Agregátor RSS

Bug hiding in plain sight for over a decade lands on KEV list

CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade.…

Or, how public information and a €5 tracker exposed an avoidable opsec lapse

Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track one of its warships for less than the cost of some hagelslag and a coffee.…

Ze Spotify útočníci stáhli všechno, co se dalo. • Obří balík obsahuje hudební soubory, přebaly, metadata apod. • Piráti chtějí postupně všechny sdílet na torrentech.

Runtime security has moved from ''nice to have'' to an operational baseline in Linux environments. Most teams learned the hard way that logs and post-event alerts don't catch what actually runs on the system in real time. Attackers don't wait for indexing pipelines or SIEM correlation.

Apple Business is aimed at small businesses coalesced around Macs, iPhones, and iPads. If that’s you, and all your systems are made by Apple, the service is likely to be all you need to run a small operation of up to a few dozen seats. 

But Apple Business isn’t really designed to handle the advanced needs of larger enterprises. And while it can provide a starting point for Mac deployments in mixed-platform environments, it probably shouldn’t be where you end up.

It doesn’t handle cross-platform device deployments, for which you’ll need full-strength MDM solutions (such as those from up-and-coming vendor Fleet). Another thing Apple Business doesn’t do is cover the full extent of compliance targets you might need to meet at your company. So, if you need to ensure compliance with standards/benchmarks such as HIPAA, SOC 2, ISO 27001, or CIS, you’ll need to choose something else.

This is also true if you need to ensure your endpoints are secured, or you require automated vulnerability scanning. 

A gift to small enterprise

That’s not to say Apple Business doesn’t have its uses. It clearly does. If you run a small business with up to, say, 50 staffers and you use Apple kit across the company, you’ll be able to manage your devices and app deployments yourself, no admin required.

That makes it a great tool for high-growth startups, many of which use Apple right from the start. Those businesses will be able to manage devices across their teams for free using Apple Business. They can always scale up once business is booming, making the service a gateway to tech success for many startups or small enterprises. The ability to streamline device management company-wide at no charge is a gift.

Setting the stage

Many might feel that with the international introduction of Apple Business, the company has torn a chunk out of the MDM industry. That’s less true than it sounds; many in the space already support small deployments for free, so what Apple is doing is winnowing away some of the smaller businesses who might use the resources provided by MDM firms but never become paying customers. 

Those customers are also an excellent market for the AppleCare support the company offers alongside Apple Business. It gives people the experience of device management, so that by the time they shift to a more advanced plan to support growth, they have a better understanding of what that involves.

Apple has drawn a line in the sand with the business. It’s basically saying that on the SMB side of that strip, it has you covered — and it has effectively defined its rapidly maturing MDM partners as focused on the needs of large customer deployments.

Market opportunity knocks

The good news there is that those large deployments do actually exist. In the last three years, Apple has confirmed huge Mac deployments (thousands of Macs) at SAP, Snowflake, Capital One, Coppel, Nubank, and elsewhere. Just last year, Apple CFO Kevan Parekh confirmed the best ever June quarter for Mac in the enterprise, and with the MacBook Neo, the company seems to be seeing dramatic growth in every one of the 200 markets in which you can now sign up for Apple Business.

So, while Apple nurtures tomorrow’s big businesses, its MDM partners can continue to meet the more diverse and demanding needs of larger enterprise entities. 

With the low-cost Neo arguably emerging to be the company’s iPhone moment for the Mac, Apple is also building business fast in emerging markets. Since use of Apple Business remains an integral component of working with any third-party device management partner (if only to assign the devices to an MDM system), the opportunity exits to scale up for business growth and scale down if that market contracts. It’s a world-class, ecosystem-based set of functionalities to support small business and enable corporations, all in one place.

You just need to know which problems it solves. Deployment? Yes. Compliance, edge security, and cross-platform support? No.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Stanislav Fort, vedoucí vědecký pracovník z Vlčkovy 'kyberbezpečnostní' firmy AISLE, zkoumal dopady Anthropic Mythos (nový AI model od Anthropicu zaměřený na hledání chyb, který před nedávnem vyplašil celý svět) a předvedl, že schopnosti umělé inteligence nejsou lineárně závislé na velikosti nebo ceně modelu a dokázal, že i některé otevřené modely zvládly v řadě testů odhalit ve zdrojových kódech stejné chyby jako Mythos (například FreeBSD CVE-2026-4747) a to s výrazně nižšími provozními náklady.

Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. [...]

In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. [...]

Ukrajinská armáda poprvé dobyla pozici pouze pomocí autonomních platforem • Ukrajinský zbrojní průmysl aktuálně produkuje miliony různých dronů • Zahraniční experti varují před budoucími politickými riziky robotických invazí

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Oživeno 17. 4. ve 14:30 | Alza má od dnešního poledne na webu další varovnou hlášku. „Omlouváme se, ale z technických důvodů momentálně nelze vyzvedávat objednávky na našich pobočkách. Na opravě usilovně pracujeme. Děkujeme za pochopení,“ stojí na stránkách. Jestli jde o stejnou chybu jako ...

Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today's cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. [...]

Rozšíření MapyClimbs přidá na Mapy.com pokročilou analýzu stoupání. • Jde o alternativu k funkci ClimbPro od Garminu. • Rozšíření je dostupné zdarma pro prohlížeče postavené na Chromiu.

Sometime around 2010, sophisticated malware known as Flame hijacked the mechanism that Microsoft used to distribute updates to millions of Windows computers around the world. The malware—reportedly jointly developed by the US and Israel—pushed a malicious update throughout an infected network belonging to the Iranian government.

The lynchpin of the "collision" attack was an exploit of MD5, a cryptographic hash function Microsoft was using to authenticate digital certificates. By minting a cryptographically perfect digital signature based on MD5, the attackers forged a certificate that authenticated their malicious update server. Had the attack been used more broadly, it would have had catastrophic consequences worldwide.

Getting uncomfortably close to the danger zone

The event, which came to light in 2012, now serves as a cautionary tale for cryptography engineers as they contemplate the downfall of two crucial cryptography algorithms used everywhere. Since 2004, MD5 has been known to be vulnerable to "collisions," a fatal flaw that allows adversaries to generate two distinct inputs that produce identical outputs.

Read full article

Comments

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps to access the contact lists and a user's location inRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Federální návrh zákona H.R.8250 'Parents Decide Act', 13. dubna předložený demokratem Joshem Gottheimerem a podpořený republikánkou Elise Stefanik coby spolupředkladatelkou (cosponsor), by v případě svého schválení nařizoval všem výrobcům operačních systémů při nastavování zařízení ověřovat věk uživatelů a při používání poskytovat tento věkový údaj aplikacím třetích stran. Hlavní rozdíl oproti kalifornskému zákonu AB 1043 a kolorádskému SB26-051 je ten, že federální návrh by platil rovnou pro celé USA.