Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

In two years, 100% of enterprise PC purchases will be AI computers

Computerworld.com [Hacking News] - 12 min 14 sek zpět

Global revenue from AI semiconductors is expected to grow to $71 billion this year, an increase of 33% over 2023, according to the latest forecast from Gartner.

By the end of 2025, AI chip industry revenue is projected to top $91.5 billion, and that revenue will continue to see double-digit growth through at least 2028, according to the report released today.

By the end of 2026, 100% of enterprise PC purchases will be AI PCs, which are computers that include a neural processing unit (NPU) enabling on-computer AI operations. Those PCs run longer, quieter, and cooler and have AI tasks running continually in the background, creating new opportunities for leveraging AI in everyday activities, according to Gartner’s report. The firm predicts that AI PC shipments will reach 22% of total PC shipments in 2024.

This year, nearly half of all AI chips revenue is expected to come from the sale of AI-enabled personal computers. By the end of this year, AI chips revenue from computer electronics is projected to total $33.4 billion, which will account for 47% of total AI semiconductors revenue, according to Gartner.

“Today, generative AI (genAI) is fueling demand for high-performance AI chips in data centers. In 2024, the value of AI accelerators used in servers, which offload data processing from microprocessors, will total $21 billion, and increase to $33 billion by 2028,” said Alan Priestley, a vice president analyst at Gartner.

This year, AI chips revenue from automotive electronics is also expected to reach $7.1 billion, and $1.8 billion from consumer electronics.

Sixty-six percent of enterprises worldwide said they would be investing in genAI over the next 18 months, according to IDC research. Among organizations indicating they will increase IT spending for genAI in 2024, infrastructure will account for 46% of the total spend.

The problem: a key piece of hardware needed to build out that AI infrastructure is in short supply. While GPUs are in high demand to run the most massive large language models (LLMs) behind genAI, the market still needs high-performance memory chips for AI apps. The market is tight for both — for now.

GPUs used for training and inference tasks on LLMs can consume vast amounts of processor cycles and be costly to use. Smaller, more industry- or business-focused models can often provide better results tailored to business needs, and they can use common x86 processors with NPUs.

“While much of the focus is on the use of high-performance GPUs for new AI workloads, the major hyperscalers (AWS, Google, Meta and Microsoft) are all investing in developing their own chips optimized for AI,” Priestley said.

While chip development is expensive, using custom-designed chips can improve operational efficiencies, reduce the costs of delivering AI-based services to users, and lower costs for users to access new AI-based applications, according to Priestley.

“As the market shifts from development to deployment we expect to see this trend continue,” Priestley said.

Last month, Intel CEO Pat Gelsinger said he sees the company’s future embedded in an AI-everywhere concept, with NPUs bolstering its new family of Intel Core Ultra processors. The chipmaker expects to ship 40 million AI PC processors in 2024 and 100 million next year.

Partly driving the uptick in AI on edge devices is the fact that the average lifespan for mobile phones is shortening, with consumers and enterprises replacing mobile phones earlier.

“This change allows device spending to achieve $688 billion during 2024, up from 2023 spending lows of $664 billion, which will represent a 3.6% growth rate,” the report stated. “The integration of genAI capabilities in premium and basic phones sustains, more than drives, this change.”

Kategorie: Hacking & Security

Check Point Warns of Zero-Day Attacks on its VPN Gateway Products

The Hacker News - 2 hodiny 25 min zpět
Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha

The Hacker News - 2 hodiny 43 min zpět
Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and] leverages Azure cloud as command-and-control (C2) infrastructure," French cybersecurity company HarfangLab Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Apple promises ‘best ever’ WWDC, but will it deliver?

Computerworld.com [Hacking News] - 3 hodiny 7 min zpět

“WWDC is always one of my favorite moments of the year — and this one is going to be our best ever,” promises Apple CEO Tim Cook, announcing what’s to come at the company’s most important annual event, WWDC 2024

Will the company deliver on the promise?

The event takes place mostly online with some invited on site guests. It begins with a 10am PDT keynote speech on June 10, during which Apple’s leaders will talk about what’s coming to the operating systems and share some of its plans. 

There will be developer sessions, access to Apple engineers, the annual Apple Design Awards, and more. The show’s purpose is to guide developers through Apple’s old and new technologies to empower them to build applications for the platforms.

Exploring new worlds in spatial computing

This year’s focus appears to be around spatial computing and augmented reality, as implied by Apple’s social media snippet declaring, “Code new worlds.” The developer focus is also made apparent in the WWDC invitation, which says, “Coming in swiftly,” a nod to Apple’s programming language Swift. Both suggest new development tools, additional APIs, and some focus on its Vision Pro headset. 

The latter suggests Apple may announce international availability dates for the product, which has only been available in the US until now. That suspicion is also raised by the inclusion of a Spatial Computing category within the Apple Design Awards for the first time.

But will Apple’s understandable desire to promote its big bet on mixed reality be enough to satisfy company watchers? I don’t think it will.

Will Apple shine a light on AI?

That’s because the tech agenda is being set by artificial intelligence, particularly generative AI.

We’ve been hearing speculation about Apple developing plans to implement genAI across its platforms for months. Most recently, it seems Apple has reached deals with OpenAI and potentially others in the space to make their AI tools available to the iPhone in some form. These will backed up by Apple’s own AI solutions, expected to be elegant tools for specific tasks capable of running on the devices themselves, along with beefier solutions that require cloud support, potentially hosted on Apple’s own M-series servers.

The company is no doubt hoping that this partnership-friendly approach to genAI will give its customers to tools they need while securing customer privacy, at least some of the time.

Data privacy and security will no doubt be part of the company’s customer promise when it comes to the application and future development of these tools. The idea that you can transcribe voice memos without risking sharing the data with the cloud will be compelling to those in regulated industries. 

The cost and consequence

All the same, somewhere an industrialist is smiling over the energy use and environmental consequences of genAI solutions. Electricity grids worldwide are already feeling the strain — nearly a fifth of Ireland’s electricity is used up by data centers, and global demand is expected to increase sixfold in the next decade. 

