Tech

Immersive Los Angeles Lakers Games Coming to Vision Pro on January 9

Immersive Los Angeles Lakers Games Coming to Vision Pro on January 9

Apple Vision Pro owners will be able to watch live basketball games in the Apple Immersive format starting on Friday, January 9, Apple said today.


Apple is partnering with Spectrum to air Los Angeles Lakers games in 3D in the Spectrum SportsNet and NBA apps. The Apple Immersive basketball games will be available to Vision Pro users in the Lakers' regional broadcast territory, which includes Southern California, Hawaii, and parts of southern Nevada. Viewers will need Spectrum internet or a provider with a package that includes Spectrum SportsNet.

For ‌Apple Vision Pro‌ users in other areas, Apple Immersive replays and highlights will be available nationwide and in select international markets where the Vision Pro is available (Canada, China, Hong Kong, and Taiwan will not have access). The first game replay will be available on Sunday, January 11. Replays are watchable by any ‌Apple Vision Pro‌ user with a free NBA ID.

Apple says that the Spectrum Front Row Apple Immersive experience features a feed of up to 150Mb/s with seven unique viewing angles. Views include the scorer's table, the area beneath each basket, a high-and-wide view of the arena, the player tunnel, the broadcast booth, and a roaming courtside perspective for interviews and commentary from Mark Rogondino and former Lakers forward Danny Green.

Viewers will be able to watch each pass, shot, and block up close, with in-game graphics like player rosters, shot clocks, and scores in 3D as if they're floating right in front of the viewer. Spatial Audio will make viewers feel as if they're watching right from the court.

Apple Immersive Lakers games will air on January 9, February 5, February 20, March 5, March 10, and March 30, with times and a full schedule available on Apple's website.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Buy Now)Related Forum: Apple Vision Pro
This article, "Immersive Los Angeles Lakers Games Coming to Vision Pro on January 9" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 5Jan 5

Several countries investigate Elon Musk’s Grok after sexualized deepfakes on women and children

Several countries investigate Elon Musk’s Grok after sexualized deepfakes on women and children

France and Malaysia have launched investigations against Elon Musk’s AI chatbot Grok, after it generated sexualized deepfakes of women and minors, Techcrunch reports.
India has also demanded that X restrict Grok’s ability to generate “obscene, pornographic or pedophilic” images within 72 hours, or risk losing its legal protection against user-generated content.
Grok, developed by Musk’s company xAI and hosted on the X (formerly Twitter) platform, has published a message in which it “apologizes” for creating and sharing an AI image of two girls aged 12-16 in sexual poses.
However, critics say that a system like Grok cannot be held truly accountable, making the apology meaningless. Elon Musk writes on X that users who produce illegal content through Grok will be treated as if they uploaded it themselves.
More on deepfakes:
How and why deepfake videos work — and what is at risk The deepfake threat just got a little more personal Deepfakes break through as business threat


View the full article

• 0 comments
• 36 views

CSOonline

January 5Jan 5

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week. KimwolfView the full article

• 0 comments
• 39 views

Hacker News

January 5Jan 5

What to Expect From the Apple Card This Year

What to Expect From the Apple Card This Year

2026 could finally be the year that the Apple Card receives a new financial partner, and this could lead to some changes for cardholders.


As a refresher, the Apple Card launched in 2019, and it remains available in the U.S. only. The credit card can be managed in the iPhone's Wallet app, with key benefits including color-coded spending summaries, no fees, and Daily Cash cash back paid out daily. Apple Card holders can also open a high-yield savings account.

In July, The Wall Street Journal reported that Chase Bank parent company JPMorgan was in "advanced talks" with Apple about replacing Goldman Sachs as the Apple Card's partner bank. Goldman Sachs has been gradually winding down its consumer lending business, following billions of dollars in losses, and Apple is reportedly willing to let them out of a contract that is otherwise supposed to run until 2030.

Barclays and Synchrony were also reportedly in talks to become the Apple Card's new financial partner, but it is unclear if those companies are still in the running. As for the Apple Card's payment network, it had been reported that Visa and American Express had expressed interest in taking over for Mastercard.

If the Apple Card does get a new financial partner, there could be updates to the card's features, policies, interest rates, customer service processes, and more.

Chase Bank does not currently offer a high-yield savings account, so it is unclear what would happen to the Apple Card's savings account if they take over the credit card. Apple Card holders are currently being offered a 3.65% APY.

You can apply for an Apple Card on Apple's website.Tag: Apple Card
This article, "What to Expect From the Apple Card This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 5Jan 5

CES 2026: Anker Unveils New Qi2 Charger, Nano Power Strip, and Docking Station

CES 2026: Anker Unveils New Qi2 Charger, Nano Power Strip, and Docking Station

Anker today announced several new charging options that are set to start rolling out to customers in January. There are three products in the Nano family, along with a new Anker multi-device charging station designed for the iPhone and Apple Watch.


The $150 Anker Prime Wireless Charging Station offers 25W Qi2 fast charging for supported ‌iPhone‌ models, matching the speeds delivered through MagSafe. It can charge an iPhone 17 to 80 percent in 55 minutes. There is an included airflow cooling system that's meant to keep temperatures low to make charging more efficient, and the charger has a foldable design for travel. It is able to charge an ‌iPhone‌, Apple Watch, and AirPods.

Anker says its new $40 45W Nano Charger is able to identify an ‌iPhone‌ model and then provide the appropriate amount of power for fast charging while protecting battery health. The special charging reduces phone battery temperature by nine degrees compared to other 45W chargers. It has a built-in smart display and a 180-degree foldable plug for travel and to ensure the screen always faces you regardless of plug orientation.


The $70 Anker Nano Power Strip features six AC outlets, two USB-A ports, and two USB-C ports, with 70W max available from either of the USB-C ports. Anker says that the power strip is meant to keep desks clutter-free thanks to the hidden AC outlets that tuck under a desk.


Anker's $150 Nano Docking Station has a built-in removable hub so some of the functionality is available while on the go. It supports three displays with up to a 4K resolution over DisplayPort and HDMI, and it offers 100W charging and 10Gb/s data transfer.


There are two USB-C ports, three USB-A ports, an Ethernet port, a DisplayPort, an SD card slot, a microSD card slot, an audio jack, and two HDMI ports.

The Nano Docking Station is available now from the Anker website. The 45W Nano Charger and Nano Power Strip will launch in late January, while the Prime Wireless Charging Station will launch in the first quarter of 2026.Tags: Anker, CES 2026
This article, "CES 2026: Anker Unveils New Qi2 Charger, Nano Power Strip, and Docking Station" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 5Jan 5

CES 2026: Anker Unveils Soundcore Sleep Earbuds, Eufy HomeKit Smart Lock and More

CES 2026: Anker Unveils Soundcore Sleep Earbuds, Eufy HomeKit Smart Lock and More

Anker is showing off a long list of new products under its Eufy and Soundcore brands at CES 2026, ranging from new camera options to new sleep buds.


The $300 Matter-enabled Smart Lock E40 is able to integrate with Apple Home, and it offers 3D face recognition for unlocking a door with a facial scan. It includes a 2K HD camera so it doubles as a security camera complete with night vision and wide-angle coverage. There is a 15,000 mAh main battery in the E40, and an 800 mAh backup battery.

The $280 Video Doorbell S4 is equipped with OmniTrack technology to detect and track people, adjusting the zoom to keep visitors in frame as they approach the door. It features a 180-degree horizontal and vertical field-of-view for panoramic surveillance, and the 3K camera allows for monitoring from up to 26 feet away.


Eufy's $200 Solar Wall Light Cam S4 offers 4K color night vision and an f/1.6 lens for clear images even in low light. The camera can be adjusted vertically by up to 45 degrees to eliminate blind spots, and it can be charged with a 2W solar panel or a 10,000 mAh battery. Multiple lighting modes are available, including daily lighting, security lighting, and festive lighting.


Under the Soundcore brand, Anker is debuting the $180 AeroFit 2 Pro, which it describes as dual-form earbuds that allow for open-ear listening and Active Noise Cancellation in one product. The earbuds are designed to cut down on noise in loud environments while still allowing users to remain aware of their surroundings.


The $200 Soundcore Sleep A30 Special earbuds feature a triple noise reduction system that blends Active Noise Cancellation, passive isolation, and adaptive snore masking to cut down on sleep interruptions. Anker is partnering with Calm to make Calm Sleep Stories available through the Soundcore app.


Anker's AeroFit 2 Pro and Sleep A30 Special earbuds are available from the Soundcore website starting today.

The Smart Lock E40 is launching in the first quarter of 2026 at Home Depot, while the Video Doorbell S4 and the Solar Wall Light Cam S4 will be available from the Eufy website in the first quarter.Tags: Anker, CES 2026, Soundcore
This article, "CES 2026: Anker Unveils Soundcore Sleep Earbuds, Eufy HomeKit Smart Lock and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 5Jan 5

Get $100 Off iPad Mini 7 in New Sale, Starting at $399

Get $100 Off iPad Mini 7 in New Sale, Starting at $399

Amazon and Best Buy have a few discounts on the iPad mini 7 for the New Year, starting at $399.00 for the 128GB Wi-Fi tablet, down from $499.00. You'll also find a few deals on cellular models during this sale.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Additionally, you can get the 256GB Wi-Fi iPad mini 7 for $499.00 and the 512GB Wi-Fi iPad mini 7 for $699.00, both $100 discounts and available in multiple colors. These sales are all solid second-best prices on the iPad mini 7.

$100 OFF128GB Wi-Fi iPad mini 7 for $399.00
$100 OFF256GB Wi-Fi iPad mini 7 for $499.00
$100 OFF512GB Wi-Fi iPad mini 7 for $699.00

Deals on cellular models are a bit rarer on Amazon, with one color of the 128GB cellular iPad mini 7 on sale for $549.00 and a few colors of the 256GB cellular iPad mini 7 on sale for $649.00, both $100 off. Best Buy has more options for cellular models, with nearly every device on sale at $100 off this week.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get $100 Off iPad Mini 7 in New Sale, Starting at $399" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 5Jan 5

Apple Pencil Pro Hits New Record Low Price of $92.97 on Amazon

Apple Pencil Pro Hits New Record Low Price of $92.97 on Amazon

Amazon today discounted the Apple Pencil Pro to $92.97, down from $129.00. This is a new record low price on the Apple Pencil Pro that beats the previous low by about $2.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

The Apple Pencil Pro is compatible with the M4 and M5 iPad Pro, M2 and M3 iPad Air, and the A17 Pro iPad mini. Right now, only Amazon is providing this best-ever price on the stylus accessory, and it could disappear fast so be sure to check it out if you didn't pick one up over the holidays.

$35 OFFApple Pencil Pro for $92.97

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Apple Pencil Pro Hits New Record Low Price of $92.97 on Amazon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 5Jan 5

How the Organizational Risk Culture Standard can supercharge your cybersecurity culture

How the Organizational Risk Culture Standard can supercharge your cybersecurity culture

You don’t lose most cyber battles to code. You lose them to culture: A rushed approval. A silent near-miss. A leader who shrugs at weak signals.
Tools don’t fix that. People do, when they understand risk, own it and act with discipline under pressure. That is what the Organizational Risk Culture Standard (ORCS) gives you: A way to turn good intentions into daily behavior that defends trust.
Cyber threats move fast. Your policies don’t. You work in VUCAD conditions: volatile, uncertain, complex, ambiguous and digitized. Static models lag. Judgment wins. Risk culture equips your team to interpret change, adjust in the moment and act with integrity when facts are partial and time is short.
Why you need risk culture in cyber
Most post-mortems trace back to the exact cause: human drift. Someone knew but stayed quiet. Another acted alone. The solution isn’t more rules; it’s a mindset that sees risk as everyone’s job. Risk culture aligns values, incentives and decisions, reinforced by transparent governance. In VUCAD conditions, it shifts behavior from blind compliance to fast, ethical judgment, replacing box-ticking with honesty, accountability and informed action when it matters most.
Two payoffs stand out. First, faster detection through open reporting and psychological safety. Second, better choices under ambiguity because you balance taking risk with controlling it, which the standard calls dynamic risk equilibrium.
The 10 dimensions, translated for cybersecurity
The ORCS framework defines ten dimensions. Treat them as a system. Each one is distinct; together they are complete.
Leadership & governance. Leaders set the tone, model the behavior and anchor accountability. If leaders treat cyber as only an IT issue, everyone else will, too. When leaders make risk-informed decisions visible, people copy them. Risk intelligence & adaptive elasticity. You read the environment and counter bias and stretch without breaking. In cyber, that means tuning playbooks to signals, not templates. You pivot while maintaining integrity and alignment. Ethics & values. Under real pressure, values decide. Clear principles stop corner-cutting, concealment and blame games when an incident bites. Intuitive and analytical decision-making. You blend instinct and evidence. Triaging alerts needs speed; approving data-sharing exceptions need rigor. Great teams shift gears without drama. Risk appetite, tolerance and acceptance. You draw the lines before the crisis. Which risks you pursue, which you cap and what you consciously accept. This removes guesswork and weak compromises at 2 a.m. Communication & transparency. People speak up early. Near-misses get surfaced and studied. Leaders share not only the what, but the why so the organization can act as one. Technology & process integration. Systems should amplify judgment, not replace it. Embed risk checks into workflows, dashboards and alerts so that doing the right thing is the easy path. People development & engagement. You teach cyber risk like a language. You build competence, confidence and ownership at every level. You reward proactive reporting and ethical decisions, not heroics. Alignment with frameworks. You map culture to standards such as ISO 31000, COSO ERM, NIST, FAIR and/or ISO 27001 and keep alignment alive as laws and expectations shift. It shows credibility and keeps practice grounded. Change management, sustainability & continuous learning. You treat culture as a product with releases, telemetry and upgrades. You monitor, adjust and reinforce until habits stick. Case study: The global manufacturer’s cultural stress test
A global manufacturer spotted odd downtime in a supplier’s system and chose to treat it as a test of culture, not competence. The CEO’s message was simple: learn, don’t blame. Teams mixed data with gut instinct, warned the supplier early and acted within agreed risk limits. Regular updates built trust, while integrated tools helped people make sound calls fast. Afterward, both firms reviewed what worked, mapped fixes to ISO and NIST and shared lessons openly. The supplier later uncovered ransomware that had been contained before release, proof that a strong risk culture turns tension into trust and pressure into progress.
These dimensions are not posters. They are levers you pull every week.
The culture maturity path: From reactive to ‘presilient’
ORCS describes five maturity levels that map cleanly to cyber realities.
Forget buzzwords. You need a ladder, not a slogan.
Level 1 — Ad hoc: Heroics, silos and surprise. Level 2 — Developing: Pockets of progress; behavior uneven. Level 3 — Intermediate: Roles defined, leaders walking the talk. Level 4 — Advanced: Proactive learning, open reporting. Level 5 — High-performing: Presilience, adaptation without drama. A global manufacturer raised overall risk maturity by focusing on moving weaker sites from level 2 to level 3, rather than chasing perfection.
Don’t jump levels. Build the muscles in sequence.
Embed the framework into cyber operations
Diagnose the baseline. Blend data with stories: use pulse surveys, focused interviews and artifact reviews. Spot silence on near-misses, track how fast risk travels and reveal where incentives clash with values.
Define risk appetite and tolerance for cyber. Set clear limits on data loss, downtime and third-party risk. Give leaders short, usable statements. Define and document boundaries so teams act consistently.
Design reinforcement systems. Bake cultural checks into governance. Add a “risk culture” section to risk committee packs. Require a short ethics note on material exceptions. Tie role descriptions and performance criteria to ownership, reporting and follow-through. People mirror what you measure.
Develop people and align incentives. Train judgment, not just controls. Run red-team tabletop exercises that test psychological safety as much as response time. Recognize those who surface fragile truths early. Avoid perverse incentives that reward short-term wins at the cost of trust.
Drive continuous feedback. Build a feedback architecture: data → reflection → dialogue → redesign. After incidents and near-misses, run brief learning reviews that focus on conditions, not culprits. Share the lessons widely. Retire rituals that don’t move behavior.
Done well, risk culture stops being a memo and becomes muscle memory. One construction case from the standard shows how embedded roles, shared language and system alerts kept projects on track after a sudden supplier collapse. That is culture in motion, not wishful thinking.
Measure what matters: KCIs for cyber risk culture
If you can’t see culture, you can’t steer it. Build a short set of key cultural indicators (KCIs) that leaders will read and teams can influence.
Speak-up rate. Percentage of staff who reported a suspected phishing email, control gap or near-miss this quarter. Rising is good; apathy is silent. Time to truth. Median time from detection to disclosure to the proper forum. Faster beats perfect. Ethical confidence index. Brief survey signal on “I feel safe raising risk concerns” and “My leaders act consistently with stated values.” Leadership risk messaging. Count of substantive communications from executives that explain cyber trade-offs, appetite and lessons learned. Exception hygiene. Share of exceptions with clear ethical rationale, expiry and owner. Layer these with the maturity scales in each dimension. Track progression by dimension, not just in the aggregate. Publish the trend. Use it in your board story, alongside familiar KRIs and technical metrics, so culture and control sit side by side. That’s how you turn measurement into momentum.
A financial company published these alongside its patching stats. At first, investors raised eyebrows. Six months later, regulators called it exemplary transparency.
Make it stick: From projects to habits
Culture fails when it lives in launch decks. It sticks when people feel two things: clarity and consequence. Clarity comes from leaders who model the behavior and name the trade-offs out loud. Consequence comes from systems that reward what you want and make the wrong path hard.
Culture changes when lessons become reflexes: small, repeated actions that outlast the project plan. The companies that sustain high performance do one thing differently: they balance three cultural mindsets instead of leaning on just one.
Compliance gives structure and discipline to meet standards and follow the rules. It keeps the floor steady. Resilience accepts that things will go wrong and prepares people to recover fast, protecting trust when pressure hits. Presilience goes a step further. It builds foresight into the system, turning prevention and innovation into daily practice.
True strength lies between compliance, resilience and presilience, where rules guide, recovery is natural and foresight continually drives progress.
Make it stick by rewarding these everyday choices: the engineer who flags a weak control before it fails, the manager who turns a near-miss into a learning story, the board that asks, “What’s our next opportunity hidden inside this risk?” That’s how culture shifts from program to pattern and performance becomes sustainable.
Adopt a simple rhythm:
Quarterly: Refresh your culture dash; review signals and stories. Monthly: Spotlight a lesson learned; show the change it drove. Weekly: Ask one risk culture question in every leadership stand-up. Daily: Embed tiny friction, checklists, prompts and default settings that nudge the right action at the right moment. Tie it all to presilience, the capacity to anticipate, adapt and advance. You earn trust when you act fast and fair under stress. That trust outlasts the incident. It compounds.
Common traps and how to avoid them
Policy theater. Lots of documents, little behavior. Fix by testing policies through live simulations and learning reviews. Retire the brittle ones.
Fear-based messaging. Fear spikes activity, then breeds avoidance. Replace it with clear appetite, ethical anchors and practical guidance.
Metric overload. Fifteen dashboards, no decisions. Choose a small set of KCIs and KRIs that leaders can explain without notes.
Tech worship. Tools matter, but judgment rules. Train bias awareness. Pair automation with human checks where the stakes are high.
One-and-done change. Culture erodes without reinforcement. Use the maturity model to plan the next level and resource it.
Your first 90 days
Days 1–30. Run a crisp baseline: short survey, six interviews, artifact scan. Identify three behavior chokepoints where risk signals die. Publish one page on findings.
Days 31–60. Set cyber risk appetite and tolerance in plain language. Add culture questions to risk committee packs. Pilot two micro-nudges in priority workflows.
Days 61–90. Launch a leader-led learning ritual after incidents and near-misses. Add KCIs to the monthly cyber dashboard. Recognize two teams for raising challenging issues early.
A manufacturing group did precisely this. By day 90, the average incident disclosure time dropped from 9 days to 2. Nothing fancy; just culture, clarified.
Keep it public. Keep it human. Keep it moving.
The payoff you can take to the board
When you embed the Organizational Risk Culture Standard, you gain three edges:
Speed. Signals move quickly; recovery accelerates. Quality. Bias checks sharpen judgment; appetite lines prevent overreach. Trust. People speak up; leaders act consistently; customers believe you. A financial company saw this firsthand: internal detection doubled, external findings halved and regulator confidence soared. They didn’t just pass audits; they built credibility.
These gains compound. You stop paying the ignorance tax: silence, delay, reputational drag and start earning the compound interest of trust.
Your move
You win cyber by building a culture where people make sound choices when the facts are fuzzy and the clock is cruel. ORCS gives you the scaffolding: leadership that models, systems that reinforce and measures that matter. Use it to align appetite, accelerate learning and turn near-misses into better habits. That’s how you supercharge cybersecurity culture, protect trust when it counts and build a team that doesn’t just survive the storm; it reads the sky, sets the sails and makes speed.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?

View the full article

• 0 comments
• 35 views

CSOonline

January 5Jan 5

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,View the full article

• 0 comments
• 85 views

Hacker News

January 5Jan 5

Cybersecurity firm turns tables on threat actors with decoy data trap

Cybersecurity firm turns tables on threat actors with decoy data trap

Cybersecurity firm Resecurity says it deliberately lured threat actors linked to Scattered Lapsus$ Hunters (SLH) alliance into a honeypot, after the group claimed that it had hacked the company and stolen internal and client data.
“Understanding that the actor is conducting reconnaissance, our team has set up a honey pot account,” Resecurity said in a blog post, indicating prior knowledge of threat actor probing. “This led to a successful login by the threat actor to one of the emulated applications containing synthetic data.”
The threat actors claiming to be SLH’s “ShinyHunters” initially posted screenshots and claimed that they had breached Resecurity’s systems, but soon after the firm said it was a honeypot, the actual group confirmed they had no connection to the attack.
“We would like to announce that we have gained full access to Resecurity systems,” the threat actors reportedly said in a Telegram post. “For months, REsecurity has been trying to social engineer us and groups we know. When ShinyHunters put the Vietnam financial system database up for sale, their staff pretended to be buyers to get free samples and more info from us.”

As proof, the threat actors had attached screenshots of Resecurity employees’ internal communication in a Mattermost collaboration instance.
What Resecurity says really happened
According to Resecurity, its security teams observed reconnaissance activity targeting externally exposed services before the attackers made their claims public. In response, the company said it steered the activity toward a honeypot environment populated with synthetic data designed to resemble internal systems.
The honeypot included fabricated consumer records and simulated payment data structured to appear realistic while remaining fully isolated from Resecurity’s production environment. The company said this allowed the attackers to believe they had gained meaningful access, while enabling defenders to monitor activity without exposing real data.
“For synthetic data, we used two different datasets: over 28,000 records impersonating consumers and over 190,000 records of payment transactions, and generated messages,” Resecurity said in the post. “Notably, in both cases, we utilized already known breached data available on the Dark Web and underground marketplaces—potentially containing PII—making the data even more realistic for threat actors.”
Resecurity added that the attackers interacted with the decoy environment over an extended period, generating automated requests that provided insight into their tooling and methods.
Evidence of real breach remains thin
Despite Resecurity’s detailed account, the threat actors have not backed up their original claims with additional verifiable evidence. After posting the screenshots, no substantiated leaks of internal systems or actual client data have appeared. Independent analysis by various cybersecurity researchers supports Resecurity’s assertion that no production assets were compromised.
On the other hand, Resecurity’s own analysis of the interaction patterns aligned with common threat actors’ tactics. According to the company’s investigation, the activity began with reconnaissance of publicly exposed systems, which matched MITRE ATT&CK techniques such as Active Scanning (T1595) and Gather Victim Host Information (T1592), based on network telemetry and log data. Following the publication of the claims, a spokesperson claiming to represent ShinyHunters denied the group’s involvement, saying it was not responsible for the activity Resecurity attributed to the alleged attackers.
View the full article

• 0 comments
• 43 views

CSOonline

January 5Jan 5

The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations 

The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations 

Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed. This report examines how core areas of cybersecurity are evolving inView the full article

• 0 comments
• 74 views

Hacker News

January 5Jan 5

CES 2026: Withings Unveils Body Scan 2 With Hypertension Detection

CES 2026: Withings Unveils Body Scan 2 With Hypertension Detection

Withings has announced the Body Scan 2, a new smart scale that the French health tech company says can track over 60 longitudinal biomarker measurements that enable the early detection of health issues and can even predict longevity.


