Agregátor RSS

A production Linux server gets rebuilt from an old image. A contractor leaves. A CI/CD job is retired. Months later, the same SSH public keys are still sitting in authorized_keys, silently trusted by root or a service account nobody owns anymore.

Přehled dubnových vydání Jaderných novin: stav vydání jádra, citáty týdne a seznam článků týkajících se jádra.

Poslanci přehlasovali Senát a protlačili snížení minimálních záloh na důchodové pojištění pro OSVČ. Popisujeme, komu vznikne jaký přeplatek a kdo se k penězům dostane dříve.

Při skončení nájmu vrací pronajímatel složenou kauci, pokud není třeba ji započíst na dluhy nájemce. Jenže kauce se úročí a soudy ve sporech dospívají až k nesmyslně vysokému úročení.

Navážeme na minulý díl, a protože většina z vás se dříve či později potká s MS SQL serverem, začneme jednoduchou ukázkou instalace linuxové varianty MS SQL serveru a více si vysvětlíme chování balíčku a nástroje Docker.

Osmibitové počítače Atari mohou skládat obraz ze čtrnácti textových popř. grafických režimů. Ovšem navíc jsou k dispozici takzvané režimy GTIA, jež zobrazují až šestnáct barev z palety 128 nebo 256 barev.

V posledních dnech se scházejí indicie naznačující vydání cenově (nej)dostupnějšího osmijádrového X3D procesoru pro socket AM5. Bude jím Ryzen 7 7700X3D, patrně níže taktovaná verze Ryzen 7 7800X3D…

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]

Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.

A side channel based on contention

The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.

Read full article

Comments

Český telekomunikační úřad zahajuje novou etapu využívání vysokofrekvenčního rádiového spektra v pásmu 26 GHz. Toto pásmo bude od 1. 7. 2026 otevřeno pro provoz moderních bezdrátových sítí, zejména sítí páté generace (5G), pevných bezdrátových přístupových sítí (FWA) a lokálních či průmyslových sítí určených například pro výrobní areály, logistická centra nebo technologické kampusy. Současně s otevřením pásma 26 GHz přistoupil ČTÚ ke zpřístupnění informací o využívání rádiových kmitočtů v tomto pásmu.

Logitech představil myš Signature Comfort Plus M850 L s polstrovanou opěrkou dlaně pro větší pohodlí a sadu s touto myší a klávesnicí s integrovanou opěrkou dlaní Signature Comfort Plus Combo MK880.

CrowdStrike, working with Google and the Shadowserver Foundation, said it has taken down the Glassworm botnet, a self-propagating, credential-stealing worm that has targeted developers and spread through poisoned software packages since early 2025. The endpoint security giant’s Counter Adversary Operations team and partners hit all four Glassworm command-and-control channels simultaneously at 1400 UTC on Tuesday, “severing the operators from their infected machines and their ability to deliver new malicious payloads,” according to CrowdStrike’s blog. Google Threat Intelligence Group chief analyst John Hultquist confirmed his company’s involvement in a social media post. “As part of our disruption efforts, we are working with partners to bring more pain to attackers, especially when we see them abusing our products or targeting our users,” Hultquist wrote. A spokesperson declined to provide additional details to The Register about Google’s role in the takedown. The disruption comes as another self-replicating worm, Mini Shai-Hulud, rips through open source code and miscreants poison GitHub repositories and npm packages in similar supply-chain attacks also targeting developers’ environments. “Glassworm marked a significant shift in the threat landscape that should serve as a wake-up call for every organization that ships or consumes software,” CrowdStrike wrote. “Adversaries are no longer just targeting products, they're targeting the developers who build them.” First spotted by endpoint security shop Koi in October 2025, Glassworm used invisible Unicode-based code injection, blockchain-based C2 infrastructure, and Google Calendar as a backup command server to turn infected developers’ machines into criminal proxy nodes. This self-replicating worm initially targeted VS Code extensions on the OpenVSX marketplace before moving on to npm and Python packages, and later poisoned more than 300 GitHub repos using stolen credentials harvested in earlier Glassworm infections. This worm appeared about a month after another self-propagating malware strain, Shai Hulud, first wormed through npm packages including those maintained by CrowdStrike. Glassworm infected all platforms - including Windows, macOS, and Linux systems - stealing credentials and other sensitive information, and also spawning its own Node.js remote access tool called GlasswormRAT. C2 architecture designed to withstand takedowns Glassworm’s C2 infrastructure used four distinct channels to complicate takedown efforts. These included the Solana blockchain, with C2 server addresses encoded in the memo fields of blockchain transactions, ensuring the C2 couldn’t be taken offline through conventional means. It also used Google Calendar event titles as dead-drop locations for Base64-encoded C2 paths. The GlasswormRAT used a decentralized BitTorrent Distributed Hash Table (DHT) for configuration data stored against hardcoded public keys. And finally, Glassworm relied on traditional C2 servers, hosted on commercial VPS providers, as the final payload delivery mechanism. Disrupting all four channels “required precision and timing,” according to CrowdStrike. “Taking down only one channel would have left the others operational, allowing the operators to quickly reconstitute.” All Glassworm-infected machines now beacon to the benign CrowdStrike-operated IP address 164.92.88[.]210. The security shop urges organizations to review network logs and endpoint telemetry for connections to this address, which indicate a Glassworm infection. ®

When a Linux server initiates an unauthorized outbound connection to an unknown IP address, it rarely triggers an immediate system failure. Instead, the server continues running normally, and the connection is usually only discovered during a routine firewall log review, a DNS audit, or a post-incident investigation. Because there are no obvious system crashes or performance drops, these quiet outbound sessions can easily be overlooked.

More than half of businesses had an AI-related security incident or a scare in the past year — even as executives remain overwhelmingly confident in their ability to manage the risks of employees using AI tools, according to a study commissioned by identity and access management leader Okta. “For the purposes of this survey, an AI security issue is defined as an actual incident, i.e. a breach, data exposure, or system disruption, or a close call, meaning an issue was identified before it caused harm to the organization,” Harish Peri, SVP and GM for AI Security at Okta, told The Register. Of those respondents who reported a security problem, 26.7 percent described an actual incident — a breach, data exposure, or system disruption — while 31.2 percent identified a close call caught before it caused harm. Yet, overall, 58 percent of executives reported that their organization experienced an AI-related security problem in the past 12 months and the data is pointing to “shadow AI” use by employees as the culprit, Peri said. “The old adage in cybersecurity is that you can’t protect what you can’t see. Our research shows that 52 percent of knowledge workers admit to using unapproved AI tools,” Peri told us. “Security and compliance teams can’t govern the usage of AI tools they don’t know are being used. Organizations must implement an effective AI governance framework that prioritizes identity-centric controls, automated discovery, and secure sandboxes to test drive AI tools safely.” The AI Agents at Work 2026 report was commissioned by Okta and conducted by Apprize360 in March. It surveyed 292 executives and 492 knowledge workers across seven countries: the US, UK, Australia, Canada, Japan, France, and Germany. It also showed a disconnect between how leaders believe AI is being used within their organizations and what employees actually do. Whether it's coding assistants, browser extensions, or industry-specific utilities, the study said what unites all of the tools is their need for data and, in many cases, access to an organization’s internal systems. Peri said the survey found risky employee behavior when it came to interacting with AI models. Knowledge workers actively used unapproved AI tools, shared confidential company documents with those tools, handed over HR information to AI, and in 16 percent of cases, provided their login credentials. "These risky behaviors — whether intentional or not — increase the attack surface across an organization," Peri told The Register. Despite that, 90 percent of executives had confidence in their organization's visibility into AI tools, even as more than half of knowledge workers admitted to using AI tools without approval, with 24 percent adding that they do so regularly. Apart from the security issues, the survey found that AI agents and AI tools are gaining widespread adoption. Ninety-two percent of executives surveyed said autonomous AI agents are already in widespread or moderate use across their organizations, while nearly two-thirds of knowledge workers reported using an AI tool at least daily. Among those workers, 68 percent used AI agents, while 62 percent regularly used LLMs and AI-infused chatbots. The results of the survey vary by geography, too. The United States led all surveyed countries, with 67 percent - more than two-thirds - of workers reporting they use unsanctioned AI tools. Australia came in second, with 60 percent of workers saying they engaged in unapproved AI usage. In the United Kingdom, some 55 percent of workers ignore the rules, while roughly 50 percent of Canadian workers reported using unauthorized AI tools. Workers in France and Germany reported the lowest rates of unauthorized AI usage with each at around 30 percent. The gap between executive confidence and employee reality is widest in the UK, where 96 percent of executives expressed confidence in their AI visibility, while more than half of workers used unapproved tools. Peri said there’s no easy fix. “For most organizations, shadow AI emerges unintentionally and isn’t intended to be malicious,” he told The Register. “Shadow AI primarily causes headaches for leaders because they don’t have the proper visibility, governance, and security controls for tools the organization isn’t managing.” Okta’s survey recommends that organizations should assume shadow AI exists and make discovery a priority. They should make the secure use of AI the easiest path, and define an AI governance strategy now. Peri said strict AI bans may actually make the problem worse by pushing more usage underground. A more effective approach, he said, involves talking with employees to understand what they need and making approved tools easier to use than unsanctioned alternatives. ®

Klávesnice vypadají jedna jako druhá, ale rozdíly jsou mezi nimi velké. • Kdy se vyplatí mechanická a proč je dobré podsvícení? • Vysvětlíme pojmy, kterými vás obchody a výrobci zahltí.

The FBI is warning unsuspecting lawyers that their firms continue to be an active target for members of a longstanding extortion crew. Silent Ransom Group has been operating since 2022, by the FBI’s reckoning, and its latest message [PDF] about the gang comes almost exactly a year after its last. The group is still targeting US law firms and their staff, and the criminals are pretending to be company IT staff. It also warned last year that the callback phishing specialists had started physically walking into the law firms’ offices when remote social engineering attempts go south. The FBI’s latest advisory reaffirms these findings, with fresh attacks reported in Spring 2026. Law firms should be locking up their USB ports because the extortion crew is still sending members to plug in their thumb drives into the computers, for when they can’t convince employees to surrender remote access. In these scenarios, they rock up to the victim they’ve tried to phish and socially engineer from behind a phone or computer screen, continue the facade of being a company IT rep, and then claim they need to image the person's device or create a backup file to assess the damage of their own phishing email. What they’re actually doing is copying important files onto said thumb drive, which SRG will later use to extort the law firm. The FBI didn’t say exactly how many of these in-person callouts SRG has made, but it was evidently enough to include in a fresh advisory on the group’s methods and tactics. According to the advisory, these attacks were first reported in Spring 2026. SRG in brief SRG’s target industries used to be broader than just legal. The hack-and-leak group has been known to target organizations operating in various industries, but the legal sector has remained a common theme since 2023. The FBI said in its advisory on the group last year that it believes SRG consistently targets US law firms “likely due to the highly sensitive nature of legal industry data.” When they’re not sending crooks into office blocks, SRG’s primary goal is to achieve their aims through callback phishing. Using SMS messages or emails, group members would single out employees at target companies, asking them to call a number while impersonating real IT staff. If the staffer fell for the scheme, they’d call up, and the SRG IT imposter would attempt to convince them to grant access to a remote desktop session, during which they would elevate their privileges and set about stealing data to use as extortion leverage. In some cases, SRG will run WinSCP or a disguised version of Rclone to scoop up files of interest. In others, they are known to share those documents using internal file-sharing platforms such as Google Drive or Microsoft OneDrive. Before the callback phishing methodology, the group would send emails claiming that a fake subscription had been authorized that would charge small sums to the target’s account each month. The email included a phone number to call in order to cancel the subscription, and once on the call, the crooks would convince the target to install remote access software, and rinse-repeat the data theft playbook. SRG is not known for using ransomware, but it operates a data leak site (DLS) just like any other extortion crew and charges victims to return the data they stole, threatening to leak it online if they refuse to pay. Recent alleged victims of the group have included law giant Jones Day, the legal eagles favored by US president Donald Trump during both his election campaigns. SRG listed Jones Day on its DLS, and the law firm confirmed a “cyber phishing incident” in April, but did not name SRG as the culprits. Your country needs you The FBI pleaded with the public to send it any evidence of SRG in action to aid future investigations. Of particular use would be phone numbers used to contact the crooks, copies of the phone call transcripts and phishing emails, cryptocurrency wallet information, and identifying information of the individuals who step foot in office buildings. As for how to prevent attacks from SRG or others adopting similar methods, the FBI recommended that organizations disallow connecting external drives to company-issued devices, especially those that store confidential or otherwise sensitive information. Verifying the credentials of each person walking into the building wouldn’t hurt, either. The usual advice applies for the group’s remote attacks: limiting access to sensitive data from less-secure networks and requiring phishing-resistant MFA for as many services as possible. The FBI also recommends blocking port 22 access, which would prevent encrypted remote access, and investing in robust staff training programs so they know not to let outsiders plug hardware into their machines. ®

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. TheRavie Lakshmananhttp://www.blogger.com/profile/[email protected]