Within that context, perhaps speculation that Apple plans its own data center server processors isn’t so far-fetched, given that the company leads the industry in power-efficient computational performance on consumer chips. That plan may help secure iCloud and should also help the company meet its ambitious environmental targets. It seems reasonable to expect iCloud+ to extend what it offers users — potentially any server-based genAI features may be protected by that system.

Apple for the rest of us

But for many Apple customers, even these announcements will be seen as less consequential than any operating system news from the company. GenAI tools to make an image or find a file may be useful, but creative and productive users will want to find out how the new systems make their lives easier for routine tasks. While most people now have used genAI, they still need to do the same tasks that existed before tech threw its LLM change-agent curveball.

Those customers will be hoping for improvements in iPadOS to fully realize the power of the new processors these tablets now contain. They will want usability, security, and privacy improvements. Some will want Mail to get a lot more attention to become the kind of powerful information manager other email packages are rapidly becoming. Nearly everyone will want Siri to grow up and get reliable — particularly on HomePod. 

The usual suspects

A very small coterie of users, developers, and regulators will want to learn more about Apple’s plans for opening up its platforms. The company needs to open up about this opening up at WWDC, lest it is accused of ignoring developers who choose to use these features.

I don’t think Apple can reasonably treat people prepared to pay the Core Technology Fee in a less helpful way than it does those choosing to work entirely within the Apple ecosystem. Pragmatically, Apple may not agree with the regulations that have been (or may in the future be) enacted, but those laws are here now, and it takes less energy to move forward than to roll back. There may even be new profit centers to be explored in doing so.

While it’s clear that Apple hopes to cast the spotlight on its Vision Pro range at this year’s WWDC, it really is going to be the company’s AI announcements (or lack of them) that defines the event. But don’t be too surprised if some of these announcements have spatial computing at their core.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

The Hacker News - 5 hodin 1 min zpět
The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023. According to court documents, Mullings is said to have opened 20 bank accounts in the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Research Warns About Weak Offboarding Management and Insider Risks

The Hacker News - 6 hodin 10 min zpět
A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.  Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group

The Hacker News - 7 hodin 6 min zpět
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Job seekers and hiring managers depend on AI — at what cost to truth and fairness?

Computerworld.com [Hacking News] - 7 hodin 36 min zpět

Employers and job seekers are increasingly turning to generative AI (genAI) to to automate their search tasks, whether it’s creating a shortlist of candidates for a position or writing a cover letter and resume. And data shows it can improve the chances at getting that job or finding the perfect talent match.

For human resources and hiring managers who are seeing an increase in responsibilities, genAI can create a short list of potential candidates in seconds — and automate much of the onboarding process.

For job seekers, genAI tools like ChatGPT can not only become creative companions in crafting narratives and emails to potential employers, but even assist applicants in passing assessment tests.

The darker side to using AI in hiring is that it can bypass potential candidates based on predetermined criteria that don’t necessarily take all of a candidate’s skills into account. And for job seekers, the technology can generate great-looking resumes, but often they’re not completely truthful when it comes to skill sets.

“The use of AI in talent acquisition is particularly prevalent in tech hubs and innovative industries where the demand for skilled professionals is high,” said Rick Hammell, founder and CEO of Helios, a workforce management platform startup. “The benefits and potential problems associated with using AI to find talent have global implications.”

Hammell and others see genAI offering improved recruitment outcomes, better candidate matching, and enhanced diversity and inclusion efforts. The challenges, however, include algorithmic bias, data privacy issues, and transparency.

“The need for transparent and ethical AI practices are concerns that organizations across different countries must address to ensure fair and unbiased hiring processes,” Hammell said.

GenAI aids job seekers with research, resumes, cover letters and more

A survey by Resume Builder updated earlier this month found that 18% of US workers used ChatGPT in their job search over the past year. The majority (75%) used it for research, but almost as many (73%) used it for resume creation. They also used the AI-powered bot for interview preparation (69%) and cover letter creation (62%), and more than half (51%) used it to create email communications.

The primary reasons job seekers used ChatGPT were to improve the quality of their application materials (88%), to appear more professional (76%), and to save time (65%).

Resume Builder’s survey of 1,000 US workers actively engaged in a job search within the past year also found that ChatGPT users are more likely to negotiate higher salaries and get more frequent interview requests than those who did not use the tool.

About one-third of respondents (29%) said they did not get hired because the employer became aware of their use of ChatGPT in the hiring process. However, 55% said they their prospective employer “praised” their use of the technology in the job search process.

“My guess is that some employers think ChatGPT promotes lying or cheating, while others see the efficiency and better application materials. It really shouldn’t matter if someone is using ChatGPT, as long as they use their experiences to create the information for applications. If they are using it to pass assessments, that isn’t right,” Julia Toothacre, Resume Builder’s resume and career strategist said in a report.

Not surprisingly, younger job seekers were more likely to use the chatbots, with 24% of 18- to 24-year-olds, 21% of 25- to-34-year-olds, and 25% of 35- to-44-year-olds saying they used the tool. Only 9% of 45- to 54-year-olds used ChatGPT in the hiring process. Men were also more likely to say they used ChatGPT than women (25% vs. 10%), according to Resume Builder’s report.

“The numbers related to age discrepancies in ChatGPT use aren’t surprising for a few reasons,” the report stated. “First, younger generations have historically been more likely to embrace new technologies. Second, there are a lot of people on social media right now sharing their ChatGPT hacks for job searching, so I think it’s something that younger generations are learning about more rapidly. They are likely frustrated with the hiring process and want to try anything they can to get ahead of the competition.”

Gartner’s 2023 survey of nearly 3,000 job candidates from 13 countries in 24 industries and spanning 21 job functions found an even higher percentage of job seekers using genAI tools in their search. Among the 38% of respondents to the Q3 2023 survey who used generative AI, 43% reported using it to generate text for their resumes, and 42% used it to craft their cover letters.

Gartner

The Gartner survey also found:

  • Overall, those who used generative AI said it was responsible for a significant percentage of the final work.
  • A third of candidates try to optimize their resume for AI technologies.
  • Additionally, a third of candidates believe AI can introduce bias into the hiring process, while a similar number believe it can reduce bias.