Unveiled at CES 2026, the Body Scan 2 builds on its 2023 predecessor by adding several advanced features including Impedance Cardiography (ICG) to monitor heart pumping efficiency, and Bioimpedance Spectroscopy (BIS) to assess cellular health and metabolic function. This version of the device also adds hypertension risk notifications.

Withings says the all-in-one "longevity station" gets around the need for blood tests to track metabolic health, instead using foot sweat stimulation and cellular membrane analysis, though the company is keen to note that the features are meant to be early warning signs rather than being diagnostic.

Body Scan 2 users receive a Health Trajectory score that synthesizes all of this biomarker data into a single metric representing predicted years of healthy life. The scale also tracks heart age, patterns of glycemic dysregulation – a potential precursor toward prediabetes – and artery elasticity. Users can customize what to monitor, and the tracking then happens automatically when they step on the scale, though the most extensive scans can take up to 90 seconds.

One notable design change from the original moves the color display from the scale's base into the retractable handle, which houses four electrodes. Combined with eight EKG-capable electrodes on the scale's glass surface, the device creates a full-body circuit for what Withings claims are more accurate measurements than typical foot-only smart scales.


The Body Scan 2 costs $600 and will launch in the second quarter of 2026, pending FDA clearance for its hypertension risk and atrial fibrillation detection features, with a launch also planned in the U.K., Australia and Europe. The original Body Scan remains available at $399. Withings says the device complies with GDPR and HIPAA privacy standards, with all health data encrypted.Tags: CES 2026, Withings
This article, "CES 2026: Withings Unveils Body Scan 2 With Hypertension Detection" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 49 views

reporter

January 5Jan 5

A Comprehensive Guide to Data Science Workflows in DevOps and Cloud

A Comprehensive Guide to Data Science Workflows in DevOps and Cloud

Introduction: Problem, Context & Outcome
In today’s technology-driven era, organizations generate massive volumes of data from applications, cloud systems, IoT devices, and business processes. While this data holds immense value, many teams struggle to analyze it effectively, leading to slow decision-making, operational inefficiencies, and missed opportunities. Engineers, data analysts, and IT professionals often lack the practical expertise needed to derive actionable insights. The Master in Data Science program provides comprehensive, hands-on training in data processing, statistical modeling, machine learning, and visualization techniques. Participants gain the skills to transform raw data into insights, optimize workflows, and support informed business decisions. Graduates of this program are prepared to make data-driven choices that enhance operational efficiency and deliver strategic value. Why this matters:
What Is Master in Data Science?
Master in Data Science is a professional, industry-focused program designed to help learners manage, analyze, and interpret complex datasets. The curriculum covers Python programming, statistical analysis, machine learning, predictive modeling, and data visualization. Developers, DevOps engineers, and data analysts learn to identify patterns, forecast outcomes, and derive actionable insights to guide business and operational decisions. Participants engage in hands-on projects across domains such as finance, healthcare, e-commerce, and IT operations, gaining practical experience with tools like Python, R, Tableau, and TensorFlow. This program equips learners with the knowledge and expertise required to solve real-world business problems using data. Why this matters:
Why Master in Data Science Is Important in Modern DevOps & Software Delivery
Data science plays a crucial role in modern DevOps, Agile, and software delivery pipelines. Analytics allows teams to monitor performance, detect anomalies, predict failures, and optimize deployments. By integrating data-driven insights into CI/CD pipelines, DevOps engineers can reduce downtime, improve system reliability, and accelerate delivery. Data science also supports collaboration between developers, QA, SREs, and business stakeholders, enabling decisions backed by accurate predictive analytics. Professionals trained in data science bridge the gap between technical implementation and strategic business outcomes, improving decision-making and delivering measurable value. Why this matters:
Core Concepts & Key Components
Data Collection and Preprocessing
Purpose: Ensure datasets are accurate and ready for analysis.
How it works: Collect data from multiple sources, clean inconsistencies, handle missing values, and normalize formats.
Where it is used: Preparing data for analysis, predictive modeling, and visualization.
Descriptive Analytics
Purpose: Understand historical trends and performance.
How it works: Summarize datasets using statistical measures, charts, and dashboards.
Where it is used: Business reporting, KPI monitoring, and operational analysis.
Predictive Analytics
Purpose: Forecast future trends and outcomes.
How it works: Apply machine learning models such as regression, classification, and clustering.
Where it is used: Customer behavior prediction, risk assessment, and demand forecasting.
Prescriptive Analytics
Purpose: Recommend optimal actions based on data insights.
How it works: Use simulations, optimization models, and algorithms to guide strategic decisions.
Where it is used: Resource allocation, operational planning, and business strategy.
Data Visualization
Purpose: Present insights clearly and effectively.
How it works: Use Tableau, Power BI, and Python libraries to create dashboards, charts, and interactive visualizations.
Where it is used: Executive reporting, stakeholder presentations, and decision-making.
Machine Learning & Deep Learning
Purpose: Build predictive and intelligent models.
How it works: Implement supervised, unsupervised, and deep learning algorithms using Python or TensorFlow.
Where it is used: Fraud detection, recommendation systems, natural language processing, and image recognition.
Programming for Analytics
Purpose: Efficiently manipulate, model, and automate data processes.
How it works: Utilize Python, R, SQL, and libraries like Pandas, NumPy, Scikit-learn, and TensorFlow.
Where it is used: Enterprise analytics projects and end-to-end analytics pipelines.
Why this matters:
How Master in Data Science Works (Step-by-Step Workflow)
Data Acquisition: Gather raw data from internal systems, APIs, and external sources. Data Cleaning & Preprocessing: Remove inconsistencies, handle missing values, and normalize datasets. Exploratory Data Analysis (EDA): Identify trends, correlations, and patterns. Model Development: Build predictive or prescriptive models using statistical and machine learning techniques. Model Validation: Test and refine models to ensure accuracy. Visualization & Reporting: Present insights via dashboards, charts, and reports. Decision Support: Apply analytics to optimize business operations and strategic decisions. Why this matters:
Real-World Use Cases & Scenarios
Finance: Detect fraudulent transactions and mitigate risk using predictive models. Retail: Forecast demand and optimize inventory and supply chains. E-Commerce: Implement personalized recommendations and customer segmentation. Healthcare: Predict patient outcomes and optimize treatment plans. Cross-functional teams including developers, data engineers, QA, DevOps, and SREs collaborate to convert analytics into actionable business strategies, improving efficiency and outcomes. Why this matters:
Benefits of Using Master in Data Science
Productivity: Automates data processing and analytics workflows. Reliability: Produces accurate and consistent insights. Scalability: Handles enterprise-level datasets efficiently. Collaboration: Bridges communication between technical and business teams. Why this matters:
Challenges, Risks & Common Mistakes
Poor data quality can produce inaccurate results. Overfitting or underfitting models reduces predictive reliability. Misinterpreting analytics may lead to poor decisions. Ignoring security and compliance requirements introduces operational risks. Mitigation strategies include strong data governance, iterative model testing, and continuous monitoring. Why this matters:
Comparison Table
FeatureTraditional AnalysisData Science ApproachSpeedManualAutomated, real-timeAccuracyModerateHighScalabilityLimitedHandles large datasetsAutomationMinimalExtensiveInsightsHistoricalPredictive & prescriptiveToolsExcel, SQLPython, R, Tableau, TensorFlowCollaborationSiloedIntegrated across teamsReportingStaticInteractive dashboardsCostHighOptimized via platformsDecision-makingReactiveData-driven Why this matters:
Best Practices & Expert Recommendations
Use clean, validated datasets for modeling. Test and validate predictive models thoroughly. Combine descriptive, predictive, and prescriptive analytics. Visualize insights clearly for stakeholders. Continuously update models with new data trends. Why this matters:
Who Should Learn or Use Master in Data Science?
Ideal for developers, data engineers, DevOps, QA, SRE, and cloud professionals. Beginners can gain foundational analytics skills, while experienced professionals refine predictive modeling, machine learning, and visualization expertise. Suitable for analytics-driven or leadership roles. Why this matters:
FAQs – People Also Ask
1. What is Master in Data Science?
A program covering data science, analytics, machine learning, and business intelligence. Why this matters:
2. Why is it used?
To transform raw data into actionable insights and support strategic decision-making. Why this matters:
3. Is it suitable for beginners?
Yes, foundational concepts are introduced before advanced topics. Why this matters:
4. How does it compare with traditional analytics?
Focuses on predictive modeling, automation, and actionable insights. Why this matters:
5. Is it relevant for DevOps roles?
Yes, it supports CI/CD monitoring, system performance analysis, and operational decisions. Why this matters:
6. Which tools are included?
Python, R, Tableau, TensorFlow, Pandas, NumPy, Scikit-learn. Why this matters:
7. What projects are included?
Fraud detection, predictive modeling, customer segmentation, and sales forecasting. Why this matters:
8. Does it help with certification exams?
Yes, aligned with DevOpsSchool certifications. Why this matters:
9. How long is the program?
Approximately 72 hours of instructor-led training. Why this matters:
10. How does it impact careers?
Equips learners with high-demand analytics and data science skills for advanced roles. Why this matters:
Branding & Authority
DevOpsSchool is a trusted global platform for analytics, data science, and DevOps training. Mentor Rajesh Kumar brings 20+ years of hands-on expertise in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, CI/CD, and cloud platforms, providing learners with practical, industry-ready skills. Why this matters:
Call to Action & Contact Information
Enroll today in Master in Data Science to gain advanced skills in predictive analytics, machine learning, and data-driven decision-making.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 46 views

reporter

January 5Jan 5

A Comprehensive Guide to SQL, BI, and Data Storytelling for Analytics

A Comprehensive Guide to SQL, BI, and Data Storytelling for Analytics

Introduction: Problem, Context & Outcome
In the modern digital era, businesses generate massive volumes of data every day from applications, websites, IoT devices, and enterprise systems. Despite this abundance, many organizations struggle to convert raw data into actionable insights efficiently. Engineers, analysts, and IT professionals often encounter challenges such as slow decision-making, operational inefficiencies, and missed business opportunities due to insufficient analytics skills. The Masters in Data Analytics program is designed to provide practical, hands-on training for processing, analyzing, and visualizing data effectively. Participants gain experience in statistical modeling, machine learning, and business intelligence, enabling them to make informed, data-driven decisions, optimize workflows, and enhance organizational performance. Why this matters:
What Is Masters in Data Analytics?
Masters in Data Analytics is an advanced program that teaches professionals how to transform raw datasets into meaningful insights. It covers the full analytics lifecycle, including data collection, cleaning, statistical analysis, visualization, and machine learning techniques. Developers, data engineers, and DevOps professionals learn to interpret patterns, forecast trends, and generate actionable recommendations for business decisions. Through hands-on labs and real-world projects, participants acquire practical experience applying analytical models and predictive algorithms. The program uses tools like Python, R, Tableau, and Power BI to equip learners with the skills necessary to tackle real-world business challenges. Why this matters:
Why Masters in Data Analytics Is Important in Modern DevOps & Software Delivery
Data analytics has become essential in modern DevOps, Agile, and software delivery environments. Analytics enables teams to monitor system performance, identify bottlenecks in CI/CD pipelines, detect anomalies, and forecast potential failures before they impact users. By integrating analytics into DevOps workflows, teams can optimize deployments, improve application reliability, and reduce downtime. Additionally, data-driven insights improve collaboration across development, QA, and operations teams, enabling faster, more informed decisions. Professionals trained in data analytics can bridge the gap between IT operations and business intelligence, ensuring software delivery aligns with organizational goals. Why this matters:
Core Concepts & Key Components
Data Collection and Preprocessing
Purpose: Ensure datasets are accurate, clean, and ready for analysis.
How it works: Gather data from multiple sources, handle missing values, and normalize formats.
Where it is used: Preparing datasets for statistical analysis, visualization, and predictive modeling.
Descriptive Analytics
Purpose: Understand historical trends and performance.
How it works: Use statistical summaries, dashboards, and visualizations.
Where it is used: Reporting, KPI monitoring, and business trend analysis.
Predictive Analytics
Purpose: Forecast future trends based on historical data.
How it works: Apply machine learning algorithms such as regression, classification, and clustering.
Where it is used: Sales forecasting, customer behavior prediction, and risk assessment.
Prescriptive Analytics
Purpose: Recommend the best actions based on insights.
How it works: Use optimization algorithms and simulations to suggest decisions.
Where it is used: Resource allocation, operations planning, and strategic decision-making.
Data Visualization
Purpose: Present insights clearly for business users.
How it works: Use tools like Tableau, Power BI, and Python libraries to create dashboards, charts, and interactive visualizations.
Where it is used: Executive reporting, stakeholder presentations, and cross-team communication.
Machine Learning & Deep Learning
Purpose: Build predictive and intelligent models.
How it works: Implement supervised, unsupervised, and deep learning techniques.
Where it is used: Fraud detection, recommendation systems, NLP, and image recognition.
Programming for Analytics
Purpose: Enable efficient data manipulation and analysis.
How it works: Use Python, R, SQL, and relevant libraries for data processing, modeling, and visualization.
Where it is used: End-to-end analytics workflows and practical projects.
Why this matters:
How Masters in Data Analytics Works (Step-by-Step Workflow)
Data Acquisition: Collect raw data from internal systems, APIs, and external sources. Data Cleaning & Preprocessing: Normalize datasets, handle missing values, and remove inconsistencies. Exploratory Data Analysis (EDA): Identify patterns, trends, and correlations in the data. Model Development: Build predictive or prescriptive models using machine learning algorithms. Model Validation: Test and refine models to ensure accuracy and reliability. Visualization & Reporting: Present actionable insights via dashboards, charts, and reports. Decision Support: Apply insights to improve business processes, strategy, and operations. Why this matters:
Real-World Use Cases & Scenarios
Finance: Detect fraudulent transactions with predictive models. Retail: Forecast demand to optimize inventory and supply chain management. E-Commerce: Implement personalized product recommendations and customer segmentation. Healthcare: Predict patient outcomes and optimize treatment planning. Teams including developers, data engineers, QA, DevOps, and SREs collaborate to implement data-driven strategies, improving operational efficiency and business outcomes. Why this matters:
Benefits of Using Masters in Data Analytics
Productivity: Automates repetitive data processing tasks. Reliability: Produces accurate, repeatable insights. Scalability: Efficiently handles large datasets. Collaboration: Enhances cross-functional team coordination through shared insights. Why this matters:
Challenges, Risks & Common Mistakes
Poor-quality or incomplete datasets can lead to inaccurate insights. Overfitting or underfitting predictive models reduces reliability. Misinterpreting analytics results can result in poor business decisions. Neglecting data security and privacy creates compliance risks. Mitigation includes data governance, model validation, and continuous monitoring. Why this matters:
Comparison Table
FeatureTraditional AnalysisData AnalyticsSpeedSlow, manualAutomated, real-timeAccuracyModerateHighScalabilityLimitedHandles large datasets efficientlyAutomationMinimalExtensiveInsightsHistoricalPredictive & prescriptiveToolsExcel, SQLPython, R, Tableau, Power BICollaborationSiloedIntegrated across teamsReportingStaticInteractive dashboardsCostHighOptimized through analytics platformsDecision-makingReactiveData-driven Why this matters:
Best Practices & Expert Recommendations
Use high-quality datasets for reliable models. Test and validate predictive models rigorously. Combine descriptive, predictive, and prescriptive analytics for comprehensive insights. Visualize results effectively for stakeholders. Continuously update models with new data to maintain accuracy. Why this matters:
Who Should Learn or Use Masters in Data Analytics?
Developers, data engineers, DevOps professionals, QA, SREs, and cloud specialists. Beginners can focus on foundational concepts, while experienced professionals enhance predictive modeling, machine learning, and visualization skills. Ideal for professionals seeking analytics-driven or leadership roles in technology and business. Why this matters:
FAQs – People Also Ask
1. What is Masters in Data Analytics?
A program covering data analytics, machine learning, deep learning, and business intelligence. Why this matters:
2. Why is it used?
To transform raw data into actionable insights for better business decisions. Why this matters:
3. Is it suitable for beginners?
Yes, the program starts with foundational analytics concepts before advanced topics. Why this matters:
4. How does it compare with traditional analytics?
Emphasizes predictive modeling, automation, and actionable insights. Why this matters:
5. Is it relevant for DevOps roles?
Yes, analytics helps monitor CI/CD pipelines and operational performance. Why this matters:
6. Which tools are included?
Python, R, Tableau, Power BI, NumPy, Pandas, Scikit-learn, TensorFlow. Why this matters:
7. What projects are included?
Fraud detection, sales forecasting, customer segmentation, predictive modeling. Why this matters:
8. Does it help with certification exams?
Yes, aligned with DevOpsSchool certifications. Why this matters:
9. How long is the program?
Approximately 72 hours of instructor-led training. Why this matters:
10. How does it impact careers?
Provides in-demand data analytics skills for leadership and high-demand roles. Why this matters:
Branding & Authority
DevOpsSchool is a trusted global platform for data analytics, DevOps, and cloud training. Mentor Rajesh Kumar brings 20+ years of hands-on experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, CI/CD, and cloud platforms, providing learners with practical, industry-ready skills. Why this matters:
Call to Action & Contact Information
Enroll today in Masters in Data Analytics to master data analytics and predictive modeling skills.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 45 views

reporter

January 5Jan 5

8bitDo Reveals Flip-Style iPhone Controller for Portrait Mode Gaming

8bitDo Reveals Flip-Style iPhone Controller for Portrait Mode Gaming

Ahead of CES 2026, gaming company 8BitDo has teased a new controller designed for smartphone users who want to play games exclusively in portrait mode.


The FlipPad connects to iOS and Android devices via the USB-C port, and snaps onto the bottom half of the screen via a hinge mechanism, reminiscent of a classic flip phone keyboard.

The controller features a black D-Pad, red ABXY buttons, Start and Select buttons, and six white buttons along the top and on the bottom corners that are likely to be custom-assignable.


8bitDo says the FlipPad is "officially supported by Apple" and will arrive in the summer, though the company has not yet revealed pricing information.

Last month, 8bitDo teased the unveiling of a new "Pro" controller at CES 2026, so we might also get more details about the FlipPad in the coming week as the tech event in Las Vegas gets underway.Tag: CES 2026
This article, "8bitDo Reveals Flip-Style iPhone Controller for Portrait Mode Gaming" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 5Jan 5

Master in Cloud Computing: A Comprehensive Guide to Cloud + CI/CD

Master in Cloud Computing: A Comprehensive Guide to Cloud + CI/CD

Introduction: Problem, Context & Outcome
In today’s fast-paced digital world, businesses rely heavily on cloud platforms for scalability, flexibility, and cost efficiency. Engineers and IT professionals face multiple challenges, including slow deployments, configuration errors, and difficulty managing multi-cloud environments. Without in-depth cloud knowledge, teams risk delays, higher costs, and unreliable software delivery. The Master in Cloud Computing program equips learners with comprehensive cloud expertise, covering major platforms like AWS, Azure, and Google Cloud. Participants gain practical skills to automate infrastructure, monitor applications, and integrate cloud technologies with DevOps practices. This ensures teams can deliver secure, scalable, and high-performing applications efficiently. Why this matters:
What Is Master in Cloud Computing?
Master in Cloud Computing is an advanced program that provides a 360-degree understanding of cloud platforms and technologies. It covers Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), along with public, private, and hybrid cloud deployment models. The course is tailored for developers, DevOps engineers, and IT professionals who want to manage cloud infrastructure, deploy resilient applications, and optimize resources efficiently. Real-world lab exercises, hands-on projects, and industry scenarios ensure learners gain practical experience that prepares them for global enterprise environments. Why this matters:
Why Master in Cloud Computing Is Important in Modern DevOps & Software Delivery
Cloud computing is a cornerstone of modern DevOps and software delivery. It enables organizations to provision infrastructure rapidly, automate workflows, and scale applications on demand. Businesses leverage cloud platforms to reduce operational costs, improve reliability, and streamline CI/CD pipelines. Professionals trained in cloud computing can integrate DevOps tools, monitor system performance, and maintain robust, production-ready applications. By mastering cloud technologies, engineers enhance collaboration between development, QA, and SRE teams, delivering software faster and more reliably. Why this matters:
Core Concepts & Key Components
Infrastructure as a Service (IaaS)
Purpose: Provides virtualized computing resources on demand.
How it works: Users can provision servers, storage, and network components dynamically.
Where it is used: Hosting applications, databases, and development or testing environments.
Platform as a Service (PaaS)
Purpose: Offers pre-configured platforms for application development without managing underlying infrastructure.
How it works: Developers deploy applications using ready-made tools, runtimes, and libraries.
Where it is used: Web applications, microservices, and containerized solutions.
Software as a Service (SaaS)
Purpose: Delivers fully managed applications online.
How it works: Applications are hosted centrally and accessed via browser or APIs.
Where it is used: Productivity tools, CRM systems, collaboration platforms.
Cloud Deployment Models
Public Cloud: Managed by providers; cost-effective and scalable. Private Cloud: Dedicated infrastructure; secure and customizable. Hybrid Cloud: Combines public and private clouds for flexibility and compliance. Security & Compliance
Identity management, encryption, and regulatory compliance frameworks ensure the safety of applications and data.
Monitoring & Management
Tools like AWS CloudWatch, Azure Monitor, and GCP Stackdriver track performance, uptime, and resource utilization.
Why this matters:
How Master in Cloud Computing Works (Step-by-Step Workflow)
Requirement Analysis: Identify business or project needs for cloud deployment. Cloud Platform Selection: Choose AWS, Azure, or GCP based on project requirements. Infrastructure Provisioning: Deploy VMs, storage, and networks using Infrastructure-as-Code (IaC). Application Deployment: Use PaaS or container orchestration for scalable, production-ready applications. Monitoring & Optimization: Continuously track application performance and optimize resources. Security & Compliance: Implement encryption, access controls, and audit processes. Scaling & Maintenance: Automate backups, updates, and scaling for reliable operations. Why this matters:
Real-World Use Cases & Scenarios
E-Commerce Platforms: Scale cloud resources automatically during peak traffic using AWS EC2 or Azure App Services. SaaS Companies: Ensure high availability and global access through multi-cloud deployment strategies. DevOps Pipelines: Integrate cloud services with CI/CD tools and GitOps for faster, reliable releases. Healthcare Applications: Deploy HIPAA-compliant solutions with strong cloud security measures. Collaboration between Developers, DevOps Engineers, QA, and SRE teams ensures applications are secure, reliable, and delivered efficiently. Why this matters:
Benefits of Using Master in Cloud Computing
Productivity: Accelerates deployment cycles and reduces manual effort. Reliability: Ensures higher uptime and fault tolerance. Scalability: Dynamically adjusts resources to meet demand. Collaboration: Enhances coordination across cross-functional teams. Why this matters:
Challenges, Risks & Common Mistakes
Misconfigurations causing downtime or security vulnerabilities. Over-provisioning leading to unnecessary costs. Ignoring security protocols. Lack of monitoring delaying issue detection. Mitigation requires automation, adherence to best practices, and continuous monitoring. Why this matters:
Comparison Table
FeatureTraditional ITCloud ComputingDeployment SpeedSlowRapid, automatedScalabilityLimitedElastic, dynamicCost ModelFixedPay-as-you-goMaintenanceManualProvider-managedResource UtilizationLowOptimized via virtualizationCollaborationSiloedIntegrated across teamsSecurityOn-premises onlyMulti-layer, encryptedBackup & RecoveryManualAutomated, fastComplianceLimitedMultiple standards supportedCI/CD IntegrationDifficultSeamless Why this matters:
Best Practices & Expert Recommendations
Use IaC tools like Terraform or ARM templates for consistent deployments. Continuously monitor cloud resources with dashboards and alerts. Apply role-based access control for secure operations. Automate backup, scaling, and recovery. Optimize costs and remove unused resources regularly. Why this matters:
Who Should Learn or Use Master in Cloud Computing?
Developers, DevOps Engineers, SREs, QA, and cloud architects. Beginners can start with foundational concepts, while experienced engineers gain multi-cloud expertise. This program is ideal for those pursuing leadership or architectural roles in cloud strategy and operations. Why this matters:
FAQs – People Also Ask
1. What is Master in Cloud Computing?
Advanced program covering AWS, Azure, GCP, cloud architecture, and DevOps practices. Why this matters:
2. Why is it used?
To deploy secure, scalable, and automated cloud applications. Why this matters:
3. Is it suitable for beginners?
Yes, it includes foundational cloud concepts before advanced topics. Why this matters:
4. How does it compare to traditional IT training?
Focuses on practical cloud skills, automation, and multi-cloud environments. Why this matters:
5. Is it relevant for DevOps roles?
Yes, integrates CI/CD, IaC, and cloud management workflows. Why this matters:
6. Which cloud platforms are included?
AWS, Microsoft Azure, and Google Cloud Platform. Why this matters:
7. What projects are included?
100+ lab exercises simulating real-world cloud deployments. Why this matters:
8. Does it help with certification exams?
Yes, aligned with AWS, Azure, and GCP certifications. Why this matters:
9. How long is the program?
Approx. 80–100 hours of instructor-led training. Why this matters:
10. How does it impact careers?
Provides multi-cloud expertise and improves career opportunities. Why this matters:
Branding & Authority
DevOpsSchool is a global leader in cloud and DevOps training. Mentor Rajesh Kumar brings 20+ years of hands-on experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, CI/CD, and cloud platforms. His expertise ensures learners acquire practical, industry-ready skills. Why this matters:
Call to Action & Contact Information
Enroll now in Master in Cloud Computing to become an expert in cloud technologies.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 35 views

