RSS 생중계

Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's Access Control Service and a validation failure in the retiring Azure Active Directory Graph API. Mollema reported the vulnerabilities to Microsoft on July 14. Microsoft released a global fix three days later and found no evidence of exploitation. The vulnerabilities would have allowed attackers to impersonate any user across any Azure tenant and access all Microsoft services using Entra ID authentication. Microsoft confirmed the fixes were fully implemented by July 23 and added additional security measures in August as part of its Secure Future Initiative. The company issued a CVE on September 4.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft is adding a whole load of AI agents to Teams today, promising Copilot assistants for every channel, meeting, and community. The new agents will also work across SharePoint and Viva Engage, and are rolling out for Microsoft 365 Copilot users. Facilitator agents will now sit in on Teams meetings, creating agendas, taking notes, and answering questions. Agents can also suggest time allotments for different meeting topics -- letting participants know if they're running over -- and create documents and tasks. A mobile version is designed to be activated "with a single tap" so you can make sure the agent doesn't miss out on "a quick hallway chat or a spontaneous in-person sync." Channel agents are designed to answer questions based on a channel's previous conversations and meetings and can also generate status reports for a project the same way.

Read more of this story at Slashdot.

China's economy increasingly relies on 200 million "flexible workers" who lack formal employment contracts, pensions and urban residency permits despite comprising 25% of the national workforce and 40% of urban workers. The demographic includes 40 million day-wage factory workers and 84 million platform economy workers performing deliveries and ride-share driving. Factory gig workers average 26 years old, are 80% male, and 75-80% single and childless. These workers face systemic exclusions from urban benefits including healthcare, schooling and property ownership due to lacking urban hukou residency permits. China's Supreme Court ruled in August that workers can claim compensation from employers denying benefits, though enforcement mechanisms remain unclear. Economic data shows retail sales growth at yearly lows, continuing property price declines, and rising urban unemployment. Analysts project GDP growth potentially falling to 3% in the third quarter. Manufacturing hubs report increasing numbers of young workers sleeping in parks and under overpasses between temporary jobs.

Read more of this story at Slashdot.

If you're wondering what effect Intel's blockbuster deal with Nvidia will have on its existing product roadmaps, Intel has one message for you: it won't. PCWorld: "We're not discussing specific roadmaps at this time, but the collaboration is complementary to Intel's roadmap and Intel will continue to have GPU product offerings," an Intel spokesman told my colleague, Brad Chacos, earlier today. I heard similar messaging from other Intel representatives. Nvidia's $5 billion investment in Intel, as well as Nvidia's plans to supply RTX graphics chiplets to Intel for use in Intel's CPUs, have two major potential effects: first, it could rewrite Intel's mobile roadmap for laptop chips, because of the additional capabilities provided by those RTX chiplets. Second, the move threatens Intel's ongoing development of its Arc graphics cores, including standalone discrete GPUs as well as integrated chips. We're still not convinced that Arc's future will be left unscathed, in part because Intel's claim that it will "continue" to have GPU product offerings sounds a bit wishy-washy. But Intel sounds much more definitive on the former point, in that the mobile roadmap that you're familiar with will remain in place.

Read more of this story at Slashdot.

Google has added Gemini features to Chrome for all desktop users in the US browsing in English following a limited release to paying subscribers in May. The update introduces a Gemini button in the browser that launches a chatbot capable of answering questions about page content and synthesizing information from multiple tabs. Users can remove the Gemini sparkle icon from Chrome's interface. Google will add its AI Mode search feature to Chrome's address bar before September ends. The feature will suggest prompts based on webpage content but won't replace standard search functionality. Chrome on Android already includes Gemini features. The company plans to add agentic capabilities in coming months that would allow Gemini to perform tasks like adding items to online shopping carts by controlling the browser cursor.

Read more of this story at Slashdot.

The Federal Trade Commission and attorneys general from seven states filed an 84-page lawsuit Thursday in federal court in California against Live Nation Entertainment and its Ticketmaster subsidiary. The suit alleges the companies knowingly allow ticket brokers to use multiple accounts to circumvent purchase limits and acquire thousands of tickets per event for resale at higher prices. The FTC claims this practice violates the Better Online Ticket Sales Act and generates hundreds of millions in revenue through a "triple dip" fee structure -- collecting fees on initial broker purchases, then from both brokers and consumers on secondary market sales. FTC Chairman Andrew Ferguson cited President Trump's March executive order requiring federal protection against ticketing practices. The lawsuit arrives one month after the FTC sued Maryland broker Key Investment Group over Taylor Swift tour price-gouging and follows the Department of Justice's 2024 monopoly suit against Live Nation.

Read more of this story at Slashdot.

An anonymous reader shares a report: A software update rolling out to Samsung's Family Hub refrigerators in the US is putting ads on the fridges for the first time. The "promotions and curated advertisements" are coming despite Samsung insisting to The Verge in April that it had "no plans" to do so. Samsung is calling it a pilot program for now, which -- I kid you not -- is meant to "strengthen the value" of owning a Samsung smart fridge.

Read more of this story at Slashdot.

Chinese AI developer DeepSeek said it spent $294,000 on training its R1 model, much lower than figures reported for U.S. rivals, in a paper that is likely to reignite debate over Beijing's place in the race to develop artificial intelligence. Reuters: The rare update from the Hangzhou-based company -- the first estimate it has released of R1's training costs -- appeared in a peer-reviewed article in the academic journal Nature published on Wednesday. DeepSeek's release of what it said were lower-cost AI systems in January prompted global investors to dump tech stocks as they worried the new models could threaten the dominance of AI leaders including Nvidia. Since then, the company and founder Liang Wenfeng have largely disappeared from public view, apart from pushing out a few new product updates. [...] The Nature article, which listed Liang as one of the co-authors, said DeepSeek's reasoning-focused R1 model cost $294,000 to train and used 512 Nvidia H800 chips. Sam Altman, CEO of U.S. AI giant OpenAI, said in 2023 that what he called "foundational model training" had cost "much more" than $100 million - though his company has not given detailed figures for any of its releases.

Read more of this story at Slashdot.