RSS 생중계

Top US Oilfield Firm Halliburton Hit By Cyberattack, Source Says

Slashdot - 목, 2024/08/22 - 12:30오후
An anonymous reader quotes a report from Reuters: U.S. oilfield services firm Halliburton on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with "leading external experts" to fix the issue, a spokesperson said in an emailed statement. The attack appeared to impact business operations at the company's north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.

Read more of this story at Slashdot.

카테고리:

110K Domains Targeted in 'Sophisticated' AWS Cloud Extortion Campaign

Slashdot - 목, 2024/08/22 - 11:15오전
A sophisticated extortion campaign has targeted 110,000 domains by exploiting misconfigured AWS environment files, security firm Cyble reports. The attackers scanned for exposed .env files containing cloud access keys and other sensitive data. Organizations that failed to secure their AWS environments found their S3-stored data replaced with ransom notes. The attackers used a series of API calls to verify data, enumerate IAM users, and locate S3 buckets. Though initial access lacked admin privileges, they created new IAM roles to escalate permissions. Cyble researchers noted the attackers' use of AWS Lambda functions for automated scanning operations.

Read more of this story at Slashdot.

카테고리:

[$] LWN.net Weekly Edition for August 22, 2024

lwn.net - 목, 2024/08/22 - 10:51오전
The LWN.net Weekly Edition for August 22, 2024 is available.
카테고리:

Sonos CEO Says the Old App Can't Be Rereleased

Slashdot - 목, 2024/08/22 - 10:00오전
The old Sonos app won't be making a return to replace the buggy new version. According to Sonos CEO Patrick Spence, rereleasing the old app would make things worse now that updated software has already been sent out to the company's speakers and cloud infrastructure. The Verge reports: In a Reddit AMA response posted Tuesday, Sonos CEO Spence says that he was hopeful "until very recently" that the company could rerelease the app, confirming a report from The Verge that the company was considering doing so. [...] Since the new app was released on May 7th, Spence has issued a formal apology and announced in August that the company would be delaying the launch of two products "until our app experience meets the level of quality that we, our customers, and our partners expect from Sonos." "The trick of course is that Sonos is not just the mobile app, but software that runs on your speakers and in the cloud too," writes Spence in the Reddit AMA. "In the months since the new mobile app launched we've been updating the software that runs on our speakers and in the cloud to the point where today S2 is less reliable & less stable then what you remember. After doing extensive testing we've reluctantly concluded that re-releasing S2 would make the problems worse, not better. I'm sure this is disappointing. It was disappointing to me."

Read more of this story at Slashdot.

카테고리:

App Store VP Departs As Apple Prepares Organizational Changes

Slashdot - 목, 2024/08/22 - 8:20오전
According to Bloomberg's Mark Gurman (paywalled), App Store vice president Matt Fischer is departing the company in October as Apple prepares for organizational changes in response to regulatory pressure. MacRumors reports: Apple plans to split its App Store group into two teams, one that handles the App Store and a second team that oversees alternative app distribution. As of earlier this year, Apple has supported iOS app downloads from alternative app stores and from websites in the European Union, a change that the company had to make to comply with the Digital Markets Act. To handle ongoing compliance with EU regulations for app distribution and alternative payment methods, App Store chief Phil Schiller is changing the App Store's hierarchy. Fischer joined Apple in 2003 to oversee iTunes marketing, but he has served as the vice president of the App Store since 2010. In an email to Apple employees today, Fischer said that he had been thinking about leaving Apple for some time, and the reorganization provided the right opportunity. With Fischer leaving, App Store senior director Carson Oliver will oversee the App Store, and Ann Thai, a director who oversees App Store features, will head up the team that handles alternative app distribution.

Read more of this story at Slashdot.