reporter

January 5Jan 5

Top Azure DevOps Boards Guide To Become Agile Ready

Top Azure DevOps Boards Guide To Become Agile Ready

Introduction: Problem, Context & Outcome
Software development teams face increasing pressure to deliver faster, yet maintain stability and high quality. Manual deployments, fragmented workflows, and inconsistent testing often cause failed releases, production errors, and delayed feedback. This slows innovation and frustrates teams, impacting business outcomes.
The Master in Azure DevOps provides a structured approach to solve these challenges. By integrating DevOps practices with Azure tools, it enables teams to automate pipelines, ensure continuous testing, deploy reliably, and monitor performance effectively.
With Azure DevOps mastery, engineers can transition from error-prone processes to repeatable, reliable workflows that improve collaboration, accelerate delivery, and scale with organizational needs. Why this matters:
What Is Master in Azure DevOps?
The Master in Azure DevOps is an advanced program designed to implement DevOps practices using Microsoft Azure. It covers source control, CI/CD pipelines, testing, release management, and monitoring within a single, integrated platform.
Azure DevOps is more than a set of tools—it connects planning, development, and operations. Developers commit code to Azure Repos, automated pipelines build and test it, and releases are deployed seamlessly to various environments.
In production settings, Azure DevOps ensures consistent, traceable, and repeatable software delivery, allowing teams to release updates confidently and continuously. Why this matters:
Why Master in Azure DevOps Is Important in Modern DevOps & Software Delivery
Modern DevOps emphasizes speed, reliability, and continuous improvement. Traditional software delivery cannot keep up with frequent updates and high customer expectations. Azure DevOps provides the automation, visibility, and integration required to meet these demands.
It resolves common issues such as slow deployments, inconsistent environments, lack of traceability, and poor collaboration. Azure DevOps integrates seamlessly with Agile planning, CI/CD, and cloud infrastructure to deliver predictable and efficient releases.
Organizations adopting DevOps rely on Azure DevOps to scale delivery while maintaining quality, compliance, and operational stability. Why this matters:
Core Concepts & Key Components
Azure Repos
Purpose: Manage code securely and collaboratively.
How it works: Git-based repositories with branching, code reviews, and permissions.
Where it is used: Version control and team development.
Azure Pipelines
Purpose: Automate building, testing, and deployment.
How it works: CI/CD pipelines triggered by commits or scheduled runs.
Where it is used: Continuous integration and continuous delivery.
Azure Boards
Purpose: Plan, track, and manage work using Agile methods.
How it works: Uses backlogs, sprints, work items, and dashboards.
Where it is used: Task planning and progress tracking.
Azure Test Plans
Purpose: Ensure quality before deployment.
How it works: Supports manual, exploratory, and structured testing.
Where it is used: QA validation and release readiness.
Artifacts & Integrations
Purpose: Manage dependencies and build outputs.
How it works: Secure storage and sharing of artifacts and packages.
Where it is used: Pipelines, dependency management, and deployment workflows.
Why this matters:
How Master in Azure DevOps Works (Step-by-Step Workflow)
The process begins with planning work in Azure Boards, where teams define tasks, priorities, and user stories. Developers commit code to Azure Repos, following branch policies and version control best practices.
Every commit triggers Azure Pipelines, which build the code, run automated tests, and deploy to testing or staging environments. Approved builds automatically move to production.
Monitoring and feedback close the loop, allowing teams to detect issues early, improve workflows, and ensure reliable releases. This ensures software is delivered consistently and predictably. Why this matters:
Real-World Use Cases & Scenarios
Enterprises use Azure DevOps to manage complex applications across multiple teams and environments. DevOps engineers automate deployments, developers rely on CI pipelines, and QA teams validate releases using Test Plans.
SRE and cloud teams monitor system health and application performance continuously. Startups leverage Azure DevOps to scale delivery rapidly while minimizing errors.
Across industries, Azure DevOps improves release speed, reduces errors, and aligns teams with organizational objectives. Why this matters:
Benefits of Using Master in Azure DevOps
Productivity: Automation removes repetitive manual tasks Reliability: Standardized pipelines minimize deployment failures Scalability: Workflows grow efficiently as teams and applications expand Collaboration: Shared tools improve alignment and transparency Why this matters:
Challenges, Risks & Common Mistakes
Common mistakes include overcomplicated pipelines, incomplete testing, and weak access controls. Automating without understanding workflow dependencies can cause failures.
These risks are mitigated by incremental automation, templates, best practices, and governance. Training ensures teams adopt Azure DevOps effectively and sustainably. Why this matters:
Comparison Table
AspectTraditional DeliveryPartial AutomationAzure DevOpsDeploymentManualSemi-automatedFully automatedTestingManualLimitedIntegratedCollaborationSiloedModerateUnifiedScalabilityLowMediumHighTraceabilityPoorPartialEnd-to-endCloud SupportWeakModerateStrongMonitoringReactiveLimitedContinuousGovernanceManualInconsistentBuilt-inSpeedSlowModerateFastReliabilityLowMediumHigh Why this matters:
Best Practices & Expert Recommendations
Start with small, incremental automation. Standardize pipelines, integrate testing early, enforce code reviews, and secure pipelines using role-based access and secrets management.
Regularly monitor performance and optimize workflows. Keep pipelines simple, maintainable, and aligned with business goals. Why this matters:
Who Should Learn or Use Master in Azure DevOps?
Developers, DevOps engineers, QA professionals, cloud engineers, and SREs will benefit most.
Intermediate and advanced professionals gain expertise in automation, collaboration, and reliable software delivery for cloud-based applications. Why this matters:
FAQs – People Also Ask
What is Master in Azure DevOps?
It teaches Azure-based DevOps practices across the full software lifecycle. Why this matters:
Why is Azure DevOps important?
It automates delivery, improves collaboration, and ensures reliability. Why this matters:
Is it suitable for beginners?
Yes, with basic development or cloud experience. Why this matters:
How does Azure DevOps support CI/CD?
Through automated build, test, and release pipelines. Why this matters:
Is it relevant for DevOps roles?
Yes, it is central for modern DevOps engineers. Why this matters:
Does it integrate with cloud platforms?
Yes, primarily Azure and other cloud services. Why this matters:
Can it improve deployment speed?
Yes, by removing manual steps and errors. Why this matters:
Is testing included?
Yes, both manual and automated testing are supported. Why this matters:
Does it scale for enterprises?
Yes, it supports large teams and complex applications. Why this matters:
Is Azure DevOps future-ready?
Yes, it evolves with modern DevOps practices. Why this matters:
Branding & Authority
DevOpsSchool is a globally recognized platform providing enterprise-ready training in cloud, DevOps, and automation. Its programs emphasize real-world application, practical skills, and career readiness.
The program is led by Rajesh Kumar, an industry mentor with over 20 years of hands-on experience across DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, CI/CD, cloud platforms, and automation. Why this matters:
Call to Action & Contact Information
Learn more about the Master in Azure DevOps program and advance your DevOps expertise.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 37 views

reporter

January 5Jan 5

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump's First Step Act. According to the Federal Bureau of Prisons' inmate locatorView the full article

• 0 comments
• 31 views

Hacker News

January 5Jan 5

Enterprise Azure Architect Technologies Guide: Best Practices and Governance

Enterprise Azure Architect Technologies Guide: Best Practices and Governance

Introduction: Problem, Context & Outcome
Many organizations adopt Microsoft Azure to modernize their IT infrastructure, but real challenges appear once systems move into production. Teams often face poor performance, security gaps, rising costs, and unreliable deployments due to weak architectural planning. Cloud adoption without proper design leads to operational chaos instead of agility.
The Master in Azure Architect Technologies addresses these challenges by focusing on architectural clarity rather than tool-level learning. It helps professionals understand how to design Azure environments that support scalability, security, automation, and long-term business growth. This knowledge is essential for teams operating complex DevOps and cloud-native systems.
This article explains the importance of Azure architecture, how it fits into modern DevOps workflows, and what professionals gain by mastering architect-level cloud skills. Why this matters:
What Is Master in Azure Architect Technologies?
The Master in Azure Architect Technologies represents advanced expertise in designing and managing cloud architectures using Microsoft Azure. It focuses on how multiple Azure services work together to deliver reliable, secure, and scalable enterprise systems.
Instead of learning individual services in isolation, this discipline teaches architectural thinking. Professionals learn how to select the right Azure components, define secure access models, and build systems that remain stable under real-world workloads. These decisions directly affect system performance and business continuity.
Azure architects play a critical role in DevOps-driven organizations. They provide the technical blueprint that developers, DevOps engineers, and operations teams rely on to deliver software efficiently and safely. Why this matters:
Why Master in Azure Architect Technologies Is Important in Modern DevOps & Software Delivery
DevOps pipelines depend on strong cloud foundations. Without proper Azure architecture, automation breaks under scale, deployments fail unexpectedly, and teams spend excessive time troubleshooting. Architecture brings structure and predictability to fast-moving DevOps environments.
Azure architecture helps solve issues such as poor availability, weak identity management, insufficient monitoring, and uncontrolled cloud spending. It ensures that DevOps pipelines operate on platforms designed for resilience and governance.
As Agile and DevOps practices mature, organizations increasingly depend on architects who understand both cloud design and delivery workflows. This role connects rapid development with operational stability. Why this matters:
Core Concepts & Key Components
Azure Compute Services
Purpose: Execute applications and processing workloads.
How it works: Uses virtual machines, application services, containers, and serverless platforms.
Where it is used: Enterprise applications, APIs, batch processing, microservices.
Azure Networking
Purpose: Enable secure communication between systems.
How it works: Uses virtual networks, subnets, load balancers, gateways, and firewall services.
Where it is used: Hybrid environments, secure user access, multi-region deployments.
Azure Storage & Data Services
Purpose: Store and manage application and business data.
How it works: Uses blob storage, file services, relational and non-relational databases.
Where it is used: Application data, backups, analytics pipelines.
Identity & Access Management
Purpose: Control access to Azure resources securely.
How it works: Uses Azure Active Directory, role-based access control, and policy enforcement.
Where it is used: Authentication, authorization, compliance enforcement.
Monitoring, Governance & Cost Management
Purpose: Maintain visibility and operational control.
How it works: Uses logs, metrics, alerts, budgets, and policy rules.
Where it is used: Production monitoring, audits, optimization.
Why this matters:
How Master in Azure Architect Technologies Works (Step-by-Step Workflow)
The process begins with understanding business objectives such as uptime requirements, security expectations, performance goals, and budget limits. Azure architects translate these requirements into architectural patterns and service selections.
Next, networking and identity structures are defined to ensure secure access and integration with on-premise systems. Compute and storage services are chosen based on workload behavior and scalability needs.
Finally, the architecture is integrated with DevOps pipelines for automated deployment, monitoring, and feedback. Continuous insights help teams refine performance, reliability, and cost efficiency over time. Why this matters:
Real-World Use Cases & Scenarios
Large enterprises use Azure architecture to run mission-critical applications across multiple regions with built-in redundancy. DevOps teams depend on these designs to release updates without service interruptions.
Startups rely on Azure architecture to scale platforms rapidly while maintaining cost control. Developers benefit from standardized environments that reduce configuration errors.
SRE and QA teams use Azure monitoring and governance tools to maintain system reliability and compliance. Business leaders gain confidence in cloud investments. Why this matters:
Benefits of Using Master in Azure Architect Technologies
Productivity: Clear architecture reduces confusion and rework Reliability: Systems are designed for high availability Scalability: Platforms grow smoothly with demand Collaboration: Teams work from shared architectural standards Why this matters:
Challenges, Risks & Common Mistakes
One common mistake is designing Azure environments without understanding workload patterns, resulting in over-provisioning or performance issues. Another frequent issue is weak identity and governance design, which leads to security risks.
These mistakes increase operational costs and create long-term technical debt. Strong architectural practices, automation, and regular reviews help prevent these risks and maintain system stability. Why this matters:
Comparison Table
AreaTraditional ITBasic Azure UsageAzure Architecture ApproachScalabilityFixedLimitedElasticSecurityManualInconsistentPolicy-drivenAutomationMinimalPartialEnd-to-endCost ControlRigidUnclearOptimizedAvailabilitySingle siteBasicMulti-regionDevOps SupportWeakModerateStrongMonitoringReactiveLimitedProactiveComplianceDifficultRisk-proneBuilt-inPerformanceStaticVariableOptimizedFuture GrowthLimitedPartialDesigned-in Why this matters:
Best Practices & Expert Recommendations
Start with clear architectural principles aligned with business goals. Use automation for infrastructure provisioning and enforce security and governance from the beginning.
Design for failure using redundancy and monitoring. Review architecture regularly to optimize cost and performance. Keep designs simple, documented, and scalable. Why this matters:
Who Should Learn or Use Master in Azure Architect Technologies?
This topic is ideal for developers moving into cloud roles, DevOps engineers managing Azure pipelines, and cloud or SRE professionals responsible for production systems.
It is also valuable for technical leads and solution architects who design enterprise cloud strategies. Intermediate and experienced professionals gain the most benefit. Why this matters:
FAQs – People Also Ask
What is Master in Azure Architect Technologies?
It focuses on designing enterprise-grade Azure architectures. Why this matters:
Why is it important for DevOps teams?
It ensures pipelines run on stable cloud foundations. Why this matters:
Is it suitable for beginners?
It suits learners with basic Azure knowledge. Why this matters:
How does it differ from Azure fundamentals?
It focuses on architecture rather than service basics. Why this matters:
Is it relevant for solution architects?
Yes, it strengthens real-world design skills. Why this matters:
Does it include security and governance?
Yes, security and compliance are core areas. Why this matters:
Can it reduce cloud costs?
Yes, through optimized architectural decisions. Why this matters:
Is it useful for hybrid cloud setups?
Yes, it supports on-premise integration. Why this matters:
Does it align with Agile and DevOps?
Yes, it supports automation and fast delivery. Why this matters:
Is Azure architecture future-ready?
Yes, it adapts to evolving cloud needs. Why this matters:
Branding & Authority
DevOpsSchool is a globally trusted platform known for delivering enterprise-ready training in cloud, DevOps, and automation. Its programs emphasize real-world application, architectural depth, and long-term career value.
The guidance is led by Rajesh Kumar, an industry mentor with over 20 years of hands-on experience across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD, and automation. Why this matters:
Call to Action & Contact Information
Explore the complete Master in Azure Architect Technologies program and strengthen your cloud architecture expertise.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 36 views

reporter

January 5Jan 5

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. "VVS stealer's code is obfuscated by Pyarmor," researchersView the full article

• 0 comments
• 34 views

Hacker News

January 5Jan 5

Android App Developer Training: Skills, Tools, and Best Practices

Android App Developer Training: Skills, Tools, and Best Practices

Introduction: Problem, Context & Outcome
Developing Android applications that are both robust and user-friendly remains a persistent challenge for engineers. Many face difficulties in setting up environments, integrating APIs, managing multiple devices, and deploying apps efficiently. Modern enterprises expect developers to seamlessly work within DevOps pipelines, handling continuous integration, automated testing, and cloud deployment. The Master in Android App Developer program addresses these challenges by providing comprehensive, hands-on training. Learners gain practical skills to create production-ready applications, apply DevOps practices, and deliver scalable, maintainable apps. Completing this program prepares developers to handle real-world projects confidently, ensuring high-quality app delivery. Why this matters:
What Is Master in Android App Developer?
The Master in Android App Developer program is a complete training course designed to help professionals build full-featured Android applications using Kotlin and Android Studio. It covers UI/UX design, API integration, automated testing, device compatibility, and deployment strategies. Participants learn how to implement interactive interfaces, fetch live data from servers, integrate cloud services, and streamline workflows with CI/CD pipelines. By mastering these skills, developers can contribute effectively to DevOps teams, ensuring applications are reliable, scalable, and production-ready. This program blends theoretical knowledge with practical exercises for real-world application. Why this matters:
Why Master in Android App Developer Is Important in Modern DevOps & Software Delivery
Android development goes beyond coding—it is central to delivering enterprise-grade mobile applications efficiently. Companies demand developers who can ensure applications integrate with CI/CD pipelines, automated testing, and cloud services. Mastering Android app development helps reduce deployment failures, accelerate release cycles, and enhance collaboration across development, QA, and operations teams. Developers with these skills align perfectly with Agile and DevOps practices, producing applications that meet business requirements and user expectations consistently. Why this matters:
Core Concepts & Key Components
Android Studio & Kotlin
Purpose: Essential tools for Android development.
How it works: Android Studio provides an integrated IDE with debugging, emulation, and deployment capabilities, while Kotlin offers concise and modern syntax for efficient development.
Where it is used: UI development, logic implementation, and project module management.
Android SDK & API Libraries
Purpose: Provide frameworks and tools for application development.
How it works: SDK enables access to device features, operating system services, and network capabilities.
Where it is used: Hardware integration, API communication, and backend connectivity.
UI/UX Design
Purpose: Build intuitive and engaging user experiences.
How it works: Using responsive layouts, Material Design, and interactive widgets to enhance usability.
Where it is used: Navigation, dashboards, forms, and interactive screens.
API Integration & Data Handling
Purpose: Connect apps to remote servers and cloud platforms.
How it works: RESTful APIs and libraries like Retrofit manage data requests and synchronization efficiently.
Where it is used: Live data fetching, authentication, and cloud communication.
Testing & Debugging
Purpose: Ensure apps function reliably and efficiently.
How it works: Unit testing, UI testing, and emulators detect and resolve issues before deployment.
Where it is used: CI/CD pipelines, QA validation, and production monitoring.
CI/CD & Deployment Automation
Purpose: Automate build, test, and release processes.
How it works: Tools such as Jenkins, GitHub Actions, or Bitrise manage automated builds, testing, and deployment.
Where it is used: Beta releases, production deployment, and iterative updates.
Why this matters:
How Master in Android App Developer Works (Step-by-Step Workflow)
Environment Setup: Install Android Studio, configure SDKs, and set up emulators or physical devices. Project Initialization: Create projects, configure modules, and establish version control. UI & Logic Development: Build layouts and implement functionality using Kotlin. API & Backend Integration: Connect to servers, fetch data, and sync with cloud services. Testing & Debugging: Run unit and UI tests to ensure stability and performance. CI/CD Integration: Automate builds, testing, and deployment pipelines. Deployment & Monitoring: Publish apps, monitor performance, and iterate improvements. This workflow ensures applications are production-ready and aligned with modern DevOps processes. Why this matters:
Real-World Use Cases & Scenarios
Android apps power industries such as e-commerce, finance, healthcare, and social media. Developers work with DevOps engineers, QA teams, and SREs to ensure reliable, scalable applications. Examples include real-time market tracking apps, secure payment apps, interactive dashboards, and cloud storage solutions. Professionals who master Android development contribute to faster releases, improved reliability, and enhanced user satisfaction, delivering tangible business value. Why this matters:
Benefits of Using Master in Android App Developer
Productivity: Accelerates development with Kotlin and Android Studio. Reliability: CI/CD and automated testing reduce bugs and failures. Scalability: Apps are built to handle increased users and data. Collaboration: Aligns development, QA, and operations teams effectively. Why this matters:
Challenges, Risks & Common Mistakes
Common pitfalls include device fragmentation, API compatibility issues, insufficient testing, and misconfigured CI/CD pipelines. Neglecting UI/UX design can limit adoption. Mitigation strategies include modular coding, automated testing, code reviews, and adherence to DevOps best practices, ensuring smooth deployments and maintainable applications. Why this matters:
Comparison Table
FeatureTraditional ApproachMaster in Android App DeveloperProgramming LanguageJava onlyKotlin & JavaIDEBasic editorsAndroid StudioTestingManualAutomated Unit/UIDeploymentManual APKCI/CD PipelinesUI DesignStaticResponsive & InteractiveAPI IntegrationLimitedFull REST & Retrofit supportDevice CompatibilityFew devicesBroad coverageDebuggingLogs onlyIDE + Emulator toolsTeam WorkflowSiloedDevOps-alignedRelease FrequencySlowRapid, iterative updates Why this matters:
Best Practices & Expert Recommendations
Follow Kotlin and modular coding standards. Use version control, automated tests, and CI/CD pipelines. Monitor app performance post-deployment and iterate for improvements. Collaborate with QA and DevOps teams to deliver scalable, maintainable applications. Why this matters:
Who Should Learn or Use Master in Android App Developer?
This program is designed for software developers, DevOps engineers, QA testers, SREs, and cloud engineers. Both beginners with programming knowledge and intermediate professionals looking to integrate DevOps practices into Android development will benefit. Why this matters:
FAQs – People Also Ask
What is Master in Android App Developer?
It is a structured program for creating Android applications using Kotlin and Android Studio. Why this matters:
Why is it important?
It helps developers deliver reliable, scalable, and user-friendly apps. Why this matters:
Is it suitable for beginners?
Yes, learners with basic programming experience can start. Why this matters:
How does it differ from traditional courses?
It integrates DevOps practices and real-world projects for production readiness. Why this matters:
Is it relevant for DevOps roles?
Yes, it aligns with CI/CD, automated testing, and cloud deployment. Why this matters:
Which tools are included?
Android Studio, Kotlin, Retrofit, emulators, and CI/CD platforms. Why this matters:
How long is the course?
Approximately 60 hours of instructor-led sessions. Why this matters:
Are real-world projects included?
Yes, scenario-based labs and projects are provided. Why this matters:
Does it include interview preparation?
Yes, with over 250 real-time questions. Why this matters:
Is certification awarded?
Yes, an industry-recognized certificate is provided. Why this matters:
Branding & Authority
DevOpsSchool (DevOpsSchool) is a globally trusted platform providing advanced Android, DevOps, and cloud training. Mentored by Rajesh Kumar, with over 20 years of experience in DevOps & DevSecOps, SRE, DataOps, AIOps & MLOps, Kubernetes, cloud platforms, and CI/CD automation, this program equips learners with enterprise-ready skills. Why this matters:
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329
Enroll now in the Master in Android App Developer program to start building production-ready Android applications today.


