Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

The Hacker News - 15 Leden, 2025 - 06:15
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344, CVSS score: 6.7), has notRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

The Hacker News - 15 Leden, 2025 - 06:10
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -
Kategorie: Hacking & Security

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

The Hacker News - 15 Leden, 2025 - 06:10
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows - Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

January Windows updates may fail if Citrix SRA is installed

Bleeping Computer - 14 Leden, 2025 - 23:04
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [...]
Kategorie: Hacking & Security

Allstate car insurer sued for tracking drivers without permission

Bleeping Computer - 14 Leden, 2025 - 22:29
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. [...]
Kategorie: Hacking & Security

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

Bleeping Computer - 14 Leden, 2025 - 21:54
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]
Kategorie: Hacking & Security

At CES, PC makers aim for business, highlight AI-ready hardware

Computerworld.com [Hacking News] - 14 Leden, 2025 - 21:12

Enterprise computers are often the ugly ducklings of the PC world, viewed as dull, slow and less feature-rich than their consumer counterparts. But vendors at last week’s Consumer Electronics Show launched a selection of business machines (alongside their consumer offerings) hoping to capitalize on the rise of generative AI (genAI). 

Despite the focus on AI PCs or Copilot+ PCs, analysts said the vendors might be a bit ahead of the market.

“I liken it to the dot.com era,” said Tom Butler, executive director of portfolio and product management for Lenovo’s worldwide commercial notebook business. “…When the dot.com era kicked off, companies immediately said, ‘I need a dot.com instance.’ …So, it’s very much like that right now. Companies, as we move into this AI PC era, [say] ‘I need an AI PC.’”

Here’s a look at some of the noteworthy business PCs announced at CES 2025 and analysis of whether vendors are hitting the mark for enterprise customers.

Asus

In addition to its Zenbook and Republic of Gamers (ROG) offerings, Asus unveiled the enterprise-focused ExpertBook B5, ExpertBook B3, ExpertCenter P400 AiO, and ExpertCenter P500. Although they’re not Copilot+ PCs (their neural processing unit (NPU) isn’t powerful enough), they qualify as AI PCs; both B5 and B3 laptops include Intel vPro for manageability and have passed the MIL-STD 810H durability tests. Neither is super light, tipping the scales at about 3 pounds.

The B5 supports up to 64GB of RAM and up to a 2TB SSD with RAID support, has an all-metal design, 16-in. screen, and security features including a fingerprint reader, facial recognition, and a smart card reader. 

The B3 has either a 14-in. or 16-in. display, supports up to 64GB of RAM and up to 1TB storage in dual SSDs. And it offers a variety of ports — USB-A, USB-C, HDMI, and even an Ethernet port. (The B5 lacks Ethernet, unless you have a USB dongle.)

On the desktop side, the ExpertCenter AiO (all-in-one) comes in two models, one with a 27-in. display, the other with a 24-in. screen. The P500 is a mini tower supporting up to 64GB of RAM and up to 4TB storage on one SSD and one hard drive. 

Dell

While Dell’s rebranding plans, announced at CES, might be a bit perplexing, the company did introduce several new Dell Pro models “designed for professional-grade productivity.” They come in several flavors: Base, Plus, and Premium, and all qualify as Copilot+ PCs, based on their specs.

At the Base level, there are the Dell Pro 14 and Dell Pro 16, designed to “deliver essential performance for everyday productivity,” Dell said. They feature Intel Core Ultra 5 processors, 16GB of RAM and 256GB of storage, and screen resolution of 1920×1200 pixels. 

The company also announced Dell Pro desktops, powered by either Intel or AMD processors, available in micro, slim, and tower form factors. They are, Dell said, the company’s first commercial desktops with NPUs.

One step up are the Dell Pro 13/14/16 Plus, with up to 32GB of RAM and 1TB of storage. They come in laptop or 2-in-1 form factors and use the same system BIOS to make ordering and management easier for IT departments. Dell claims up to 18.2 hours of battery life for the Pro 14 Plus, and 12.6 hours for the Pro 16 Plus.

