Agregátor RSS

Think about Linux security like a product recall. A manufacturer starts fixing the issue before the public notice goes out. If you catch those early signals, you can act before it becomes a known problem.

Smartphony válcují nejen levné, ale už i pokročilé kompakty • Vlajkové modely jsou skoro jistota, dobře fotí ale i levnější přístroje • Po kterých fotomobilech byste měli aktuálně sáhnout?

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]

Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam

Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.…

Nová aplikace Gemini zamířila na desktopy, nejdříve na macOS. • AI chatbot lze vyvolat jednoduše zkratkou, můžete s ním i sdílet okno. • Aplikace funguje i v Česku a stačí jí bezplatný účet.

A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...]

AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. [...]

Český úřad zeměměřický a katastrální zavedl u anonymního nahlížení do katastru nemovitostí novou CAPTCHA ve formě mapové puzzle: nepřihlášení uživatelé musí nově správně otočit devět dlaždic v 3x3 poli tak, aby dohromady daly souvislý obrázek výseče reálné mapy, přičemž na to mají pouze jeden časově omezený pokus. Test je podle uživatelů i odborníků příliš obtížný a na sociálních sítích pochopitelně schytává zaslouženou kritiku a vyvolává spekulace, zda se nejedná o snahu všechny uživatele ztotožnit a přimět za veřejnou službu platit i podruhé (pokud si chcete výpis koupit, stále se zobrazuje původní jednoduchá CAPTCHA). Úřad opatření hájí nutností omezit masivní aktivitu zahraničních botů, přesto se brzy objevil jednoduchý skript, který tuto captchu zvládl automaticky řešit během zlomku vteřiny (nyní už nefunguje).

Vybrali jsme 15 nejdražších stavebnic Lego • Nejlevnější pořídíte zhruba za jedenáct tisíc • Špičkové sety pro filmové fanoušky i školní výuku

Byla vydána verze 1.95.0 programovacího jazyka Rust (Wikipedie). Podrobnosti v poznámkách k vydání. Vyzkoušet Rust lze například na stránce Rust by Example.

Mozilla prostřednictvím své dceřiné společnosti MZLA Technologies Corporation představila open-source AI klienta Thunderbolt. Primárně je určený pro firemní nasazení.

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer

Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…

4K projektor Optoma Photo Life PK31 zlevnil v Alze na 11 174 Kč. • Jinde stojí minimálně o dva tisíce víc. • Láká na dobrý obraz, tichý chod a jednoduché nastavení.

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption.

Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group, made the claim in a LinkedIn post, where he also published a proof-of-concept tool called TotalRecall Reloaded to demonstrate the issue.

Hagenah first exposed Recall’s security flaws in 2024, forcing Microsoft to pull the feature from preview and rebuild it. Microsoft relaunched Recall in April 2025, saying the new architecture would restrict “attempts by latent malware trying to ‘ride along’ with a user authentication to steal data.” Hagenah said it does not.

“When you use Recall normally, TotalRecall Reloaded silently holds the door open behind you and then extracts what Recall has ever captured. That is precisely the scenario Microsoft’s architecture is supposed to restrict,” he wrote in the post.

Hagenah wrote in the post that he disclosed the research to Microsoft’s Security Response Center on March 6, submitting full source code and reproduction steps. Microsoft reviewed the case for a month and closed it on April 3, telling him the behavior “does not represent a bypass of a security boundary or unauthorized access to data.”

“Microsoft says this is by design,” Hagenah wrote. “That worries me.”

In an email response to CSO, a Microsoft spokesperson said, “After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”

Hagenah’s research does not challenge Microsoft’s encryption, which he said is sound. The gap, he told CSO, is in how decrypted data is handled once it leaves the enclave.

“Plaintext screenshots and extracted text end up in an unprotected process for display,” he told CSO. “As long as decrypted content crosses into a process that same-user code can access, someone will find a way in.”

What a fix would require

A fix is technically feasible, Hagenah said.

“The short-term fix is fairly straightforward. Microsoft could add stronger code integrity and process protections to AIXHost.exe, the process that renders the Recall timeline. Right now, it has none, which makes the injection path possible. That would block the specific technique I demonstrated and materially raise the bar,” he said.

The longer-term problem runs deeper, he said. “Microsoft should rethink how decrypted data is handled after it leaves the enclave. The cryptography and enclave design are genuinely well done, and I want to be clear about that. The problem is that plaintext screenshots and extracted text end up in an unprotected process for display. As long as decrypted content crosses into a process that same-user code can access, someone will find a way in,” he said.

“A durable fix would mean either rendering inside a protected process or adopting a compositing model where raw data never leaves the trust boundary. That is a bigger effort, but it is the only way to close this class of issue properly,” he said.

Exploitation risk

The barrier to weaponizing this technique is lower than Microsoft’s security messaging would suggest, Hagenah said.

“They only need code running in the user’s context and a way to reuse the authorized Recall session,” he said. “That is a much lower bar than many people would assume from Microsoft’s security messaging.”

While Recall’s limitation to Copilot+ PCs and its opt-in status reduce the scale of exposure, targeted abuse is a realistic near-term risk, he said. “For targeted abuse, surveillance, or high-value user collection, this is absolutely realistic,” he said.

Hagenah said he published the source code deliberately so defenders, EDR vendors, and security teams could build detections before threat actors operationalize the technique independently. “In my view, that gives the defensive side a valuable head start,” he said.

Independent security researcher Kevin Beaumont reached a similar conclusion after separately testing the current Recall implementation. “Yep, you can just read the database as a user process,” Beaumont wrote on Mastodon on March 11. “The database also contains all manner of fields that aren’t publicly disclosed for tracking the user’s activity. No AV or EDR alerts triggered,” he wrote.

The article originally appeared in CSO.

Firma Cal.com oznámila, že přesouvá svůj produkční kód z otevřeného do uzavřeného repozitáře z důvodu bezpečnostního rizika umělé inteligence, která prý dokáže vyhledávat a zneužívat zranitelnosti rychleji, než by je jejich vývojářský tým stíhal opravovat. Zároveň zveřejnila samostatnou, open-source verzi Cal.diy pod licencí MIT, ovšem bez řady původních funkcí. O tom, zda je toto opatření rozumné, existují pochyby. (Cal.com je platforma pro správu schůzek, která představuje alternativu ke Calendly s možností vlastního hostování. Platforma umožňuje uživatelům vytvářet typy rezervovatelných událostí, spravovat dostupnost, integrovat se s externími kalendářovými službami a službami pro videokonference, přijímat platby a tyto pracovní postupy automatizovat.)

Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]

Vývojáři KDE na Mastodonu oznámili vydání balíku aplikací KDE Gear 26.04. Přehled novinek i s náhledy a videi v oficiálním oznámení.

Publisher claims misconfigured Salesforce-hosted page leaked data

Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.…