View the full article

• 0 comments
• 36 views

reporter

January 5Jan 5

Cybersecurity leaders’ resolutions for 2026

Cybersecurity leaders’ resolutions for 2026

As the AI-hype dust settles, CISOs have a lot to focus on 2026. From ongoing struggles such as ensuring teams are not burning out to current and future concerns, which includes finding effective business cases for AI, focusing on spotting a breach before it happens to planning for looming fear of breaking quantum encryption, CISOs from different industries share what is top of their agenda for 2026.
1. Prioritize resilience over reactive security
Emphasis on resilience and architectural discipline, particularly as organizations face even greater reliance on cloud infrastructure, is part of Fortitude Re CISO Elliott Franklin’s resolutions. “Our approach will focus on well-structured project management and intentional design,” he says.
Any new initiative will start with a clear architectural plan and a deep understanding of end-to-end dependencies and potential points of failure. “By taking a thoughtful, engineering-driven approach — rather than reacting to outages or disruptions — we aim to strengthen the stability, scalability, and reliability of our systems,” he says. “This foundation enables the business to move with confidence, knowing our technology and security investments are built to endure and evolve.”
2. AI will dominate the agenda
Standard Chartered group CISO Cezary Piekarski expects his agenda to be dominated by AI in two ways: defining both the threat landscape and defensive architecture.
“Speed is essential when mitigating attacks so leveraging AI and orchestration tools allows us to quickly automate detection and streamline incident response,” Piekarski says. “This reduces dwell time significantly and accelerates remediation, ensuring that threats are contained before they escalate.”
As new attack surfaces emerge with AI-driven applications and systems, Piekarski’s priorities will focus on defending and hardening the environment against AI-enabled threats and tactics. “It’s harnessing the opportunities of AI across the cyber stack and enabling the bank to use AI securely and safely.”
Qiagen CISO Daniel Schatz expects artificial intelligence to remain a core theme across 2026 “in terms of using AI to improve security controls and operations, and ensuring AI is securely integrated into products.”
He expects a notable escalation in the sophistication and scale of generative AI enabled threats.
“What we have observed so far are largely handcrafted AI-supported campaigns, but they will likely evolve into more automated and industrialized social-engineering operations, following the same pattern seen with most emerging threats,” Schatz says. “With generative AI becoming ubiquitous, technologies that help organizations understand, manage, and secure the AI attack surface will quickly rise in importance. It’s critical that the industry embeds appropriate security controls from the start, so we avoid repeating the mistakes seen during the early days of web development.”
3. Achieve visibility and control, especially with AI
The priority for Conal Gallagher, Flexera’s CIO and CISO, is balancing productivity with protecting intellectual property as Flexera teams use AI tools and chatbots. “We’re working to standardize trusted, enterprise-grade AI solutions, while putting controls in place to prevent data leakage from unsanctioned tools.”
In practice, SaaS management and discovery tools will be used to get a handle on shadow IT and unsanctioned AI usage. Automation for compliance and reporting will be important as customer and regulatory requirements around ESG and security continue to grow, along with threat intelligence feeds and vulnerability management solutions that help Gallagher and the team stay ahead of what’s happening in the wild.
“The common thread is visibility and control; we need to know what’s in our environment, how it’s being used, and that we can respond quickly when things change,” he tells CSO.
4. Manage human and non-human identities
Schatz is focused on managing human and non-human identities. He expects technologies that enable effective identity management will continue to be critical. “Human identities remain challenging to protect, and non-human identities are only beginning to grow in scale with the emergence of agentic AI,” he says.
With a similar plan, Franklin is prioritizing identity and privilege management — across both human and non-human identities.
“It’s [about] ensuring that service accounts, APIs, and automation tools are governed with the same rigor as user accounts,” Franklin says. “As automation grows, effectively managing these digital identities will be critical to maintaining trust, traceability, and control in complex environments.”
The goal is to strengthen the organization’s overall resilience while enabling productivity and collaboration.
5. Build security into agentic AI products
Some are prioritizing building security directly into agentic AI products to mitigate sophisticated attacks. “We’re moving beyond simply trying to stop AI risks to engineering security directly into our agentic solutions, ensuring the secure path to innovation is the fastest path for our teams,” Qualtrics CSO Assaf Keren says.
Keren will be utilizing AI to strengthen security capabilities, automate and accelerate internal functions like SOC triage and control testing.
6. Link security with trust
For Keren, 2026 is also about making security a visible trust signal, not just a back-office function. He’s looking to transform security into a proactive, transparent partnership with their customers.
“Customers are making purchasing decisions based on how organizations handle data and AI. Treating security as a go-to-market advantage, not just risk mitigation,” he tells CSO.
This means getting certified with FedRAMP High, ISO 42001 for AI, being transparent about security practices, and making security posture a visible part of the value proposition. “Organizations that can credibly demonstrate robust security and responsible AI practices will win customers who are increasingly making decisions based on trust.”
7. Develop a quantum readiness plan
“Quantum computing poses significant cyber risks by potentially breaking current encryption methods, impacting data security, and enabling new attack vectors,” says Piekarski.
With this in mind, Piekarski and the team are actively preparing for what lies ahead and that means quantum threats. “In 2026, we’ll continue progress on our multi-year, resilient cryptography preparedness strategy to meet the challenges of the emerging threat and address associated risks,” he says.
Jon France, CISO, ISC2, urges CISOs to prepare for post-quantum cryptography. This involves reviewing their own organization and systems and then turning to their vendors and partners about their readiness.
“The roadmap includes a cryptographic inventory and then asking [vendors] ‘what are you doing on quantum and what’s your roadmap?’ There will be some things you’ll have to sunset, probably earlier than you thought, so you have to plan around that,” he says.
8. Protect people, not just systems
In 2026 and beyond, security strategies will need to consider workforce resilience, not only tools, controls, and compliance as stress and skills transformation permanently reshape the cyber workforce.
With burnout an ever-present problem, AI changing skills and jobs, and economic conditions putting pressure on budgets, CISOs must look after the wellbeing of their teams as much as the technology.
“Looking after the team while leveraging the team but without killing them is on our agenda,” says France.
9. Spot breaches early
As cloud systems expand and supply chains stretch further, the old idea of total prevention is fading fast. CISOs will be under increasing pressure to prioritize detection and response in their security program.
“The strongest security programs won’t be the ones that stop every breach, they’ll be the ones that spot them first,” says Jan Bee, TeamViewer’s CISO.
Bee believes that instead of building a fortress around the organization, CISOs will need to favor visibility and speed. “In the age of agentic AI and hyperconnected SaaS, that speed will be everything,” says Bee. “The organizations that can see trouble coming in seconds will stay ahead of even the most heavily defended but slow-to-react peers.”
10. Get ahead of the threat curve
“Organizations tend to move at a somewhat slower pace, so looking ahead at the developing threat landscape and pre-positioning appropriately is essential as we close the year’s budgeting cycle,” says Schatz.
On his agenda is reviewing established sources such as the WEF Cybersecurity Outlook, the ENISA Threat Landscape and the ISF Threat Horizon.
“It helps to set expectations and allows for more realistic planning of risk controls over the next 12-36 months,” he tells CSO.
11. Close the communications gap
CISOs, boards and IT leaders must align around a shared language of resilience — which treats security as a business priority not simply a technical measure.
Many boards still view security as a compliance or cost issue, while CISOs talk in terms of risk and continuity, according to Bee. “That communication gap creates blind spots that attackers can exploit,” he says. “As cyber risk becomes inseparable from business risk, boards and CISOs will be forced to collaborate more closely, translating technical threats into financial, reputational, and operational impacts that executives can act on.”
CISOs should focus on storytelling, not just reporting. “This means connecting threat intelligence to business outcomes in clear, strategic terms.”
Boards, in turn, need to treat cyber resilience as a competitive advantage, not a line item. “The companies that close the cultural gap between security and strategy will be the ones that recover faster, and inspire greater investor confidence when incidents inevitably occur,” Bee says.
12. Deliver outcomes, not vibes
“In 2026, execution will matter more than experimentation,” says Gallagher.
In practice, he will be adopting a disciplined approach that emphasizes transparency, governance, and measurable outcomes across the security program. “Every initiative will be measured by its ability to tie spend to ROI and tangible risk reduction,” he tells CSO.
AI initiatives, in particular, are likely to come under real scrutiny to show outcomes and effective business use cases as the excitement and buzz of 2025 settles.
“It feels like 2026 is about making AI a business engine, not a science project,” he says.
View the full article

• 0 comments
• 42 views

CSOonline

January 5Jan 5

Was ist Federated Identity Management?

Was ist Federated Identity Management?

PeachShutterStock | shutterstock.com
Im Kern der Enterprise Security steht die Zerreißprobe zwischen Benutzerkomfort und Security-Anforderungen. Dabei handelt es sich um einen Balanceakt, der regelmäßig auf Authentifizierungsebene ausgetragen wird und sich direkt auf das Onboarding- und Anmeldeerlebnis auswirkt. Geht es darum diesen Konflikt aufzulösen, steht Federated Identity an vorderster Front: Sie kann eine gute User Experience bieten, ohne dabei das Sicherheitsniveau zu beeinträchtigen.
Federated Identity Management – Definition
Identity & Access Management (IAM) ist der übergeordnete Bereich, in dem es um digitale Identitäten und Zugriffsmanagement geht. Federated Identity Management (oder förderiertes Identitätsmanagement) ist eine IAM-Kategorie, die darauf fokussiert, ein einziges Authentifizierungsereignis sicher zu ermöglichen, um mehrere Interaktionen oder den Austausch von Identitätsinformationen abzudecken. Mit anderen Worten: Federated Identity Management (FIM) ermöglicht vielen Diensten, eine einzige digitale Identität gemeinsam zu nutzen. Ein Beispiel für den praktischen Einsatz von FIM wäre, wenn Sie sich bei Twitter mit ihrem Google-Konto anmelden.
Föderiertes Identitätsmanagement kann der Benutzererfahrung, der allgemeinen Sicherheit und der Ausfallsicherheit zuträglich sein. Dafür gilt es, folgende Kompromisse einzugehen:
erhöhte architektonische Komplexität,
Bindung an einen bestimmten Anbieter und
mögliche Servicekosten.
Federated Identity Management wird bisweilen mit Single Sign-On (SSO) in einen Topf geworfen. Genau genommen ist SSO allerdings eine Funktion von FIM – und einer seiner wesentlichen Use Cases, den wir im Folgenden näher betrachten. Zuvor noch ein Hinweis: Das Thema Self-Sovereign Identity (oder dezentrale Identität) ist wieder eine andere Baustelle.
Anwendungsfall (Federated) Single-Sign On
Man unterscheidet zwei Arten von Single Sign-on: Einerseits das, was für Anwendungen innerhalb einer einzelnen Organisation gilt, und andererseits das, was organisationsübergreifend gilt. Ersteres wird in der Regel einfach als Single Sign-on bezeichnet, manchmal auch als “Enterprise Single Sign-on”. Letzteres fällt unter den Begriff Federated Single Sign-on (FSSO).
Die High-Level-Architektur, um beide SSO-Formen abzudecken, sieht folgendermaßen aus:
Der Blick auf eine High-Level-SSO-Architektur.
Foto: Foundry / Matthew Tyson
In jedem Fall erfordert Federated Identity Management eine zentrale Institution, die die gemeinsamen Anmeldeinformationen zwischen den verschiedenen Diensten vermittelt. Dabei kann es sich um einen Identity Manager handeln, der:
von der Organisation selbst erstellt wurde (etwa unter Verwendung von Active Directory).
über einen Identitätsanbieter in unterschiedlichem Umfang bereitgestellt wird.
Enterprise Single Sign-on deckt oft Situationen ab, in denen sich Mitarbeiter mehrfach bei internen Systemen anmelden müssen, beispielsweise an HR-Portal und IT-Ticketsystem. Dieses Konzept birgt offensichtliche UX-, aber auch systemische Probleme, weil Identitätsinformationen über heterogene Systeme verteilt werden. Dieser Umstand beeinträchtigt die Sicherheit und erschwert es, Richtlinien durchzusetzen. So müssen etwa bei On- und Off-Boarding eines Mitarbeiters gleich zwei verschiedene Datenspeicher geändert werden.
Federated Single Sign-on ermöglicht die gemeinsame Nutzung von Anmeldeinformationen über Unternehmensgrenzen hinweg. Als solches stützt es sich in der Regel auf eine große, gut etablierte Einheit mit weitreichendem Trust – beispielsweise Google, Microsoft oder Amazon. Selbst eine kleine Applikation kann relativ einfach um die Option “Anmelden bei Google” ergänzt werden und den Nutzern eine einfache Anmeldemöglichkeit bieten, bei der sensible Informationen in den Händen der großen Organisation bleiben.
Federated SSO implementieren
Der Aufbau einer Federated SSO-Lösung richtet sich nach den jeweils spezifischen Anforderungen. Die allgemeinen Schritte sind dabei jedoch identisch:
Identity Provider einrichten: Entweder, Sie stellen eine zentralisierte Identity Infrastructure bereit oder Sie richten ein Konto bei einem Federated-Identity-Anbieter ein (Google, Microsoft, Okta). Auch eine Möglichkeit: Sie kreieren eine Mischform.
Provider mit Anwendungsinformationen füttern: So konfigurieren Sie den Identity Provider und schaffen die Grundlage, dass sich Applikationen mit dem Anbieter verbinden können.
Provider-Anmeldeinformationen hinzufügen: Diese werden Sie im nächsten Schritt verwenden, um Ihren Anwendungen mitzuteilen, wie sie sich authentifizieren sollen.
Applikationen einrichten: In Ihrem Anwendungscode fügen Sie Abhängigkeiten für die Authentifizierung und Interaktion mit dem Identity-Provider-Service hinzu.
Neue Authentifizierung integrieren: Mit dem konfigurierten SSO-Service haben Ihre Benutzer eine Möglichkeit, sich zu authentifizieren. Das funktioniert auch in “transparent”: Anwendungen erkennen und authentifizieren User mit einer Live-Session bei einem anderen Service automatisch.
Weil es eine einfache Lösung ist, entscheiden sich die meisten Unternehmen heute für einen Cloud Identity Provider im Rahmen eines SaaS-Angebots – sowohl, wenn es um Enterprise als auch wenn es um Federated SSO geht.
SSO-Protokolle implementieren
Für SSO-Interaktionen werden im Wesentlichen drei Protokolle verwendet: SAML, OIDC und OAuth 2.0. Je nachdem, welches Protokoll der von Ihnen verwendete Identity-Anbieter unterstützt, werden Sie eines davon verwenden, um die sicheren Token-Informationen zwischen Ihren Anwendungen zu übermitteln. Jedes der Protokolle stellt einen offenen Standard dar, der auf einen bestimmten Anwendungsfall ausgerichtet ist.
SAML ist ein XML-basiertes Protokoll, das häufig in Unternehmen verwendet wird, um Enterprise SSO zu unterstützen oder um zwischen verschiedenen Business-Service-Anbietern hin- und herzuspringen. Es kann auch für die allgemeine gemeinsame Nutzung von Identitäten verwendet werden, einschließlich Federated SSO (insofern der Identity Provider das unterstützt).
OAuth 2.0 ist ein Authentifizierungsprotokoll, das die gemeinsame Nutzung von Ressourcendaten zwischen Anbietern auf der Grundlage der Zustimmung des Benutzers ermöglicht. Oauth fokussiert auf die gemeinsame Nutzung der Authentifizierung zwischen Diensten ohne die Angabe von Anmeldeinformationen.
OIDC (OpenID Connect) stellt eine auf OAuth 2.0 aufbauende Schicht dar, die in der Regel für Social Logins (etwa “Sign in with GitHub”) verwendet wird. OIDC enthält einige Erweiterungen gegenüber OAuth, einschließlich Identity Assertions, Userinfo API und Standard Discovery – standardisierte Mechanismen für die sichere Bereitstellung und Nutzung von Identitätsinformationen.
Diese Protokolle kommen einzeln oder im Kombination mit anderen Technologien zum Einsatz. So können beispielsweise JSON Web Token verwendet werden, um OAuth 2.0 Credential Token-Informationen in einem sichereren Format zu kapseln.
Glücklicherweise ist der Prozess zur Implementierung dieser Protokolle umfassend dokumentiert und wird von einer Vielzahl von Technologie-Stacks unterstützt. Der größte Teil der Arbeit wird durch Abstraktionen auf höherer Ebene in vielen Sprachen und Frameworks gekapselt. Spring Security bietet beispielsweise SSO-Unterstützung, ebenso wie Passport im NodeJS/Express-Ökosystem. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 39 views

CSOonline

January 5Jan 5

Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht

Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht

DC Studio | shutterstock.com
Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues – eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity- und IT-Profis befragt, zu deren Aufgaben es gehört, Cloud-Umgebungen abzusichern. Demnach:
haben 28 Prozent der Befragten im vergangenen Jahr einen Breach in Zusammenhang mit der Cloud oder SaaS-Applikationen verzeichnet. sehen 24 Prozent falsch konfigurierte Services als das größte Risiko für ihre Cloud-Umgebung an. Qualys nahm für seine Studie außerdem rund 44 Millionen virtuelle Maschinen (VMs) unter die Lupe, die in Public Clouds gehostet werden. Dabei stellten die Experten fest, dass 45 Prozent der AWS-VMs, 63 Prozent der GCP-VMs und 70 Prozent der Azure-VMs über falsch konfigurierte Ressourcen verfügten.
Die häufigsten Cloud-Konfigurationsfehler
Laut Ayan Roy, Leiter des Bereichs Cybersicherheit bei EY Americas, aktivieren Unternehmen zwar durchaus bestimmte Cloud-Security-Funktionen, allerdings nicht alle. So blieben Logging, Monitoring und Multi-Faktor-Authentifizierung (MFA) in vielen Fällen unbeachtet: “Unternehmen wollen schnell vorankommen, und die Time-to-Value ist absolut entscheidend. Wenn Cybersicherheitsteams jedoch nicht in diese Entscheidungen eingebunden werden, beginnen die Probleme. So können die Sicherheitsprofis oft nur nachträglich Maßnahmen ergreifen.”
Einen weiteren blinden Fleck in Sachen Cloud Security sieht Roy während Fusionen und Übernahmen. Er mahnt Unternehmen dazu, in solchen Fällen proaktiv vorzugehen: “Führen Sie eine Due Diligence durch, berücksichtigen Sie diese auch und stellen Sie sicher, dass Sie den richtigen Cybersecurity-Investitionsplan haben.”
Laut Scott Wheeler, Cloud Practice Lead bei Asperitas, treten mit steigender Unternehmensgröße auch weniger Cloud-Konfigurationsfehler auf. Das liegt laut dem Cloud-Experten vor allem an der Aufsicht durch Regulierungsbehörden. Kleine Firmen hätten hingegen enorme Probleme, da sie weder über das Personal noch die nötigen Tools verfügten, um Risiken im Zusammenhang mit der Cloud-Konfiguration zu managen – etwa exponierte Speicher-Buckets oder Web Services.  
“Das gesamte Konzept von Zero Trust basiert auf der Tatsache, dass man den Zugriff auf das benötigte Minimum beschränken kann. Aber das ist in der Praxis schwer zu bewerkstelligen”, erklärt Wheeler. Oftmals würden während der Entwicklung Berechtigungen erweitert und nach der Inbetriebnahme nicht wieder zurückgesetzt, wie er beispielhaft anführt. Der regelmäßig größte Fehler, den Wheeler beobachtet, sind jedoch Datenbanken oder andere Cloud-Assets, die über nicht sichere, private Netzwerke kommunizieren. “Viele dieser Services unterstützen das nicht ‘out of the box’. Es erfordert einiges an Arbeit, sie so zu konfigurieren, dass ausschließlich privater Netzwerkverkehr in private Cloud- oder lokale Umgebungen fließt. Das ist ein großes Problem, das oft von kriminellen Hackern ausgenutzt wird.”
Und auch wenn viele Anbieter versprechen, dass KI auch Cloud Security einfacher, kostengünstiger und effektiver gestalten wird: Sie sollten nicht damit rechnen, dass Cloud-Konfigurationsprobleme schon morgen der Vergangenheit angehören. Bis KI-Agenten soweit sind, dass sie das zuverlässig übernehmen können, wird noch ein bisschen Zeit ins Land ziehen.
9 Tipps für sicherere Cloud-Konfigurationen
Tun können Sie dennoch etwas gegen fehlerhafte Cloud-Konfigurationen. Zum Beispiel:
1. Multi-Faktor-Authentifizierung implementieren
MFA sollte für jede Form von Cloud-Zugriff zur Anwendung kommen, nicht nur für bestimmte Benutzer.
2. Private Netzwerke für alle Services nutzen
Konfigurieren Sie Datenbanken und Cloud-Dienste so, dass sie nur über private Netzwerke und nicht über das öffentliche Internet kommunizieren.
3. Daten verschlüsseln
Datenverschlüsselung sollte für alle neuen und bestehenden Ressourcen standardmäßig aktiviert sein. Angesichts des nahenden Quanten-Zeitalters empfiehlt es sich für Unternehmen bereits jetzt auf quantensichere Verschlüsselungsalgorithmen zu setzen, um sich gegen sogenannte “Harvest now, decrypt later”-Angriffe zu schützen.
4. Least-Privilege-Zugriffskontrollen anwenden
Benutzern und Systemen Zugriff auf möglichst wenige Ressourcen zu gewähren, ist ein Grundpfeiler moderner Zero-Trust-Sicherheitsprinzipien. Konten mit übermäßigen Berechtigungen können schnell zu Datenverlust führen, wenn sie missbraucht werden.
5. Infrastructure as Code verwenden
Wenn Administratoren oder Benutzer Änderungen an Cloud-Konfigurationen in den Cloud-Management-Konsolen vornehmen, ist es oft schwierig, diese nachzuvollziehen – und rückgängig zu machen, wenn etwas schiefgeht. Das Prinzip von Infrastructure as Code hilft an dieser Stelle: Verwenden Sie entsprechende Konfigurationsmanagement-Tools, um sämtliche Änderungen anhand von Richtlinien zu überprüfen, nachzuverfolgen und auditieren zu können.
6. Kontinuierlich scannen
Einmal bei der Ersteinrichtung der Cloud-Ressourcen zu überprüfen, ob die Konfigurationen aktuell sind, reicht nicht aus. Unternehmen müssen sicherstellen, dass sich nichts verändert. Zu diesem Zweck haben einige Cloud-Anbieter native Tools im Angebot. Lösungen aus dem Bereich Cloud Security Posture Management (CSPM) können außerdem dabei unterstützen, Lücken zu schließen oder Multi-Cloud-Umgebungen zu überwachen.
7. Speicher-Buckets sperren
Unsichere Amazon-S3-Buckets waren vor einigen Jahren bei Cyberkriminellen sehr populär – und sind nach wie vor ein gängiges Problem für Unternehmen. Um sicherzustellen, dass der Storage standardmäßig privat ist, empfehlen sich Bucket Policies und -Zugriffskontrollen.
8. Logging und Monitoring einziehen
Viele Unternehmen überwachen essenzielle Cloud Services, dabei bleibt Schatten-IT jedoch oft außen vor. Das ist weniger ein technologisches, als vielmehr ein Management-Problem und lässt sich durch bessere Kommunikation mit den Geschäftsbereichen und einen disziplinierteren Ansatz bei der Bereitstellung von Technologien lösen.
9. Security by Design verinnerlichen
Integrieren Sie Sicherheit von Anfang an in Ihre Cloud-Architektur – es ist immer deutlich schwieriger, nachträglich aufzurüsten. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 86 views