Gartner

In some cases, employees also trust AI over their human managers to offer them career advice. Nearly half of Gen Z employees surveyed by an outplacement services firm Intoo indicated they’d trust a chatbot like ChatGPT for advice over their manager, who many said don’t support their career development.

GenAI automation helps overwhelmed hiring managers

On the hiring side, companies are adopting genAI to streamline their talent acquisition process. A recently published survey of 113 HR leaders by Gartner revealed HR technology as their top budget priority for the third consecutive year. Technology for “talent management” rose from seventh place last year to third this year.

A recent survey of 1,000 HR managers performed by payroll automation provider Sage showed that 95% of respondents have experienced a workload increase over the last year, and 91% noted an increase in their responsibilities. Seventy-seven percent of the respondents also believe that AI has the potential to revolutionize their work processes by reducing time-consuming tasks and ultimately easing burnout, according to the Sage survey.

More HR vendors and others are now offering AI-powered platforms to automate the creation of potential job candidate lists for hiring managers who are tasked with culling from lists of dozens, hundreds, or even thousands of job candidates.

HR technology company Phenom, for example, sells an AI-enabled hiring platform that creates a shortlist of job candidates for recruiters and hiring managers. Its technology, which the company claims is used by 200,000 hiring managers, creates a candidate list based on skills, experience, and location using “fit” scores, an assessment to evaluate a candidate’s suitability for a specific role and company.

“It streamlines interview scheduling for hiring teams, interviewers, and candidates through automation. It additionally enables hyper-personalized interactions with candidates, employees, and alumni through generative,” said John Harrington, senior director of product marketing at Phenom.

For job seekers, Phenom’s tool uses a semantic search engine that scans career websites to help candidates identify relevant job opportunities through context-driven algorithms, according to Harrington.

Startup Eightfold AI recently announced its AI-powered applicant tracking system (ATS) that handles the recruitment process for companies from end-to-end. The tool is also aimed at streamlining the recruitment process, enabling organizations to quickly identify and secure top talent through AI-powered recommendations. The Eightfold Talent Tracking tool also generates job descriptions, recommends job-posting platforms, and handles pre-onboarding integrations.

Iffi Wahla, CEO of startup Edge, a network that connects companies with remote talent around the world, believes AI bot tech — including OpenAI’s new ChatGPT-4o — will be used more often by companies to screen candidates. It will also increasingly be used by job seekers to write resumes, fill out applications, and prepare for interviews. And users of AI tech, he said, are likely to get more frequent interview requests than those who don’t use it.

Wahla believes that use of genAI by job seekers will leap from Resume Builder’s 18% figure last year to 50% of candidates this year. From 70% to 80% of Edge’s prospects who are registered with his talent network admit to using AI to help them craft resumes and other materials, Wahla said.

The Edge talent network’s AI-powered platform is currently serving the medical, dental, and insurance industries, helping them find talent to fill open positions while also automating onboarding processes. It can also handle remote workforce management for HR, functions like benefits administration, payroll management, and vacation oversight to ensuring legal compliance and handling taxes.

For companies, the time spent onboarding new employees after adoption Edge’s platform was reduced by 70%, Wahla said. The AI handles user questions, so there’s not as much back and forth with the recruiters or hiring managers, and it can also walk new employees through the steps of onboarding.

Job seekers, use genAI judiciously

What may be an issue is when chatbots craft resumes that aren’t particularly honest about the job seeker’s actual skills, embellishing on their talents because that’s what the AI was trained to do.

“Job seekers should definitely use AI to help them with the job search process, but it needs to be utilized with caution,” said Resume Builder’s Toothacre. The problem, she explained, is that AI is pulling its information from what is online, and not all advice and information is accurate.

Not all hiring managers and executives are enamored with the idea that AI is crafting a job applicant’s online persona and skill set.

“Any applicant using ChatGPT or other generative AI to pass assessments or write a cover letter would be a hard pass for me. I think it’s totally fine to use for interview practice or to generate ideas. But any time you are substituting the work of an AI for your own organic work, that’s where it crosses a line for me,” Andre Kazimierski, CEO of house painting business Improovy, told Resume Builder.

Job seekers need to make sure that whatever AI drafts for them, it makes sense for their experience and job function. “AI can sound too generic at times, so this is where putting your eyes on it is helpful,” Toothacre said.

She is also concerned about the use of AI to complete assessments. “Skills-based assessments are in place to ensure you are qualified and check your knowledge. Using AI to help you pass those assessments is lying about your experience and highly unethical.”

There’s plenty of evidence that genAI can improve resume quality, increase visibility in online job searches, and provide personalized feedback on cover letters and resumes. However, concerns about overreliance on AI tools, lack of human touch in resumes, and the risk of losing individuality and authenticity in applications are universal issues that candidates need to be mindful of regardless of their geographical location, according to Helios’ Hammell.

“Encouraging a balanced approach that combines AI assistance with personalization and creativity is essential for job seekers navigating the global job market,” Hammell said.

Kategorie: Hacking & Security

Your new Android home screen command center

Computerworld.com [Hacking News] - 7 hodin 1 min zpět

Your Android phone’s home screen is your window to the world — and unlike that other mobile operating system, this purty little platform of ours puts the power in your hands to make that landing pad look and work any way you want.

That can mean replacing your stock home screen interface with something completely customized for your own style of getting stuff done or even supplementing the standard Android app drawer with one that’s accessible from anywhere.

But it can also mean tapping into interesting tools for adding important info into whatever manner of home screen setup you’re using — because Android makes it possible for developers to pull off some crafty and creative feats that other smartphone ecosystems simply don’t allow.

And that’s precisely where the idea I’d like to share with you today comes into play.

[Psst: Want even more advanced Android knowledge? Check out my free Android Shortcut Supercourse to learn tons of time-saving tricks for your phone.]

An info-dense Android home screen approach

One of the things I’ve always appreciated about Android is how a home screen can be so many different things to so many different people — and how Google’s underlying ecosystem offers up so many opportunities to transform that space into whatever makes the most sense for you.