At the top of the heap are the Dell Pro 13/14 Premium models. They’re the slimmest and lightest member sof the Pro portfolio, starting at 2.36 pounds. The Dell Pro 13 Premium offers up to 20.8 hours of battery life; the Pro 14 Premium provides up to 21.2 hours. Each can be ordered with an Intel Core Ultra 7 processor, up to 32GB RAM and up to 1TB of storage. 

HP

HP’s EliteBook line expanded with the company’s announcement of a trio of Copilot+ PCs. The HP EliteBook Ultra G1i Next Gen AI PC is, HP said, designed for executives, with its 14-in. UWVA OLED screen on the Intel-powered model. (The Qualcomm model offers WLED screen technology.) They can have up to 32GB of RAM and up to 2TB of storage for the Intel version, or 1TB of storage for the Qualcomm version. HP touted “studio quality” microphones and a 9-megapixel camera for high quality video calls.

The HP EliteBook X Flip G1i Next Gen AI PC has multiple use modes, including laptop, tablet, and tent configurations, with up to 32GB of RAM and up to 2TB of storage. Like the Ultra G1i, it has a 14-in. screen, although touch comes standard (it’s an option on the G1i) and it’s a WLED display, not OLED. 

The HP EliteBook X G1i Next Gen AI PC is powered by either Intel or AMD chips. The Intel model can hold up to 32GB of RAM; the AMD version offers up to 64GB. Both models can have up to 2TB of storage.

The EliteBook X machines will be available in March, with HP saying only that the Ultra G1i is “coming soon.”

Lenovo

Lenovo launched an impressive array of devices, and the two models specifically aimed at businesses both contained surprises.

The ThinkPad X9 14- and 15-in. Aura Editions are sleek, thin and light notebooks tested to meet MIL-SPEC 810H standards. Lenovo claims all-day battery life,and says the machines are designed to allow easy servicing of the battery and SSD. They offer up to 32GB of RAM and 1TB of storage.

One thing, however, is missing: the X9 is the first ThinkPad to forego the trackstick. Lenovo hastened to note that it’s just for this model — other ThinkPads will continue to have the trademark red nub in the middle of their keyboards.

Two years ago, Lenovo showcased a laptop concept with a rollable screen; this year, that concept became a reality. The ThinkBook Plus Gen 6 Rollable’s 14-in screen expands upwards at the touch of a button, growing to 16.7 inches and providing 50% more screen space. As with the other new models, it offers up to 32GB of RAM and 1TB of storage.

It is not a budget-friendly device, though; prices start at $3,500.

AI a gimmick?

As for whether these systems meet enterprise needs, analysts weighed in on what they’re seeing in the current PC market — and they were somewhat dismissive of the AI hype.

“Current AI features are over-hyped and largely invisible or are seen as ‘that’s nice to have’ to business unless the users are proactive in finding more detailed features,” said Ranjit Atwal, senior director analyst at Gartner. “All in all, businesses are unlikely to pay more than 5% above normal prices for an AI PC.”

“I think the AI laptops are a gimmick for the most part, efforts by the OEMs to stay relevant and bottle lightning if they can,” said Jeremy Roberts, senior research director at Info-Tech Research Group. “I have yet to have any of my enterprise or mid-market clients profess to be excited or tell me they’re changing their refresh cycle or anything to incorporate AI features at the PC level.”

IDC’s Ryan Reith, group vice president, Worldwide Device Trackers, said he saw some interest in AI PCs early in 2024, but noted it has since waned.

“What we gathered throughout most of last year, especially  around the middle of the year, is that large enterprises and most developed markets around the world were allocating budget for these genAI PCs,” Reith said. That enthusiasm declined in the second part of 2024 amid concerns that Microsoft and its partners had not delivered on expectations.

What’s important to enterprises

According to Roberts, genAI features have not excited the enterprises he deals with. “Things that excite enterprises are Autopilot compatibility for seamless deployment, TPM chips for encryption, specialized screens to limit viewing angles, decently powerful CPUs/GPUs depending on the use case, and repairability,” he said. 

“I don’t think AI features even make the top 10,” Roberts said. “Most organizations won’t be consuming AI features locally anyway — they’ll use cloud services like CoPilot or Gemini.”

