Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers

The Hacker News - 10 Září, 2024 - 12:10
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by pixels on an LCD screen. "Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr. Mordechai Guri, the head of
Kategorie: Hacking & Security

New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers

The Hacker News - 10 Září, 2024 - 12:10
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by pixels on an LCD screen. "Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr. Mordechai Guri, the head of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

The Hacker News - 10 Září, 2024 - 11:57
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN."
Kategorie: Hacking & Security

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

The Hacker News - 10 Září, 2024 - 11:57
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN." Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Is Google a monopoly? US DoJ begins second antitrust trial, this time targeting ad tech

Computerworld.com [Hacking News] - 10 Září, 2024 - 03:45

The second-largest antitrust case of the century headed to trial Monday, with Google defending itself against claims that it has engaged in illegal behavior to maintain control of the ad tech market.

The US government is accusing Google of purposefully manipulating that market, snuffing out competitors and gobbling up key technologies through acquisitions. It is the tech giant’s second time in court for antitrust issues.

If the Department of Justice (DoJ) successfully makes its case during what is likely to be a long trial, Google risks being broken up by regulators.

A previous US antitrust lawsuit targeted Google’s search business, with an 8-month-long trial ending in defeat for the company. In August, Judge Amit Mehta ruled that the tech giant had engaged in anticompetitive behavior to protect its dominance, saying, “Google is a monopolist, and has acted as one to maintain its monopoly.” The penalties resulting from the ruling are as yet unclear.

‘Restoring competition’ to the internet

In the trial that began Monday, the DoJ will make its case that Google’s parent company, Alphabet, controls the majority of tools and technologies in the ad tech space.

The lawsuit was filed in 2023 by the DoJ and a coalition of eight states — California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia — and seeks to “restore competition” and obtain “equitable and monetary relief” for the American public.

Specifically, Attorney General Merrick Garland has accused Google of:

  • Acquiring competitors to obtain control of digital advertising tools used by website publishers;
  • Controlling the technology used by nearly all major website publishers to offer ad space for sale.
  • Controlling the leading tool used by advertisers to buy ad space.
  • Controlling the largest ad exchange that matches publishers and advertisers.

The suit seeks to hold Google accountable for its “longstanding monopolies” in digital advertising, Assistant Attorney General Jonathan Kanter of the Justice Department’s Antitrust Division, said in a statement. The complaint sets forth “detailed allegations” explaining how Google engaged in 15 years of sustained conduct that is “driving out rivals, diminishing competition, inflating advertising costs, reducing revenues for news publishers and content creators, snuffing out innovation and harming the exchange of information and ideas in the public sphere,” he contended.

The company earned more than $200 billion last year through ad placement and sales.

Google calls the suit a “flawed argument,” noting that the government “shouldn’t pick winners and losers in a competitive industry.”

Dan Taylor, Google’s VP for global ads, argued in a lengthy blog post that the company is “one of hundreds” that enable ad placement across the web. He called out similar actions of several of its competitors, including Microsoft, Amazon and Apple. 

Ultimately, he claimed that competition is actually increasing as more companies pump money into online ads.

“We’ve spent years building and investing in our advertising technology business to support a vibrant, open web,” Taylor wrote. “We will vigorously contest attempts to break tools that are working for publishers, advertisers and people across America.”

Kategorie: Hacking & Security

UK watchdog finds Google provisionally guilty of restricting online ad competition

Computerworld.com [Hacking News] - 10 Září, 2024 - 02:53

As the second of two antitrust trials against Google begins in the US, a UK competition oversight group has provisionally found that the search giant is guilty of using its online platform dominance to restrict advertising competition for other UK publishers and advertisers.

The finding by the Competition and Markets Authority (CMA), a non-ministerial department in the UK government that oversees business activities and flags potentially unfair competition, could foreshadow a ruling against Google or even further regulatory trouble in the future. Google already has lost one US antitrust case earlier this year for anticompetitive behavior in its search business.

“We’ve provisionally found that Google is using its market power to hinder competition when it comes to the ads people see on websites,” said Juliette Enser, interim executive director of enforcement at the CMA, in a statement. Google is manipulating its unique position in the online advertising space to prioritize its own business interests over competitors’, she said.

As a result of Google’s unfair practices in its various roles in the multi-faceted online advertising sector, “the vast majority of publishers and advertisers use Google’s ad tech services in order to bid for and sell advertising space,” the CMA found.

Google faces a similar charge in the antitrust trial against its parent company, Alphabet, that began Monday in the US. The US Department of Justice (DoJ), along with 17 states, claims that Alphabet has monopolized multiple digital advertising technology products by neutralizing or eliminating its competitors, and thus is operating an illegal monopoly.

The company has denied the charges, maintaining that the company does not force people to use their advertising technologies, and attributing the services’ success to their effectiveness. Google’s ad business brought in more than $200 billion last year.

“Self-preferencing” limits competition

As the CMA explains it, digital advertising has various intermediaries that facilitate the sale of online advertising space on websites or mobile apps between two key parties: sellers, aka publishers, and buyers, aka advertisers.

