Agregátor RSS

Výrobce kamery tvrdil, že používá bezpečné koncové šifrování dat • Citlivé snímky z toalety jsou na firemních serverech dešifrovány a zpracovávány • Společnost po kritice smazala zavádějící zmínky o bezpečnosti ze svého webu

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nájemný botnet Aisuru prolomil další "rekord". DDoS útok na Cloudflare dosáhl 29,7 Tbps. Aisuru je tvořený až čtyřmi miliony kompromitovaných zařízení.

Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement

The UK's data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.…

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.  Why holiday peaks [email protected]

Nová generace Galaxy Z Flip7 se opět soustředí na své silné stránky • Ke kompaktním rozměrům přibyly větší displeje i vyšší kapacita baterie • I po tolika letech se Flip od Samsungu jen tak neokouká, ale není pro každého

Iced, tj. multiplatformní GUI knihovna pro Rust, byla vydána ve verzi 0.14.0.

Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul

Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…

Firewall rule order shapes how a firewall makes decisions. The system checks each rule in a specific sequence, and that sequence affects whether traffic is allowed or denied. People often expect one rule to take effect, then watch another one shape the decision instead. The list is usually the reason.

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What's notable about the malwareRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

For decades, macOS has been admired for stability and security — traits inherited from the BSD Unix underpinnings of Apple’s operating systems. Yet these same foundations now create friction for IT leaders trying to marry Apple’s strong local authentication model with the cloud-based identity providers (IdPs) that support single sign-on (SSO) and other key features of modern enterprise computing.

“Platform SSO is Apple’s solution to bridge the gap between local desktop authentication and SSO for cloud apps,” said Weldon Dodd, a distinguished engineer at Iru (formerly Kandji), which sells identity and endpoint management software. Introduced in 2022, Platform SSO (PSSO) aims to simplify the login experience by allowing enterprise users to authenticate once on their Mac and then be automatically signed into corporate cloud apps and websites — a leap toward the kind of unified experience that Windows Hello and Azure AD users enjoy.

Until now, Macs were first set up with a local user account and then registered with PSSO, but “this year with macOS Tahoe 26, Platform SSO authentication will be available during Setup Assistant and even at the pre-boot FileVault unlock screen,” Dodd said. “These are really important changes that enable new zero-touch workflows for enterprise customers as they provision devices to their teammates.”

Those changes, announced at WWDC 2025, allow IT to configure devices so that when a user is setting up a new Mac, they first authenticate with the corporate identity provider, which enrolls them into device management and potentially their Managed Apple Account. Then a local account is created and the password synced with the IdP.

As Computerworld columnist Jonny Evans explained, “The result is that a user can receive a Mac, start it up, log in with their provisioned ID, and watch as the Mac is configured, device management put in place, and approved apps downloaded to their machine.”

But PSSO adoption has been uneven. “The biggest challenge we hear from IT teams is the limited identity-provider support for Platform SSO,” said Jason Dettbarn, founder and CTO of Addigy, an Apple Mobile Device Management (MDM) vendor. “Organizations want to take advantage of Apple’s native authentication, but their IdP either doesn’t support it yet or charges extra for the capability.”

Even when support exists, Dettbarn added, “it can conflict with existing security policies, forcing teams to choose between maintaining their standards or adopting Apple’s framework.”

That tension — between Apple’s elegant consumer-grade experience and enterprise-grade security standards — lies at the heart of the identity problem for many IT departments.

Bridging the local/cloud gap

At its core, PSSO lets macOS link a local user account with an organization’s cloud directory through an extension provided by the IdP. Once authenticated, the user gains seamless access to managed apps without re-entering credentials. In theory, this eliminates password fatigue and improves compliance by enforcing corporate policies at login.

In practice, integration depends on the maturity of each IdP’s implementation. “PSSO still relies on the IdP vendors to do their part to make the end-to-end solution work,” Dodd said. “Microsoft Entra ID and Okta have announced their support for the new PSSO extensions in Tahoe, but other vendors have been slow to take Apple up on implementation.”

That lag creates a patchwork reality: a small subset of organizations with the right combination of tools can achieve seamless login to both device and apps, while others juggle half-working connectors and frustrated users.

To bridge the gap, management-tool providers like Iru and Addigy offer their own layers of integration. Iru’s Passport feature, for instance, keeps local macOS and cloud passwords in sync, mitigating one of the most common help-desk issues — password resets.

“With the new improvements in PSSO, Apple has closed that gap significantly,” Dodd noted, “but we’ve still got work to do.”

Addigy’s approach, meanwhile, emphasizes flexibility. “We’re one of the few MDM providers that includes its login solution at no additional cost,” Dettbarn said. “That gives us the freedom to recommend whichever approach — native or third-party — delivers the most seamless and secure experience.”

Safer device sharing

Another Apple initiative introduced at WWDC 2025, Authenticated Guest Mode, aims to help organizations that rely on shared or temporary devices — common in retail, education, and healthcare. The feature allows users to sign into a managed Mac with their cloud IdP credentials, creating a temporary, secure session that vanishes at logout.

“Authenticated Guest Mode looks really useful for environments that need ephemeral accounts protected by cloud IdP credentials,” said Dodd. “We’re looking into it, but we have yet to see the full end-to-end workflow available from Apple.”

For IT administrators, ephemeral accounts could finally close a long-standing security hole. Today, shared devices often rely on generic local logins or complex scripts — both prone to misconfiguration — to enforce session isolation. Authenticated Guest Mode promises an auditable, cloud-linked process that reduces risk.

Still, questions remain about policy enforcement, network onboarding, and integration with MDM workflows. Until those are answered, most organizations will likely experiment in sandboxed environments before full deployment.

Managing Macs at enterprise scale

The Six Colors 2025 Apple in the Enterprise Report Card ranked “macOS identity management” as the second-lowest-scoring category among enterprise Apple device administrators. That result reflects both lingering technical gaps and the operational complexity of supporting Apple alongside Windows and sometimes ChromeOS.

It’s worth noting that the 2025 report card predates Apple’s WWDC25 announcements. We’ll know next April when the 2026 report card is released if the changes to PSSO and introduction of Authenticated Guest Mode improve IT administrators’ opinion of macOS identity management.

Dodd expects they will. “The ability to use cloud IdP credentials at setup will be a great addition to zero-touch enrollment flows,” he said. “And our customers will love that the same PSSO authentication is available at pre-boot so there will never be a disconnect between the password used to unlock disk encryption and sign in to the local account.”

Those kinds of improvements, though technical, have big implications for how enterprises deploy and secure Macs. Zero-touch enrollment — ordering a Mac that auto-registers with the corporate IdP the moment it’s powered on — is the holy grail of Apple fleet management. It reduces both administrative overhead and exposure from unprotected endpoints.

While Apple’s incremental advancements in macOS Tahoe bring optimism, they also raise the bar for ecosystem partners. Both Iru and Addigy plan to support the new PSSO and Authenticated Guest Mode capabilities, but they say full interoperability depends on Apple maintaining stable APIs and documentation — a perennial complaint among enterprise developers.

And even with new tools, few IT leaders expect overnight transformation. Dodd acknowledged that “macOS still relies on a username and password for authentication, so there can be an impedance mismatch with more modern, phishing-resistant, passwordless methods.” Once logged in, however, “the experience of using passkeys with macOS is quite good,” he said, adding that “every enterprise should be looking at passkeys to level up security for critical apps and resources.”

That sentiment echoes a broader industry movement toward adopting passkeys — passwordless sign-ins based on WebAuthn standards — supported by Apple, Google, and Microsoft alike. “Enterprise IT is eager to figure out how to adopt passkeys at scale and manage them in a way that realizes the benefits of increased security and phishing resistance, while still providing control for IT and ease of use for end users,” said Dodd. But he warned that scaling passkeys across thousands of users and devices requires new management models.

