Agregátor RSS

Sociální sítě používají miliardy lidí a stále jim věnují přes dvě hodiny času denně. Přesto se po letech růstu začíná ukazovat, že nekonečné scrollování možná narazilo na svůj strop. Statistiky také ukazují, že sociální sítě už nejsou jen zábava, ale jeden z určujících fenoménů moderní společnosti.

Ministerstvo dopravy vybralo finální podobu Suchdolského mostu • Šestipruhový dálniční most dlouhý 606 metrů spojí Sedlec se Zámky • Unikátní konstrukce bez pilířů v údolí vyjde na tři a půl miliardy korun

Po roce o prvních zprávách o výrobě Zen 7 na A14 procesu TSMC a vydání v roce 2028 přichází nezávislé zdroje, které to potvrzují. CEO AMD Lisa Su navštívila firmy, které výrob Zen 7 zajistí…

Lazygit byl vydán ve verzi 0.62.0. Jedná se o TUI (Text User Interface) nadstavbu nad gitem.

Jiří Eischmann se v příspěvku na svém blogu o rozepsal o tom, kam se vyhledávání v jeho očích posledních 10 let posunulo, jaké má zkušenosti s AI vyhledáváním, proč na něm nechce záviset a jaké vyhledávací služby ho v poslední době zaujaly.

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks.

The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will be in full production.

However, a new SANS Institute research paper warns that, in certain conditions, an attacker could leverage the new function to disable all user accounts.

The lesson, said Johannes Ullrich, the institute’s dean of research, is that autonomous AI action tools have to be tuned and tested like any other automation capability.

“Automatic isolation and attack disruption are not new concepts,” Ullrich said in an email, “but ideas like these have been used in the past in open source and commercial tools. This feature is most important in organizations with under-resourced IT security teams, as it automates attack response. However, these features must be carefully tuned. If they are left unconfigured, attackers can use them to delay response by disrupting accounts used by administrators.”

Nonetheless, in today’s environment, tools like these are important. Robert Enderle, IT consultant and head of the Enderle group, noted that modern automated malware and ransomware attacks move at machine speed, which means human response times are effectively obsolete.

By the time an analyst even sees a red flag, he said, the attacker has already established persistence or started encrypting files. Microsoft’s automatic device isolation acts as “a rapid, logical air gap. It instantly severs the device’s network connections, cutting off the attacker’s command and control (C2) and halting data exfiltration dead in its tracks. You have to bring an automated defense to an automated fight.”

He said a secondary benefit, often the more critical one for enterprise survival, is containing the blast radius. Attackers invariably use a compromised PC as a beachhead to move laterally across the corporate network, hunting for higher-value targets like domain controllers, he pointed out.

“By instantly quarantining that initial endpoint, you trap the threat where it stands. You ensure a single compromised laptop doesn’t metastasize into an enterprise-wide catastrophe,” he said.

There’s also is a massive forensic advantage, Enderle added. “In the old days, the instinct was often to literally pull the power plug, which destroys critical volatile memory, or physically yank the network cable, which completely blinds your remote security team. Logically isolating the device while maintaining a secure lifeline to security services preserves the crime scene. It prevents the attacker from deploying wiper malware or destroying logs, and it gives the Security Operations Center (SOC) the breathing room they need to safely investigate and remediate the machine without the panic of an actively spreading infection.”

How automatic attack disruption works

Automatic attack disruption is offered to organizations that subscribe to Microsoft Defender XDR, a unified cloud-based security suite that detects and investigates cyberattacks against PC, server, and IoT endpoints. It also manages hybrid identities and protects email and collaboration tools. As such, it correlates data to identify and respond to attacks.

The soon-to-be-delivered auto-isolation capability blocks most network traffic while keeping the device connected to security services. The action is time-limited and scoped to the incident, Microsoft said; security operators can release isolation at any time.

The broad automatic attack disruption capability uses AI to limit attackers’ lateral movement. “Attack disruption uses the full breadth of our extended detection and response (XDR) signals, taking the entire attack into account to act at the incident level,” Microsoft said in a detailed column describing the tool. “This capability is unlike known protection methods such as prevention and blocking based on a single indicator of compromise.”