카테고리:

Google Agrees To $250 Million Deal To Fund California Newsrooms, AI

Slashdot - 목, 2024/08/22 - 7:40오전
Google has reached a groundbreaking deal with California lawmakers to contribute millions to local newsrooms, aiming to support journalism amid its decline as readers migrate online and advertising dollars evaporate. The agreement also includes a controversial provision for artificial intelligence funding. Politico reports: California emulated a strategy that other countries like Canada have used to try and reverse the journalism industry's decline as readership migrated online and advertising dollars evaporated. [...] Under the deal, the details of which were first reported by POLITICO on Monday, Google and the state of California would jointly contribute a minimum of $125 million over five years to support local newsrooms through a nonprofit public charity housed at UC Berkeley's journalism school. Google would contribute at least $55 million, and state officials would kick in at least $70 million. The search giant would also commit $50 million over five years to unspecified "existing journalism programs." The deal would also steer millions in tax-exempt private dollars toward an artificial intelligence initiative that people familiar with the negotiations described as an effort to cultivate tech industry buy-in. Funding for artificial intelligence was not included in the bill at the core of negotiations, authored by Assemblymember Buffy Wicks. The agreement has drawn criticism from a journalists' union that had so far championed Wicks' effort. Media Guild of the West President Matt Pearce in an email to union members Sunday evening said such a deal would entrench "Google's monopoly power over our newsrooms." "This public-private partnership builds on our long history of working with journalism and the local news ecosystem in our home state, while developing a national center of excellence on AI policy," said Kent Walker, chief legal officer for Alphabet, the parent company of Google. Media Guild of the West President Matt Pearce wasn't so chipper. He criticized the plan in emails with union members, calling it a "total rout of the state's attempts to check Google's stranglehold over our newsrooms."

Read more of this story at Slashdot.

카테고리:

IT Tycoon Mike Lynch, Daughter Hannah Found Dead

Slashdot - 목, 2024/08/22 - 7:04오전
In a tragic update to Monday's story, authorities have recovered the bodies of former Autonomy CEO Mike Lynch and his teenage daughter Hannah. The Register reports: Italian divers are said to have found the billionaire father and his daughter, 18, inside one of the sunken vessel's cabins, according to The Telegraph. The capsized ship presently rests 49 meters below the surface, about half a mile from the coast. [...] Angela Bacares, Lynch's wife, was rescued at sea and is recovering. Canadian Broadcasting Company News has reported that the body of Recaldo Thomas, a Canadian-born man who resided in Antigua and served as the ship's cook, has been recovered. Other missing individuals have been identified by The Independent as: Christopher Morvillo, a lawyer who had represented Lynch and wife Neda Morvillo; Jonathan Bloomer, chairman of investment bank Morgan Stanley International and wife Judy Bloomer. The Register has published an obituary for Mike Lynch.

Read more of this story at Slashdot.

카테고리:

Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data

Slashdot - 목, 2024/08/22 - 6:20오전
An anonymous reader quotes a report from Dark Reading: Researchers have exploited a vulnerability in Microsoft's Copilot Studio tool allowing them to make external HTTP requests that can access sensitive information regarding internal services within a cloud environment -- with potential impact across multiple tenants. Tenable researchers discovered the server-side request forgery (SSRF) flaw in the chatbot creation tool, which they exploited to access Microsoft's internal infrastructure, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances, they revealed in a blog post this week. Tracked by Microsoft as CVE-2024-38206, the flaw allows an authenticated attacker to bypass SSRF protection in Microsoft Copilot Studio to leak sensitive cloud-based information over a network, according to a security advisory associated with the vulnerability. The flaw exists when combining an HTTP request that can be created using the tool with an SSRF protection bypass, according to Tenable. "An SSRF vulnerability occurs when an attacker is able to influence the application into making server-side HTTP requests to unexpected targets or in an unexpected way," Tenable security researcher Evan Grant explained in the post. The researchers tested their exploit to create HTTP requests to access cloud data and services from multiple tenants. They discovered that "while no cross-tenant information appeared immediately accessible, the infrastructure used for this Copilot Studio service was shared among tenants," Grant wrote. Any impact on that infrastructure, then, could affect multiple customers, he explained. "While we don't know the extent of the impact that having read/write access to this infrastructure could have, it's clear that because it's shared among tenants, the risk is magnified," Grant wrote. The researchers also found that they could use their exploit to access other internal hosts unrestricted on the local subnet to which their instance belonged. Microsoft responded quickly to Tenable's notification of the flaw, and it has since been fully mitigated, with no action required on the part of Copilot Studio users, the company said in its security advisory. Further reading: Slack AI Can Be Tricked Into Leaking Data From Private Channels

Read more of this story at Slashdot.

