Kategorie

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an The Hacker Newshttp://www.blogger.com/profile/[email protected]

In a surprise move that will likely be welcomed by many Microsoft Teams users, the tech giant has announced an extension to the retirement timeline for its Office 365 connectors feature. Originally slated for a complete shutdown in October 2024, the connectors will now continue to function until December 2025.

The decision comes after a wave of feedback from users who expressed concerns about the potential disruptions caused by a rapid transition to Power Automate workflows, the recommended replacement for Office 365 connectors.

“We have extended the retirement timeline through December 2025 to provide ample time to migrate to another solution such as Power Automate, an app within Microsoft Teams, or Microsoft Graph,” Microsoft wrote in a blog post. “We understand and appreciate the feedback that customers have shared with us regarding the timeline provided for the migration from Office 365 connectors.”

Office 365 connectors in Microsoft Teams allow users to bring updates from other services, like Trello, GitHub, or Twitter, directly into their team’s chat. It’s like having a live feed of information from those services within one’s Teams channel, making it easier to stay updated.

All existing Office 365 connectors within all clouds will remain functional until December 2025. However, to continue using these connectors beyond December 31, 2024, users “must update the respective URL by the end of this year.” Microsoft will provide further guidance on this process at least 90 days before the deadline, the blog added.

If the URL is not updated by December 31, 2024, the connector will stop working, the company said in the blog.

“This is due to further service hardening updates being implemented for Office 365 connectors in alignment with Microsoft’s Secure Future Initiative (SFI),” it added. The Microsoft SFI is a pledge taken by the company last November to “bringing together every part of the company to advance cybersecurity protection across both new products and legacy infrastructure.”

Earlier this month, Microsoft announced that starting August 15, all new “connector creation will be blocked within all clouds” and effective October 1, “all connectors within all clouds will stop working.”

How do users react to this?

This extension of the deadline, it seems, still did not amuse the users.

“You simply took the part of the feedback that is the least change on your plans, the unrealistic timeline that some people mentioned,” wrote a user on the blog to Microsoft’s statement.

However, the user further added, “You just keep ignoring the not working suggested usage of Power Automate and the worsening of security, flexibility, and scalability. If Microsoft has a slight idea of customer focus you would simply stop this mess and apologize for the ignorance.”

“Even with the ‘update,’ very very bad move,” wrote another user in the feedback portal Microsoft created, adding, “Users will find an alternative to Teams.”

This will significantly impact my company’s alerting and observability, another user replied to the Microsoft blog. “A bit shocked by this frustrating move by M [Microsoft]. Timeline is completely unprofessional and unrealistic as well.”

This change breaks so many of our production alerting and notification systems, one more user wrote in the feedback portal. “Microsoft is setting us back significantly with this move.”

Why is Microsoft phasing out Office 365 connectors?

Microsoft is phasing out Office 365 connectors to enhance security and scalability for enterprises. According to the company, Power Automate provides a robust alternative, offering advanced security features and the flexibility needed to meet business needs, compared to Office connectors.

“Power Automate workflows not only offer a much deeper catalog of Office connectors but also ensure that your integrations are built on an architecture that can grow with your business needs and provide maximum security of your information,” the blog wrote.

This alternative, according to the company, offers a more extensive range of connectors and ensures integration is built on a scalable and secure architecture, “aligning with Microsoft’s Secure Future Initiative.”

The company advised users to begin transitioning to Power Automate immediately to ensure a smooth migration. Microsoft plans to roll out additional features and support to assist users in this transition, reinforcing its commitment to enhancing productivity and security for its customers, the blog mentioned.

Mistral AI has launched a 123-billion-parameter large language model (LLM) called Mistral Large 2 (ML2), strengthening its position as a significant competitor to OpenAI, Anthropic, and Meta.

In a statement, the company said that ML2 has a 128k context window and support for dozens of languages including French, German, Spanish, Arabic, Chinese, Japanese, and Korean. It also supports over 80 coding languages, including Python, Java, C, C++, JavaScript, and Bash.

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S. and used fake accounts to mask Newsroomhttp://www.blogger.com/profile/[email protected]

Ten years after its arrival on the business tech scene, Slack isn’t standing still. The vendor has been steadily rolling out useful new features to its team chat app over the last year or so.

In conjunction with the app’s recent interface changes (covered in a separate guide), these tools offer better ways to collaborate, automate tasks, find information, and more. But it’s not always obvious how to use them, or even find them in the first place. Here’s a guide to the best new features.