For some people, that might mean making a home screen into simple minimalist collection of key shortcuts to apps, contacts, and other frequently accessed items. For others, it might be establishing a sprawling series of grouped icons for every app imaginable. And for others yet, it might be concocting a carefully curated command center for seeing and swiftly acting on important info.

That last approach is the one relevant to our focus today — ’cause I’ve just stumbled onto a really interesting Android app that lets you expand your home screen to showcase some of the most pressing incoming info in any smartphone scenario. And that info is all about your phone’s notifications.

Check it out:

The Android home screen command center in action, with the powerful pairing of the At a Glance widget and Notification Widget.

JR Raphael, IDG

The widget at the top there is just Google’s widely available Android At a Glance widget, which shows the weather along with info connected to your calendar (both personal and work-profile-associated), optimal departure times for upcoming events (based on your current location and nearby traffic data), in-advance warnings about your next commute (based on typical patterns observed over time), and updates related to any upcoming travel (based on info available within your Gmail inbox).

But point your peepers beneath it, and you’ll see a nifty new creation called, rather fittingly, Notification Widget. That delightfully simple beaut brings all of your active notifications right onto your home screen so you can see and interact with ’em easily — without having to swipe down from the top of the screen first to summon ’em. And it’s the perfect pairing for Google’s At a Glance offering.

After all, the info in your notifications is always timely and important, right? (That’s especially true if you’re using my Android notification filtering trick to keep noise at a minimum and make sure only the alerts you actually need show up.) So rather than keeping that out of sight and a persistent swipe away, this setup puts it front and center — where you’ll always see it and can respond or mark things as done, as needed, right alongside the contextual intelligence Google’s At a Glance widget gives you.

The aptly named Notification Widget also provides on-demand, one-tap access to an expanded view of Android’s notification history — with a complete list of all notifications from the past hour, in the app’s regular free version, or the past three days if you pay four bucks for its premium version. That can be supremely handy when you swipe something away only to realize later you still need to reference it.

And setting all of this up couldn’t be much simpler.

The Android notification widget setup

All right — ready to get your Android home screen command center up and running?

First, we need to make sure the foundational basics are all in place:

  • Download Notification Widget from the Play Store. It’s free, in its base form, and it doesn’t require any disconcerting permissions or data access (including the ability to access the internet at all, giving some extra-hefty assurance to its promise not to collect or share any sort of personal info).
  • Open the app once. If you see a prompt to allow it the ability to send you notifications, tap “Allow.”
  • On the app’s main screen, tap “Check access to notifications” — then find “Notification Widget” in the list of options that appears, tap it, and tap the toggle to grant the app that ability (for reasons that I hope are obvious).

Got it? Good. Now, make your way back to that main setup screen, and:

  • Tap “Add new widget.”
  • Tap “Header,” then uncheck the boxes next to “Show” beneath the “Time,” “Date,” and “Battery level” headers. This will clean up the widget’s appearance considerably.
  • On a related note, return to the main setup screen and tap “Appearance,” then tap “Buttons.”
  • Uncheck the box next to “Buttons on bottom of the widget.”
  • And uncheck the box next to “Hide button” beneath the “Pin button” header.

Last but not least, on that main setup screen, scroll all the way down to the bottom and tap “OK.”

Then, if you don’t already see the widget on your home screen, press and hold your finger onto any open area and select the option to add a widget — then find “Notification Widget” in the list of choices and either tap or press and hold your finger onto it to select it. From there, you should be able to place it wherever you want and resize it to whatever dimensions you prefer (something you can always change later, too, by pressing and holding the widget again).

If you want the At a Glance widget above it for the full effect, like I showed above, just press and hold your finger onto any open space on your home screen again, select the option to add a widget once more, and look for “At a Glance” within the “Google” section of options — then tap or hold it to put it into place.

And that’s it: Your Android home screen command center is officially now open for business. Info should automatically appear within the At a Glance widget at the top as it becomes relevant, and notifications will appear within the Notification Widget, erm, widget as they arrive. 

You can dismiss any notification in the list by tapping the red “x” in its upper-right corner. And you’ll see any available options for interacting with an alert — like replying to a message or marking a task as done — as a button within the associated notification’s card. If you ever want to get to your notification history, meanwhile, you can just tap the little clock-circle icon at the widget’s bottom edge.

So much useful info at your fingertips, eh? All that’s left is to think about what you’ll do with all the once-wasted seconds you’ve successfully fed back into your day.

Get six full days of advanced Android knowledge with my free Android Shortcut Supercourse. You’ll learn tons of time-saving tricks for your phone!

Kategorie: Hacking & Security

Windows Recall: All your privacy questions answered

Computerworld.com [Hacking News] - 7 hodin 1 min zpět

Microsoft has drawn criticism with the announcement of Windows Recall, an AI-based feature that will be built into new Copilot+ PCs. Recall takes snapshots of your PC’s screen every few seconds and uses that data to make a searchable index of everything you’ve ever done on your PC.

So is there cause for concern about Recall and your privacy — or the privacy of data connected to your company? I’ve been getting a lot of questions about that from readers. Let’s dig in so you can understand exactly what’s going on — and what decisions you’ll have to make, whether you’re thinking about your work laptop, a home PC, or a fleet of business computers.

But first, the good news: Windows Recall is only available on those new Copilot+ PCs. It won’t arrive on your current Windows 11 or Windows 10 PC with an update. You won’t even have to think about Recall until you buy a new PC that happens to have Recall built in.

Want expert insights on what’s actually going on in Windows? Sign up for my free Windows Intelligence newsletter — three things to try every Friday. Plus, get free Windows Field Guides as a bonus when you sign up!

What is Recall on Windows?

Recall is a new feature that will be built into Windows 11 moving forward. And, again: It will only be available on new PCs Microsoft has certified as “Copilot+ PCs.”

These PCs have neural processing units (NPUs) capable of at least 40 trillion operations per second (TOPS.) This hardware is designed to accelerate local AI tasks — in other words, AI tasks performed on your PC itself without any online servers involved — in a way that doesn’t drain a lot of battery power.