카테고리:

Rotten Tomatoes Introduces a New Audience Rating For People Who Actually Bought a Ticket

Slashdot - 목, 2024/08/22 - 5:40오전
Rotten Tomatoes and Fandango are rolling out a new "Verified Hot" rating for users who actually bought a ticket to the movie being reviewed. "The designation is only given to theatrical movies that have reached an audience score above 90 percent among user ratings," adds IndieWire. From the report: Movie ticketing app Fandango is the parent company to Rotten Tomatoes, so if you bought your ticket through Fandango and then rated a movie using that same user info on Rotten Tomatoes, RT is able to confirm you bought a ticket and can filter out anyone else who may just be rating things blindly. A rep for RT tells IndieWire the goal is to work with other partners so that other people who don't use Fandango can still be considered verified. Rotten Tomatoes also expanded its Popcornmeter designations. Anything with an audience score above 60 percent of people rating it as 3.5 stars or higher will be labeled "Hot," and movies below that 60 percent threshold are now "Stale." The "Certified Fresh" badge for movies that achieve a strong enough critics score has been around for a while, but in 2020 RT introduced a "Top Critics" feature such that you could filter out the dozens or hundreds of aggregated critics from unreliable sources who could be skewing a film's score. Anyone can vote or rate movies on Rotten Tomatoes if you're an audience member, but you can also filter out ratings from those not considered "verified." Rotten Tomatoes made some other tweaks too under the hood: Both the Popcornmeter and Tomatometer need to meet a new minimum number of reviews published for a score to appear. Not everything gets reviewed widely, so the threshold varies depending on a film's total projected domestic box office forecast. A full list of "Verified Hot" films can be found here.

Read more of this story at Slashdot.

카테고리:

Intel Discontinues High-Speed, Open-Source H.265/HEVC Encoder Project

Slashdot - 목, 2024/08/22 - 5:00오전
Phoronix's Michael Larabel reports: As part of Intel's Scalable Video Technology (SVT) initiative they had been developing SVT-HEVC as a BSD-licensed high performance H.265/HEVC video encoder optimized for Xeon Scalable and Xeon D processors. But recently they've changed course and the project has been officially discontinued. [...] The SVT-AV1 project a while ago was already punted to the Alliance for Open Media (AOMedia) project and one of its lead maintainers having joined Meta from Intel two years ago. SVT-AV1 continues excelling great outside the borders of Intel but SVT-HEVC (and SVT-VP9) have remained Intel open-source projects but at least officially SVT-HEVC has ended. SVT-HEVC hadn't seen a new release since 2021 and there are already several great open-source H.265 encoders out there like x265 and Kvazaar. But as of a few weeks ago, SVT-HEVC upstream is now discontinued. The GitHub repository was put into a read-only state [with a discontinuation notice]. Meanwhile SVT-VP9 doesn't have any discontinuation notice at this time. The SVT-VP9 GitHub repository remains under Intel's Open Visual Cloud account although it hasn't seen any new commits in four months and the last tagged release was back in 2020.

Read more of this story at Slashdot.

카테고리:

Google Can't Defend Shady Chrome Data Hoarding As 'Browser Agnostic,' Court Says

Slashdot - 목, 2024/08/22 - 4:22오전
An anonymous reader quotes a report from Ars Technica: Chrome users who declined to sync their Google accounts with their browsing data secured a big privacy win this week after previously losing a proposed class action claiming that Google secretly collected personal data without consent from over 100 million Chrome users who opted out of syncing. On Tuesday, the 9th US Circuit Court of Appeals reversed (PDF) the prior court's finding that Google had properly gained consent for the contested data collection. The appeals court said that the US district court had erred in ruling that Google's general privacy policies secured consent for the data collection. The district court failed to consider conflicts with Google's Chrome Privacy Notice (CPN), which said that users' "choice not to sync Chrome with their Google accounts meant that certain personal information would not be collected and used by Google," the appeals court ruled. Rather than analyzing the CPN, it appears that the US district court completely bought into Google's argument that the CPN didn't apply because the data collection at issue was "browser agnostic" and occurred whether a user was browsing with Chrome or not. But the appeals court -- by a 3-0 vote -- did not. In his opinion, Circuit Judge Milan Smith wrote that the "district court should have reviewed the terms of Google's various disclosures and decided whether a reasonable user reading them would think that he or she was consenting to the data collection." "By focusing on 'browser agnosticism' instead of conducting the reasonable person inquiry, the district court failed to apply the correct standard," Smith wrote. "Viewed in the light most favorable to Plaintiffs, browser agnosticism is irrelevant because nothing in Google's disclosures is tied to what other browsers do." Smith seemed to suggest that the US district court wasted time holding a "7.5-hour evidentiary hearing which included expert testimony about 'whether the data collection at issue'" was "browser-agnostic." "Rather than trying to determine how a reasonable user would understand Google's various privacy policies," the district court improperly "made the case turn on a technical distinction unfamiliar to most 'reasonable'" users, Smith wrote. Now, the case has been remanded to the district court where Google will face a trial over the alleged failure to get consent for the data collection. If the class action is certified, Google risks owing currently unknown damages to any Chrome users who opted out of syncing between 2016 and 2024. According to Smith, the key focus of the trial will be weighing the CPN terms and determining "what a 'reasonable user' of a service would understand they were consenting to, not what a technical expert would."