CSOonline

January 5Jan 5

Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht

Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht

DC Studio | shutterstock.com
Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues – eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity- und IT-Profis befragt, zu deren Aufgaben es gehört, Cloud-Umgebungen abzusichern. Demnach:
haben 28 Prozent der Befragten im vergangenen Jahr einen Breach in Zusammenhang mit der Cloud oder SaaS-Applikationen verzeichnet. sehen 24 Prozent falsch konfigurierte Services als das größte Risiko für ihre Cloud-Umgebung an. Qualys nahm für seine Studie außerdem rund 44 Millionen virtuelle Maschinen (VMs) unter die Lupe, die in Public Clouds gehostet werden. Dabei stellten die Experten fest, dass 45 Prozent der AWS-VMs, 63 Prozent der GCP-VMs und 70 Prozent der Azure-VMs über falsch konfigurierte Ressourcen verfügten.
Die häufigsten Cloud-Konfigurationsfehler
Laut Ayan Roy, Leiter des Bereichs Cybersicherheit bei EY Americas, aktivieren Unternehmen zwar durchaus bestimmte Cloud-Security-Funktionen, allerdings nicht alle. So blieben Logging, Monitoring und Multi-Faktor-Authentifizierung (MFA) in vielen Fällen unbeachtet: “Unternehmen wollen schnell vorankommen, und die Time-to-Value ist absolut entscheidend. Wenn Cybersicherheitsteams jedoch nicht in diese Entscheidungen eingebunden werden, beginnen die Probleme. So können die Sicherheitsprofis oft nur nachträglich Maßnahmen ergreifen.”
Einen weiteren blinden Fleck in Sachen Cloud Security sieht Roy während Fusionen und Übernahmen. Er mahnt Unternehmen dazu, in solchen Fällen proaktiv vorzugehen: “Führen Sie eine Due Diligence durch, berücksichtigen Sie diese auch und stellen Sie sicher, dass Sie den richtigen Cybersecurity-Investitionsplan haben.”
Laut Scott Wheeler, Cloud Practice Lead bei Asperitas, treten mit steigender Unternehmensgröße auch weniger Cloud-Konfigurationsfehler auf. Das liegt laut dem Cloud-Experten vor allem an der Aufsicht durch Regulierungsbehörden. Kleine Firmen hätten hingegen enorme Probleme, da sie weder über das Personal noch die nötigen Tools verfügten, um Risiken im Zusammenhang mit der Cloud-Konfiguration zu managen – etwa exponierte Speicher-Buckets oder Web Services.  
“Das gesamte Konzept von Zero Trust basiert auf der Tatsache, dass man den Zugriff auf das benötigte Minimum beschränken kann. Aber das ist in der Praxis schwer zu bewerkstelligen”, erklärt Wheeler. Oftmals würden während der Entwicklung Berechtigungen erweitert und nach der Inbetriebnahme nicht wieder zurückgesetzt, wie er beispielhaft anführt. Der regelmäßig größte Fehler, den Wheeler beobachtet, sind jedoch Datenbanken oder andere Cloud-Assets, die über nicht sichere, private Netzwerke kommunizieren. “Viele dieser Services unterstützen das nicht ‘out of the box’. Es erfordert einiges an Arbeit, sie so zu konfigurieren, dass ausschließlich privater Netzwerkverkehr in private Cloud- oder lokale Umgebungen fließt. Das ist ein großes Problem, das oft von kriminellen Hackern ausgenutzt wird.”
Und auch wenn viele Anbieter versprechen, dass KI auch Cloud Security einfacher, kostengünstiger und effektiver gestalten wird: Sie sollten nicht damit rechnen, dass Cloud-Konfigurationsprobleme schon morgen der Vergangenheit angehören. Bis KI-Agenten soweit sind, dass sie das zuverlässig übernehmen können, wird noch ein bisschen Zeit ins Land ziehen.
9 Tipps für sicherere Cloud-Konfigurationen
Tun können Sie dennoch etwas gegen fehlerhafte Cloud-Konfigurationen. Zum Beispiel:
1. Multi-Faktor-Authentifizierung implementieren
MFA sollte für jede Form von Cloud-Zugriff zur Anwendung kommen, nicht nur für bestimmte Benutzer.
2. Private Netzwerke für alle Services nutzen
Konfigurieren Sie Datenbanken und Cloud-Dienste so, dass sie nur über private Netzwerke und nicht über das öffentliche Internet kommunizieren.
3. Daten verschlüsseln
Datenverschlüsselung sollte für alle neuen und bestehenden Ressourcen standardmäßig aktiviert sein. Angesichts des nahenden Quanten-Zeitalters empfiehlt es sich für Unternehmen bereits jetzt auf quantensichere Verschlüsselungsalgorithmen zu setzen, um sich gegen sogenannte “Harvest now, decrypt later”-Angriffe zu schützen.
4. Least-Privilege-Zugriffskontrollen anwenden
Benutzern und Systemen Zugriff auf möglichst wenige Ressourcen zu gewähren, ist ein Grundpfeiler moderner Zero-Trust-Sicherheitsprinzipien. Konten mit übermäßigen Berechtigungen können schnell zu Datenverlust führen, wenn sie missbraucht werden.
5. Infrastructure as Code verwenden
Wenn Administratoren oder Benutzer Änderungen an Cloud-Konfigurationen in den Cloud-Management-Konsolen vornehmen, ist es oft schwierig, diese nachzuvollziehen – und rückgängig zu machen, wenn etwas schiefgeht. Das Prinzip von Infrastructure as Code hilft an dieser Stelle: Verwenden Sie entsprechende Konfigurationsmanagement-Tools, um sämtliche Änderungen anhand von Richtlinien zu überprüfen, nachzuverfolgen und auditieren zu können.
6. Kontinuierlich scannen
Einmal bei der Ersteinrichtung der Cloud-Ressourcen zu überprüfen, ob die Konfigurationen aktuell sind, reicht nicht aus. Unternehmen müssen sicherstellen, dass sich nichts verändert. Zu diesem Zweck haben einige Cloud-Anbieter native Tools im Angebot. Lösungen aus dem Bereich Cloud Security Posture Management (CSPM) können außerdem dabei unterstützen, Lücken zu schließen oder Multi-Cloud-Umgebungen zu überwachen.
7. Speicher-Buckets sperren
Unsichere Amazon-S3-Buckets waren vor einigen Jahren bei Cyberkriminellen sehr populär – und sind nach wie vor ein gängiges Problem für Unternehmen. Um sicherzustellen, dass der Storage standardmäßig privat ist, empfehlen sich Bucket Policies und -Zugriffskontrollen.
8. Logging und Monitoring einziehen
Viele Unternehmen überwachen essenzielle Cloud Services, dabei bleibt Schatten-IT jedoch oft außen vor. Das ist weniger ein technologisches, als vielmehr ein Management-Problem und lässt sich durch bessere Kommunikation mit den Geschäftsbereichen und einen disziplinierteren Ansatz bei der Bereitstellung von Technologien lösen.
9. Security by Design verinnerlichen
Integrieren Sie Sicherheit von Anfang an in Ihre Cloud-Architektur – es ist immer deutlich schwieriger, nachträglich aufzurüsten. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 83 views

CSOonline

January 5Jan 5

CES 2026: Belkin Announces Magnetic Ring Power Bank, Modular Dock, and More

CES 2026: Belkin Announces Magnetic Ring Power Bank, Modular Dock, and More

Belkin today announced a range of new charging and connectivity accessories at CES 2026, expanding its portfolio of products aimed at Apple device users.

UltraCharge Pro Power Bank 10K with Magnetic Ring

The lineup includes new Qi2 and Qi2.2 wireless chargers, magnetic power banks, a high-capacity laptop battery, and USB-C productivity accessories, with an emphasis on higher charging speeds, modular designs, and broader device compatibility. Most of the products are scheduled to launch across the first half of 2026. The key product announcements included:


UltraCharge Pro Power Bank 10K with Magnetic Ring ($99.99): A compact 10,000 mAh power bank supporting up to 25W Qi2.2 wireless charging and 30W wired USB-C charging simultaneously, featuring a secondary magnetic ring that allows accessories like wallets, grips, or stands to remain attached while charging. Includes pass-through charging, a built-in kickstand, and a digital display. Launches February 2026.
UltraCharge Modular Charging Dock ($64.99): A Qi2.2-powered 3-in-1 charging dock that wirelessly charges a phone at up to 25W, earbuds on a secondary pad, and a smartwatch using a bring-your-own charging puck system with included spacers for the Apple Watch, Samsung Galaxy Watch, and Google Pixel Watch models. Powered by a 45W USB-C adapter and designed for compact travel use. Launches Q1 2026.

UltraCharge Modular Charging Dock


BoostCharge Slim Magnetic Power Bank with Stand (5K) ($59.99): An ultra-slim magnetic power bank delivering up to 15W Qi2 wireless charging and 20W via USB-C, with a built-in stand for hands-free viewing, pass-through charging support, and a pocket-friendly design. Launches Q2 2026.
BoostCharge Slim Magnetic Power Bank with Stand (10K) ($84.99): A higher-capacity slim magnetic power bank offering up to 15W Qi2 wireless charging and 30W USB-C output, while maintaining a thin, travel-ready form factor with an integrated stand and soft-touch exterior. Launches Q2 2026.
UltraCharge Pro Laptop Power Bank 27K ($149.99): A high-capacity 27,000 mAh portable battery delivering up to 240W of total output, including a single USB-C output capable of up to 140W for fast-charging laptops such as a MacBook Pro, alongside an integrated braided USB-C cable, smart battery display, and airline-compliant design. Launches March 2026.

UltraCharge Pro Laptop Power Bank 27K


UltraCharge Pro 2-in-1 Convertible Charger ($99.99): A compact, foldable wireless charger that powers an iPhone at up to 25W via Qi2 while simultaneously fast-charging an Apple Watch using an integrated MFi-certified watch puck, with a 45W power adapter and 5 ft. USB-C cable included. Launches March 2026.
ConnectAir Wireless HDMI Display Adapter ($149.99): A plug-and-play wireless HDMI solution that allows USB-C devices, including iPhones, iPads, and Macs that support DisplayPort Alt Mode, to mirror or extend displays at 1080p/60Hz with under 80ms latency, without requiring Wi-Fi, apps, or drivers. Supports up to eight transmitters for multi-user screen sharing. Launches Q1 2026.
Connect 8-Port Dual Display USB-C Hub ($99.99): A productivity-focused USB-C hub for MacBooks and other laptops, supporting up to 100W power delivery passthrough, Ethernet, USB peripherals, and external displays, with dual 4K output on Windows or a single 4K display on macOS, plus a built-in monitor privacy button for instant screen disabling. Launches Q2 2026.

UltraCharge Pro 2-in-1 Convertible Charger

Availability will vary by market, and several products will ship in stages through the first and second quarters of 2026. Belkin says further details on regional availability and compatibility will be provided closer to launch via its website and retail partners.Tags: Belkin, CES 2026
This article, "CES 2026: Belkin Announces Magnetic Ring Power Bank, Modular Dock, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

January 4Jan 4

AirPods New Year's Deals Include Up to $99 Off AirPods Max, AirPods Pro 3, and AirPods 4

AirPods New Year's Deals Include Up to $99 Off AirPods Max, AirPods Pro 3, and AirPods 4

Now that the calendar has flipped over into January, steep discounts on popular Apple products have become more rare after the holidays. However, if you didn't get a new pair of AirPods recently and are looking for a model on sale, Amazon does have a few solid second-best prices this week.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This includes the AirPods 4 for $99.00, down from $129.00, the AirPods Pro 3 for $219.99, down from $249.00, and the AirPods Max for $449.99, down from $549.00. Most of these AirPods will arrive around January 9 with free shipping options, but Prime members should see delivery dates within the next few days in most cases.

$30 OFFAirPods 4 for $99.00
$29 OFFAirPods Pro 3 for $219.99
$99 OFFAirPods Max for $449.99

It's also worth noting that if you prefer to shop at Best Buy, you'll find all of these sales being matched at that retailer right now. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirPods New Year's Deals Include Up to $99 Off AirPods Max, AirPods Pro 3, and AirPods 4" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 45 views

reporter

January 4Jan 4

CES 2026: Govee Announces New Matter-Connected Ceiling and Floor Lights

CES 2026: Govee Announces New Matter-Connected Ceiling and Floor Lights

Govee today introduced three new HomeKit-compatible lighting products, including the Govee Floor Lamp 3, the Govee Ceiling Light Ultra, and the Govee Sky Ceiling Light.


The Govee Floor Lamp 3 is the successor to the Floor Lamp 2, and it offers Matter integration with the option to connect to HomeKit. The Floor Lamp 3 offers an upgraded LuminBlend+ lighting system that can reproduce 281 trillion colors, and it supports 1000K to 10000K light temperature range.

LuminBlend+ is a color management system that offers accurate, true-to-life colors across any setting thanks to proprietary Gamma calibration. It supports an ultra-wide spectrum of lighting moods, and will be coming to additional Govee lights in 2026.

Govee's 21-inch Matter-compatible Ceiling Light Ultra has a 616-LED matrix that can render detailed patterns and scenes. Visuals can be created with up to eight distinct layers of motion, color, and shapes, plus there are 20+ presets to choose from. Govee says that it provides sufficient illumination for family areas while also offering a natural, true-to-life appearance across objects and skin tones. The light offers 5000 lumen brightness for spaces between 200 and 300 square feet, and there is a 2700K to 6500K tunable white range that can shift throughout the day.


The 21-inch Sky Ceiling Light is meant to mimic natural daylight using a custom-engineered LED and gradient illumination to recreate sky tones from daytime blue to warm sunset gradients. It offers calming blue light that Govee says feels like looking up into a clear sky, with edge-mounted LEDs so that it looks like an architectural skylight. The light provides up to 5200 lumens of brightness, and it is designed to light spaces between 200 and 300 square feet. Like Govee's other lights, it supports Matter so it can be added to the Apple Home app.


Govee is also announcing AI Lighting Bot 2.0, which uses generative models to create lighting that is more "expressive, intuitive, and emotionally responsive." Light strips and permanent lights are able to react to mood or context in real-time and learn behaviors.

Graphic lighting can use AI Lighting Bot 2.0 to generate animated visuals, with the AI capabilities available across a range of Govee products.

A new DaySync circadian lighting feature is also being incorporated into Govee lights. DaySync matches indoor lighting to the time of day with preset options that automatically adjust brightness, color, and color temperature for more natural home lighting.

More information is available on Govee's website, with pricing and availability of the new devices set to be announced at a later date.Tag: CES 2026
This article, "CES 2026: Govee Announces New Matter-Connected Ceiling and Floor Lights" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 4Jan 4

Amazon Takes $50 Off Apple Watch SE 3, Starting at $199

Amazon Takes $50 Off Apple Watch SE 3, Starting at $199

Amazon this weekend has the Apple Watch SE 3 on sale at all-time low prices, starting at $199.00 for the 40mm GPS model. These prices are matching the Black Friday discounts we tracked in November, but stock is low, particularly on the 40mm GPS model.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. The 44mm GPS device is available in Midnight and Starlight Aluminum at this price, while the 40mm GPS model is only available in Starlight.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

In addition to the Apple Watch SE 3 discounts, Amazon has $100 off the Apple Watch Series 11 right now, which are record low prices on the wearables. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Takes $50 Off Apple Watch SE 3, Starting at $199" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

January 3Jan 3

Top Stories: Apple's 2026 Plans, iPhone Fold Mockup Hands-On, and More

Top Stories: Apple's 2026 Plans, iPhone Fold Mockup Hands-On, and More

Happy New Year! We're kicking off 2026 with a look at everything we're expecting to see from Apple this year, including several new product categories, although hopefully Apple also has some surprises in store for us.


We also went hands-on with a speculative 3D-printed mockup of one of those key new products, the so-called "iPhone Fold," while this week also saw Fitness+ updates for those New Year's resolutions, some unreleased early prototype AirPods cases in fun colors, and more, so read on below for all the details on these stories and more!

Top Stories

Everything Apple Is Releasing in 2026: iPhone Fold, LLM Siri, Low-Cost MacBook and More

If rumors are accurate, 2026 is going to be a huge year for Apple. We're expecting the first foldable iPhone, an all-new home hub device, updated displays, and possibly, the first OLED MacBook Pro and the first AI smart glasses.


Apple will split its iPhone launches, introduce a low-cost MacBook, and debut a much smarter, LLM-based version of Siri. In our 2026 guide, we've outlined everything we know about the new products coming from Apple this year, based on current rumors.

Got a New iPhone 17? How to Use All the New Features

Apple's iPhone 17, iPhone Air, iPhone 17 Pro, and ‌iPhone 17 Pro‌ Max have been available to buy since September, and a fair few will have been gifted over the holidays.


If you're the proud owner of one of these devices, then make sure to check out our overview of key features available in Apple's latest iPhone models. Whether you're upgrading from an older iPhone or completely new to the devices, our summary of how-tos will help you get the most out your new ‌iPhone‌.

Hands-On With a Rough iPhone Fold Mockup

Apple is rumored to be introducing a foldable iPhone in September 2026, and since it will bring the biggest form factor change since the ‌iPhone‌ was introduced in 2007, curiosity about the design is high. A 3D designer created an "iPhone Fold" design based on rumors, and we printed it out to see how it compares to Apple's current iPhones.


The foldable ‌iPhone‌ is going to be smaller than any current ‌iPhone‌ when it's closed, and it'll be shorter than Samsung's Galaxy foldables. Rumors suggest it'll be somewhere around 5.4 inches, which would make it as small as the now-discontinued ‌iPhone‌ 13 mini.

When unfolded, the upcoming ‌iPhone‌ Fold will be bigger than any ‌iPhone‌ to date, and not too far off in size from the original iPad mini. The current ‌iPad mini‌ has an 8.3-inch screen size, but the first models had a 7.9-inch display.

This new form factor will necessitate some updates to iOS to optimize the user experience, but there are still many unknowns including whether or not the device will support the Apple Pencil.

Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More

The Apple Fitness+ Instagram account this week teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+.


On Friday, Apple announced a series of updates for Fitness+ and Apple Watch activity tracking, including a New Year's activity challenge, a "Quit Quitting" challenge in the Strava app, new multi-week Fitness+ programs to help users stick to their fitness resolutions for 2026, new artist spotlights for workouts, and new Time to Walk episodes.

Apple Tested AirPods in Bright Colors

Apple reportedly tested a version of the first-generation AirPods with bright, iPhone 5c-like colored charging cases.


The images, shared by the Apple leaker and prototype collector known as "Kosutami," claim to show first-generation AirPods prototypes with pink and yellow exterior casings. The interiors of the charging cases and the earbuds themselves remain white.

They seem close to some of the color options offered for the ‌iPhone‌ 5c, which came in blue, green, pink, yellow and white. Apple has only ever released AirPods in white.

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues.