To use automatic attack disruption, IT has to, at the least, enable Microsoft Defender for Endpoint Plan 2. It becomes more effective if Defender for Identity, Defender for Office 365 and Defender for Cloud apps are also deployed. Admins also have to configure appropriate permissions and monitoring.

Possible operational disruption

The SANS Institute’s academic paper by student Marcio Enriquez noted that AI systems that perform autonomous decisions like containment do improve response times and scalability. But they also rely on threshold-based logic derived from telemetry. “Even when operating on enterprise-wide data, they do not consistently account for system-level impact in their enforcement decisions,” the paper said, and thus can cause unintended disruptions when activated at scale. “This creates a gap between the need for rapid defensive actions and the organization’s ability to maintain operational continuity.”

It examined that gap by evaluating how threshold-driven autonomous containment actions can result in what it refers to as “large-scale operational disruption.”

Enriquez saw an example of this during a real security incident in the spring of 2025. A user in an organization was fooled by a phishing message and entered their credentials on a malicious website. Defender detected this, and within minutes initiated automated containment measures, including disabling the affected account, forcing a password reset and restricting logins across multiple managed devices.

However, because security analysts didn’t realize this was automated enforcement, they initially thought there had been lateral movement or widespread compromise. That triggered an emergency escalation involving security leadership, until further investigation realized that the propagation of containment controls was due to Defender.

“The event demonstrates the effectiveness of autonomous containment in rapidly interrupting active threats,” wrote Enriquez. “At the same time, it illustrates how automated response actions can generate enterprise-wide operational effects that are not immediately transparent to human operators.”

Could be weaponized

To test the ability of a threat actor to take advantage of a weakness in Defender XDR’s automatic attack disruption capability, Enriquez created a hybrid enterprise environment with 18 “users” and executed adversarial activity simulating hands-on-keyboard behavior across multiple identities to trigger high-confidence detection thresholds in Defender, through an attack tactic he calls Autonomous Defense Induced Disruption (ADID). In essence, it tricks the automatic disruption capability of Defender into giving a high-confidence score that the network is under attack.

“The results showed that when detection confidence thresholds were met, automated actions disabled all [18] Active Directory identities, including the local domain administrator, rendering the domain inaccessible,” Enriquez wrote.

“The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption,” he concluded.

Microsoft guidance: Keep auto attack disruption enabled

A Microsoft spokesperson said that the company has no comment on the research paper.

However, they said that Microsoft’s guidance is to keep automatic attack disruption enabled by default. “Opting out materially increases risk, particularly for multi-domain, multi-stage attacks such as HumOR [human intelligence operations, like social engineering], BEC [business email compromise] and AiTM [adversary in the middle], where even minutes of additional dwell time can translate into significant business impact.”

“At the same time,” Microsoft noted, “we recognize that security teams require control over autonomous actions. That’s why the capability is designed with granular controls. Security administrators can tune automation levels by device group and selectively exclude users, devices, or IP ranges based on operational needs. The recommended approach is targeted, intentional configuration, not a blanket opt-out. Customers retain full visibility into actions taken and have the ability to reverse automated responses at any time.”

This article originally appeared on CSOonline.

Wayland kompozitor Labwc byl vydán ve verzi 0.20.0. Labwc je inspirován správcem oken Openbox. Postavený je na wlroots.

Linux Kernel - Local Privilege Escalation

Casdoor 3.54.1 - Arbitrary File Write via Path Traversal

EspoCRM 9.3.3 - SSRF

scramble - Remote Code Execution

MeiG Smart FORGE_SLT711 - OS Command Injection

Realtek rtl819x - Local Privilege

OpenCATS 0.9.7.4 - SQL Injection

For years, most software supply chain attacks focused on malicious dependencies and vulnerable open-source packages. Recent GitHub Actions compromises exposed a different problem entirely. Attackers increasingly target the automation systems responsible for building, testing, and deploying software because those systems often hold broader operational access than the applications themselves.

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move.

Kde teď hledat brigádu, jak ji smluvně ošetřit a jaká pravidla se hodí ohlídat? Poradíme i s hmotnou odpovědností nebo tím, zda lze manko pokrýt z pojistky.

Článek o tom, kam se v mých očích vyhledávání posunulo za poslední dekádu, jaké mám zkušenosti s vyhledáváním pomocí AI, proč se na něm nechci záviset a jaké vyhledávací služby mě v poslední době zaujaly.