A major decision facing IT leaders today is whether to rely more on Apple’s native features or to double down on specialized third-party tooling. For both vendors interviewed, the answer lies somewhere in between.

The “buy-and-build” coexistence reflects enterprise reality. Companies rarely swap out proven identity stacks overnight; they evolve them incrementally, keeping a foot in both worlds until confidence in Apple’s native approach matures.

Looking ahead, Dodd envisions a model where the macOS account password behaves more like an iPhone PIN. “Once unlocked with the PIN or biometrics, making passkeys the center of further auth requests seems like the right direction,” he said. “But there are so many places where the Unix foundations of macOS require username and password that it might be some time before that future becomes realistic.”

Dodd and Dettbarn agreed that the next few years will be about coexistence: blending traditional password models with emerging passkey and biometric systems, and ensuring everything ties neatly into corporate IdPs.

Meanwhile, Apple is sending clear signals that it takes enterprise identity seriously. The company’s new Platform SSO and Authenticated Guest Mode initiatives, plus the steady march toward passkeys, suggest that Cupertino recognizes how critical identity has become to enterprise trust. Still, in classic Apple fashion, progress comes on Apple’s timeline, leaving IT teams to fill in the gaps.

Strategies for IT leaders

Until the dust settles, what can IT departments do to reduce identity headaches across large Mac deployments? Addigy’s Dettbarn offered these tips:

Establish robust testing pipelines. “For large Apple fleet deployments, we recommend establishing separate testing environments or policies to eliminate the risk of accidental production deployments,” he said.

Adopt staged deployments. “Start with a controlled rollout — first to test devices, then to your IT department, and finally deploy in staged groups to reduce risk,” Dettbarn advised.

Invest in user education. Communication is essential, he stressed. “End users need to know what to expect.”

Stay vendor-agnostic. As IdP support for PSSO matures, organizations should avoid locking into proprietary connectors. “IT should continuously evaluate current solutions to identify opportunities for improved security and better user experiences,” he said.

Monitor metrics. Addigy measures success “across both the admin and end-user experience,” Dettbarn said, citing ease of implementation, usability, reduced support tickets, stronger compliance, and faster onboarding as key indicators that identity solutions are working effectively.

Enterprises that follow these best practices can position themselves to take advantage of Apple’s identity enhancements as they arrive — without compromising stability in the meantime.

Zásah dronem narušil těsnost pláště a schopnost zadržovat radioaktivní prach • Nosná konstrukce stojí, ale vlhkost uvnitř nyní urychluje nebezpečnou korozi • Agentura požaduje komplexní renovaci, protože provizorní opravy poškození nestačí

Autokamera je jedno z těch zařízení, které nepotřebujete až do toho momentu, kdy ho potřebujete. Navitel R99 4K není novinka, testovali jsme ji před více než rokem a chválili kvalitu obrazu, přehledné rozhraní v češtině, ovládání pomocí dotykového displeje a povedenou aplikaci. Výhrady jsme měli ...

Where Apple is today, silicon has replaced design as the key differentiator on which the company’s success is built. Apple Silicon, the self-designed chips inside all its devices, give the company a core story around performance and energy consumption that means its products stand above much of the competition. 

Now Johny Srouji, Apple’s senior VP hardware technologies and the man who led development of Apple Silicon, has reportedly told Apple CEO Tim Cook that he intends to stand down. While I’m sure there’s a team of people ready to take his place, the timing — following a week of significant leadership changes — creates the impression of a crisis at the top of the company.

What has happened?

Bloomberg reports that Israeli executive Srouji is “seriously” considering leaving the company and has told Cook as much. 

He also reportedly told colleagues that if he does quit Cupertino, he plans to join another company. This matters, as Srouji was at one time discussed as a future CEO for Intel, a role he reportedly rejected to stay with Apple. Srouji has also reportedly said he would prefer not to work “under a different CEO,” raising the question of whether he aspires to succeed Cook.

What can Apple do? So far, the company has offered Srouji more pay and more responsibility, including the possibility of promotion to a new role as Chief Technology Officer, which would make him Apple’s second most powerful executive. 