The speculative report argues that market sentiment toward AI spending is beginning to show signs of skepticism, with questions emerging over whether large investments by the likes of OpenAI, Google, and Meta can be justified by near-term revenue. Against that backdrop, Apple's decision to limit AI-specific capital expenditures has left it with more than $130 billion in cash and marketable securities, giving the company the option to pursue acquisitions or partnerships if valuations of AI startups fall.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: Apple's 2026 Plans, iPhone Fold Mockup Hands-On, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 37 views

reporter

January 3Jan 3

Optimize Application Logging With ELK Stack Training

Optimize Application Logging With ELK Stack Training

Introduction: Problem, Context & Outcome
Modern software systems no longer run on a single server or simple architecture. Applications today are distributed across cloud platforms, containers, microservices, and multiple environments. Each component generates logs continuously, creating a huge volume of operational data. When these logs are scattered across systems, engineers struggle to understand what is really happening during failures or performance issues. This often results in slow troubleshooting, extended downtime, and poor user experience.
Elastic Logstash Kibana Full Stake (ELK Stack) Training helps solve this problem by teaching teams how to collect, centralize, search, and visualize logs in real time. In modern DevOps environments, visibility into system behavior is essential for reliable software delivery.
By learning this stack, professionals gain the ability to analyze logs efficiently, identify root causes faster, and improve operational decision-making. This leads to stable systems, faster incident response, and confident deployments. Why this matters:
What Is Elastic Logstash Kibana Full Stake (ELK Stack) Training?
Elastic Logstash Kibana Full Stake (ELK Stack) Training is a comprehensive learning program designed to build strong expertise in centralized logging and observability. The ELK Stack is composed of Elasticsearch, Logstash, and Kibana, which together form a powerful platform for storing, processing, and visualizing data.
For developers and DevOps engineers, ELK Stack replaces manual log inspection with a searchable, structured system. Logs from applications, servers, containers, and cloud services are brought into a single place where they can be analyzed instantly.
In real production environments, ELK Stack is used for application monitoring, infrastructure visibility, security auditing, and operational analytics. This training prepares learners to design, deploy, and maintain ELK solutions that scale with growing business needs. Why this matters:
Why Elastic Logstash Kibana Full Stake (ELK Stack) Training Is Important in Modern DevOps & Software Delivery
DevOps practices focus on speed, reliability, and continuous improvement. As systems become more complex, traditional logging methods fail to provide meaningful insight. ELK Stack has become a critical part of modern DevOps because it enables real-time visibility across the entire delivery pipeline.
This training helps teams address common challenges such as delayed root-cause analysis, inconsistent logging standards, and poor collaboration between development and operations teams. ELK integrates smoothly with CI/CD pipelines, cloud platforms, and container orchestration tools.
Elastic Logstash Kibana Full Stake (ELK Stack) Training enables organizations to move from reactive issue handling to proactive system monitoring, improving uptime, release quality, and customer trust. Why this matters:
Core Concepts & Key Components
Elasticsearch
Purpose: Distributed search and analytics engine
How it works: Stores data as indexed documents for fast search and aggregation
Where it is used: Log analytics, metrics analysis, security events, business insights
Logstash
Purpose: Data ingestion and transformation
How it works: Uses pipelines to collect, filter, and enrich incoming data
Where it is used: Processing logs from applications, servers, databases, and cloud services
Kibana
Purpose: Visualization and data exploration
How it works: Connects to Elasticsearch to build dashboards and reports
Where it is used: Monitoring system health and analyzing trends
Beats
Purpose: Lightweight data shippers
How it works: Collect logs and metrics and forward them to Logstash or Elasticsearch
Where it is used: Servers, containers, virtual machines, and cloud workloads
Indexing & Mapping
Purpose: Data organization and performance optimization
How it works: Defines field types and indexing behavior
Where it is used: Improving search accuracy and analytics efficiency
Together, these components form a complete observability platform. Why this matters:
How Elastic Logstash Kibana Full Stake (ELK Stack) Training Works (Step-by-Step Workflow)
Applications and infrastructure continuously generate logs and events. These logs are collected by Beats or other agents and sent to Logstash. Logstash processes the data by filtering unnecessary information, enriching records, and standardizing formats.
Once processed, the data is stored in Elasticsearch. Elasticsearch indexes the data across distributed nodes, allowing fast searches and analytics even with large datasets.
Kibana connects to Elasticsearch and displays the data through dashboards, charts, and alerts. DevOps teams use these visualizations to monitor errors, latency, traffic patterns, and overall system health.
This workflow supports continuous monitoring across development, testing, and production environments. Why this matters:
Real-World Use Cases & Scenarios
E-commerce platforms use ELK Stack to monitor transaction failures, payment issues, and traffic spikes during peak usage. Cloud and SRE teams analyze container and Kubernetes logs to maintain service reliability.
Security teams rely on ELK Stack to track authentication logs and detect suspicious activity. QA teams use logs to validate application behavior during testing cycles.
Elastic Logstash Kibana Full Stake (ELK Stack) Training enables collaboration across teams by providing shared, reliable operational data. Why this matters:
Benefits of Using Elastic Logstash Kibana Full Stake (ELK Stack) Training
Productivity: Faster troubleshooting and root-cause analysis Reliability: Improved system stability and uptime Scalability: Efficient handling of large log volumes Collaboration: Shared dashboards and insights across teams Organizations gain operational clarity and confidence. Why this matters:
Challenges, Risks & Common Mistakes
Common challenges include poor index design, excessive log ingestion, and inefficient search queries. Beginners often overlook security configurations or fail to monitor the ELK cluster itself.
These risks can be reduced through structured learning, proper capacity planning, and best practices. This training helps learners avoid costly operational errors. Why this matters:
Comparison Table
AspectTraditional LoggingELK StackLog StorageFlat filesIndexed documentsSearch SpeedSlowNear real-timeVisualizationManualInteractive dashboardsScalabilityLimitedHighAutomationLowHighCloud SupportWeakStrongCI/CD IntegrationMinimalNativeAlertingManualAutomatedCollaborationPoorStrongObservabilityFragmentedCentralized Why this matters:
Best Practices & Expert Recommendations
Use consistent log formats and naming conventions. Filter unnecessary logs early to control storage costs. Secure Elasticsearch clusters with proper access controls and encryption.
Monitor the ELK Stack itself to avoid performance bottlenecks. Align dashboards with both technical and business goals. These practices ensure long-term scalability and reliability. Why this matters:
Who Should Learn or Use Elastic Logstash Kibana Full Stake (ELK Stack) Training?
This training is suitable for developers, DevOps engineers, SREs, cloud engineers, and QA professionals. Beginners gain foundational knowledge, while experienced engineers deepen their observability skills.
Architects and operations leaders also benefit when designing logging and monitoring strategies. Why this matters:
FAQs – People Also Ask
What is Elastic Logstash Kibana Full Stake (ELK Stack) Training?
It teaches centralized logging and observability using ELK Stack. Why this matters:
Why is ELK Stack widely adopted?
It provides scalable, real-time operational insights. Why this matters:
Is ELK suitable for beginners?
Yes, with structured training. Why this matters:
Is ELK relevant for DevOps roles?
Yes, it is a core DevOps tool. Why this matters:
Does ELK support cloud platforms?
Yes, it integrates with major cloud providers. Why this matters:
Can ELK be used with Kubernetes?
Yes, through Beats and native integrations. Why this matters:
Is ELK open source?
Yes, with optional enterprise features. Why this matters:
What skills help in learning ELK?
Basic Linux and system knowledge. Why this matters:
Does ELK replace monitoring tools?
It complements traditional monitoring solutions. Why this matters:
Does this training include real-world use cases?
Yes, it focuses on production scenarios. Why this matters:
Branding & Authority
DevOpsSchool is a globally trusted platform for enterprise-grade DevOps education. Learners are guided by Rajesh Kumar, a mentor with more than 20 years of hands-on experience in DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, and CI/CD automation. This deep industry exposure ensures practical, job-ready learning aligned with real operational challenges. Why this matters:
Call to Action & Contact Information
Explore the complete curriculum and learning outcomes of Elastic Logstash Kibana Full Stake (ELK Stack) Training:

Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article

• 0 comments
• 45 views

reporter

January 3Jan 3

Hadoop Observability And Monitoring Best Practices Guide

Hadoop Observability And Monitoring Best Practices Guide

Introduction: Problem, Context & Outcome
Modern businesses operate in environments where data is produced continuously. Applications, cloud platforms, monitoring tools, customer interactions, and internal systems generate massive volumes of information every day. Traditional data systems struggle to process this scale efficiently, resulting in delayed insights, operational bottlenecks, and rising infrastructure costs. In DevOps-driven and cloud-native organizations, these issues directly impact delivery speed and system reliability. The Master in Big Data Hadoop Course is designed to address this real-world problem by explaining how distributed data platforms work in enterprise environments. It helps professionals understand how large datasets are stored, processed, and analyzed reliably. By the end, readers gain practical clarity on building scalable data systems that support analytics, operational visibility, and long-term business growth.
Why this matters:
What Is Master in Big Data Hadoop Course?
The Master in Big Data Hadoop Course is a structured learning program that focuses on large-scale data processing using the Hadoop ecosystem. It explains how data is collected from multiple sources, stored across distributed systems, and processed in parallel to generate insights. The course avoids abstract theory and instead focuses on practical usage in real production environments. Developers and DevOps engineers learn how Hadoop supports analytics platforms, reporting systems, monitoring pipelines, and data-driven applications. It also explains how Hadoop fits into cloud-based and automated workflows, making the learning relevant to modern engineering teams working with large datasets.
Why this matters:
Why Master in Big Data Hadoop Course Is Important in Modern DevOps & Software Delivery
Data plays a central role in modern software delivery. Logs, metrics, events, and user behavior data are continuously analyzed to improve performance, reliability, and release quality. The Master in Big Data Hadoop Course is important because it enables teams to manage and analyze this data at scale. Hadoop-based systems are commonly used to process data generated by CI/CD pipelines, cloud infrastructure, and distributed applications. This course explains how Hadoop integrates with DevOps practices, Agile workflows, and cloud-native systems. Understanding these integrations helps teams build data-driven platforms that support continuous delivery without compromising stability.
Why this matters:
Core Concepts & Key Components
Hadoop Distributed File System (HDFS)
Purpose: Store extremely large datasets reliably across clusters.
How it works: Data is split into blocks and replicated across multiple nodes for fault tolerance.
Where it is used: Data lakes, log storage, enterprise analytics.
MapReduce Processing Framework
Purpose: Process large datasets in parallel.
How it works: Tasks are divided into map and reduce phases executed across cluster nodes.
Where it is used: Batch analytics and data transformation jobs.
YARN Resource Management
Purpose: Manage and allocate cluster resources efficiently.
How it works: Controls CPU and memory allocation for multiple applications.
Where it is used: Shared Hadoop clusters.
Hive Analytics Engine
Purpose: Enable SQL-style querying on big data.
How it works: Converts queries into distributed processing tasks.
Where it is used: Reporting and business analytics.
HBase NoSQL Storage
Purpose: Support fast read and write access to large datasets.
How it works: Stores structured data on top of HDFS.
Where it is used: Real-time applications.
Data Ingestion Tools
Purpose: Bring data into Hadoop systems reliably.
How it works: Collects data from databases, logs, and streaming platforms.
Where it is used: ETL and data pipelines.
Why this matters:
How Master in Big Data Hadoop Course Works (Step-by-Step Workflow)
The workflow begins by collecting data from applications, databases, cloud services, and monitoring systems. This data is ingested into Hadoop using scalable ingestion mechanisms. Once stored in HDFS, the data is processed using distributed frameworks that clean, transform, and aggregate information. Resource management ensures multiple jobs can run at the same time without affecting system stability. Processed data is then queried for analytics, reporting, or machine learning. In DevOps environments, this workflow supports observability, performance analysis, and capacity planning. The course explains each step clearly so learners understand how real production systems operate end to end.
Why this matters:
Real-World Use Cases & Scenarios
Retail organizations use Hadoop to analyze customer behavior and improve personalization. Financial institutions process transaction data for fraud detection and compliance. DevOps teams analyze logs and metrics to identify issues early. QA teams validate application behavior using large datasets. SRE teams rely on historical data to improve reliability and incident response. Cloud engineers integrate Hadoop workloads with scalable cloud infrastructure. These scenarios show how Hadoop supports both engineering efficiency and business decision-making.
Why this matters:
Benefits of Using Master in Big Data Hadoop Course
Productivity: Faster processing of large-scale data Reliability: Fault-tolerant distributed architecture Scalability: Designed for growing data volumes Collaboration: Shared data platforms across teams Why this matters:
Challenges, Risks & Common Mistakes
Many teams underestimate the operational complexity of Hadoop environments. Common mistakes include poor cluster sizing, inefficient data formats, and insufficient monitoring. Beginners often treat Hadoop as a single tool rather than a full ecosystem. Security and data governance are also frequently overlooked. These issues can lead to performance problems and operational risk. The course highlights these challenges and explains how to avoid them through proper design, automation, and best practices.
Why this matters:
Comparison Table
AspectTraditional Data SystemsHadoop-Based SystemsData VolumeLimitedMassiveScalabilityVerticalHorizontalFault ToleranceLowBuilt-inCost EfficiencyHighCost-effectiveProcessing ModelCentralizedDistributedFlexibilityRigidFlexibleAutomationLimitedStrongCloud IntegrationWeakStrongPerformanceBottlenecksParallelUse CasesSmall datasetsEnterprise analytics Why this matters:
Best Practices & Expert Recommendations
Design Hadoop clusters based on real workload requirements. Automate ingestion and monitoring processes. Apply strong access control and security policies. Use optimized storage formats. Integrate Hadoop workflows with CI/CD pipelines. Continuously review performance and cost usage. These best practices help organizations build scalable, secure, and efficient data platforms aligned with enterprise needs.
Why this matters:
Who Should Learn or Use Master in Big Data Hadoop Course?
This course is ideal for developers building data-driven applications, DevOps engineers managing analytics platforms, cloud engineers designing scalable infrastructure, QA professionals validating data pipelines, and SRE teams improving observability. Beginners gain a strong foundation, while experienced professionals deepen their understanding of data architecture and operations.
Why this matters:
FAQs – People Also Ask
What is Master in Big Data Hadoop Course?
It teaches how to process and manage large datasets using Hadoop.
Why this matters:
Why is Hadoop still relevant today?
It handles massive data reliably and efficiently.
Why this matters:
Is this course suitable for beginners?
Yes, it starts with core concepts.
Why this matters:
How does it help DevOps teams?
It supports scalable analytics and monitoring.
Why this matters:
Does Hadoop work with cloud platforms?
Yes, it integrates with cloud services.
Why this matters:
Is Hadoop used by enterprises?
Yes, across many industries.
Why this matters:
Does this course improve career prospects?
Yes, big data skills are in high demand.
Why this matters:
How does Hadoop compare with newer tools?
It complements modern data technologies.
Why this matters:
Is hands-on learning included?
Yes, real workflows are emphasized.
Why this matters:
Is Hadoop part of data engineering roles?
Yes, it is a core component.
Why this matters:
Branding & Authority
DevOpsSchool is a globally trusted platform offering enterprise-ready training aligned with real industry needs. Mentorship is provided by Rajesh Kumar, who brings over 20 years of hands-on experience across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, and CI/CD automation. The Master in Big Data Hadoop Course reflects this depth of expertise through practical, production-focused learning.
Why this matters:
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article

• 0 comments
• 38 views

reporter

January 3Jan 3

Secure And Optimize AI Applications Using App Tools

Secure And Optimize AI Applications Using App Tools

Introduction: Problem, Context & Outcome
In today’s rapidly evolving technology landscape, organizations are challenged to leverage massive datasets effectively and automate intelligent decision-making. Engineers and developers often struggle to design, implement, and scale AI solutions efficiently, resulting in slow deployments, errors, or missed insights. Traditional programming and analytics approaches are insufficient for complex, real-world AI applications.
The Masters in Artificial Intelligence Course equips professionals with practical skills to implement AI solutions effectively. Participants gain hands-on experience with machine learning, deep learning, natural language processing, computer vision, and AI deployment pipelines. Completing this course empowers learners to optimize operations, improve decision-making, and implement intelligent solutions that deliver measurable business value.
Why this matters: AI expertise allows professionals to tackle complex problems, improve operational efficiency, and drive innovation.
What Is Masters in Artificial Intelligence Course?
The Masters in Artificial Intelligence Course is a comprehensive program designed for developers, data engineers, DevOps professionals, SREs, and QA specialists. It emphasizes practical application of AI models and real-world integration into enterprise systems.
Participants explore supervised and unsupervised learning, neural networks, reinforcement learning, natural language processing, computer vision, and predictive analytics. The course also covers deploying AI solutions, integrating pipelines into cloud platforms like AWS, Azure, and GCP, and scaling AI workflows for enterprise applications. This combination of theory and practice ensures professionals are ready to handle complex AI projects reliably and efficiently.
Why this matters: Practical AI expertise empowers professionals to build intelligent systems that improve efficiency, decision-making, and business outcomes.
Why Masters in Artificial Intelligence Course Is Important in Modern DevOps & Software Delivery
Artificial Intelligence plays a critical role in modern DevOps and software delivery. AI automates repetitive tasks, predicts system failures, and optimizes CI/CD workflows, enabling organizations to improve reliability and accelerate delivery.
Industries such as finance, healthcare, e-commerce, and technology leverage AI to forecast trends, detect anomalies, and enhance customer experience. Professionals trained in AI can design predictive models, automate monitoring, and ensure intelligent workflows scale seamlessly in cloud-native and hybrid environments.
Why this matters: AI expertise enhances software delivery, strengthens operational reliability, and enables data-driven innovation.
Core Concepts & Key Components
Machine Learning
Purpose: Models learn from data to make accurate predictions.
How it works: Algorithms detect patterns and generalize insights from historical data.
Where it is used: Predictive analytics, recommendation engines, fraud detection.
Deep Learning
Purpose: Handles complex tasks using layered neural networks.
How it works: Multi-layered architectures extract features and relationships from large datasets.
Where it is used: Image recognition, speech processing, NLP applications.
Natural Language Processing (NLP)
Purpose: Enables computers to interpret human language.
How it works: Text and speech are analyzed using tokenization, embeddings, and transformers.
Where it is used: Chatbots, virtual assistants, sentiment analysis.
Reinforcement Learning
Purpose: Optimizes decision-making through feedback and rewards.
How it works: Agents learn strategies by interacting with environments and maximizing cumulative rewards.
Where it is used: Robotics, autonomous systems, game AI.
Computer Vision
Purpose: Enables machines to analyze and interpret visual data.
How it works: Uses convolutional neural networks to process images and videos.
Where it is used: Autonomous vehicles, quality inspection, surveillance.
Predictive Analytics
Purpose: Forecasts outcomes using historical trends.
How it works: Statistical and AI models analyze past data to predict future events.
Where it is used: Financial modeling, demand forecasting, maintenance prediction.
AI Model Deployment
Purpose: Deploys AI models for real-world application.
How it works: Models are served through APIs, cloud services, or containerized applications.
Where it is used: Web applications, mobile apps, enterprise solutions.
AI Pipeline Automation
Purpose: Automates the full AI workflow.
How it works: Integrates data ingestion, model training, testing, and deployment in CI/CD pipelines.
Where it is used: Enterprise MLops, automated AI operations.
Cloud AI Integration
Purpose: Provides scalability and resource efficiency for AI systems.
How it works: Uses cloud services for computation, storage, model deployment, and monitoring.
Where it is used: Cloud-native AI applications and large-scale enterprise environments.
Explainable AI (XAI)
Purpose: Improves transparency of AI decision-making.
How it works: Generates interpretable insights from model predictions.
Where it is used: Healthcare, finance, and regulated industries.
Why this matters: Mastery of these components enables professionals to build scalable, reliable, and transparent AI solutions.
How Masters in Artificial Intelligence Course Works (Step-by-Step Workflow)
Data Collection: Gather structured and unstructured datasets relevant to the problem. Data Preprocessing: Clean, normalize, and transform data for modeling. Model Selection: Identify appropriate algorithms based on problem requirements. Model Training: Train and fine-tune models on datasets. Evaluation & Validation: Test performance using metrics like accuracy, precision, and recall. Deployment: Serve models through APIs or cloud infrastructure. Monitoring & Maintenance: Continuously monitor and retrain models for reliability. Why this matters: Structured workflows ensure AI solutions are effective, scalable, and deliver measurable business impact.
Real-World Use Cases & Scenarios
Healthcare: Predict patient outcomes, optimize treatment workflows. Finance: Detect fraud and forecast market trends. E-commerce: Recommendation engines, inventory optimization. Manufacturing: Predictive maintenance, process optimization. Teams involved include developers, DevOps engineers, SREs, QA, data scientists, and cloud architects. Enterprises benefit from efficiency, cost savings, and improved decision-making.
Why this matters: AI applications provide measurable value, improve performance, and reduce operational risk.
Benefits of Using Masters in Artificial Intelligence Course
Productivity: Automates repetitive tasks and accelerates processes. Reliability: Improves predictive accuracy and reduces errors. Scalability: Supports enterprise-level AI deployments. Collaboration: Enables cross-functional integration of data, DevOps, and cloud teams. Why this matters: These benefits increase operational efficiency and business competitiveness.
Challenges, Risks & Common Mistakes
Data Quality Issues: Can lead to inaccurate predictions. Overfitting: Models fail to generalize to new data. Lack of Monitoring: Reduces performance over time. Ignoring Explainability: Reduces trust and regulatory compliance. Why this matters: Awareness of risks ensures AI solutions are reliable, ethical, and effective.
Comparison Table
Feature/AspectTraditional ApproachAI-Driven ApproachDecision MakingManualAutomated, predictiveData ProcessingLimitedScalable, real-timeError DetectionReactivePredictive, proactiveScalabilityLimitedEnterprise-gradeInsights GenerationManual ReportsAutomated analyticsMonitoringManual dashboardsContinuous AI monitoringModel UpdatingInfrequentContinuous retrainingCI/CD IntegrationPartialSeamless integrationDeploymentManualCloud/API-basedPredictive CapabilityNoneAdvanced predictive analytics Why this matters: AI-driven approaches outperform traditional approaches in efficiency, scalability, and predictive capabilities.
Best Practices & Expert Recommendations
Use high-quality and diverse datasets. Apply proper evaluation metrics for model validation. Implement continuous monitoring and retraining pipelines. Deploy AI solutions on scalable cloud infrastructure. Utilize Explainable AI techniques for transparency. Align AI initiatives with business objectives. Why this matters: Following best practices ensures robust, scalable, and enterprise-ready AI solutions.
Who Should Learn or Use Masters in Artificial Intelligence Course?
Developers: Build and integrate AI-driven applications. DevOps Engineers: Incorporate AI into CI/CD and operational workflows. Cloud/SRE Professionals: Ensure reliability and scalability of AI deployments. QA Teams: Validate model outputs and system performance. Suitable for beginners and intermediate professionals seeking enterprise-level AI skills.
Why this matters: Prepares multiple roles to develop, deploy, and manage AI solutions confidently.
FAQs – People Also Ask
Q1: What is Masters in Artificial Intelligence Course?
A hands-on program for developing, deploying, and managing AI solutions in enterprise environments.
Why this matters: Equips learners with practical skills for real-world AI applications.
Q2: Who should take this course?
Developers, DevOps, SREs, QA, and cloud professionals.
Why this matters: Ensures role-specific practical learning.
Q3: Is it suitable for beginners?
Yes, the course provides structured guidance and labs.
Why this matters: Offers a clear path to mastering AI concepts.
Q4: Does it include machine learning and deep learning?
Yes, including supervised, unsupervised, and neural network-based learning.
Why this matters: Builds foundational AI expertise.
Q5: How does it integrate with DevOps?
Covers AI deployment, monitoring, and pipeline automation.
Why this matters: Enhances delivery efficiency and operational reliability.
Q6: Can it be deployed on cloud platforms?
Yes, AWS, Azure, and GCP integration is included.
Why this matters: Ensures enterprise-ready AI deployment.
Q7: Are real-world examples included?
Yes, from healthcare, finance, e-commerce, and manufacturing.
Why this matters: Prepares learners for industry applications.
Q8: Will this course improve career prospects?
Yes, AI skills are in high demand.
Why this matters: Enhances employability and professional growth.
Q9: How long is the course?
Multiple weeks with hands-on modules and projects.
Why this matters: Combines theoretical understanding with practical application.
Q10: Does it cover Explainable AI techniques?
Yes, ensuring transparent, interpretable AI outputs.
Why this matters: Essential for ethical and compliant AI systems.
Branding & Authority
DevOpsSchool is a globally trusted platform for AI, DevOps, and cloud training (DevOpsSchool).
Rajesh Kumar (Rajesh Kumar) mentors the course with 20+ years of hands-on expertise in:
DevOps & DevSecOps Site Reliability Engineering (SRE) DataOps, AIOps & MLOps Kubernetes & Cloud Platforms CI/CD & Automation Why this matters: Learners gain enterprise-ready skills from an industry-recognized expert.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore the course: Masters in Artificial Intelligence Course