Google acts as an intermediary in three key parts of the advertising chain: It operates ad-buying tools for advertisers, Google Ads and DV360; it provides a publisher ad server for publishers, DoubleClick For Publishers (DFP); and also operates an ad exchange, AdX, that receives requests for bids from publishers and responding bids from advertisers, and then conducts an auction to match these two sides.

The provisional findings by the CMA relate to anti-competitive “self-preferencing” by Google. Since at least 2015, Google has abused its dominant positions through the operation of both its buying tools and publisher ad server in order to strengthen AdX’s market position and to protect AdX from competition from other exchanges, according to the CMA.

Moreover, due to the highly integrated nature of Google’s ad tech business, the CMA has provisionally found that Google’s conduct has also prevented rival publisher ad servers from being able to compete effectively with DFP, harming competition in this market.

Google’s practices harm the businesses that aim to keep their digital content free or cheaper by using online advertising to generate revenue, Enser said. If they are not receiving fair pricing or able to compete on equal footing with the tech giant, it ultimately harms the millions of people across the UK who consume the content.

Legal pressures mount

The CMA’s provisional finding is yet another “brick in the wall of mounting legal scrutiny” that companies, such as Google and Microsoft, that dominate certain tech sectors are facing, noted Deepti Sekhri, practice director, Everest Group.

“Such decisions could prompt similar actions from other European regulatory bodies,” he said. Moreover, any findings by European or UK authorities also could influence the outcome of the DoJ case by “providing supporting evidence and strengthening the argument for regulatory changes.”

Google already lost what so far was the biggest US antitrust battle of the century in August, when Judge Amit Mehta ruled that the company had engaged in anticompetitive behavior in an effort to protect its search business. His ruling outright called Google “a monopolist” that has “acted as one to maintain its monopoly.”

If the CMA’s findings are any indication, the antitrust trial that began Monday could have the same outcome. However, while government-led antitrust cases serve to “create pressure and drive some accountability,” they often “fall short of resulting in significant changes to [the company’s] business models and market dynamics,” Sekhri noted.

“They often lead to superficial changes, such as minor tweaks in offerings or partner contracts, without fundamentally reducing dominance,” he said. “However, despite these limitations, such regulatory efforts raise market awareness, encourage the adoption of open standards, and set precedents that could push for more impactful changes in the future.”

Kategorie: Hacking & Security

The big reveal: Apple’s iPhone 16 ‘Glowtime’ event

Computerworld.com [Hacking News] - 9 Září, 2024 - 23:15

Not surprisingly, Apple Intelligence was everywhere during Apple’s big iPhone event on Monday. There were, of course, new phones (better, faster, AI-ready and arriving Sept. 20). But what was more interesting were the multitude of different ways the company has found where it can make a difference with various breeds of artificial intelligence (AI).

The variety of implementations — from sleep apnea detection in the Apple Watch to the use of AirPods Pro as a full-fledged hearing aid to a multitude of new camera features (including the new Cinematic Slow Motion tool) — all served to underline the message Apple has been giving: there’s more to AI than GenAI, and AI really doesn’t matter at all unless it’s making a difference in people’s lives.

Sweet 16 (and 16 Pro)

As always in early September, the business of the day was new iPhones, the 16 and 16 Pro, about which there were few major surprises. For those more concerned about form over function, this year’s new Pro color is a tawny, brassy, bronzy “Desert Titanium.” The iPhone 16 comes in five colors (if you count black and white as colors), including “Ultramarine”; the Pro and Pro Max come in four: white, black, natural titanium and that aforementioned Desert Titanium.

 

For those more focused on function and technology, the line-up will look familiar, though the Pro Max does get a slightly larger 6.9-in. display. Storage capacities range from 128GB to 1Tb, depending on model and size. Camera upgrades abound (as does a new Camera Control button on all models). And there are, of course, new processors — the A18 and A18 Pro. In addition to the more efficient and powerful chips, Apple also promises better battery life.

The phones will be available for pre-order on Friday, and will arrive on Sept. 20.

Unleash the upgrade deals?

With that date in mind, an estimated 300 million iPhone users might well be in the frame for a smartphone upgrade this year. And it looks as if the wireless carriers in Apple’s biggest US market are ready to help.

Apple claims some carriers will offer up to $1,000 off on an upgrade, and while we’ve run into some turbulence between carrier launch promises and the reality in the past, those kinds of deals may spur strong upgrades.

Those rebates should also put a little spark into second user sales, which could be good for any enterprise users out there hoping to add Apple Intelligence to their existing fleet. I suspect (but don’t know) one second line beneficiary from all this will be that upgraders of more modest means could see better-than-anticipated second user prices for older iPhone 13s and 14s as upgraders embrace Apple Intelligence.

Speaking of Apple Intelligence…

AI don’t mean a thing if it ain’t got that swing 

No one is likely to buy anything (even a new iPhone) just because it supports some form of AI. In some cases, buyers might even actively avoid such a purchase. But they will acquire AI devices that actually help them with their lives. (An Apple Watch that translates between languages, for instance, is a good example.)

