Agregátor RSS

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News - 14 Leden, 2025 - 17:38
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said
Kategorie: Hacking & Security

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News - 14 Leden, 2025 - 17:38
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

FBI deletes Chinese PlugX malware from thousands of US computers

Bleeping Computer - 14 Leden, 2025 - 17:26
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
Kategorie: Hacking & Security

FBI wipes Chinese PlugX malware from over 4,000 US computers

Bleeping Computer - 14 Leden, 2025 - 17:26
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
Kategorie: Hacking & Security

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Bleeping Computer - 14 Leden, 2025 - 16:57
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
Kategorie: Hacking & Security

Největší IT průšvih v historii Slovenska. Katastr funguje na dalších místech, ale lidé mají problém něco vyřídit

Živě.cz - 14 Leden, 2025 - 16:45
**Útok vedený ze zahraničí ochronil systémy slovenského katastru **Data zašifroval ransomware. Výkupné se rovná sedmiciferné částce v dolarech **Provoz ale zřejmě půjde opravit ze záloh, tvrdí úřad
Kategorie: IT News

Největší IT průšvih v historii Slovenska. Katastr funguje na dalších místech, ale lidé mají problém něco vyřídit

Zive.cz - bezpečnost - 14 Leden, 2025 - 16:45
**Útok vedený ze zahraničí ochronil systémy slovenského katastru **Data zašifroval ransomware. Výkupné se rovná sedmiciferné částce v dolarech **Provoz ale zřejmě půjde opravit ze záloh, tvrdí úřad
Kategorie: Hacking & Security

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Bleeping Computer - 14 Leden, 2025 - 16:24
​Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Kategorie: Hacking & Security

Další ostrý test Direct-to-Cell od Starlinku. V Los Angeles zastoupily satelity vyhořelé pozemní stanice

Živě.cz - 14 Leden, 2025 - 16:15
** Požáry v Los Angeles uspíšily testování sítě Direct-to-Cell ** Při výpadku pozemních stanic zajistila u T-Mobile nouzové SMS ** Ostatní operátoři se odkazují na satelitní služby u iPhonů
Kategorie: IT News

DJI Flip je nový dron pro vlogery. Nechybí autopilot, detekce překážek a natáčení 4K při 100 fps

Živě.cz - 14 Leden, 2025 - 15:45
** Je to pokročilý bráška loňského DJI Neo ** Má rychlejšího autopilota a lepší kameru ** Cena s ovladačem začíná zhruba na 11 tisících
Kategorie: IT News

Microsoft 365 apps crash on Windows Server after Office update

Bleeping Computer - 14 Leden, 2025 - 15:18
​Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems. [...]
Kategorie: Hacking & Security

Chytrá váha od Alzy zlevnila na čtyři stovky. Kdysi stála více než dvakrát tolik

Živě.cz - 14 Leden, 2025 - 14:45
Alza nyní prodává chytrou diagnostickou váhu své privátní značky Siguro za 419 Kč , pokud v košíku použijete slevový kód ALZADNY30. Model s celým označením Siguro SC-S450W Smart Body Coac h byl v historii levnější jen dvakrát, kdy jej Alza nabízela za 399 Kč. Běžně se ale prodává za šest stovek a ...
Kategorie: IT News

Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason

The Register - Anti-Virus - 14 Leden, 2025 - 14:13
Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test

Updated  Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded to NPM.…

Kategorie: Viry a Červi

Europe takes a second look at Apple’s DMA compliance

Computerworld.com [Hacking News] - 14 Leden, 2025 - 14:10

The European Commission (EC) might have at last seen the sense of pulling back on some of its scrutiny of big tech, which could yet benefit Apple and Google. For many, this will be a welcome step, though critics will continue to criticize.

What’s happening, according to Reuters, is that the coming Trump presidency has “encouraged” Europe to take another look at how it is probing big US tech firms under the Digital Markets Act. The report claims the EC will review all its current probes, and that this review could affect current decisions and fines. Investigations will continue until decisions are reached, the report claims. 

Europe has not confirmed the claims, and in a subsequent statement denied its actions were under review; it said instead it was looking at resource allocation and investigation progress. “What we do have is upcoming meetings to assess maturity of cases, to assess the allocation of resources and the general readiness of the investigation,” the spokesperson said.

If the original claims are true, they do not represent the sudden onset of common sense, or any realization among the regulators that they are going too far in their attempt to create an utterly homogenized mobile ecosystem. Instead, the review has been in part prompted by the imminent Trump Administration. US tech giants have been lobbying the incoming president to challenge EU scrutiny of them.

Trump will be sworn in on Monday.

What this means for tech firms — and Apple 

The review means Europe could choose to alter the scope of the probes against tech firms, including Apple.  

All cases launched under the Digital Markets Act since March 2024 will be under review, the Reuters report claims. The review also means that all decisions and potential fines will be put on ice pending completion of the review; that’s significant, given the maximum fine that can be levied under this law is up to 10% of a company’s global annual revenue.

Any such pause would be positive news for Apple, as it gives the company an opportunity to lobby for less punitive outcomes and a more constructive compromise in which its platforms continue to provide unique features unavailable elsewhere. 

The hill Apple will likely be fighting from will include arguments concerning the privacy and security of its users; the company’s support for those values is pretty much unique at this end of the industry. It is worth noting that Apple was making arguments pertaining to such things literally years before the rest of the industry began to echo its concerns. The company’s focus on those things also lines up closely with Europe’s own views on privacy, as evidenced by GDPR.

At the very least, the review does buy Apple time to improve its business systems to better match what it now knows regulators want, without decimating its business. When dealing with any form of change, time is an advantage.

But change remains inevitable

That’s not to say Apple can stand still. The company’s senior executives are expected be in London this week, facing a class action lawsuit that argues it has, in effect, overcharged consumers for sales via the App Store. It remains unclear how Apple’s justifiable argument — that the vast majority of apps are distributed at no, or low, fees — will be understood as it argues that case. Apple faces similar action globally, and the litigation means it will have to change, even if only reluctantly.

Eager to force that change, Europe’s regulators are unlikely to slow their investigations into tech companies, but will be waiting on political direction before they decide the extent to which they will attempt enforcement.

Whatever the outcome of the review, there’s little doubt that Apple’s business continues to be exposed to the unravelling of internationalism. For example, even as the EU offers the sliver of hope that is implied by the DMA case review, the company’s problems in China continue to evolve. China is now slowing down Apple’s move to transplant parts of its supply chain parts of its supply chain elsewhere — particularly in India — with tighter export checks and limits to employee travel.

While there is no doubt that Apple CEO,Tim Cook has done excellent work in terms of managing the political complexity buffeting Apple’s business, it’s hard not to imagine he’d rather spend his own, and his company’s, time and money focusing on product development.

Follow me on social media! Join me on BlueSky,  LinkedInMastodon, or MeWe

Kategorie: Hacking & Security

Elektromobily loni v Česku posílily díky dotacím. Největší zájem byl o levné Tesly a Škodu Enyaq

Živě.cz - 14 Leden, 2025 - 13:45
Dotace loni skokově zvýšily zájem o elektromobily na českém trhu. Nejvíce z toho těžila Tesla, Škoda s modelem Enyaq obsadila třetí pozici. Prodej elektromobilů loni v Česku výrazně vzrostl. Celkem se jich podle dat Svazu dovozců automobilů prodalo 10 933, což je o 65 % více než v roce 2023. Podíl ...
Kategorie: IT News

Za ceduli z lokomotivy nebo třeba starou pivní láhev můžete dostat tisíce korun

Lupa.cz - články - 14 Leden, 2025 - 13:42
Co je pro jednoho staré harampádí, může někdo další považovat za sběratelský kousek, za který je navíc ochotný zaplatit i desetitisíce korun
Kategorie: IT News

It's not just Big Tech: The UK's Online Safety Act applies across the board

The Register - Anti-Virus - 14 Leden, 2025 - 13:15
That niche forum running for 20 years – get ready, there's work to do

Analysis  A little more than two months out from its first legal deadline, the UK’s Online Safety Act is causing concern among smaller online forums caught within its reach. The legislation, which came into law in the autumn of 2023, applies to search services and services that allow users to post content online or to interact with each other.…

Kategorie: Viry a Červi
Syndikovat obsah