View the full article

• 0 comments
• 41 views

reporter

January 3Jan 3

Automate Cloud Application Insights Using AppDynamics Tools

Automate Cloud Application Insights Using AppDynamics Tools

Introduction: Problem, Context & Outcome
In today’s digital world, enterprise applications are highly distributed and performance-critical. Monitoring application health, tracking transactions, and resolving issues in real-time are challenging tasks for engineering teams. Performance bottlenecks, slow response times, and delayed error detection can disrupt CI/CD pipelines and negatively impact user experience. Traditional monitoring solutions often fail to provide complete visibility into cloud-native and microservices architectures.
The Master in AppDynamics course provides hands-on training for developers, DevOps engineers, SREs, and QA professionals to monitor, analyze, and optimize application performance effectively. Participants learn to leverage AppDynamics for real-time monitoring, proactive issue detection, and performance optimization. Completing the course ensures teams can reduce downtime, improve collaboration, and maintain smooth, reliable application delivery.
Why this matters: AppDynamics expertise ensures enterprise-grade applications remain reliable, performant, and scalable.
What Is Master in AppDynamics?
The Master in AppDynamics is a comprehensive, hands-on program that teaches professionals to deploy, configure, and use AppDynamics for application performance monitoring (APM). It is designed for developers, DevOps engineers, SREs, and QA teams looking to enhance their monitoring and optimization skills.
Participants gain practical knowledge in transaction tracking, database monitoring, dashboard creation, and dynamic alerting. The course emphasizes real-world applications, including monitoring microservices, cloud integration, and Kubernetes-based deployments. This approach ensures learners are fully equipped to manage complex, enterprise-grade applications efficiently.
Why this matters: Practical expertise in AppDynamics allows teams to proactively manage application performance, reduce downtime, and deliver reliable user experiences.
Why Master in AppDynamics Is Important in Modern DevOps & Software Delivery
Application Performance Monitoring is a cornerstone of modern DevOps practices. AppDynamics offers end-to-end visibility into application behavior, enabling engineers to detect bottlenecks, monitor critical transactions, and maintain uptime.
Organizations across healthcare, finance, and e-commerce rely on AppDynamics to prevent performance issues, optimize CI/CD pipelines, and maintain consistent service levels. Engineers trained in AppDynamics can proactively tune system performance, ensure smooth deployment, and maintain a high-quality user experience for cloud-native and microservices applications.
Why this matters: AppDynamics proficiency improves DevOps efficiency, ensures application reliability, and supports seamless software delivery.
Core Concepts & Key Components
Application Performance Monitoring
Purpose: Measures application health and identifies performance issues.
How it works: Collects metrics and provides actionable insights in real-time.
Where it is used: Cloud-native applications, enterprise systems, and distributed services.
Business Transaction Monitoring
Purpose: Tracks end-to-end transactions and their impact on user experience.
How it works: Captures transaction flows and highlights bottlenecks.
Where it is used: E-commerce, banking, SaaS platforms, and transaction-heavy applications.
Real-Time Dashboards
Purpose: Visualizes key performance metrics instantly.
How it works: Displays data like latency, throughput, and error rates interactively.
Where it is used: DevOps teams and monitoring operations centers.
End-User Monitoring
Purpose: Monitors real-user interactions and frontend performance.
How it works: Tracks browser sessions, API requests, and mobile app interactions.
Where it is used: Web and mobile applications to ensure optimal experience.
Dynamic Baselines & Alerts
Purpose: Detects abnormal performance automatically.
How it works: Uses AI-driven baselines to trigger alerts when deviations occur.
Where it is used: Large-scale production environments requiring proactive monitoring.
Application Mapping & Topology
Purpose: Provides a visual map of service dependencies.
How it works: Maps services, databases, and external integrations dynamically.
Where it is used: Microservices architectures and hybrid cloud environments.
Database Monitoring
Purpose: Tracks queries, execution times, and performance metrics.
How it works: Monitors database health to detect slow or inefficient queries.
Where it is used: SQL and NoSQL databases supporting enterprise applications.
Cloud & Container Monitoring
Purpose: Monitors application performance in cloud and containerized environments.
How it works: Integrates with AWS, Azure, GCP, and Kubernetes for metrics collection.
Where it is used: Cloud-native applications and containerized deployments.
Why this matters: Mastering these components ensures teams can maintain high-performing, reliable, and observable applications.
How Master in AppDynamics Works (Step-by-Step Workflow)
Instrumentation: Install AppDynamics agents on applications. Transaction Mapping: Track business-critical transactions end-to-end. Dashboard Monitoring: Visualize performance metrics in real-time. Alert Configuration: Set dynamic thresholds for anomaly detection. Root Cause Analysis: Identify performance bottlenecks, errors, and slow components. Optimization: Tune code, services, and databases. Reporting & Analytics: Generate actionable insights for technical and business teams. Why this matters: Following this workflow ensures proactive performance monitoring and reliable application delivery.
Real-World Use Cases & Scenarios
E-commerce Platforms: Monitor checkout processes and optimize the customer experience. Banking Applications: Track critical financial transactions and maintain compliance. Healthcare Systems: Ensure reliability and security of patient data. Cloud-Native Services: Gain visibility into microservices and containerized applications. Teams include developers, DevOps engineers, SREs, QA specialists, and cloud architects. Enterprises benefit from faster issue resolution, improved performance, and higher customer satisfaction.
Why this matters: AppDynamics ensures operational efficiency and reliable application performance in real-world scenarios.
Benefits of Using Master in AppDynamics
Productivity: Reduces troubleshooting time and operational complexity. Reliability: Improves uptime via proactive monitoring. Scalability: Supports distributed and cloud-native applications. Collaboration: Enhances communication between DevOps, QA, and SRE teams. Why this matters: These benefits accelerate software delivery, optimize performance, and reduce operational risk.
Challenges, Risks & Common Mistakes
Agent Misconfiguration: May result in incomplete monitoring. Ignoring Dynamic Baselines: Delays anomaly detection. Missing Dependency Mapping: Causes inaccurate performance analysis. Alert Fatigue: Excess notifications reduce actionable insights. Why this matters: Awareness of risks ensures accurate monitoring and effective performance management.
Comparison Table
Feature/AspectTraditional MonitoringAppDynamics ImplementationPerformance MetricsManualReal-time, automatedTransaction VisibilityLimitedEnd-to-end trackingAlertsStaticDynamic, AI-drivenDashboardsBasicInteractive, real-timeRoot Cause AnalysisManualAutomated insightsDatabase MonitoringMinimalComprehensiveCloud MonitoringPartialIntegratedContainer MonitoringRareKubernetes-nativeScalabilityLimitedEnterprise-gradeCI/CD IntegrationPartialSeamless Why this matters: Demonstrates how AppDynamics outperforms traditional monitoring in reliability, visibility, and proactive performance management.
Best Practices & Expert Recommendations
Deploy agents consistently across all environments. Use dynamic baselines for early anomaly detection. Map critical business transactions thoroughly. Monitor databases, cloud resources, and containers proactively. Review dashboards regularly for trends and insights. Document all configurations and metrics. Why this matters: Following best practices ensures secure, scalable, and effective application performance monitoring.
Who Should Learn or Use Master in AppDynamics?
Developers: Optimize code and monitor performance. DevOps Engineers: Improve CI/CD reliability. SRE/Cloud Professionals: Ensure uptime and system health. QA Teams: Detect regressions and validate performance. Suitable for beginners with basic monitoring knowledge and professionals seeking enterprise-grade AppDynamics expertise.
Why this matters: Equips multiple roles to monitor, analyze, and optimize applications effectively.
FAQs – People Also Ask
Q1: What is Master in AppDynamics?
Hands-on course to monitor, analyze, and optimize applications using AppDynamics.
Why this matters: Prepares engineers to manage distributed applications effectively.
Q2: Who should take this course?
Developers, DevOps engineers, SREs, Cloud, and QA professionals.
Why this matters: Ensures practical, role-specific skills.
Q3: Is AppDynamics suitable for beginners?
Yes, with guided exercises and labs.
Why this matters: Provides a structured path for new professionals.
Q4: How does AppDynamics support CI/CD?
Monitors transactions and performance in real time.
Why this matters: Enables faster, reliable deployments.
Q5: Does it include security monitoring?
Yes, tracks sensitive interactions.
Why this matters: Protects enterprise applications.
Q6: Can it be used in cloud environments?
Yes, integrates with AWS, Azure, GCP, and Kubernetes.
Why this matters: Provides consistent monitoring in hybrid deployments.
Q7: How long is the course?
Hands-on sessions over multiple days.
Why this matters: Combines theory and practice.
Q8: Are real-world examples included?
Yes, e-commerce, banking, healthcare, cloud-native apps.
Why this matters: Prepares learners for enterprise scenarios.
Q9: How does it compare to other APM tools?
Provides end-to-end visibility, AI-driven insights, and automated monitoring.
Why this matters: Helps teams select the right APM solution.
Q10: Will this course improve career prospects?
Yes, essential for DevOps, SRE, and cloud professionals.
Why this matters: Enhances employability and credibility.
Branding & Authority
DevOpsSchool is a globally recognized platform for DevOps, Cloud, and SRE training (DevOpsSchool).
Rajesh Kumar (Rajesh Kumar) is the mentor, with 20+ years of hands-on experience in:
DevOps & DevSecOps Site Reliability Engineering (SRE) DataOps, AIOps & MLOps Kubernetes & Cloud Platforms CI/CD & Automation Why this matters: Learners gain enterprise-ready expertise from an industry-recognized mentor.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore the course: Master in AppDynamics
Hashtags

View the full article

• 0 comments
• 39 views

reporter

January 3Jan 3

Observability And Monitoring Best Practices For Microservices

Observability And Monitoring Best Practices For Microservices

Introduction: Problem, Context & Outcome
The shift to microservices has dramatically improved application flexibility and deployment speed. However, distributed architectures create challenges in service-to-service communication, observability, and reliability. Engineers often face traffic congestion, latency issues, and difficult debugging scenarios that can delay releases and disrupt user experiences. Without a robust service mesh, managing these issues becomes complicated and error-prone, affecting CI/CD efficiency.
The Linkerd Training and Certification Course provides practical guidance for deploying, configuring, and managing Linkerd—a lightweight service mesh. Through hands-on exercises, participants learn to monitor services, manage traffic flows, and implement security policies. This equips teams to improve uptime, streamline deployments, and strengthen collaboration among DevOps, SRE, and development teams.
Why this matters: Mastery of Linkerd ensures consistent service performance, reduces operational risks, and supports scalable enterprise-grade microservices systems.
What Is Linkerd Training and Certification Course?
The Linkerd Training and Certification Course is a hands-on, practice-oriented program tailored for developers, DevOps engineers, SREs, and QA professionals. It focuses on implementing Linkerd in Kubernetes and cloud-native environments, with emphasis on real-world applications rather than theoretical lessons.
Learners explore traffic routing, service discovery, observability, fault tolerance, and security enforcement. The course includes labs for policy configuration, troubleshooting, and monitoring distributed systems. Integration with Kubernetes ensures participants gain the skills necessary to deploy secure, reliable, and observable microservices at scale.
Why this matters: Practical Linkerd expertise enables teams to minimize downtime, optimize traffic management, and maintain production-grade observability.
Why Linkerd Training and Certification Course Is Important in Modern DevOps & Software Delivery
Modern DevOps relies on microservices for faster, more modular software delivery. Service meshes like Linkerd solve critical challenges such as traffic management, monitoring, and secure communication. Linkerd provides automated retries, load balancing, and encrypted service-to-service communication, improving reliability across distributed systems.
Industries such as finance, e-commerce, and healthcare use Linkerd to maintain uptime, monitor critical services, and ensure secure inter-service communication. Engineers trained in Linkerd can implement safer deployments, streamline CI/CD workflows, and manage services effectively even in multi-cloud environments.
Why this matters: Understanding Linkerd enables teams to deliver secure, resilient, and scalable enterprise applications efficiently.
Core Concepts & Key Components
Service Proxy
Purpose: Handles communication between services while managing retries, load balancing, and metrics collection.
How it works: Deployed as a sidecar container alongside services to intercept requests and gather telemetry.
Where it is used: Kubernetes clusters and cloud-native microservices.
Control Plane
Purpose: Centralizes proxy management, configuration, and observability.
How it works: Distributes policies, monitors performance, and provides dashboards.
Where it is used: Enterprise environments requiring centralized service control.
Traffic Splitting & Routing
Purpose: Facilitates canary releases, blue/green deployments, and gradual rollouts.
How it works: Traffic is routed according to policies enforced by proxies.
Where it is used: Production deployments and CI/CD pipelines.
Observability & Metrics
Purpose: Tracks service health, latency, and error rates.
How it works: Proxies collect telemetry, visualized in Prometheus and Grafana.
Where it is used: Performance monitoring and incident management.
Security & Mutual TLS
Purpose: Encrypts service communication and validates identity.
How it works: Linkerd automatically manages TLS certificates and rotation.
Where it is used: Applications handling sensitive data and multi-tenant deployments.
Policy Management
Purpose: Controls retries, traffic behaviors, and access permissions.
How it works: Policies enforced through the control plane ensure consistent behavior.
Where it is used: Regulated enterprise environments requiring secure traffic management.
Service Discovery
Purpose: Automatically detects active services.
How it works: Proxies query Kubernetes APIs for endpoints.
Where it is used: Highly dynamic microservices environments.
Fault Injection & Resilience Testing
Purpose: Tests system resilience by simulating failures.
How it works: Errors or delays are injected to observe service responses.
Where it is used: Pre-production testing and chaos engineering.
Why this matters: Mastering these concepts equips engineers to build secure, reliable, and observable microservices systems.
How Linkerd Training and Certification Course Works (Step-by-Step Workflow)
Cluster Setup: Deploy Kubernetes clusters for services. Linkerd Installation: Install control plane and proxies. Service Integration: Add Linkerd to services to intercept and monitor traffic. Traffic Configuration: Define routing, retries, and failover policies. Monitoring: Visualize performance metrics in Prometheus and Grafana dashboards. Security Setup: Enable mutual TLS for encrypted service communication. Testing: Conduct canary deployments and fault injection exercises. Why this matters: Following a structured workflow ensures reliable and observable microservices deployments.
Real-World Use Cases & Scenarios
E-commerce: Manages traffic surges during peak events. Finance: Secures transactions between services. Healthcare: Monitors sensitive patient data across services. Multi-Cloud Deployments: Maintains consistent routing and discovery across hybrid environments. Why this matters: Linkerd enhances operational reliability, security, and team coordination in enterprise scenarios.
Benefits of Using Linkerd Training and Certification Course
Productivity: Reduces operational overhead. Reliability: Ensures uptime via retries and load balancing. Scalability: Supports large-scale deployments. Collaboration: Enhances teamwork among DevOps, QA, and SRE teams. Why this matters: Benefits lead to faster delivery, higher reliability, and improved operational efficiency.
Challenges, Risks & Common Mistakes
Incorrect Proxy Deployment: Can disrupt traffic. Misconfigured Routing Policies: May cause failed deployments. Ignoring Metrics: Delays issue detection. Weak Security Setup: TLS misconfigurations can expose services. Why this matters: Awareness of risks ensures secure, stable, and reliable microservices operations.
Comparison Table
Feature/AspectTraditional DeploymentLinkerd ImplementationTraffic RoutingManualAutomated, policy-drivenLoad BalancingLimitedBuilt-in, dynamicSecurityManual TLSAutomatic mTLSObservabilityFragmentedCentralized, metrics-drivenService DiscoveryManualAutomatic, Kubernetes-basedFault ToleranceAd-hocBuilt-in retries & failoverDeployment TestingManualCanary & blue/green supportedScalingComplexDynamic & automatedCI/CD IntegrationPartialSeamless integrationMulti-Cloud SupportLimitedConsistent across clusters Why this matters: Illustrates how Linkerd provides efficiency, reliability, and security improvements over traditional approaches.
Best Practices & Expert Recommendations
Deploy proxies consistently. Monitor with Prometheus and Grafana. Implement canary or blue/green deployments. Enable mutual TLS. Conduct fault injection. Document configurations and policies. Why this matters: Following best practices ensures maintainable, secure, and scalable microservices.
Who Should Learn or Use Linkerd Training and Certification Course?
Developers: Improve communication and observability. DevOps Engineers: Enhance CI/CD and deployment reliability. SRE/Cloud Professionals: Monitor uptime and service health. QA Teams: Test performance and resilience. Why this matters: Equips multiple roles to manage microservices confidently.
FAQs – People Also Ask
Q1: What is Linkerd Training and Certification Course?
Hands-on program teaching deployment, configuration, and management of Linkerd.
Why this matters: Prepares engineers to manage distributed microservices efficiently.
Q2: Who should take this course?
Developers, DevOps engineers, SREs, Cloud professionals, and QA teams.
Why this matters: Ensures practical, role-specific skills.
Q3: Is Linkerd suitable for beginners?
Yes, with basic Kubernetes knowledge and guided labs.
Why this matters: Allows smooth onboarding for new learners.
Q4: How does Linkerd improve CI/CD workflows?
Provides traffic routing, retries, and observability.
Why this matters: Reduces errors and accelerates deployments.
Q5: Does it cover security?
Yes, includes mutual TLS setup.
Why this matters: Protects sensitive enterprise applications.
Q6: Can it be used in multi-cloud environments?
Yes, works across hybrid and multi-cloud clusters.
Why this matters: Ensures consistent operations across environments.
Q7: How long is the course?
Hands-on sessions over multiple days with labs.
Why this matters: Combines practical and theoretical learning.
Q8: Are real-world examples included?
Yes, covering finance, e-commerce, and healthcare.
Why this matters: Prepares learners for enterprise scenarios.
Q9: How does it compare with Istio?
Linkerd is lighter, simpler, and optimized for reliability.
Why this matters: Helps choose the appropriate service mesh.
Q10: Will this course help career growth?
Yes, enhances skills for DevOps, SRE, and cloud roles.
Why this matters: Improves employability and credibility.
Branding & Authority
DevOpsSchool is a globally recognized platform for DevOps, cloud, and SRE training (DevOpsSchool).
Rajesh Kumar (Rajesh Kumar) is the mentor, with 20+ years of hands-on expertise in:
DevOps & DevSecOps Site Reliability Engineering (SRE) DataOps, AIOps & MLOps Kubernetes & Cloud Platforms CI/CD & Automation Why this matters: Learners gain enterprise-ready skills under an industry-experienced mentor.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore the course: Linkerd Training and Certification Course


View the full article

• 0 comments
• 44 views

reporter

January 3Jan 3

Prometheus Tutorial – From Basics to Practical Setup

Prometheus Tutorial – From Basics to Practical Setup

1️⃣ What is Prometheus?
Prometheus is an open-source monitoring and alerting system designed primarily for cloud-native and Kubernetes environments, but it works equally well with VMs, bare-metal servers, and applications.
Key Characteristics
✅ Monitoring Tool ✅ Database ✅ Time-Series Database (TSDB) ✅ Cloud-native & Kubernetes core component ✅ Written in Go ✅ Runs on any OS ✅ Pull-based architecture ✅ Highly scalable & reliable 2️⃣ Prometheus as a Time-Series Database
Prometheus stores data as time-series, meaning every data point is associated with a timestamp.
Time-Series Format
(timestamp, metric_name, value, labels) Example
Timestamp (epoch)MetricValueLabels1700000000cpu_usage32name=”cpuserver1″ ➡️ Each metric can have multiple labels, making Prometheus extremely powerful for filtering and aggregation.
3️⃣ Why Prometheus is Popular
Designed for modern microservices Excellent label-based querying Strong Kubernetes integration Simple architecture (no external DB needed) Large exporter ecosystem 4️⃣ Architecture & Core Components of Prometheus
🔹 1. Prometheus Server
This is the heart of the system.
It includes:
Time-Series Database (TSDB) PromQL Engine – query language Alerting Rules Engine Web UI (Expression Browser) Pull Mechanism (scrapes metrics) 🔹 2. Exporters
Exporters expose metrics in a Prometheus-friendly format.
Examples:
Node Exporter – Linux OS metrics Blackbox Exporter – HTTP, ICMP, TCP checks MySQL Exporter Nginx Exporter 📌 Exporters run on targets, not on Prometheus itself.
📘 Official exporter list:
https://prometheus.io/docs/instrumenting/exporters/
🔹 3. Client Libraries
Used when applications expose their own metrics.
Supported languages:
Go Java Python Node.js .NET 🔹 4. Alertmanager
Handles alerts sent by Prometheus.
Functions:
Deduplication Grouping Routing Notifications (Email, Slack, PagerDuty, etc.) 5️⃣ How Prometheus Works (Pull vs Push)
Pull-Based Model (Default)
Prometheus pulls metrics from targets Targets expose /metrics Prometheus decides: When to scrape How often Which targets ✅ Better control
✅ Easier debugging
✅ Secure & scalable
6️⃣ Getting Started – Hands-On Setup
✅ Step 1: Install & Start Prometheus Server (DONE)
Download:
https://prometheus.io/download/
Reference Guide:
https://www.devopsschool.com/blog/install-and-configure-prometheus-server-and-node-exporter-in-rhel/
Access Prometheus UI:
http://43.205.98.212:9090 ✅ Step 2: Setup Node Exporter on Linux Servers (DONE)
Node Exporter exposes system metrics like:
CPU Memory Disk Network Load Example metrics endpoint:
http://43.205.98.212:9100/metrics ✅ Step 3: Configure Scraping for Linux Servers
Targets:
http://43.205.98.212:9100 http://43.205.98.213:9100 http://43.205.98.214:9100 🔧 Add Linux Job in prometheus.yml
scrape_configs: - job_name: "linux-nodes" static_configs: - targets: - "43.205.98.212:9100" - "43.205.98.213:9100" - "43.205.98.214:9100" labels: env: "production" role: "linux-server" Reload Prometheus:
kill -HUP <prometheus_pid> or restart service.
✅ Step 4: Visualize Metrics Using Expression Browser
Open:
http://43.205.98.212:9090 Example PromQL Queries
CPU Usage
rate(node_cpu_seconds_total{mode!="idle"}[5m]) Memory Usage
node_memory_MemAvailable_bytes Disk Usage
node_filesystem_avail_bytes 📘 PromQL Examples:
https://www.devopsschool.com/blog/prometheus-promql-example-query/ https://www.devopsschool.com/blog/prometheus-promql-example-query-node-exporter/ 7️⃣ Summary – Prometheus at a Glance
FeatureDescriptionStorageBuilt-in Time-Series DBData ModelMetric + LabelsCollectionPull-basedQuery LanguagePromQLVisualizationBuilt-in UI + GrafanaAlertsPrometheus + AlertmanagerCloud NativeKubernetes native 8️⃣ What to Learn Next 🚀
PromQL (Advanced queries) Alert Rules & Alertmanager Grafana Dashboards Prometheus in Kubernetes Federation & Remote Storage
View the full article

• 0 comments
• 45 views

reporter

January 3Jan 3

Apple's 2026 Low-Cost A18 MacBook Pro: What We Know So Far

Apple's 2026 Low-Cost A18 MacBook Pro: What We Know So Far

Apple is planning to release a low-cost MacBook in 2026, which will apparently compete with more affordable Chromebooks and Windows PCs. Apple's most affordable Mac right now is the $999 MacBook Air, and the upcoming low-cost MacBook is expected to be cheaper. Here's what we know about the low-cost MacBook so far.


Size

Rumors suggest the low-cost MacBook will have a display that's around 13 inches in size. The ‌MacBook Air‌ has a 13.6-inch display, so the more affordable MacBook will likely be slightly smaller. It's sounding like it won't be too far off from the 13-inch ‌MacBook Air‌, though.

There are no details on how thick it might be, but Apple probably won't prioritize a thin design for a machine optimized for a low price, even though some people are hoping that it will also be ultra thin. Ultra thin usually means more engineering work and higher-cost components for the display and other parts, but it can also sometimes be achieved by removing features. A thinner enclosure isn't entirely out of the question if Apple cuts features to reduce costs, but at the same time, reducing size leads to lower battery life, and Apple probably wants to have decent battery to compete with or outmatch cheap Windows laptops.