In this article:

• Use canvases for sharing and brainstorming
• Create workflows to automate actions
• Get up to speed fast with Slack AI
• Manage tasks and projects with ‘lists’

Use canvases for sharing and brainstorming

A canvas is a workspace where you can create, share, and manage content with your teammates. You can add text, documents, images, and videos to it. It provides a central area where teams can store and easily access key information, files, agendas, action items, and so on. It can also be a handy forum for brainstorming with your team, tracking projects, planning events, and more.

Every channel and direct message has a built-in canvas. To access it, click the Canvas icon (it has a page with a +) at the top right of the channel or DM. A Canvas panel opens to the right.

Starting a new canvas in a DM.

Howard Wen / IDG

If you have a free Slack plan, you’ll see a blank canvas. You can add text, checklists, tables, links, and other elements such as video clips to it.

If you have a paid Slack plan, you have the same options for working in a blank canvas, or you can start with a template such as Channel overview, Weekly sync, or Shared resources. Click More to browse through the templates. Click any template to see a preview of it in the panel. If you want to use it, click Use Template.

This is all assuming that you’re the person who starts the canvas for a channel or DM. If someone else has already started it, you’ll see what they’ve done so far when you click the Canvas icon, and you’ll be able to edit or add to the canvas.

If you have a paid Slack account, you can also create canvases as standalone documents not tied to a particular channel or DM. Click the Create new (+) button near the bottom of Slack’s left navigation bar. On the menu that opens, select Canvas.

A new window for the canvas will open. You can type in a title for the canvas and then start with a blank canvas or choose a template. Either way, you can insert any additional elements you like. You can even embed another canvas in your canvas.

Creating a standalone canvas.

Howard Wen / IDG

When you’re finished putting together your new canvas, click the Share button at upper right and type in the name of a channel or people to share it with. Or you can click the vertical three-dot icon and select Save for later. You can access and share it at any time via More > Canvases.

You’ll find all the canvases you’ve created under More > Canvases > Created by you.

Howard Wen / IDG

Create workflows to automate actions

This feature is available only with a paid plan.

A workflow is a sequence of actions taken to complete a business task — anything from updating a spreadsheet to onboarding a new employee. Workflows often involve multiple co-workers and multiple business tools, which can bog things down.

That’s where workflow automation tools come in. They can perform a series of actions with minimal input from workers to free them from repetitive tasks and reduce bottlenecks.

Workflow Builder is Slack’s workflow automation tool. Slack initially launched Workflow Builder in 2019, then late last year introduced a redesigned version that makes it simpler to automate workflow actions using the point-and-click interface. For example, you could set up a workflow that automatically sends a welcome message when a new member joins a Slack channel, adds co-workers to a Google Calendar meeting when they select a specific emoji reaction to a message, or creates a new task in ClickUp when users fill out a form in Slack.

Using Slack’s integrations, you can even create workflows that involve multiple third-party tools, such as a new project workflow that creates a Slack channel for the project, creates a project in Asana, starts a Miro virtual whiteboard for the project, and sets up a project kickoff meeting in Zoom.

Here are the general steps for creating and deploying a workflow in Slack:

Open the Workflow builder: Click the three-dot (More) icon on the navigation bar and select Automations. This opens the Workflows panel over the screen.

Click More > Automations to get started with Workflows.

Howard Wen / IDG

To create a workflow, you can either start with a template or build a new workflow from scratch.

Use a template: Click the Templates tab. A great way to get started with workflows is to browse through these templates and select one to experiment with, so that you can understand how workflows are set up and how connectors to third-party apps work.

Using a workflow template.

Howard Wen / IDG

When you use a template, you’ll need to fill in your own questions, messaging, or other details. You can also start with a template and then customize it by adding more steps.

Build a workflow: On the Workflows panel, click the Create workflow button at the upper right. On the screen that appears, select an event that will start the workflow, such as when a user clicks a link, joins a channel, or uses a specific emoji reaction. You can also set up workflows on a schedule or that are triggered by events in external apps.  

Depending on which starting event you choose, you’ll be prompted for further information. For example, if a workflow starts when a user joins a channel, you’ll be prompted to select one or more channels. You’ll then be able to add steps to the workflow by choosing from a list of options (some of which are Slack tools, others third-party connectors) to the right. Corporate users may need to request permission from their admins to use third-party connectors.

Building a workflow from scratch.

Howard Wen / IDG

Publish the workflow: When you’ve finished building your workflow, click the Finish Up button at upper right. You’ll be prompted to give the workflow a name and description if you haven’t already. When you’re done, click Publish to activate your new workflow.

Get up to speed fast with Slack AI

This feature is available only with a paid plan, with an additional fee of $10 per user per month.

Another way to be more productive with Slack is to tap into its new generative AI feature. You can have Slack AI summarize channel conversations, direct messages, and threads for you; get automated daily recaps for less important channels; and answer your questions about projects, company processes, and more.