Looking to show the many benefits of Apple Intelligence while also unveiling its new iPhone line-up was precisely the dance Apple made during the Glowtime product introductions. Put simply: the benefits needed to be explained.

And while Apple Intelligence was certainly a part of the discussion, the company resolutely repeated an additional message — “This is just the beginning.” Anyone who has ever bet against Apple knows what that means: a line in the sand has been drawn, and the company has no intention of staying behind it. 

The fact that the company also mentioned that Apple Intelligence features are to be provided “free” with future software updates also hints that some day not every feature will be gratis.

Core message: Watch this space.

Apple Silicon: A platform development opportunity

Apple Silicon remains strategically critical to Apple’s future. Three bits of news particularly stood out: the inclusion of a 4-core neural engine on Apple Watch, and the new 3-nanometer A18 and 18 Pro chips inside iPhones. 

Other than the expected big benefits in performance and battery life across all three products as a result of the new chips, what matters most is that all three have now been transformed into AI platforms.

The Apple Watch could turn out to be even more interesting, as the challenge for developer and enterprise users (and Apple) will be to find what kinds of useful AI experiences can now be built for it. The introduction of the neural engines means AI will be extended to the Watch — even as Apple explores the extent to which the world’s most powerful smartphone processor can support cutting-edge use cases for mobile AI. 

(For most knowledge workers, the most interesting use case for Apple Intelligence will be sending more professional emails when responding later than you should, and summarizing lengthy messages so understanding them doesn’t make your brain hurt.)

Apple Health: The new frontier?

Health was certainly a major topic during the announcement. Apple CEO Tim Cook has always resolutely spoken up for the benefits his company can bring to health, and that stance did not change this year. The link between Apple, its deep investments in health-related research, and the application of machine intelligence and other forms of AI was made crystal clear. 

New health-related features in both the Apple Watch and across the AirPods range will make a big difference to many people, and Apple is determined to use these platforms to augment health outcomes in quite significant ways. The big challenge to office managers and human resource types might be the need to learn that just because someone is wearing AirPods at work doesn’t mean they are shirking – they might just need help hearing. 

Efficiency for all (but no new iPads or Macs, yet)

If there’s one more thing this year, it’s this: Apple made no explicit mention about iPads or Macs during its iPhone launch (no surprise there). But if it had done so, it might well have pointed to the huge performance and battery life improvements in the new A18/A18 Pro chips. No doubt, company execs will soon be able to point to similar boosts to computational efficiency and battery life/energy consumption in Apple’s other products, too.

Of course, improvements like those are nice if you upgrade your own Mac. But for offices with a few hundred machines in use, a 20% power reduction means a much lower energy bill. Plus, you don’t need to use Crowdstrike and you get to use Apple Intelligence across tablet, smartphone, and PC.

Apple’s AI platform is becoming a reality, and it’s being sold for the real-world benefits it brings, not thrown out as a random buzzword. Then again, extolling the benefits of its platforms has always been how Apple shows its Apple intelligence.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

The Hacker News - 9 Září, 2024 - 19:19
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO (short for "Radiation of Air-gapped Memory Bus for Offense") by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software
Kategorie: Hacking & Security

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

The Hacker News - 9 Září, 2024 - 19:19
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO (short for "Radiation of Air-gapped Memory Bus for Offense") by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The Hacker News - 9 Září, 2024 - 14:34
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous
Kategorie: Hacking & Security

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The Hacker News - 9 Září, 2024 - 14:34
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Hacker News - 9 Září, 2024 - 14:24
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) referred to as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis
Kategorie: Hacking & Security

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Hacker News - 9 Září, 2024 - 14:24
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) referred to as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News - 9 Září, 2024 - 14:16
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a
Kategorie: Hacking & Security

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News - 9 Září, 2024 - 14:16
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

ActiveX to be disabled in Office 2024

Computerworld.com [Hacking News] - 9 Září, 2024 - 13:57

When Microsoft Office 2024 launches in October, ActiveX will be turned off by default, according to Bleeping Computer. The change affects desktop versions of Word, Excel, Powerpoint, and Visio, and will apply to Microsoft 365 beginning in April 2025.

The reason behind the move: hackers in recent years have used various vulnerabilities in ActiveX to install malicious code on computers.

Launched in 1996, ActiveX is a framework used to embed interactive elements into Office documents.

Microsoft has recently taken other steps to improve security in Office. For example, macros and extensions have been blocked, and support for VBScript will be phased out this fall.

Kategorie: Hacking & Security

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

The Hacker News - 9 Září, 2024 - 13:25
GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks. Register to our upcoming webinar to learn how to prevent GenAI data
Kategorie: Hacking & Security

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

The Hacker News - 9 Září, 2024 - 13:25
GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks. Register to our upcoming webinar to learn how to prevent GenAI data The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

The Hacker News - 9 Září, 2024 - 12:30
Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly
Kategorie: Hacking & Security

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

The Hacker News - 9 Září, 2024 - 12:30
Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah