Agregátor RSS

When federal security budgets are cut, the data that stops hackers from breaking into your Linux servers begins to dry up.

When developer accounts are blocked, the impact is felt far beyond a single login screen. For many projects, these accounts are the access points for the entire delivery pipeline. If a maintainer is locked out, the flow of security updates stops. In a world where hackers move fast, a stalled pipeline is a massive vulnerability.

Even fitness equipment is vulnerable to mischief makers these days

PWNED  Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today's tale shows that even when you're setting up something as simple as fitness gear, there's no excuse for leaving security credentials lying around.…

Ryzen 9 9950X3D2, nejvyšší model řady Ryzen 9000, vyjde na $899. Cena za V-cache navíc zhruba odpovídá rozdílu mezi Ryzen 7 9700X a Ryzen 7 9800X3D - praktický přínos však bude nižší…

Kabel Swissten vhodný i pro náročné notebooky stojí jen 279 Kč. • Přenese 40 Gb/s, podporuje USB4 a je kompatibilní i s Thunderbolty 3 a 4. • K tomu zvládne výkon až 240 W a poslouží i pro 4K video.

Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]

Kostičkových podob se dočkala řada postav a lokací ze známých her. Lego na tvorbě setů z herních světů začalo pořádně pracovat až v posledních letech. Pojďme se podívat na ty největší a nejhezčí kousky, které aktuálně není složité sehnat.

The time is maybe

Quantum computing exists in a sort of superposition with regard to cryptography – it's both a pending threat and a technology of no immediate consequence for decryption.…

Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. [...]

Přísná evropská metodika odhalila nedostatky v opravitelnosti prémiových telefonů • Apple získal nejhorší možnou známku a Samsung dopadl jen nepatrně lépe • Skóre zhoršuje také firemní lobbing namířený proti právu na opravu

Průměrná roční teplota v Česku prokazatelně vzrostla o 1,1 °C • Počet dnů se sněhem na většině území statisticky významně klesá • Neuronové sítě pomohly vymezit čtrnáct zcela nových klimatických oblastí

Qualcomm vydal druhou generaci PC procesorů řady Snapdragon X Elite. Výkonnostně konečně dosahuje toho, co se očekávalo od té první, ovšem s herní podporou je výrobce nadále na štíru…

Through LinkedIn’s more than one billion business users, the Microsoft unit has access to a vast array of personally-identifiable information, including data that could identify religious and political positions. What is less clear is what LinkedIn does with all of that data.

A small European company that sells a browser extension to leverage different aspects of LinkedIn data is running a campaign, which it calls BrowserGate, that accuses LinkedIn of “illegally searching your computer” and “running one of the largest corporate espionage operations in modern history.” 

“Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm,” the company claimed.

“The user is never asked. Never told. LinkedIn’s privacy policy does not mention it,” the BrowserGate site said. “Because LinkedIn knows each user’s real name, employer, and job title, it is not searching for anonymous visitors. It is searching identified people at identified companies.”

LinkedIn denies some of those accusations, and avoids addressing the remainder. 

“This [accusation] is a house of cards built entirely upon a fabrication,” said an emailed LinkedIn statement . “We do disclose that we scan for browser extensions in our privacy policy, in order to detect abuse and provide defense for site stability.” 

When asked whether it uses that data solely to do those things, LinkedIn did not reply.

Possible misuse

The key person behind the allegations calls himself Steven Morrell (not his legal name, which he asked not be published). The company he represents also has different names, including Teamfluence and Fairlinked. 

Morrell said that LinkedIn is gathering data that includes sensitive details, including information that he argued could be used to determine religious and political leanings. Gathering such data, Morrell said, could violate European privacy rules.

But Morrell is not saying that LinkedIn is in fact using the data to determine those preferences, but merely that they could. Much the same could be said for almost all large companies.

Morell isn’t exactly unbiased, however. He and LinkedIn are also involved in a legal dispute in Germany, in which Morrell said that LinkedIn violated EU rules and that it improperly kicked him, and others, off the service.

LinkedIn countered that Morell and the other plaintiffs had violated its terms of service with their plugins. Last month, a judge in Munich sided with LinkedIn, dismissing the motion for a preliminary injunction.

Might cause compliance issues

Safayat Moahamad, research director at Info-Tech Research Group, said that compliance approaches throughout the European Union and the UK could indeed have some issues with this deep a level of data collection. 

“European courts are likely to support platforms that restrict automated data harvesting, when they can plausibly link organization-level policy enforcement actions to consumer protection and regulatory compliance,” Moahamad said.

Advice for CIOs

Cybersecurity consultant Brian Levine, executive director of FormerGov, said enterprise CIOs should use these allegations, even if they prove to be untrue, to help them tweak their data strategy and privacy policies for 2026.

“Assuming the BrowserGate allegations are true, LinkedIn users should consider reducing the amount of identifiable, trackable, or sensitive data their browser exposes, and organizations should treat LinkedIn as a potentially hostile web environment until facts are verified,” Levine said. “Even if BrowserGate is exaggerated, browser fingerprinting is a real, widespread practice across the web. Treat LinkedIn like any other third-party data collector. LinkedIn has historically been treated as safe, [but] that assumption may need to be revisited.”

Levine said IT executives should “assume that LinkedIn can map your tech stack” and that, if the claims are accurate, LinkedIn could infer “which SaaS tools your employees use, which competitors you rely on, which job search tools your staff is using and which political/religious extensions appear inside your workforce.”

He added that IT should consider blocking LinkedIn on sensitive networks, or require it to only be accessed through VDI, as well as employing browser isolation techniques. Some companies might even want to use a separate isolated browser solely for LinkedIn, or, he said, “use a sandboxed browser session, such as Browserling or other cloud-isolated browsers.”

This article originally appeared on CSOonline.

React Server 19.2.0 - Remote Code Execution

RomM 4.4.0 - XSS_CSRF Chain

Jumbo Website Manager - Remote Code Execution

ZSH 5.9 - RCE

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]

Výdělky v Česku se podle statistik výrazně liší na základě profese, odvětví i kraje. Podívejte se, kdo loni bral nejvíc a kdo naopak nejméně.