To get a conversation summary, open the channel, DM, or thread that you’d like Slack AI to summarize. Click the starburst icon that’s toward the upper right and select Summarize. In channels and DMs, you can specify a time frame for the summary.

Slack can summarize a channel’s activity to catch you up.

Slack

To stay abreast of channels that you want to keep tabs on but don’t want to read multiple times a day, set up channel recaps. To do so, click Recap in the left sidebar and choose the channels you want to recap. Every morning you’ll get a digest of activity for those channels.

You can also use generative AI-powered search in Slack. Just click inside the search box at the top of your workspace and type a question as if you were talking to a friend. The AI will search the conversations throughout your Slack workspace and provide a concise answer that contains links to the messages it based its response on.

If you need to get up to speed on a project, for example, try asking Slack AI, “What is Project Z?” or “Who are the leads on Project Z?” or “What’s the current status of Project Z?”

Note that as with all things genAI, these responses may not be fully accurate. So it’s always a good idea to click through to the source messages cited by the AI to be sure it has interpreted them correctly.

Manage tasks and projects with ‘lists’

This feature is available only with a paid plan.

Slack’s newest feature, called “lists,” is a task management tool similar to Trello, Asana, Monday.com, and many others. It lets you build simple to-do lists and even moderately sophisticated project management schedules. You can integrate a list into a channel or share it directly with teammates so that you and other people can collaborate on it.

Slack’s lists feature lets you create, assign, and manage tasks.

Howard Wen / IDG

Here are the basics on how to use Slack lists.

Create a list: Move the pointer over the three-dot (More) icon on the left navigation bar. On the menu that opens, click Lists.

At the top of the left sidebar, click the + icon. A new blank list will open to the right in the main area of your Slack workspace. You can keep working with the blank list or select one of the templates listed below.

In the text field at the top of the new list, type a name for your new list over the word “Untitled.”

Creating a new list.

Howard Wen / IDG

By default, the list is presented as a table, where each row represents a task and each column represents a field. A field can display information, such as the name of a task or a person assigned to the task, or an interactive element, such as a check box.

In the blank list, type a task name in each row in the Name column. In the People column, click each field to assign persons in your Slack team to the task that’s on the same row. Then click each field in the Date column to assign a deadline to each task.

To add another task (row) to the list, click the +Add item button below the list.

To add another field (column), click the + icon at the table’s upper-right corner. On the small panel that opens, you can optionally type in a title for the field. Then select a field type from a dropdown menu. There are 16 field types, including Text, Number, Checkbox, Date, and more.

Choose the type of field you want to add.

Howard Wen / IDG

To edit a field, move the pointer over the title of the field. Click the down arrow that appears and select Edit field.

Create custom list views: You can filter, sort, and otherwise adjust a list to rearrange its fields in specific ways. Click the button with adjustment sliders above the list. On the panel that opens, select Filter, Sort, Hide fields, or Group by. You can also switch the list’s layout between Table (the default) and Board, which presents the items as a kanban board.

This custom view uses the Board layout and groups tasks by who they’re assigned to.

Howard Wen / IDG

To save a custom view, click Save as New View at the top of your list. When you click the All items button, a dropdown menu lets you switch among the custom views you’ve created and saved.

Share your list with teammates: Click the Share button at the upper right. Inside the text entry box on the panel that appears, start typing and then select the names of people in your Slack workspace to share the list with. Choose a permission level using the dropdown on the right: Can edit means those you’re sharing the list with can make changes to your list; Can view means they can see it but can’t change it.

Sharing a list with collaborators.

Howard Wen / IDG

After you’ve made your selection and optionally added a message for your collaborator invitees, click the Share button.

Add and view comments: Move the pointer over an item and click the speech balloon icon. A panel opens along the right where you can type in a comment for the item.

A number inside the speech balloon icon shows how many comments have been added to the item. Clicking it will open the Comments panel along the right. On it, you can view the comments and add your own comment or replies.

Viewing comments for a task in a list.

Howard Wen / IDG

Set alerts for your list: You can have Slack send a notification whenever someone makes a change to a field in your list or performs an action on it. Move the pointer over the title of the field for which you want to set a notification. Click the down arrow that appears and select Alert when field changes… You can opt to have the notification sent to a channel or to your individual activity feed.

Related reading:

• Make Slack’s design update work for you
• With the arrival of AI, Slack adds a new chapter to its story
• Slack wants to become the ‘long-term memory’ for organizations

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both The Hacker Newshttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and Newsroomhttp://www.blogger.com/profile/[email protected]

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length setNewsroomhttp://www.blogger.com/profile/[email protected]

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and Newsroomhttp://www.blogger.com/profile/[email protected]

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that Newsroomhttp://www.blogger.com/profile/[email protected]

Meta’s newly unveiled Llama 3.1 family of large language models (LLMs), which includes a 405 billion parameter model as well as 70 billion parameter and 8 billion parameter variants, is a boon for enterprises and a bane for proprietary LLM vendors, analysts and experts say.

Regulatory authorities in the EU, UK and US have signed a joint statement to ensure effective competition in the AI ​​sector, according Reuters. In the statement, they write that generative AI (genAI) has developed rapidly in recent years and that technological inflection points can introduce new ways to compete, innovate, grow, and catalyze opportunities.

The three parties also pledged that they will work together under their respective laws to ensure that the AI ​​market remains competitive and that both consumers and businesses are treated fairly.

This includes fair treatment, prevention of exclusionary tactics, and close scrutiny of investments and collaborations between today’s AI bigwigs and rising upstarts in the market.

There’s no sign of a blue screen of death in the most recent episode of the Apple at Work film series, but that’s not the only transformation buried in the tale.

The Underdogs series has always offered an amusing take on how digital technology is transforming the workplace. Through an Apple lens, the series shows the extent to which the platform enables hybrid workforces on a planet that is becoming increasingly asynchronous when it comes to productivity.

Apple goes APAC

Set in Thailand, the clip depicts the challenges of the modern workplace to explain how the seamless integration of Mac, iPhone, iPad, and Vision Pro can power up business today. Those products let the team source a new packaging factory, implement last-minute design changes, create 3D prototypes, bridge language gaps and more.

So far, it’s marketing — but it’s hard to ignore the extent to which the series, albeit in a light-hearted way, reflects the extent to which the workplace has changed and continues to evolve. 

Things have changed

Take product design. Not so long ago, designing something with a global team required sharing sometimes huge files, which takes time and bandwidth. Today, tools (such as Freeform) exist that enable creatives to collaborate on ideas remotely in real time, using a range of devices such as a Mac or Vision Pro. Product designers also benefit from the ability to create and share digital prototypes, including 3D models that can be explored on Vision Pro.

Beyond the creative departments, billing, invoicing, and credit control have all become tasks you can transact while travelling as long as you have a network connection. You can take and make payments with mobile devices and authorize remote access to any enterprise service using 2FA and/or biometric security. Tasks that once required dozens of devices can now all be transacted on a smartphone, even as integration between different platforms (smartphones, tablets, computers) improves. 

Accelerating change

This is changing the nature of work, and that change is being felt across platforms and operating systems. It makes it possible for knowledge workers of any stripe to focus on the task in front of them while using whatever device makes the most contextual sense for the situation. Ironically, that means the device used is becoming more invisible because the focus is on what needs to be done. Where you are, what device you use, and the time zone you are in mean less than before. 

To a great extent, many of these changes were already emerging in the mid-2000s, but the introduction in 2007 of true mobile computing in the form of the iPhone and the smartphones subsequent to it accelerated the momentum. 

To some extent, this digital transformation reflects some of the concepts Apple co-founder Steve Jobs visualized, a then hard-to-accept future in which people “spend more time with their PCs than with their cars,” he correctly predicted in 1983.

Focus drives the attention economy

The transition from computer to an ecosystem of equally capable devices simply extended that change; and in the new workplace, the tasks we are attempting are, in a sense, no longer defined by the PC.

This is the kind of reality Apple is exploring in its latest work-focused ad — and it’s only a matter of time until the industrial equipment used in manufacturing companies also gains its own Apple logo. The Apple Car-related autonomous vehicle research the company spent billions on will be deployed in some useful manner, eventually. Perhaps it is time manufacturing became another space where AI, autonomy, and Apple’s multitude of digital platforms makes a difference.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare systems, among others.

At issue was a flawed update to CrowdStrike Falcon, the company’s popular endpoint detection and response (EDR) platform, which crashed Windows machines and sent them into an endless reboot cycle, taking down servers and rendering ‘blue screens of death’ on displays across the world.

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the The Hacker Newshttp://www.blogger.com/profile/[email protected]

A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "Newsroomhttp://www.blogger.com/profile/[email protected]

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the

In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys' Threat Research Unit (TRU) demands the open source community's immediate attention. Dubbed as "regreSSHion" and assigned the identifier CVE-2024-6387 , this vulnerability stands out not merely because of its potential to enable unauthenticated, remote attackers to execute arbitrary code as root, but also due to its broad impact, affecting millions of OpenSSH server instances globally.

Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of the Internet email infrastructure.

** Jednoduché síťové kamery se snadnou obsluhou ** Bez předplatného nedávají úplně smysl ** Při jejich ceně chybí lokální záznam na kartu nebo váš síťový disk