If you do have a Copilot+ PC, Recall is an optional feature that can capture snapshots of your screen every five seconds. (It won’t capture audio or video — just pictures of what’s on your screen.) You will then be able to search those snapshots using plain-language search. For example, you could say: “Show me that PowerPoint presentation I was looking at three weeks ago, the one with the green bar chart” — or “What was that message Dave sent me about the quarterly budget two months ago?” These searches all happen entirely on your device, and they’ll even work offline. Microsoft’s servers aren’t involved.

It’s a more plain-language way of your PC remembering what you were doing and allowing you to dig through it, and it’s clear how this type of feature could be a boost to productivity for anyone who works on their PC — and anyone using their PC for any other type of task, from online shopping to vacation planning to chatting with friends.

Macs have something similar with Rewind, which also captures your computer activity and lets you search it. But Rewind is a third-party tool, not something built into macOS by Apple.

srcset="https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?quality=50&strip=all 2272w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2024/05/1-Microsoft-Windows-Recall-privacy-Search.png?resize=444%2C250&quality=50&strip=all 444w" width="1024" height="576" sizes="(max-width: 1024px) 100vw, 1024px">Windows Recall doesn’t just take screenshots — it uses AI models to analyze the contents so you can search for them in plain language.

Microsoft

Is Microsoft sneaking Recall onto my PC with an update?

No. I can’t state this emphatically enough: Recall will not arrive on your current Windows 11 or Windows 10 PC. As Microsoft puts it, this feature is “exclusive” to those new Copilot+ PCs. It won’t suddenly arrive on any of your existing PCs via a Windows Update or any other mechanism.

Do I have to use Recall?

Recall is completely optional. When you’re signing into a new Copilot+ PC for the first time, Microsoft says you’ll be informed about Recall and given an ability to make a decision. You can choose not to use Recall at that time, in which case it won’t do anything or collect any sort of data.

If you do enable Recall, you’ll see a Recall icon pinned to your taskbar by default, and Recall will also have a system tray icon while it’s running. It’s very visible — it doesn’t just run silently in the background. After all, Microsoft wants you to use Recall to find things.

Microsoft says you can use the system tray icon or the options at Settings > Privacy & security > Recall & snapshots to pause Recall at any time. You can turn it on or off, delete existing snapshots, and choose to filter specific apps and websites so Recall doesn’t capture them. Recall also won’t capture any activity in “private browsing” windows in browsers like Chrome, Edge, and Firefox.

The Settings app provides a lot of options for controlling Recall’s snapshots — and deleting them.

Microsoft

How can businesses control Recall?

Businesses that don’t want Recall active on their organizations’ devices can disable Recall and stop PCs from saving snapshots using either group policy or MDM (mobile device management) policy. Microsoft has a guide to controlling Recall for IT administrators.

Where are the Recall snapshots stored?

Recall stores all the snapshots and other data on your PC itself. When you perform a search, Recall does the search on your PC. Microsoft says your data is never uploaded to a Microsoft server. It all happens completely on your PC, without the computer ever “phoning home.”

In a way, this makes Recall a little less useful — if you use multiple PCs, your Recall activity won’t sync between them. If you’re looking for something, you’ll need to search Recall on the PC you originally saw it on. But that may be a good thing when it comes to privacy considerations, particularly from an enterprise perspective.

The Recall data is also stored in an encrypted manner that’s specific to each individual user account on a device.

Is Microsoft taking my Recall data?

Microsoft says that the Recall data will be stored only on your PC and never processed by Microsoft’s servers. Since Microsoft isn’t so much as ever seeing or receiving this data, your Recall snapshots won’t be used for targeting ads to you, training AI models, or any other purpose along those lines.

Couldn’t someone steal my laptop and look at my snapshots?

Modern Windows PCs have encrypted storage, like other modern devices. Someone who stole your PC would need to be able to sign in as you to see your data.

Recall is only going to be available on Copilot+ PCs, and Microsoft has set a higher baseline of security for these PCs: They must be Secured-core PCs, for example, and they will include a Microsoft Pluton security processor. In other words, they will ship with encrypted secure storage backed by hardware security features.

The reality is that if someone stole a PC from an office worker or a home PC user and managed to sign into it, they’d already have access to a lot of private data. This would include financial documents stored on the PC itself, sensitive business information, email accounts the computer was signed into, and so on.

Recall will definitely generate extra data that can be accessed if a criminal breaks into a PC. But, on the whole, it’s less risky to be using Recall on a securely encrypted Copilot+ PC than to walk around with a Windows 10 laptop that doesn’t use BitLocker or another encryption method.

Can other people on my PC see the snapshots?

The Recall data is stored separately for each user account on a PC. That means even if you share a PC with other people, they won’t be able to look through your Recall snapshots — not unless they can sign into the computer with your user account and credentials.

Will Recall store financial account numbers and passwords?

Microsoft says that “Recall does not perform content moderation.” If a password or financial account number is visible on your screen, Recall will save it.

That being said, Recall won’t capture most passwords you type, since most websites “cloak” password entry dialogs by displaying them as ****. But if a website does show the visible passwords — or if information like a credit card number, bank account number, or social security number appears on the screen — Recall will save them in your snapshots.

That’s something many people are concerned about. But you can choose to filter out specific websites (like financial websites), use private browsing, or even filter out entire applications to have Recall ignore them. Also, you can delete snapshots at any time.

While this data may appear in your Recall snapshots, it’s critical to remember that only someone who has physical access to your PC — and who can sign into it with your user account — can get access to this information. And someone with physical access to your PC can do much worse, including installing malware on it.

Recall can reopen documents and websites for you — but you can get a lot of information just from the screenshots Recall stores, too.

Microsoft

But couldn’t someone else with access to my PC snoop on it?

To snoop through your snapshots for your private information, people would need both physical access to your PC and to be signed in as you.