Reith cited feedback from the head of commercial sales for a large OEM who said with tightened budgets and uncertainly about what can be achieved with genAI PCs, companies are shifting their spending to mid-range computers. They don’t qualify as Copilot+ devices, but are still very good PCs.

“If you get 200 PCs at a mainstream level, as opposed to 50 at a premium level, they’re going more towards the 200,” he said.

Roberts agreed: “Modern laptops are generally more than capable of handling the typical knowledge worker’s day-to-day. A Dell Latitude 5000 or 7000 (Dell Pro now?) series or a run-of-the-mill ThinkPad from Lenovo won’t struggle with Slack, Teams, or PowerPoint.”

As for what corporate users want, size and weight are often key, Reith said — and companies are now listening to their employees rather than choosing what they think they want.

 “The thin and light PCs are the trend,” Atwal said, adding, “businesses essentially want to future proof their PCs with AI capabilities so [want to] have them include an NPU.”

Lenovo’s Butler said the configuration sweet spot has shifted; it’s now 32GB of memory and a minimum 512GB of storage. And screen sizes have edged up.

“Most business laptops are in the 14- to 16-in. range,” said Roberts. “Anything smaller is quite cramped. Anything larger can be cumbersome to lug around — not to mention more expensive.”

Whither AI PCs, then?

Reith and Roberts differ on the fate of the AI PC/Copilot+ PC.

“AI PCs are a solution looking for a problem,” Roberts argued. “Most end user computing managers won’t be swayed by this branding and additional feature set. … AI will continue to be delivered primarily via the cloud. I expect the CoPilot+ PC will go the way of the Ultrabook: branding attached to computers that are only marginally relevant to the people who buy and use them.”

Reith, however, believes it’s more an issue of timing. “There’s a necessity to have on-device AI,” he said. “It’s just getting pushed forward a little bit to when that inflection point really starts to kick in.

“…I’m trying to use my words cautiously, because we do not believe that this is dead in the water. It was a good chance that then passed. It’s just that the timing was really bad, which no one could have predicted. … But nobody’s really backing off of the developments. Supply side is now just shifting some of their business plans around products. 

“…Whatever we thought was going to be the genAI PC volume in 2025, it’ll be slightly less than that, in our opinion,” Reith said. “But a lot of that will just get pushed forward to a ramp up that’s maybe more towards the end of this year, and certainly into 2026.”

Kategorie: Hacking & Security

US govt says North Korea stole over $659 million in crypto last year

Bleeping Computer - 14 Leden, 2025 - 21:01
​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...]
Kategorie: Hacking & Security

Windows 10 KB5049981 update released with new BYOVD blocklist

Bleeping Computer - 14 Leden, 2025 - 20:28
Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. [...]
Kategorie: Hacking & Security

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

Bleeping Computer - 14 Leden, 2025 - 20:01
Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. [...]
Kategorie: Hacking & Security

Windows 11 KB5050009 & KB5050021 cumulative updates released

Bleeping Computer - 14 Leden, 2025 - 19:48
Microsoft has released the Windows 11 KB5050009 and KB5050021 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Kategorie: Hacking & Security

Smart glasses’ appeal comes into focus at CES 2025

Computerworld.com [Hacking News] - 14 Leden, 2025 - 18:49

Smart glasses attracted a lot of attention at last week’s Consumer Electronics Show, with a range of devices on display that combine lightweight frames with functionality such as heads-up displays and AI-powered assistants. 

These contrast with the mixed-reality headsets that created a buzz early in 2024, including Meta’s Quest 3 and Apple’s Vision Pro – both of which are much heavier devices designed for shorter periods of use.

Apple’s Vision Pro headset captured a lot of attention in 2024, but lighter-weight smart glasses were the rage at CES 2025.

JLStock / Shutterstock

“This year, the focus definitely seemed to be more on smart glasses than on headsets, in part because the Ray-Ban Meta smart glasses were a huge hit last year,” said Avi Greengart, president and lead analyst at Techsponential. 

Smart glasses require “purposeful compromise,” when it comes to balancing functionality with a lightweight form factor, and “different vendors are making different decisions,” to achieve this, said Greengart. 

