bude brzy viditelný pouhým okem. Má se jednat o jedinečnou příležitost k pozorování, protože k výbuchu této novy dochází ...

Kauza, která ve velkém odstartovala stížnostmi asijských prodejců na vysoký počet reklamací, nabírá na intenzitě. Trpělivost dochází i prodejcům v USA, kde Intel vyřizuje reklamace čím dál pomaleji…

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin Newsroomhttp://www.blogger.com/profile/[email protected]