To be fair, even the possibility of that happening does raise concerns. An abusive partner or family member could dig through the snapshots to find private information, for example — if Recall snapshots were enabled. An unlocked work PC in an office or a coffee shop could potentially put Recall info at someone else’s fingertips. Anytime you let someone else momentarily use your PC opens the door to that person digging through private information.

However, this was always a risk. That abusive partner could use their access to the PC to install a keylogger and remote-monitoring software to snoop on their partner’s PC usage, with or without Recall. Someone you give momentary access to your PC could pull up your email or search for sensitive financial documents. The Recall feature introduces a new way for people to find sensitive information if they already have access to a PC — but, again, they could do a lot of damage even without Recall in the mix.

How concerned should I be about Recall?

It’s clear why Recall is concerning. It marks a change in the way our computers remember and store information. And it seems like an obvious privacy problem if people with access to our PCs can use “AI-style” plain language search to dig through our saved PC history.

But there are already so many other potential privacy and security risks that could be exploited by anyone with access to Recall.

And, critically, Recall doesn’t send any of this data over the internet. There are already so many other details we’re giving to Microsoft and other corporations. If you’re worried about the information Microsoft and other companies are receiving about you, Recall isn’t the problem — but there are a lot of other Windows and web features that might be.

Plus, Microsoft isn’t being too sneaky this time: Recall isn’t going to arrive on existing Windows PCs. It will only show up on new Copilot+ PCs — where it’ll go through testing and we’ll see how it works. And, even on those new Copilot+ PCs, people can choose to turn Recall off, if they like.

Recall could be a big productivity boost for a lot of workers, helping them dig through all the information they’ve seen on their work PCs. If you also use Discord to chat while working, you could filter out Discord and ensure Recall doesn’t capture anything you say in there while it takes snapshots of all the Word documents, Excel spreadsheets, and Outlook emails you go through all day. Recall offers a lot of control.

If you’re still not comfortable with it — or just don’t see how a tool like Recall could help you, that’s fine. Remember, even if you get a new Copilot+ PC with Recall, you can turn it off.

Even veteran Windows journalist Paul Thurrott, who is often critical of Microsoft’s privacy practices, argues that Recall is not a privacy concern. It’s not uploading anything to Microsoft — it’s just storing the data on your PC.

But aren’t there still privacy concerns with Recall?

While I can see the benefits of Recall — especially for productivity workers who go through a lot of information on their Windows PCs and could save a lot of time if they had a faster way to find it — there are some elements of Recall that should give everyone pause.

Of course, this is a big change in the way PCs work. While people and businesses will have the choice to enable or disable Recall on their PCs, PCs have never captured and stored this kind of information in this way before. It’s a bit of a shock.

Also, defaults matter. Yes, Recall has a lot of knobs and switches technical users can tweak to make Recall the way they want it to. But most people will probably stick with the defaults — even if those defaults may put them or their data at risk. Someone with an abusive partner may not know how to disable Recall. A less knowledgeable PC user might have Recall enabled and let someone else use their PC without realizing that person can dig through everything they’ve been doing recently.

An attacker with access to a PC could just enable Recall rather than install a keylogger, and then grab private information from the Recall snapshots. That kind of attack could be a little more subtle and harder to spot than the full install-a-keylogger attack, too.

The most important answers are still ahead of us

Recall will arrive as a “preview experience” on those new Copilot+ PCs in a few weeks. If you want to stay far away from it, that’s easy: Just don’t buy a Copilot+ PC (or turn the Recall feature off when you do!).

More than anything, we’ll have to see how the risks of Recall shake out in the real world. Perhaps Microsoft will attempt to do more “filtering” by default — using AI features to force Recall to avoid capturing passwords and financial account details, for example. And perhaps everyone will realize the risk of giving other people access to their PCs — something that was always a risk when sensitive documents, emails, and browser histories are just a few clicks away.

Of course, Microsoft’s big Copilot+ PC push is about more than AI. It sounds like the PC industry may finally have thin-and-light laptops with incredibly long battery life to compete with MacBooks. That’s huge.

Even if you disable Recall and turn off every AI-based feature on those new Copilot+ PCs, they could be a big upgrade over your current laptop. I’ll know more when I start getting my hands on them next month.

Interested in learning more? Watch this column and sign up for my free Windows Intelligence newsletter to be the first to see my in-depth impressions. You’ll also get three new things to try every Friday and free copies of Paul Thurrott’s Windows Field Guides as a special welcome bonus.

Kategorie: Hacking & Security

Počítače Copilot+ budou po zuby chráněné. Microsoft zabezpečení zlepší i omezením správcovských účtů

Zive.cz - bezpečnost - 9 hodin 56 min zpět
**Počítače Copilot+ splní normu Secured-core PC **Bude v nich aktivní bezpečnostní koprocesor Pluton **Microsoft pracuje na dalším posílení zabezpečení ve Windows 11
Kategorie: Hacking & Security

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

The Hacker News - 10 hodin 30 min zpět
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Charting the ‘flight path’ for Copilot for Microsoft 365

Computerworld.com [Hacking News] - 28 Květen, 2024 - 22:27

“Copilot is so much more than a new feature within Microsoft 365. It’s about transforming the way people work.”

Whether it’s drafting a job description, sorting help desk tickets or visualizing complex data in seconds, Copilot is already creating huge value in the hands of millions of workers. 

A study from the Boston Consulting Group found AI-assisted workers were 25% faster. They produced 40% better quality work. And they took on 12% more tasks than a comparable group without AI assistance.

Notably, this study used open generative AI platforms, suggesting the real impact of AI tools fully integrated with proprietary data and applications could be much higher.

It’s hard to ignore the implications for competitiveness, both on the organizational and in one’s personal career. The age of AI is here, like it or not.

Charting your “flight path” to Copilot adoption

To tap into all this potential, we recently expanded our 30-year partnership with Microsoft to better help our customers get the best value from this investment.

Taking your most important asset – proprietary data on your customers, products and markets – and having that generate truly game-changing outputs for your business takes a lot of planning and data integration capability. This needs to happen without losing sight of security and governance.