What could be happening?

The top table tumbles at Apple really began after speculative reports appeared to the effect that Apple CEO, Tim Cook, was considering retirement. Subsequent reporting suggests those plans aren’t immediate but are being considered, and that Cook may raise his replacement initially in a co-CEO role.

Reports of Cook’s departure means the company must put together an effective succession plan, with John Ternus, SVP Hardware Engineering, currently in the frame for Cook’s seat.

The snag is that whispers from inside the company suggest other leaders don’t think he’s ready for the role, while critics point out that he lacks the political and diplomatic experience now required from a head of Apple. 

True or false, those criticisms hint at a possible succession struggle at the top of Apple — while the recent loss of many other executives exposes weakness in the top team.

Succession struggles?

Even if that is not the case, some of Apple’s leaders may choose to depart before Cook leaves, with his departure hastening that decision, particularly for those who would not choose to serve alongside whoever is on the Super-Secret Top List of potential replacements. 

Apple is said to be focused on hires from inside the company, but there will be external candidates who could bring what is required to the role. Former Jamf CEO Dean Hager has a good combination of tech insight and storytelling ability, and I’m sure there are other leaders who may have deep backgrounds in the Apple ecosystem to think about.

There should also be more talent beneath the visibility line at the company, given its size. That means that each departing senior leader should, by rights, already have developed a pool of potential replacements, as that’s what good management entails. Look at almost any recruitment and development self-help guide and you’ll see that training your replacement is critical to good management practice.

However, Apple’s highly secretive nature has at times created the conditions for the development of fiefdoms and silos within the company, an internal culture that may dent the capacity to develop talent pathways. We saw this before at Apple prior to the return of Steve Jobs — though perhaps Apple University has helped change that a little. 

Team spirit

The risk I see is that Apple’s senior executives may have been unable to dedicate the time and focus required to nurture replacements for their roles. This may not be the case, but it is telling that in the case of Lisa Jackson, her department has been split between two existing leaders rather than promoting an existing staff member. This could hint at a vacuum at the top and could also suggest that internal squabbles concerning succession may be causing important people such as Srouji to consider leaving. It is also of concern that retail chief Dierdre O’Brien and marketing SVP Greg Joswiak may also be on the cusp of retirement, according to Bloomberg.

Whatever next?

Leadership is hard. At Apple, it takes a huge collection of skills. Add all the political and social responsibility that goes with running a huge multinational company to the standard management stack, and it is probably one of the toughest gigs in the industry. The challenge is that no matter how hard the task may have become, Apple’s remaining leaders must now dig deep to ensure they meet an array of challenges, including:

• Maintaining Apple’s brand story.
• Identifying convincing replacements for every role, now and in the future.
• Avoiding getting bogged down in turf wars or internal politics.
• All while getting ahead once again in AI.

Failure in any of these tasks threatens existential damage to the company — as does any loss of leadership around Apple Silicon, which has become Apple’s brightest star at this point of its journey. However, if changing leadership on the Apple Silicon team helps prevent future succession conflicts, it may be a necessary step. There should already be equally capable talent within that team.

You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.

The tidal wave of data

Data is undoubtedly a key asset today, but all it takes is a breach to turn it into a dreaded liability. With more data generated than ever, organizations have a hard time tracking and storing it. Approximately 402.74 million terabytes of data are produced each day on average. To put this into perspective, this amount of storage can hold roughly 100 billion high-definition movies.

Does more data mean more risks?

With GenAI in play, data generation has skyrocketed further. However, the lack of data security measures leads to data breaches, often causing operational and financial disruptions, and also inviting regulatory intervention. There are many examples of weak security policies leading to breaches. Change Healthcare, a US-based technology company, suffered a ransomware attack that caused a data breach affecting 190 million US citizens.

Such examples compel regulatory bodies to further flex their muscles. Approximately 79% of countries (155 out of 194) have some form of data protection and privacy legislation in place.

shutterstock/Gorodenkoff

The situation demands data security measures

Solutions such as data security posture management (DSPM) enable real-time discovery and classification of sensitive data across multi-cloud and on-premises environments, reducing the risk of exposure.

AI-driven DSPM solution automates risk assessments, detect anomalous data movements, and enforce security policies dynamically, ensuring proactive protection against breaches. It also enhances threat detection, minimizes false positives, and accelerates incident response, making data security more efficient and scalable.

Mitigating potential cyber attacks

Data security solutions identify unusual data movement and exfiltration attempts early, potentially mitigating the breach’s scale. Ensuring visibility and control over structured and unstructured data, DSPM mitigates risks like shadow data exposure, misconfigurations, and excessive permissions.

In Change Healthcare’s case, a DSPM solution could have significantly reduced the impact. It could have identified excessive permissions, unsecured sensitive data, and risky access patterns across Change Healthcare’s cloud and on-premises environments.

Organizations can deploy such solutions in cloud security, data governance, compliance enforcement, and insider threat detection. Industries such as healthcare, finance, and retail use DSPM to maintain regulatory compliance (eg HIPAA, PCI-DSS, GDPR) by enforcing consistent security policies across different data repositories.

Data security is a boardroom-level concern

As cybersecurity threats grow and data security becomes a priority, CISOs are increasingly investing in solutions like DSPM. According to Gartner, about 20% of organizations will adopt DSPM technology to address growing data security and privacy challenges.

Businesses are estimated to have 55-80% dark data, which includes hidden, unmanaged, and unutilized data. Beyond security risks, shadow IT is a major contributor to IT overspending. Companies waste as much as 30-40% on redundant tools and unused licenses. Cumulatively, this represents a billion-dollar problem for the industry.

DSPM solution also addresses the challenges of shadow IT and unknown data by scanning and identifying unmonitored, duplicated, and unclassified data across environments. It provides teams with full visibility into data locations and handling practices.

Additionally, it flags unprotected assets, identifies redundant SaaS tools, and eliminates cost inefficiencies and compliance risks. By offering real-time insights into shadow data and unsanctioned applications, DSPM enables security teams to regain control, enforce policies, and prevent financial losses due to duplication and compliance failures.

DSPM does what every CISO needs

In conclusion, the DSPM solution:

• Finds sensitive data automatically
• Maps identity access to that data
• Detects misconfigurations and exposure
• Highlights risky sharing and SaaS data flows
• Provides a data-centric risk view for governance, compliance, and threat reduction

T-Systems helps enterprises operationalize DSPM, not as another dashboard, but as a managed program. We deploy best-in-class DSPM platforms (CrowdStrike, Palo Alto Networks), integrate them with Identity Access Management, Security Information Event Management, Cloud Security Posture Management, and API security controls, and run continuous monitoring and risk reduction through our global Managed Security Service Provider model.

In a landscape where data is everywhere, T-Systems ensures your security is everywhere too, starting at the layer that matters most. Reduce breach likelihood and build compliance with T-Systems security solutions today.

Want to secure AI initiatives? Start with this e-book.

Need to rethink comprehensive security? Check out this guide.

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

APU Gorgon Point alias Strix Point-refresh přinese přinejmenším u části modelů vyšší nárůst výkonu, než by odpovídalo tomu, co lze čekat od klasického refreshe…

Jihokorejský fond Crescendo Equity Partners koupil brněnskou firmu Phonexia, lídra v oblasti technologie rozpoznávání řeči • . • Phonexia, která vyvíjí technologie pro analýzu mluveného slova a biometrie, spolupracuje s firmami jako Airbus a Intel. • Cílem nového investora je podpořit růst Phonexie ...

Větev Tumbleweed systému openSUSE změnil výchozí zavaděč z GRUB2 na GRUB2-BLS. Projekt Fedora zlepší zpracování poškozených balíčků. Spolu s uvedením levnější varianty Raspberry Pi 5 s 1 GB RAM došlo ke zdražení stávajících modelů.

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. "This malware enables remote control of compromised systems by allowing Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]