Halliday’s smart glasses, for example, project text and images  directly into the wearer’s field of view. This is perceived as a 3.5-in. screen that appears in the upper-right corner of the user’s view, and remains visible even in bright sunlight, Halliday claims. A “proactive” AI assistant — which requires a Bluetooth connection to a smartphone —  enables features such as real-time translation in up to 40 languages, live navigation for directions, and teleprompter-style display of notes. 

Halliday’s smart glasses come in three different colors.

Halliday

At 1.2 ounces, they’re even lighter than Meta’s glasses (which at 1.7 ounces are only marginally heavierthan regular Ray-Bans). Halliday’s smart glasses are available for preorder for $489, with shipping expected to begin at the end of the first quarter of this year. 

Even Realities also offers a minimalist take with its G1 smart glasses, which start at $599. These include a micro-LED projector that beams a heads-up display onto each lens, while an AI assistant enables live translation and navigation when paired with a smartphone. 

Another vendor in the space, Rokid, recently announced its Glasses, a  lightweight (1.7 ounces) aimed at continuous use through the day. In addition to a simple green text display and intelligent assistant, Rokid’s device also packs a 12-megapixel camera for image and video capture into the frames.

Nuance Audio — owned by Meta’s Ray-Ban partner, EssilorLuxottica — has an even more focused product: glasses that integrate a hearing aid into the frames. “When you need a bit more help hearing someone, you turn them on and the glasses amplify the sound of the person you are looking at and direct it to speakers on the glasses stems that are aimed at your ears,” said Greengart.

Meta is rumored to be have an updated version of its Ray-Ban devices slated for release later this year. They his will reportedly feature a simple display to show notifications and responses from Meta’s AI assistant. Meta has sold more than a million Ray-Ban smart glasses to date, according to Counterpoint Research stats

“Most of these glasses are ones that I wouldn’t mind wearing out in public,” said Ramon Llamas, research director with IDC’s devices and displays team. “We’re finally seeing designs that look and feel less bulky, and we’re getting into a bunch of styles instead of the usual wayfarer design.” 

Other glasses, such as Xreal’s One Pro and TCL’s RayNeo X2 (marketed as “augmented reality” rather than “smart” glasses), are heftier and act as a portable display, with the ability to watch videos and access apps when tethered to a laptop or smartphone.

Although demand for smart glasses is still in its infancy, shipments are expected to see a compound annual growth rate of 85.7% through to 2028, according to recent IDC stats. These “extended reality” devices will soon be the second largest category within the broader AR/VR market, IDC predicts, with several million devices sold each year. 

Mixed reality headsets – such as Apple’s Vision Pro and Meta’s Quest products – will continue to account for the largest share of the AR/VR market, according to IDC, with extended reality smart glasses in second place.

IDC

Though many of the devices shown at CES are largely aimed at consumers, some smart glasses are also being tailored to enterprise customers (Vuzix being an example). 

As the technology matures, Llamas sees a growing range of business use cases for smart glasses: capturing visual information hands-free, for instance, or live translation, which could also be useful for business travelers. 

“This is where having access to business apps can help, especially if you can speak into those apps to execute a task and the smart glasses can handle that,” said Llamas. “I think we’re still a ways off from that actually taking place, so for now, expect smart glasses to be mostly within the realm of consumers — specifically tech enthusiasts and cognoscenti.”

Kategorie: Hacking & Security

Google OAuth flaw lets attackers gain access to abandoned accounts

Bleeping Computer - 14 Leden, 2025 - 18:28
A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. [...]
Kategorie: Hacking & Security

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

The Hacker News - 14 Leden, 2025 - 17:53
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug
Kategorie: Hacking & Security

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

The Hacker News - 14 Leden, 2025 - 17:53
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News - 14 Leden, 2025 - 17:38
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said
Kategorie: Hacking & Security

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News - 14 Leden, 2025 - 17:38
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

FBI deletes Chinese PlugX malware from thousands of US computers

Bleeping Computer - 14 Leden, 2025 - 17:26
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
Kategorie: Hacking & Security

FBI wipes Chinese PlugX malware from over 4,000 US computers

Bleeping Computer - 14 Leden, 2025 - 17:26
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
Kategorie: Hacking & Security

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Bleeping Computer - 14 Leden, 2025 - 16:57
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
Kategorie: Hacking & Security
Syndikovat obsah