To get it right “customers should not be looking at AI or Copilot for Microsoft 365 as a simple transaction or a services project,” says Chris Woodin, Sr. Vice President – Solutions and Alliances at Softchoice.

Instead, they need to see Copilot adoption in terms of a long-term journey. That journey has multiple stages that form what we call the “flight path” for Copilot adoption. Here’s how it works.

Step 1: Plan your business case for Copilot

The first stage of the flight path is to define the vision, goals, and success criteria for using Copilot for Microsoft 365 in your organization.

We call this the “Plan” phase. Here, we look at the universe of potential use cases that might create meaningful change in value for the business and justify the case for change.

For example, you may want to use Copilot to improve the productivity and quality of your content creation, marketing, sales, or customer service teams. You might consider deploying it to IT to improve service desk ticketing, security alerts or any number of other applications. How Copilot shows up will depend on the context in which you operate today and where AI can make a difference in real productivity terms.

To help, we can support as you plan, build and win support for your business case, create a roadmap and align those with a stake in decision-making on the scope and timeline of the project.

Getting Clear on Copilot Adoption – The Business Case

Step 2: Assess your technical and organizational readiness

The next stage is to evaluate the current state of your IT environment, licensing, security posture, and organizational readiness for Copilot for Microsoft 365.

This is the “Assess” phase. In this phase, you need to make sure that existing applications, business processes, and data can be integrated effectively into Copilot. This involves a gap analysis to identify any risks, issues, or dependencies that are going to need remediation before you deploy.

For example, you may need to upgrade your Microsoft 365 subscription, update your applications, or resolve any compatibility or performance issues.

To help you gauge your readiness for Copilot, we offer a Copilot Readiness Assessment, that provides a comprehensive review of your IT environment, security posture, and Copilot requirements. This yields a detailed report with recommendations and best practices to prepare for deployment and minimize errors during the process.

The Catalyst Gets Clear on Copilot Adoption – Getting ready 

Step 3: Run a pilot with select users, configure and implement

The third stage of the flight path is to configure and deploy Copilot for Microsoft 365 according to best practices and your specific requirements. This is when you integrate your custom data sources, including enterprise data, industry-specific terminology, and so on.

Then, you test and validate the functionality, performance, permissions, and security of Copilot within your IT environment with a focus on integration with enterprise data.

Note that we strongly recommend deploying Copilot as a pilot project to a select group of users first. This gives you the chance to collect valuable user feedback and course correct where needed before going organization wide.

To help you implement and pilot Copilot, we have a Copilot Implementation Service, including expert guidance and support to set up and deploy Copilot. This includes a Copilot Pilot Program with a custom plan and toolkit for deploying to an initial group of select users.  

The Catalyst Gets Clear on Copilot Adoption – Implementation

Step 4: Adopt Copilot and manage the people factor

Copilot for Microsoft 365 won’t have any impact if people don’t know it’s there or why they should use it.

This means a continuous management approach to end user adoption focused on realizing the actual benefits, whether that’s increasing employee productivity or transforming the way they work with their customers.

The next phase is built to heighten awareness, engagement, and adoption of Copilot among your end users at every level. The importance of training, communication, and support to help people understand and use Copilot can’t be overstated.

You‘ll also need a clear process to monitor and collect feedback from the users on their experience and satisfaction with Copilot and apply their feedback as you go.

This is where our Copilot Adoption and Enablement Services come in. It’s meant to give you a detailed strategy and plan to drive user adoption of Copilot in your organization.

It includes a Copilot Adoption Toolkit for educating, training and supporting users on integrating Copilot into daily work as well as in cultivating an “AI-first mentality.”

Step 5: Sustain the momentum over the long term

No genuine transformation is going to be a one-and-done effort.

The final stage of the flight path involves proactive steps to keep the early momentum going. The aim is to avoid a drop-off in usage and ensure people truly integrate the tool into their work. This is more an ongoing journey than a destination.

It involves reviewing and updating the vision, goals, and success criteria as your needs and priorities evolve and as Microsoft adds new features and capabilities. You’ll want to monitor and analyze the metrics against outcomes. It may be necessary to throw in additional training, guidance, and support to the users. Remember that new hires will also need to learn the specific ways your organization uses the technology.

To help you sustain and optimize Copilot, Softchoice offers a Copilot Sustainment Service, where you can get ongoing support and guidance to maintain and enhance the performance and value of Copilot in your organization. This comes with a Copilot Sustainment Toolkit, where you’ll find the latest resources and tools to keep your users informed, engaged, and satisfied with Copilot for Microsoft 365.

The Catalyst Gets Clear on Copilot Adoption – Sustain 

Ready to take off with Copilot?

You plan to adopt Copilot for Microsoft 365. Why should you trust us to help?

We know people and technology. To succeed with Copilot deployment, you’ll need to account for both and have them work in harmony.

We bring over 30 years’ experience as a Microsoft partner. This comes with a deep bench of Microsoft certified specialists who deliver thousands of Microsoft assessments and implementation projects every year.

We were our own first Copilot customer. As a member of Microsoft’s Early Access Program, we were among the first companies to use Copilot in a real-world environment.

Every Copilot needs a navigator

Explore Copilot for Microsoft 365 services

Kategorie: Hacking & Security

India is getting in on the iPhone sideloading act

Computerworld.com [Hacking News] - 28 Květen, 2024 - 20:10

The EU has done it, the UK will probably do it, the US is considering it, and now India plans to follow suit with competition laws to regulate big technology firms, including Apple. Cupertino isn’t happy.

India’s Digital Competition Bill is a similar piece of legislation to the EU’s Digital Markets Act (DMA) that is forcing Apple to open up its ecosystem, most visibly through support for third-party app stores. India’s bill will prevent companies from promoting their own services above those of rivals, stop them from exploiting non-public user data, and also require support for third-party app purchases.

Free trade where we want it

Apple isn’t the only technology firm that’s unhappy about India’s proposals. Google and Amazon are also full of rue. 

That is why a US lobby group that represents all three big firms is pushing for India’s government to rethink its proposals, warning that the draft law goes further than the DMA. “Targeted companies are likely to reduce investment in India, pass on increased prices for digital services, and reduce the range of services,” the US-India Business Council reportedly said.  