Read more of this story at Slashdot.

카테고리:

Microplastics Are Infiltrating Brain Tissue, Studies Show

Slashdot - 목, 2024/08/22 - 3:10오전
A growing body of scientific evidence shows that microplastics are accumulating in critical human organs, including the brain, leading researchers to call for more urgent actions to rein in plastic pollution. From a report: Studies have detected tiny shards and specks of plastics in human lungs, placentas, reproductive organs, livers, kidneys, knee and elbow joints, blood vessels and bone marrow. Given the research findings, "it is now imperative to declare a global emergency" to deal with plastic pollution, said Sedat Gundogdu, who studies microplastics at Cukurova University in Turkey. Humans are exposed to microplastics -- defined as fragments smaller than 5mm in diameter -- and the chemicals used to make plastics from widespread plastic pollution in air, water and even food. The health hazards of microplastics within the human body are not yet well-known. Recent studies are just beginning to suggest they could increase the risk of various conditions such as oxidative stress, which can lead to cell damage and inflammation, as well as cardiovascular disease. Animal studies have also linked microplastics to fertility issues, various cancers, a disrupted endocrine and immune system, and impaired learning and memory.

Read more of this story at Slashdot.

카테고리:

"Something has gone seriously wrong," dual-boot systems warn after Microsoft update (Ars Technica)

lwn.net - 목, 2024/08/22 - 3:03오전

Ars Technica covers a recent update that is causing problems for users with systems that dual-boot Windows and Linux.

"Note that Windows says this update won't apply to systems that dual-boot Windows and Linux," one frustrated person wrote. "This obviously isn't true, and likely depends on your system configuration and the distribution being run. It appears to have made some linux efi shim bootloaders incompatible with microcrap efi bootloaders (that's why shifting from MS efi to 'other OS' in efi setup works). It appears that Mint has a shim version that MS SBAT doesn't recognize."

The reports indicate that multiple distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux, are all affected. Microsoft has yet to acknowledge the error publicly, explain how it wasn't detected during testing, or provide technical guidance to those affected. Company representatives didn't respond to an email seeking answers.

카테고리:

Linux Market Share Hits Record High

Slashdot - 목, 2024/08/22 - 2:33오전
bobdevine writes: The Linux operating system has reached a notable milestone in desktop market share, according to the latest data from StatCounter. As of July 2024, Linux has achieved a 4.45% market share for desktop operating systems worldwide. While this percentage might seem small to those unfamiliar with the operating system landscape, it represents a significant milestone for Linux and its dedicated community. What makes this achievement even more thrilling is the upward trajectory of Linux's adoption rate.

Read more of this story at Slashdot.

카테고리:

Górny: Gentoo: profiles and keywords rather than releases

lwn.net - 목, 2024/08/22 - 2:31오전

Gentoo developer Michał Górny has written a lengthy blog post that explains how Gentoo approaches releases:

Gentoo is something of a hybrid, as it combines the best of both worlds. It is a rolling release distribution with a single shared repository that is available to all users. However, within this repository we use a keywording system to provide a choice between stable and testing packages, to facilitate both production and development systems (with some extra flexibility), and versioned profiles to tackle major lock-step upgrades.
카테고리:

South Africa's Telco Industry Calls For Tech Firms To Help Fund Infrastructure

Slashdot - 목, 2024/08/22 - 1:44오전
South Africa's telecoms industry body is pushing for digital content and service providers to help pay for the roll out of network infrastructure because they generate a huge part of the internet traffic. From a report: The Association of Comms and Technology (ACT) CEO Nomvuyiso Batyi said that the revenues generated by over-the-top (OTT) platforms and the continued success of the OTT model was dependent on the availability of high-quality, reliable and efficient network infrastructure. So "what we're saying is that the OTTs should contribute towards the network upgrades, the network building," she added. OTT platforms or services deliver digital content such as video, audio and messaging directly to consumers over the internet. "Fair share" arrangements ensure that OTT providers contribute to the costs of building, maintaining, and upgrading the infrastructure that supports their business.

Read more of this story at Slashdot.

카테고리:

CrowdStrike Unhappy With 'Shady Commentary' From Competitors After Outage

Slashdot - 목, 2024/08/22 - 1:10오전
CrowdStrike's president hit out at "shady" efforts by its cyber security rivals to scare its customers and steal market share in the month since its botched software update sparked a global IT outage. From a report: Michael Sentonas told the Financial Times that attempts by competitors to use the July 19 disruption to promote their own products were "misguided." After criticism from rivals including SentinelOne and Trellix, the CrowdStrike executive said no vendor could "technically" guarantee that their own software would never cause a similar incident. "Our industry is built on trust," Sentonas said. For rivals to take advantage of the meltdown to push their own products "lets themselves down because, ultimately, people know really quickly fact from, possibly, some shady commentary." Texas-based CrowdStrike had a reputation as many major companies' first line of defense against cyber attacks, but the high-profile nature of its clients exacerbated the impact of July's global disruption that shut down 8.5 million Windows devices. Insurers have estimated that losses from the disruption, which grounded flights and shut down hospital systems, could run into billions of dollars. Delta Air Lines, which canceled more than 6,000 flights, has estimated that the outages will cost it $500 million and has threatened litigation.

Read more of this story at Slashdot.

카테고리:

[$] Modernizing openSUSE installation with Agama

lwn.net - 목, 2024/08/22 - 12:37오전

Linux installers receive a disproportionate amount of attention compared to the amount of time that most users spend with them. Ideally, a user spends only a few minutes using the installer, versus years using the distribution after it is installed. Yet, the installer sets the first impression, and if it fails to do its job, little else matters. Installers also have to continually evolve to keep pace with new hardware, changes in distribution packaging (such as image-based Linux distributions), and so forth. Along those lines, the SUSE team that maintains the venerable YaST installer has decided it's time to start (almost) fresh with a new Linux installer project, called Agama, for new projects. YaST is not going away as an administration tool, but it is likely to be relieved of installer duties at some point.

카테고리:

US Feds Are Tapping a Half-Billion Encrypted Messaging Goldmine

Slashdot - 목, 2024/08/22 - 12:20오전
An anonymous reader shares a report: U.S. agencies are increasingly accessing parts of a half-billion encrypted chat message haul that has rocked the global organized crime underground, using the chats as part of multiple drug trafficking prosecutions, according to a 404 Media review of U.S. court records. In particular, U.S. authorities are using the chat messages to prosecute alleged maritime drug smugglers who traffic cocaine using speedboats and commercial ships. The court records show the continued fallout of the massive hack of encrypted phone company Sky in 2021, in which European agencies obtained the intelligence goldmine of messages despite Sky being advertised as end-to-end encrypted. European authorities have used those messages as the basis for many prosecutions and drug seizures across the continent. Now, it's clear that the blast radius extends to the United States.

Read more of this story at Slashdot.

카테고리:

Slack AI Can Be Tricked Into Leaking Data From Private Channels

Slashdot - 수, 2024/08/21 - 11:48오후
Slack AI, an add-on assistive service available to users of Salesforce's team messaging service, is vulnerable to prompt injection, according to security firm PromptArmor. From a report: The AI service provides generative tools within Slack for tasks like summarizing long conversations, finding answers to questions, and summarizing rarely visited channels. "Slack AI uses the conversation data already in Slack to create an intuitive and secure AI experience tailored to you and your organization," the messaging app provider explains in its documentation. Except it's not that secure, as PromptArmor tells it. A prompt injection vulnerability in Slack AI makes it possible to fetch data from private Slack channels.

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기