Agregátor RSS

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) "A Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Tradiční veletrh E3 je historií. O oznamování nových her a haldu traileru v průběhu léta ale nepřijdeme ani tentokrát. Tento článek budeme průběžně aktualizovat a velmi stručně v něm najdete vše, co bylo na největších akcích představeno.

Červen přináší řadu zajímavých akcí — od finančních bonusů přes výprodeje oblečení až po slevy na nábytek a elektroniku. Vybrali jsme pro vás ty nejlepší nabídky tohoto týdne.

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Americká společnost Auriga Space překotně pracuje na revolučním systému protivzdušné obrany, který pálí projektily a nepotřebuje raketové motory. Jejich technologie je podobná elektromagnetickému maglevu a mohla by hodit záchranné lano americké protivzdušné obraně, která se topí v problémech.

Kdybychom měli mezi hmyzem vybrat největší buřiče, čmeláci by byli horcí kandidáti. Permanentně prokazují schopnosti, které jsme byli ochotni přiznat jen vývojově vyšším živočichům, nejraději jen nám lidem.

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...]

If they don't get you online, they'll try in person. A data-theft and extortion gang has targeted “dozens” of banks, law firms, and other professional services companies in the US from January through May, using fake help desk calls and other social-engineering techniques to gain access to corporate IT environments, according to Google’s Mandiant incident response team. And when those remote-deception methods don’t work, the criminals sometimes show up at victims’ physical offices, posing as IT technicians, and attempt to steal sensitive files using thumb drives. Google’s threat hunters track the extortion threat group as UNC3753, while other analysts call it Luna Moth, Chatty Spider, and Silent Ransom Group. The crew has been around since 2022, originally using fake software renewal emails and other billing lures, typically with PDF attachments containing phone numbers for attacker-controlled call centers, as their means of gaining initial access to corporate networks. Beginning around March 2025, the crims shifted tactics and started posing as IT help desk staff. “While UNC3753 primarily relies on digital vectors, GTIG assesses that associated threat actors have also attempted direct data theft using physical, in person access,” Google incident responders and researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said in a Friday blog. The authors also pointed to a May FBI alert to corroborate this in-person tactic. According to the feds, Silent Ransom Group crooks have been walking into law firms’ physical offices as recently as this spring. Once they are on-site, they claim to be IT support staff needing to image a device or create local backups for security reasons. If that line works, they plug a thumb drive into the victim’s computer and steal data the old-fashioned way. “Although limited forensic evidence and the absence of a subsequent extortion attempt prevent formal attribution, GTIG assesses that these physical intrusions are likely associated with UNC3753 based on structural, timeline, and targeting overlaps,” the blog said. Google won’t say how many dozens of firms have been targeted in these attacks, or how many ended in the data thieves paying a visit to the victims’ locations. “While we can’t share additional details regarding specific investigations, Mandiant CTO Charles Carmakal notes that this tactic has been observed over the years,” a spokesperson told The Register. “Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks.” Another noteworthy thing about UNC3753’s attacks: they are very fast. In many of Mandiant’s investigated incidents, the entire operation from initial contact to data extortion occurred in just one day. “Recently, Mandiant observed data searches, staging, and theft initiated in under an hour,” the threat analysts warned. These intrusions typically begin with an invoice-themed email - but these don’t usually contain any malicious links or attachments. The email’s sole purpose is to give the miscreants a plausible reason to follow up via phone, so that the recipient is more likely to believe the call is legitimate. Most of the crew’s entry mechanisms involve voice-phishing, using a method that has worked so well for other groups like ShinyHunters and Scattered Spider over the past few years. UNC3753 calls organizations’ employees directly and purports to be a help desk worker or member of the security team. The criminals say they need the target’s help addressing a security issue or aiding with a corporate data migration project, and convince the individual to join a screen-sharing session via Zoom, Microsoft Terminal Services, Microsoft Teams, or Quick Assist. In one such intrusion, using Teams to gain access to the victim’s computer, the attacker jumped on five separate calls with the same target over a three-day period, we’re told. And in more than one incident that Mandiant responded to, UNC3753 established Zoom sessions directly on targets' personal laptops, using these machines to access corporate virtual desktop infrastructure (VDI) using native client platforms, such as Windows 365 or Citrix clients. Once they’re in the corporate systems, the intruders map local directories and network drives, and target specific legal and document storage repositories. The crooks also use very-specific keyword searches to find sensitive folders containing tax logs (Forms W-2, W-9, and 1099), audit files, corporate client agreements, and Social Security numbers, before staging this data for exfiltration. UNC3753 uses several methods to sneak the data out of the corporate IT environment without setting off any security alarm bells, including using portable versions of free Windows file manager WinSCP or another open source filesystem like Rclone. The crew has also been known to log into a file-sharing account from the victim’s browser and upload the stolen files that way - or even instruct the victims to send the files to an attacker-controlled email address. After stealing the data, they send the extortion email, usually within 30 minutes of exiting the victim’s environment, and set a three-day deadline to respond and begin the negotiation process. “We hope to find a financial solution that will be acceptable for both parties,” reads one such extortion email. It continues: In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close. Stay safe, friends In the Friday report, Google’s threat hunters list IP addresses and other indicators of compromise, including these phishing domains that UNC3753 uses in its social-engineering attacks, all designed to look like the target organization’s help desk: -itdesk[.]com, -it[.]com, and -helpdesk[.]com. The security shop also suggests a range of things companies can do to avoid falling victim to this group and other voice-phishing scams or physical office intrusions. Some of the physical controls include requiring visitors to display official credentials and photo identification, and mandating front-desk staff log all visitor IDs before granting access. Also, check pre-scheduled work orders to ensure the “technician” at the front desk is who they say they are, and make sure any visiting technical service workers are always accompanied by a corporate, in-office supervisor. Because the bulk of these intrusions occur without any physical entry into the office, however, companies should also implement remote access conditional access policies to ensure only corporate-owned devices can authenticate to any VDIs or VPNs. Plus, block the installation and execution of unauthorized remote monitoring and support utilities. ®

Operating system makers take many steps to prevent their wares from accepting commands from remote devices. The safeguards, designed to thwart malicious attacks, typically require hackers to jump through all kinds of hoops to bypass the measures. But what if remote code execution were as simple as being within Bluetooth range of a speaker connected to the targeted device?

It turns out it can, at least when the speaker is a Sound Blaster Katana V2X sold by Singapore-based Creative Technologies. The speaker, which sells for $283, is widely acclaimed with numerous reviews showering praise on the sound and performance of it and its predecessor, the Sound Blaster V2.

A PC-pwning proxy

Researcher Rasmus Moorats stumbled on the hack by accident, after he purchased a Katana V2X, a soundbar that connects to PCs, Macs, and Linux devices over USB or Bluetooth. Moorats was curious if he could create a Linux tool that communicated with his speaker. He discovered he could do so through CTP, a proprietary mechanism he guesses is short for Creative Transport Protocol.

Read full article

Comments

Byla vydána nová verze 9.7 multiplatformní digitální pracovní stanice pro práci s audiem (DAW) Ardour. Přehled novinek, vylepšení a oprav v poznámkách k vydání.

CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...]

The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges. The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments. Switchzilla says it became aware of attacks against this vulnerability in June. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system,” the vendor said. “This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.” Both of these earlier SD-WAN security holes have also been hit by attackers in previous months. The good news: an attacker needs valid credentials to abuse the new hole. The bad news: exposed credentials aren’t hard to find (or buy) online. We don’t know the scope of exploitation or exactly when attackers began hitting this SD-WAN hole. Cisco declined to answer The Register’s questions, and instead sent us a statement via email. “Cisco recommends customers upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a protective measure,” a spokesperson said. “A patch for this vulnerability will be provided on a future date. Customers needing assistance should contact Cisco TAC.” This latest bug is the sixth SD-WAN vulnerability listed as under attack since the start of the year, and the second zero-day in two months. The most recent is the one the Cisco spokesperson mentioned in an email to The Register. In May, Switchzilla disclosed a max-severity make-me-admin bug (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, and warned that attackers had already found and exploited the hole before it issued a patch. A month earlier, America's lead cyber-defense agency said that three Cisco Catalyst SD-WAN Manager bugs (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) were under attack, and gave federal agencies just four days to patch the security holes. Cisco fixed all three CVEs in late February, and in March warned of attackers abusing two of them. Also in February, the networking vendor patched a max-severity improper authentication flaw (CVE-2026-20127) affecting the same SD-WAN software, prompting a Five Eyes countries’ joint intelligence alert urgently warning defenders to patch it - plus an old SD-WAN vulnerability (CVE-2022-20775) - or risk root takeover. "Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally," the UK's lead cyber agency said at the time. "These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN." And while this one isn't listed as under active exploitation (yet), on Wednesday, Cisco warned about a proof-of-concept exploit for CVE-2026-20230, a critical bug in its Unified Communications Manager that also allows attackers to gain root privileges. ®

Čeští vývojáři, kteří za sebou měli úspěšné hry jako Mafia nebo Hidden & Dangerous, před 16 lety zformovali vlastní studio a prorazili na smartphonech. Jejich graficky špičkové tituly na konferencích prezentovali titáni jako Apple nebo Nvidia. Stahovaly je stovky milionů lidí. Jenže trh s ...

Technology companies announced 38,242 job cuts in the US in May 2026, the highest monthly total for the sector since August 2024, according to research by employment placement company Challenger, Gray & Christmas. So far this year the company has observed 123,653 US technology job cuts, a rise of 66 percent from the same period in 2025.

These figures represent the third successive month that there has been an increase in job layoffs across all sectors, the company said.

“The labor market is being reshaped by technology in real time. AI is now the leading reason companies give for cutting jobs and the primary industry citing it is technology,” said Andy Challenger, chief revenue office at Challenger, Gray and Christmas.”

AI was blamed for 38,579 of the 97,006 job cuts announced across all industries tracked by the company. It accounted for 40% of the cuts observed in May, up from 7% in January.

This year has already seen some major layoffs in technology. In March, HPE slashed 2,500 jobs from its wage bill, while Oracle announced plans to shed an unspecified number of developers. And the cuts keep on coming, just last month, Meta shed 8,000 employees.

Vývojáři webového prohlížeče Ladybird dnes oznámili, že mění způsob vývoje. S blížícím se vydáním alfa verze přestávají přijímat veřejné pull requesty. Všechny otevřené veřejné pull requesty budou uzavřeny. Tým nedokáže garantovat bezpečnost AI generovaných pull requestů.