(The irony that the US Chamber of Commerce should make that argument, even while the US Department of Justice struggles to bring in similar constraints on Apple and other big companies, is hard to ignore.)

A threat to Apple’s India plan?

Threat of this new law may also displease Apple’s latest manufacturing partner, Tata, which is making big investments to stake space in Apple’s India-based iPhone supply chain. The top tech company in India by market capitalization, Tata holds a senior seat on the US-India Business Council board. Most of the country’s big names have some representation on the group. 

In truth, Apple’s major investments in India may spell “iPhone” to the rest of us, but to those involved in its manufacturing supply chain there, the same word spells “profit” — and they are unlikely to want that nascent business beaten quite yet. 

We shall see what happens ahead, but the stage does seem set for some wrangling over the content of the new legislation. The proposals specifically target entities with a turnover in excess of $30 billion and at least 10 million local users of digital services — which basically means the big tech firms, whose market power the bill aims to constrain.

Apple wants to build business across the nation of 1.4 billion people and is well on the way to achieving that. As it seeks to reduce its reliance on China, the company is making huge efforts to build manufacturing centers and attract new users in India, so anything likely to make that work more challenging won’t be seen as ideal. 

Apple CEO Tim Cook recently said the company generated record revenues in India during the March quarter, though critics may claim part of this success reflects company control of the apps market on its platforms. 

Control of the means of production

Wrong or right, the extent to which big firms control the digital economy is what India’s regulations, just like those elsewhere, seek to constrain. Attempts to dent such market power is very much reflected in the work of India’s Competition Commission, which has already fined Google more than $160 million over app purchases and pre-installed apps. Apple is also undergoing investigation at this time. 

The act won’t become law immediately. The government is gathering feedback before submitting the regulations for approval by parliament, and there is no set timeline for that process to take place, according to Reuters.

But for Apple this new attempt to regulate its business surely makes it far more likely that it will eventually be forced to open up its platforms to third-party apps on a global basis, rather than just in the EU. I don’t see that happening swiftly, however. The cautious approach would be for consumers, competitors, the company, and any sensible regulators to review the potential failures of such openings-up in Europe, where third-party stores are now opening at a trickle, rather than a flood.

Pending further evidence, the jury remains out on the extent to which sideloading in Europe will undermine user security and privacy, or dilute the value of the user experience.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

The Hacker News - 28 Květen, 2024 - 14:50
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested on December 20, 2023, upon entering the country. "Tomar and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

What Can Linux Admins Learn from Microsoft's Zero-Trust DNS Initiative?

LinuxSecurity.com - 28 Květen, 2024 - 14:38
As a Linux administrator or security practitioner, you understand DNS's essential role in network security. Attacks and unauthorized access pose threats against DNS connections, so robust security protocols must be implemented to safeguard them. Zero-Trust DNS provides greater security, control, and flexibility over DNS traffic.
Kategorie: Hacking & Security

4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets

The Hacker News - 28 Květen, 2024 - 13:12
You’re probably familiar with the term “critical assets”. These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.  But is every technology asset considered The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

LinuxSecurity.com - 28 Květen, 2024 - 13:00
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2). These vulnerabilities could potentially disrupt the server and inject malicious code.
Kategorie: Hacking & Security

China launches $47B semiconductor fund to counter US supremacy

Computerworld.com [Hacking News] - 28 Květen, 2024 - 12:58

China has established a massive new state-backed semiconductor fund worth 344 billion yuan or $47 billion aiming to ramp up its chip industry, according to the National Enterprise Credit Information Publicity System, a government-run credit information agency.

This aggressive move is seen as a countermeasure against US efforts to limit China’s access to advanced chip technology.

Christened the China Integrated Circuit Investment Fund Phase III, the investment in this phase is the largest yet and was registered on May 24. This phase dwarfed its previous two phases registered in 2014 and 2019 with investments of 138.7 billion yuan and 204 billion yuan respectively.

The Ministry of Finance holds a 17% stake in the fund followed by a subsidiary of the state-owned National Development Bank at 10.5% and a Shanghai municipal government investment company at 9%.

The fund also lists seventeen other entities as investors including five of China’s largest banks, including Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Agricultural Bank of China, and Bank of Communications — each holding a six percent stake.

The China Integrated Circuit Investment Fund, also known as “Big Fund,” was launched under the “Made in China 2025” initiative in 2015 as a financing vehicle to promote high-tech industrial development.

The “Big Fund” has already provided financial support to two of China’s major chip manufacturers — Semiconductor Manufacturing International Corporation and Hua Hong Semiconductor, according to a Reuters report.

The investment fund is also expected to finance the High Bandwidth Memory (HBM) industry and other key AI semiconductor fields, as per Chinese corporate information service, Qichacha.

While specific targets remain undisclosed, the fund in the third phase is expected to focus on AI-related semiconductors and manufacturing equipment. The fund also aims to support R&D projects and assist major Chinese semiconductor companies in transitioning from international to domestic suppliers for key materials like chemicals, industrial gasses, and silicon wafers. This move will minimize China’s reliance on foreign suppliers and potentially weaken the effectiveness of future US restrictions.

This move comes as the US tightens export controls on advanced chips and fabrication tools to hinder China’s tech advancements.

In October 2022, the US implemented comprehensive export controls to curb China’s military modernization by restricting access to advanced AI chips that use US technology. Again in 2023, the Bureau of Industry and Security updated these rules to address loopholes that compromised their effectiveness.

“Today’s updated rules will increase the effectiveness of our controls and further shut off pathways to evade our restrictions. These controls maintain our clear focus on military applications and confront the threats to our national security posed by the PRC Government’s military-civil fusion strategy,” Secretary of Commerce Gina M. Raimondo said in a statement in 2023. “As we implement these restrictions, we will keep working to protect our national security by restricting access to critical technologies, vigilantly enforcing our rules, while minimizing any unintended impact on trade flows.”

Kategorie: Hacking & Security

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The Hacker News - 28 Květen, 2024 - 12:15
The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah