Agregátor RSS

MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]

Co potřebuje každý bastlíř do své nové dílničky? • Stavebnice Arduino a pytlík rezistorů jsou pouhý základ • Vybrali jsme 60 věcí, které by tam neměly chybět

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Apple publishes its App Store fraud prevention report every year,. And when it does, the company presses the point that its curated system brings much value to developers and customers, including highly effective protection against fraud. It says it prevented more than $2.2 billion in potentially fraudulent transactions in 2025 alone.

A tax worth paying

The company said it has prevented $11.2 billion in such fraud in the last six years. That’s a lot of value for the 15% or lower commission that all but the biggest-selling developers are required to pay on their store sales.

Don’t believe the hype, as most developers are not generating the $1 million a year required before the 30% payment kicks in.

You might reflect that if there is an Apple Tax, it’s a progressive tax in which those with the broadest shoulders help support the wider developer community, which is probably why some tech billionaires don’t like it. 

But I’m not here to write about taxation; I’m here to highlight the value the App Store brings. Apple diligently works to protect customers and developers against the ever-growing threat of cybercrime at a scale few other companies could hope to match. That matters in an environment dominated by ever more sophisticated attacks, including scenarios in which a developer submits a benign app for review and then modifies it once the app is online to commit financial fraud.

More than fraud prevention

It’s not just fraud Apple protects App Store customers from. It also attempts to protect privacy. Look, we know that tech firms now exist for whom privacy is a roadblock to profit; they want to take all your information for free to sell it for money, or worse. Apple stands against this and has done so for years, which is why it is under steady attack by entities that want privacy destroyed to boost their bottom line. Nation states and nation-state-adjacent attacks don’t help in the battle for your private digital life, throwing huge resources at undermining personal protections.

Apple’s report gives you a solid glimpse at the anti-privacy environment. App Store rejected 443,000 app submissions for privacy violations; it also rejected 22,000 apps for holding undocumented anti-privacy features. 

The upshot is that while Apple’s protections aren’t 100% perfect, they’re still industry leading. Where incidents do take place, they are resolved swiftly, and the bait-and-switch approach (in which an app pretends to be benign but carries malware) remains the biggest threat. That’s why customers should always verify they trust a developer before downloading apps.

The threats coming over the hill

The thing is, all of these threats are evolving, and Apple is equipped to evolve in parallel with them. In part, that’s because it has scale, in part because it has that huge 2.2-billion-device ecosystem, in part because the company entered the app store race with deep understanding of how online transactions were evolving in the first place. It didn’t run iTunes for years only to learn nothing.

Coming up over the hill we can see new-breed quantum-based threats. Along with artificial intelligence, that combination will likely spawn a mass attack of AI-generated, malware-infested apps being built and submitted at a record pace. 

We will also likely see increased attacks made against developers in order to extract their Developer ID to help in the submission of such apps. And we will see increasingly sophisticated algorithmic hacks to attack security, identity, and even app ownership. Protecting against those consequential evolutions will be neither easy nor cheap. Doing so will require near state-level protection, a degree of security no small entity can meet. We have no idea if smaller app stores can even visualize such protection — and the EU doesn’t know, either.

In time, hopefully, new businesses will emerge offering quantum-safe security to protect online purchases. But for now, we’ll mostly need to look to large entities such as Apple, or payment services providers, to make the grade. 

Near state-level protection

Will Apple put protection at scale in place to protect against these incoming threats against its App Store? It seems likely, given it is already investing in OS-level mitigations to protect encryption on its services, including around encrypted communications. 

It is also in Apple’s interest to future-proof protection around payment services, ergo also the App Store. At the same time, as Apple’s latest fraud report confirms, the threat landscape remains highly volatile. Time will show that the store’s degree of protection is well worth the cost of Apple’s progressive App Store tax. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Meta zavádí na ostro předplatná Instagram Plus, Facebook Plus, WhatsApp Plus. • Nabídnou pár bonusových funkcí, základní služby zůstávají zdarma. • Startuje i testování tarifů Meta One Plus, Premium, Essential a Advanced.

A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]

Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]

Carnival Corporation - the world's largest cruise operator - has confirmed a digital heist, a month after hacking crew ShinyHunters claimed to have stolen millions of customers' records. The breach, Carnival confirmed, stemmed from an April 14 social engineering attack on an employee, though the company declined to comment on the scale or name ShinyHunters. However, a company filing with the Maine attorney general's office puts the number of affected individuals at just under six million, down from the 8.7 million records previously listed by Have I Been Pwned. Carnival previously acknowledged the phishing attack at the time, but it did not say whether any data had been accessed or stolen. ShinyHunters claimed it lifted terabytes' worth of Carnival records and hinted at a breakdown in negotiations, likely related to the criminal outfit's extortion demands. "The company failed to reach an agreement with us despite our incredible patience," ShinyHunters wrote on its data leak site, adding: "They don't care." Following a "thorough and time-consuming analysis of the impacted data," Carnival confirmed that names, addresses, email addresses, phone numbers, dates of birth, and state identification numbers were all included in the breach. As is often the case in data theft incidents, individuals will be affected to different degrees, depending on what information they shared with the company. Carnival began sending notifications directly to affected individuals on Wednesday. Those communications include details about how recipients can redeem two years of free credit monitoring services, as is common in US breach notifications, via TransUnion. It closed its message with a promise to improve: "In addition to the comprehensive security measures the company had in place prior to the incident, it has taken steps to further safeguard its systems, including enhancing its security and monitoring controls. "The company will continue to advance its IT security and data privacy controls to stay ahead of an ever-evolving threat landscape." ®

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a [email protected]

For years, software developers on H-1B visas benefited from steady demand among US technology employers. That market is becoming more selective as companies redirect spending toward AI and rely more heavily on coding assistants.

Recent layoffs at companies including Meta and Amazon have added to the uncertainty, with engineering and software roles affected even as major technology companies continue to deepen investments in AI.

Developers and analysts say traditional engineering roles are becoming harder to land, recruiters are asking more often for AI-related experience, and workers are being pushed to keep pace with tools such as GitHub Copilot, Claude, and ChatGPT.

The shift is being driven by both AI investment and broader economic uncertainty, according to Pareekh Jain, CEO of Pareekh Consulting. Companies are changing the profile of the developers they want, hiring fewer people in some areas while paying more for AI talent.

“AI investments are changing company hiring strategy,” Jain said. “They require a different profile, fewer numbers, and also across geographies.”

This shift is colliding with a tougher sponsorship environment for H-1B developers.

Jain said companies are more selective about hiring visa-dependent workers than they were two or three years ago, especially when permanent residents and US citizens are more available in the market.

“Companies are not looking for H-1B now,” Jain said. “They are building a local workforce and preferring green card holders and citizens.”

Employers may now be more likely to consider H-1B candidates only when they have immediate project needs, rather than building a longer-term bench of visa-dependent workers.

Concerns are visible in public forums used by technology workers. In one January post on Blind, an anonymous senior software engineer with seven years of experience said she had been laid off while on an H-1B visa and was “not interview-ready,” highlighting how quickly job loss can become a visa problem for H-1B workers in the US.

Junior developers face the squeeze

The combination of AI tools and tighter hiring is hitting early-career developers hardest, said Adarsh ML, a product engineer at Ather Energy who tracks global engineering hiring trends.

“Companies are increasingly looking for specialized engineers with machine learning and data science skills,” Adarsh said. “Job opportunities for people with zero to three or four years of experience are not really there anymore.”

The shift is also changing team structures, Adarsh said. Earlier, one manager may have had two or three interns and several freshers reporting to them. Now, many of those roles are being replaced by AI agents.

“Companies now want people who understand software well enough to catch the mistakes these AI agents make,” Adarsh said.

That creates a longer-term risk for the software talent pipeline.

“If companies only want people with five years of experience to manage AI agents today, who will have that experience five years from now?” he said. “There may not be enough experienced developers left.”

AI literacy becomes baseline

The impact is not the same for every role. Sophia James, an Indian software professional based in the US who works in database monitoring, said AI has not significantly changed her team’s daily workflow. But AI literacy is becoming a management expectation.

“Managers are trying to understand whether we are keeping up with the changes happening in the market,” James said. “Recently graduated students, whether BS or MS, are finding it difficult to get jobs. But people who already have jobs, like us, are not facing that much of an issue in terms of projects continuing.”

Jain also stressed that AI literacy is now becoming a baseline expectation for software developers, even outside AI-focused roles.

“Being AI-literate is a must now, even if the role is not directly in AI development,” he said. “This is like knowing Excel even if you are not from finance in the earlier era.”

Fewer developers required

Jain said AI coding tools are likely to reduce the number of developers companies need for similar tasks, making the technology deflationary for some software work.  

But Jain added the impact may not be entirely negative. Enterprises will need to invest in data, cloud, and modernization to become AI-ready, creating new work. AI could also encourage companies to build more applications internally instead of buying from SaaS providers, potentially creating opportunities for IT services firms.

The effect is already visible in hiring decisions. Nikhil Dhiman, head of engineering at CarInfo, said AI is changing the economics of early-stage software development, particularly when companies are building proofs of concept or testing new ideas.

“Some companies are very cautious now,” he said. “They want to leverage AI more and hire less. They just want to see the impact first.”

Navigating the new hiring market

Familiarity with tools such as ChatGPT and GitHub Copilot is now a baseline requirement for developers, said Sanchit Vir Gogia, chief analyst at Greyhound Research.

Developers need deeper expertise in areas such as cloud infrastructure and data engineering, as well as security and AI governance, he said. Those skills are closer to the systems enterprises need to validate and scale, rather than the routine coding work AI tools are starting to compress.

“The engineer who only produces output grows easier to replace as the output grows easier to generate,” Gogia said. “The engineer who can validate it, secure it, situate it in a real business, and stand behind the result becomes harder to replace.” For H-1B developers, he said, adaptation also requires visa planning. Developers should understand portability rules and employer sponsorship timelines before a job loss forces urgent decisions.

“A high-skilled worker has up to 60 days after a role ends, and the right to begin new employment the moment a valid portability petition is filed,” Gogia added. “The strategic error is treating that window as a safety net rather than a planning horizon.”

The article originally appeared on InfoWorld.

Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]

Vánoce jsou až za půl roku, ale chytrá světla na stromek je ideální koupit teď. • Výborné řetězy Twinkly jsou totiž o polovinu levnější než v zimě. • Mají programovatelné RGB diody, které můžete ovládat mobilem.

Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens.

The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before mak...

Over the past decade, there’s something I’ve hinted at, mentioned in passing as a part of broader discussions, and told more people than I can count privately via email and other one-on-one conversations.

And now, as the writer of the internet’s longest-standing Android column and newsletter — a fancy way of saying someone who is apparently now old as molasses — I feel like I’d be doing a disservice if I didn’t just come out and say it as prominently and plainly as possible:

There is no valid reason anyone should be buying Motorola Android devices in 2026. None.

It’s a shame, too, ’cause Motorola has a heck of a history within Android and the mobile realm in general. And, to its credit, the company does still make some impressive-looking and at times quite interesting hardware.

But the compromises that come with that package are just too serious and consequential to be forgiven. That’s been the case for some time now, truth be told — but with yet another facepalm-inducing infraction being added onto the list now, it’s time to say it loud and clear:

Please stop buying Motorola Android phones. And please join me in telling everyone you know the same thing. 

Trust me: You’ll be doing them a major favor. And here, with no punches pulled and absolutely no sugarcoating, is exactly why.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter — three new things to try every Friday and tons of other tasty treats.]

The Motorola Android compromise: Part I

I won’t beat around the bush: The most pressing reason Motorola Android phones are completely inadvisable to buy is the reason that’s been present for the longest — and that’s the company’s complete and utter disregard for even minimally acceptable post-sales software support.

It’s something I’ve noted in my data-based Android Upgrade Report Cards for more years than I can even remember at this point, and it’s almost comically consistent: Year after year, upgrade cycle after upgrade cycle, Motorola simply does not give a damn about investing the time or the money to bring current Android versions to its existing customers in anything close to a timely manner. Once you’ve forked over your phone and put away your wallet, good luck: You’ll be lucky if you get a single software update from Motorola after that, half a year to a year after the fact — and you almost certainly won’t hear a single peep from the company about the progress (or lack thereof) at any point along the way.

Motorola has managed to score an almost impressive number of back-to-back “F” scores on my annual analyses; no other Android device maker even comes close to that record. And lest you think this is purely about pokiness in providing polish and surface-level progress, remember that practically every Android software update is packed with critically important changes around privacy, security, and performance — and the way apps are able to interact with both your data and your hardware.

Running outdated software isn’t just dangerous — it’s downright irresponsible, especially if you’re a professional using your phone for business purposes but even if you’re just a regular ol’ schmoe focused purely on personal stuff. No one who understands a thing about security would ever recommend that, and that’s exactly what you’re signing up for anytime you buy a Motorola-made device.

So that’s part one, and that’s the biggest problem with Motorola’s Android products. But it isn’t the end of this tale nor the reason I was finally moved to write this missive, with the hopes that it’d eventually reach any Android-interested phone-buyers with Motorola on their minds.

Motorola’s more recent Android offenses

All update-related issues aside, the problem with Motorola’s Android products is that they make all sorts of compromises that are all about lining Motorola’s pockets at the expense of your experience.

The most recent example and the straw that broke the Android columnist’s (increasingly creaky) back is the new discovery that Motorola had seemingly been indirectly hijacking the Amazon app on its devices and sneakily injecting an affiliate code into links. The end result of such actions, according to observations published this week, is generating unearned revenue from your day-to-day purchases.

That’s an underhanded and shady-seeming practice, to say the very least. It just feels icky and ethically reckless. And clearly, what was demonstrated was intended to go unnoticed, which is always a pretty apparent sign in my mind that someone’s doing something shifty.

Following the discovery and subsequent outcry, Moto released a statement saying that the behavior was “unintended” and the result of its partnership with a company called Device Native. According to Moto, it had teamed up with that organization to develop “an app search and suggestion experience for the Moto App Launcher.” You can choose to interpret that how you will, but the reality is that Device Native is a company that exists to inject personalized, native-seeming ads directly into the core Android software experience, as its website plainly establishes — with “no user opt-in required,” allowing for easier “scale” of “monetization globally.”

A screenshot from the Device Native website.Device Native / JR Raphael, Foundry

On some level, at least, Motorola evidently decided to work with this company and integrate its ad technology into the Android experience on its phones. Regardless of whether the Amazon code injection was truly deliberate, which organization caused it to happen, and who was or wasn’t aware of the actions, Motorola opted to place this ad-serving system into the phones it was selling and to allow the company behind it to exert this kind of control over its customers’ experiences — as well as, one would imagine, likely leaning on it for other forms of invasive system-level ad integration.

And sure, maybe Moto will back down from this practice and perhaps even distance itself from the partnership entirely if the outrage grows loud enough. But does someone stopping a shady-seeming practice simply because they got caught and people complained make for the kind of company you want to trust in general?

It’s similar to the way Moto lards up its devices with so much preinstalled bloatware that you actually have to fight to get through it or — Goog forbid — remove it and reclaim the product you paid hundreds of dollars to purchase. Heck, even the company’s top-of-the-line, nearly $2,000 folding Razr Fold phone is guilty of this sin, and that’s just embarrassing for a device of that price and caliber.

Even with Motorola’s lower-level phones, though, we’re talking about devices that often cost $500 or close to that. These aren’t bottom-of-the-barrel, heavily subsidized garbage gadgets. You could get one of Google’s Pixel 10a phones for that same price or often even less — without any of the bloatware, the link-hijacking and potential ad-injecting shenanigans, or the unforgivable software support failures. You’d get a full seven years of guaranteed timely and reliable software updates, from major Android versions to monthly security patches and the quarterly feature drops that accompany those. And that’s to say nothing of the superior camera experience and other assorted advantages.

You could go with one of Samsung’s midrange models, too, imperfect as those are in their own ways, and it’d still be a massive step up from the Motorola madness.

We’ve reached a point where there really is just no comparison — and, again, no reason why anyone should be buying a Motorola phone anymore. The issue, unfortunately, is that most of the people who are buying Moto devices are the same people who aren’t reading columns like these. They’re the people who waltz into a carrier store, see whatever model is featured on the shelf or pushed by a commission-earning, partnership-promoting salesperson, and walk out with whatever caught their eye or had the best promotional pricing on that particular day.

Make no mistake about it: These types of devices give Android a bad name and propagate the myth of the entire platform being a second-rate dumping ground for “folks who can’t afford iPhones.” Android is so much more and so much better than that. You deserve so much better than that.

Plain and simple, this isn’t the Motorola of yesterday. At this point, there’s no excuse — and no reason to keep setting yourself up for failure when so many better options exist.

Say goodbye, Moto. And make sure everyone you know who won’t be reading this column knows why they should do the same.

Get unmatched Android insight in your inbox with my free Android Intelligence newsletter — three new things to try and zero punches pulled every Friday.

Český stát by v budoucnu mohl provozovat vlastní alternativu ke komunikačním aplikacím typu WhatsApp, Signal, Telegram, Facebook Messenger a podobně. Cílem je zajistit bezpečnou datovou komunikaci pro stát a jeho důležité subjekty, jako jsou bezpečnostní složky, ministerstva a další organizace.

Nový elektrický Citroën 2CV dorazí na evropský trh v roce 2028 • Legendární lidový automobil bude stát méně než patnáct tisíc eur • Malý městský elektromobil dostane levnější techniku a splní přísné testy

Už za týden, ve čtvrtek 4. června, se v Národní technické knihovně v pražských Dejvicích uskuteční další konference věnovaná tématům spojeným s IPv6 - Den IPv6. Program akce a registrační formulář jsou k dispozici na webu akce. Kapacita konference je omezená, proto organizátoři doporučují, aby se vážní zájemci přihlásili včas (k dnešnímu dni zbývá přibližně 30 volných míst). Konferenci Den IPv6 2026 organizují i letos společně sdružení CESNET, CZ.NIC a NIX.CZ.