Since the ‌MacBook Air‌ can run fine with an M-series chip and no fan in an enclosure that's 0.44 inches thick, there's no real reason for the MacBook to be any thicker than that, unless Apple wants to add a bigger battery.

Design and Display

The low-cost MacBook will have a standard LCD display with no mini-LED technology or ProMotion refresh rate. It won't be able to compete with higher-end laptops in terms of brightness or HDR support. It's probably best to think of it like the low-cost iPad, which offer excellent performance but uses much older display technology.

Apple could make the low-cost MacBook in bright colors like the iMac to appeal to children and to clearly position it as a lower-cost device. There are no rumors of this, but it would also make some sense for Apple to return to the plastic casing of some of its original MacBook models.

Rumors suggest the low-cost MacBook Pro could come in colors like silver, blue, pink, and yellow.

A-Series Chip

Apple is planning to use its A18 Pro chip in the MacBook, which is a chip that was first used in the iPhone 16 Pro. The A18 Pro is built on Apple's second-generation 3-nanometer process, featuring 8GB RAM and support for Apple Intelligence.

It's fast and efficient, and more than capable of handling day-to-day tasks. In Geekbench 6 benchmarks, the A18 Pro offers single-core CPU performance scores at the level of the M3 Ultra, and multi-core performance scores higher than the M1 chip that Apple used in the first Apple silicon ‌MacBook Air‌. Metal scores that measure GPU performance are also similar to the ‌M1‌ chip Metal scores.

The A18 Pro will be equivalent to the ‌M1‌ for some tasks, and faster for other tasks. Apple no longer sells the ‌M1‌ ‌MacBook Air‌ from its own store, but it has offered the machine through Walmart at a $599 price point.

Capabilities

With the A18 Pro chip, the low-cost MacBook would be able to do anything that can be done on an ‌iPhone 16‌ Pro. It would be a suitable replacement for the low-cost ‌iPad‌ paired with a keyboard, and it would also support ‌Apple Intelligence‌ features.

As of now, an ‌iPad‌ is essentially the only option for a low-cost portable device that can serve as a computer, but the low-cost MacBook will add a solution that runs macOS instead of iPadOS.

Tasks like browsing the web, watching videos, creating documents, editing photos, and even light video editing would be no problem. A low-cost MacBook with A18 Pro chip could play all of Apple's ‌iPad‌ and iPhone games, including Apple Arcade titles, but it would not work well with high-end system intensive games.

It would also likely run apps like Final Cut Pro, but speeds for things like exporting video would not be as quick as with a more powerful Mac.

Apple probably won't go all out on ports, and the MacBook is likely to get just a single USB-C port, though two like the ‌MacBook Air‌ is also possible.

The A18 Pro chip is efficient, and there's a lot of space inside a 13-inch enclosure for a battery, so we could be looking at MacBook Air-level battery life or better. The ‌MacBook Air‌'s battery lasts for up to 18 hours when watching videos, or 15 hours when browsing the web.

Price

There are no specific details on price as of yet, but Bloomberg claims it will cost "well under $1,000." The ‌MacBook Air‌ is priced starting at $999, so the MacBook will need to be priced lower than that.

Apple has a 13-inch iPad Air that has a display in the same range rumored for the low-cost MacBook, and it's priced at $799. The ‌iPad Air‌ has a higher-end M-series processor though, so the low-cost MacBook could be priced below the ‌iPad Air‌.

The closest ‌iPad‌ approximation for the chip is the iPad mini, which has an A17 Pro and is priced at $499. A price somewhere between $499 and $799 could make sense looking at Apple's existing product lineup.

Launch Timing

Apple is expected to launch the low-cost MacBook in the first half of 2026. Updates are planned for the ‌MacBook Air‌ in early 2026, and the low-cost model could launch sometime in that same timeframe.

If you're thinking about picking up a computer for lightweight tasks like document editing, web browsing, watching videos, and doing homework, you might want to wait to see what Apple has in store before buying a ‌MacBook Air‌, an ‌iPad‌, or a more affordable Windows machine or Chromebook.

Read More

For more information on Apple's cheap MacBook, we have a dedicated guide.
This article, "Apple's 2026 Low-Cost A18 MacBook Pro: What We Know So Far" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 43 views

reporter

January 3Jan 3

Pebble Round 2 Brings Back Classic Smartwatch, Pre-Orders Now Open

Pebble Round 2 Brings Back Classic Smartwatch, Pre-Orders Now Open

Pebble today announced that it is bringing back the Pebble Time Round, one of its most iconic smartwatches from a decade ago. The new Pebble Round 2 builds on the Pebble Time Round, eliminating some of the compromises that had to be made with the original model.


The Pebble Round 2 features a bezel-free 1.3-inch color e-paper display, and it comes in matte black, brushed silver, and rose gold. Advances in Bluetooth technology mean that it lasts for up to two weeks before needing to be recharged, and it remains as thin as the original.


The device runs the open-source PebbleOS operating system, and it is designed to work with iOS and Android smartphones. It supports basic sleep tracking and activity tracking, but it is not a fitness watch, so there is no heart rate tracking.

Pebble creator Eric Migicovsky brought back the Pebble brand earlier this year after Google released the source code for PebbleOS. After going bankrupt in 2016, Pebble was sold to Fitbit, and then Fitbit was bought by Google.

Migicovsky has been vocal about how Apple's restrictions for third-party smartwatches limit how the Pebble works with an iPhone. He has complained that Apple makes it "nearly impossible" for third-party wearable developers to create an experience that mirrors the Apple Watch experience.

The Pebble Round 2 can be pre-ordered from the rePebble website for $199, and it is set to ship out to customers in May.Tag: Pebble
This article, "Pebble Round 2 Brings Back Classic Smartwatch, Pre-Orders Now Open" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 2Jan 2

Duolingo Used iPhone's Dynamic Island to Display Ads, Violating Apple Design Guidelines

Duolingo Used iPhone's Dynamic Island to Display Ads, Violating Apple Design Guidelines

Language learning app Duolingo has apparently been using the iPhone's Live Activity feature to display ads on the Lock Screen and the Dynamic Island, which violates Apple's design guidelines.


According to multiple reports on Reddit, the Duolingo app has been displaying an ad for a "Super offer," which is Duolingo's paid subscription option.

Apple's guidelines for Live Activity state that the feature cannot be used to display ads or promotions. From Apple's developer website:

Apps that violate Apple's interface guidelines can be pulled from the App Store.

We were not able to replicate the Live Activity ad, so it's possible that Duolingo stopped displaying it after user complaints.
This article, "Duolingo Used iPhone's Dynamic Island to Display Ads, Violating Apple Design Guidelines" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 2Jan 2

CES 2026: Birdfy Debuts Hummingbird and 360-Degree Vista Feeders

CES 2026: Birdfy Debuts Hummingbird and 360-Degree Vista Feeders

Birdfy today debuted two new products, the Birdfy Feeder Vista and the Birdfy Hum Bloom, which join the company's line of camera-equipped accessories designed for bird watching.


The Birdfy Feeder Vista is a 360-degree smart bird feeder that features two cameras able to capture 14-megapixel panoramic images and record 6K HD video. The Vista is a pole-based camera option that offers a bottom-up feeding system. There's an air pump that feeds seed into a sealed lower container to the feeding tray, so there is no seed hopper that blocks the view of the camera.


Users are able to switch between the 360-degree perspective and a more traditional wide-angle view. As with other Birdfy feeders, the AI will identify birds that visit, but the Vista includes 120-fps slow-motion video for bird landings and flights. The camera is triggered via weight sensors instead of motion, so bird visits aren't missed. The Vista uses an LLM-powered AI that uses contextual understanding and biological reasoning to identify birds with greater accuracy.

Birdfy says that the included air pump feeding system is able to control feed speed and portion size to cut down on waste and encourage healthier feeding habits. Seed is stored in an antibacterial seed container to minimize contamination and to cut down on refill frequency. The feeder is made from a high-strength nylon that is reinforced with glass fiber, and there is a snap-on modular system for adding accessories to attract more kinds of birds.

Along with the Vista, Birdfy is debuting the Birdfy Hum Bloom, a feeder designed for hummingbirds. The feeder is able to capture 8-megapixel images or 120 fps slow-motion videos, and like the Vista, the Hum Bloom is designed not to obstruct the camera's view.


A flower-shaped nectar bulb delivers nectar in a shape that's familiar to birds, with no visible feeding tray in images. Included sensors can track nectar level, sending an alert when a refill is needed. There's an included ant moat, and a solar panel for continuous power.

Birdfy says that the feeder uses an AI model that's trained specifically on hummingbirds, a feature that sets it apart from other camera-equipped hummingbird feeders.

More information about the feeders will be coming later this year. Tag: CES 2026
This article, "CES 2026: Birdfy Debuts Hummingbird and 360-Degree Vista Feeders" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

January 2Jan 2

Best Apple Deals of the Week: Start 2026 Off Right With a New Apple Watch Series 11 at Lowest-Ever Price

Best Apple Deals of the Week: Start 2026 Off Right With a New Apple Watch Series 11 at Lowest-Ever Price

It's 2026, and we're kicking off the New Year with all of the best Apple-related discounts you can find online this week. Many of these are matching the low prices we saw over the holidays, including AirTags, Apple Pencil Pro, and Apple Watch Series 11.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple Watch


What's the deal? Take up to $100 off Apple Watch SE 3 and Series 11
Where can I get it? Amazon
Where can I find the original deal? Right here
$100 OFFApple Watch Series 11 (42mm GPS) for $299.00
$100 OFFApple Watch Series 11 (46mm GPS) for $329.00

The New Year is a great time to invest in an Apple Watch and all of its activity tracking features, and this week Amazon has record low prices on multiple Apple Watch Series 11 models.

AirTag


What's the deal? Take up to $34 off AirTag
Where can I get it? Amazon
Where can I find the original deal? Right here
$10 OFFAirTag 1-Pack for $19.00
$34 OFFAirTag 4-Pack for $64.98

Apple's AirTag 4-Pack returned to the low price of $64.98 this week on Amazon, down from the original price of $99.00. If you're shopping for a single AirTag, Amazon has the AirTag 1-Pack for $19.00, down from $29.00.

Jackery and Anker


What's the deal? Take up to 65 percent off Jackery and Anker accessories
Where can I get it? Jackery and Anker
Where can I find the original deal? Right here
UP TO $3,600 OFFJackery New Year's Sale
UP TO 65% OFFAnker SOLIX New Year's Sale

Anyone shopping for portable power stations can find up to 65 percent off Anker and Jackery's best accessories this week. Each retailer is hosting a New Year's sale for its most popular charging accessories, with major savings on these high-priced power stations that match Black Friday prices in many cases.

Apple Pencil Pro


What's the deal? Take $34 off Apple Pencil Pro
Where can I get it? Amazon
$34 OFFApple Pencil Pro for $94.97

Apple Pencil Pro is still available for its all-time low holiday price of $94.97 this week on Amazon, down from $129.00. This has been one of the more consistent deals of the holiday season, and we aren't sure how long it will stick around into the new year.

Samsung


What's the deal? Save sitewide on Samsung TVs, monitors, and more
Where can I get it? Samsung
Where can I find the original deal? Right here
$1,200 OFF75-Inch The Frame Pro for $1,999.99

Samsung is holding a New Year's sale this week, introducing great deals on monitors, storage accessories, TVs, Galaxy smartphones, and home appliances. Many of these deals are the exact same all-time low prices we tracked during Black Friday and Cyber Monday.

TVs
55-inch QLED QEF1 Smart TV - $359.99, down from $599.99
55-inch QLED Q7F Smart TV - $399.99, down from $529.99
55-inch QLED Q8F Smart TV - $699.99, down from $749.99
55-inch OLED S95F Smart TV - $1,999.99, down from $2,299.99
75-inch The Frame Pro - $1,999.99, down from $3,199.99
85-inch Neo QLED QN90F Smart TV - $2,999.99, down from $4,499.99
Monitors
27-inch Odyssey OLED G6 Gaming Monitor - $649.99, down from $899.99
49-inch Odyssey G9 Gaming Monitor - $777.99, down from $1,299.99
55-inch Odyssey Ark 2nd Gen - $1,299.99, down from $2,699.99
57-inch Odyssey Neo G9 Curved Gaming Monitor - $1,499.99, down from $2,299.99

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Apple Deals of the Week: Start 2026 Off Right With a New Apple Watch Series 11 at Lowest-Ever Price" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 58 views

reporter

January 2Jan 2

Low-Price 12.9-Inch MacBook With A18 Pro Chip Reportedly Launching Early This Year

Low-Price 12.9-Inch MacBook With A18 Pro Chip Reportedly Launching Early This Year

Apple plans to introduce a 12.9-inch MacBook in spring 2026, according to TrendForce.


In a press release this week, the Taiwanese research firm said this MacBook will be aimed at the entry-level to mid-range market, with "competitive pricing."

TrendForce did not share any further details about this MacBook, but the information that it shared lines up with several rumors about a more affordable MacBook, which is expected to be equipped with a version of the iPhone 16 Pro's A18 Pro chip. Apple is expected to release the laptop by March or April of this year.

In the U.S., the entry-level MacBook is expected to have a starting price between $599 and $899, with $699 or $799 being most likely. It would slot in below the MacBook Air, which starts at $999 (but is frequently on sale on Amazon for as low as $749).

A18 Pro specs include a 6-core CPU, a 6-core GPU, and a 16-core Neural Engine. The chip's performance is similar to the M1 chip, so this new MacBook could effectively be a replacement for the old MacBook Air with the M1 chip, which Apple still sells through Walmart for $599 and even as low as $549 during a recent Black Friday sale.

With an A18 Pro chip, this MacBook might have only 8GB of RAM, whereas all current MacBook Air and MacBook Pro models start with at least 16GB of RAM. The chip also lacks Thunderbolt support, so the new MacBook would likely be equipped with regular USB-C ports, with slower data transfer speeds and external display limitations.

Apple supply chain analyst Ming-Chi Kuo was first to reveal that Apple is allegedly planning a more affordable MacBook. In June, he said the laptop will have around a 13-inch display, and the A18 Pro chip. Kuo said potential color options include silver, blue, pink, and yellow, so it could come in bright colors like the iMac.

Taiwanese supply chain publication DigiTimes later exclusively reported that this MacBook will be equipped with a 12.9-inch display like some current or past iPad Air and iPad Pro models, whereas the MacBook Air has a slightly larger 13.6-inch display.

TrendForce appears to be siding with the 12.9-inch display size.

The lower-cost MacBook could have a lot in common with the discontinued 12-inch MacBook, including an ultra-thin and lightweight design. Hopefully, it is announced within the next few months, following endless rumors from several sources.Tag: MacBook (A18 Pro)
This article, "Low-Price 12.9-Inch MacBook With A18 Pro Chip Reportedly Launching Early This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 2Jan 2

Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More

Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More

Apple today announced a number of updates to Apple Fitness+ and activity with the Apple Watch.


The key announcements include:


New Year limited-edition award: Users can win the award by closing all three Activity Rings for seven days in a row in January.
"Quit Quitting" Strava challenge: Available in Strava throughout January, users who log 12 workouts anytime in the month will win an Apple Watch badge in the app.
New multiweek programs: From January 5, the "Make Your Fitness Comeback program" will be available for Strength, HIIT, and Yoga. Each week builds on the previous one to help users progress.
Fitness+ Artist Spotlight returns: New workouts featuring music from KAROL G and, from February 5, Bad Bunny.
New Time to Walk episodes: Starting January 19, new episodes feature actor and producer Penn Badgley, Spice Girls member, singer, songwriter, and TV personality Mel B, and actor Michelle Monaghan.

Apple added that many people abandon New Year's fitness resolutions by the second Friday of January, known as "Quitter's Day," but Apple Watch users appear far more likely to stay on track. An analysis of four years of data from around 100,000 participants in the Apple Heart and Movement Study found that, after a seasonal dip in activity during November and December, average daily exercise minutes rise sharply in January and continue increasing into spring.

More than 60% of users boosted their exercise by over 10% in the first two weeks of January compared with December levels. Nearly 80% of those users maintained the increase through the rest of January, and 90% of that group sustained higher activity levels through February and March. The findings are based on participants who consistently wore an Apple Watch and shared Activity data as part of the long-running study conducted with major U.S. health institutions.Tag: Apple Fitness Plus
This article, "Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 41 views

reporter

January 2Jan 2

Report: Apple Vision Pro Is Still Failing to Catch On

Report: Apple Vision Pro Is Still Failing to Catch On

Apple's Vision Pro headset is still failing to see appeal among consumers, according to a new report from the Financial Times.


Data from IDC claims that Apple shipped 390,000 Vision Pro units in 2024. IDC expected Apple to ship just 45,000 new Vision Pro units in the latest quarter of 2025. The Financial Times stressed that this compares to millions of iPhones, iPads and MacBooks sold each quarter. Luxshare, the Vision Pro's assembler, apparently halted production of the headset at the start of 2025.

According to Sensor Tower, Apple has apparently reduced digital advertising spending for the Vision Pro by more than 95% over the past year in key markets including the United States and United Kingdom. The report also noted that Apple did little to expand the device's international rollout in 2025.

Morgan Stanley analysts told the Financial Times that "the cost, form factor and the lack of VisionOS native apps are the reasons why the Vision Pro never sold broadly." Since the device's debut in 2024, critics have highlighted practical shortcomings such as the device's weight, discomfort during extended use, and limited battery life.

Apple is said to be struggling with a platform adoption problem, with an insufficient number of users to motivate developers and insufficient apps to attract users. Apple says around 3,000 apps are designed specifically for Vision Pro, a figure that lags far behind the rapid growth of the iPhone App Store after its launch in 2008. Appfigures notes that this total likely includes niche and industry-specific software.

The challenges facing the Vision Pro reflect broader weakness in the virtual reality market. According to Counterpoint Research, global VR headset shipments declined 14% year on year. Meta still dominates the sector, accounting for around 80% of sales with its Quest headsets, which are significantly cheaper than the Vision Pro but less technologically advanced. Even so, Meta has reportedly scaled back its own marketing spend for VR hardware, suggesting limited consumer momentum across the category.Related Roundup: Apple Vision ProTags: Financial Times, IDC, Sensor TowerBuyer's Guide: Vision Pro (Buy Now)Related Forum: Apple Vision Pro
This article, "Report: Apple Vision Pro Is Still Failing to Catch On" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 44 views

reporter

January 2Jan 2

'Clicks Communicator' Unveiled — Will You Carry This With Your iPhone?

'Clicks Communicator' Unveiled — Will You Carry This With Your iPhone?

The company behind the BlackBerry-like Clicks Keyboard accessory for the iPhone today unveiled a new Android 16 smartphone called the Clicks Communicator.


The purpose-built device is designed to be used as a second phone alongside your iPhone, with the intended focus being communication over content consumption. It runs a custom Android launcher that offers a curated selection of messaging apps like Telegram, WhatsApp, Slack, and Gmail directly on the home screen.

"Communicator is to a smartphone what a Kindle is to an iPad," said Jeff Gadway, Chief Marketing Officer at Clicks Technology, in a press release. "It's a complementary product that stands on its own, optimized for a specific purpose. In the case of Clicks Communicator, that means communicating with confidence in a noisy world."


"The two-phone lifestyle is becoming more common," added Michael Fisher, co-founder of Clicks Technology and host of the tech-focused YouTube channel MrMobile. "Some people need a second phone for work, others want to be more intentional about how they use technology. At a time when everything is fighting for our attention, your phone should excel at helping you take action, not feeding distraction."

Like the Clicks Keyboard, the Clicks Communicator device itself has a physical keyboard. The device also features a so-called "Prompt Key" button on the side of the device that you can press and hold to dictate a text message.

The device is equipped with a USB-C charging port, a 3.5mm headphone jack, a 4,000 mAh battery, 256GB of built-in storage, a microSD slot for up to 2TB of additional storage, a 50-megapixel rear camera, a 24-megapixel front camera, and more. It has both a physical SIM card tray and eSIM support, with global support for 5G and LTE.


In the U.S., the Clicks Communicator will be available in the colors Smoke, Clover, and Onyx for an introductory price of $499. However, if you make a $199 deposit before February 27, you can lock in a discounted $399 price. Clicks Communicator is expected to begin shipping later this year, according to the press release. However, we strongly recommend exercising caution with pre-ordering a device like this prior to shipments beginning.

Clicks Communicator will be showcased at CES 2026 in Las Vegas next week.
This article, "'Clicks Communicator' Unveiled — Will You Carry This With Your iPhone?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

January 2Jan 2

The Kimwolf Botnet is Stalking Your Local Network

The Kimwolf Botnet is Stalking Your Local Network

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
The security company Synthient currently sees more than 2 million infected Kimwolf devices distributed globally but with concentrations in Vietnam, Brazil, India, Saudi Arabia, Russia and the United States. Synthient found that two-thirds of the Kimwolf infections are Android TV boxes with no security or authentication built in.
The past few months have witnessed the explosive growth of a new botnet dubbed Kimwolf, which experts say has infected more than 2 million devices globally. The Kimwolf malware forces compromised systems to relay malicious and abusive Internet traffic — such as ad fraud, account takeover attempts and mass content scraping — and participate in crippling distributed denial-of-service (DDoS) attacks capable of knocking nearly any website offline for days at a time.
More important than Kimwolf’s staggering size, however, is the diabolical method it uses to spread so quickly: By effectively tunneling back through various “residential proxy” networks and into the local networks of the proxy endpoints, and by further infecting devices that are hidden behind the assumed protection of the user’s firewall and Internet router.
Residential proxy networks are sold as a way for customers to anonymize and localize their Web traffic to a specific region, and the biggest of these services allow customers to route their traffic through devices in virtually any country or city around the globe.
The malware that turns an end-user’s Internet connection into a proxy node is often bundled with dodgy mobile apps and games. These residential proxy programs also are commonly installed via unofficial Android TV boxes sold by third-party merchants on popular e-commerce sites like Amazon, BestBuy, Newegg, and Walmart.
These TV boxes range in price from $40 to $400, are marketed under a dizzying range of no-name brands and model numbers, and frequently are advertised as a way to stream certain types of subscription video content for free. But there’s a hidden cost to this transaction: As we’ll explore in a moment, these TV boxes make up a considerable chunk of the estimated two million systems currently infected with Kimwolf.
Some of the unsanctioned Android TV boxes that come with residential proxy malware pre-installed. Image: Synthient.
Kimwolf also is quite good at infecting a range of Internet-connected digital photo frames that likewise are abundant at major e-commerce websites. In November 2025, researchers from Quokka published a report (PDF) detailing serious security issues in Android-based digital picture frames running the Uhale app — including Amazon’s bestselling digital frame as of March 2025.
There are two major security problems with these photo frames and unofficial Android TV boxes. The first is that a considerable percentage of them come with malware pre-installed, or else require the user to download an unofficial Android App Store and malware in order to use the device for its stated purpose (video content piracy). The most typical of these uninvited guests are small programs that turn the device into a residential proxy node that is resold to others.
The second big security nightmare with these photo frames and unsanctioned Android TV boxes is that they rely on a handful of Internet-connected microcomputer boards that have no discernible security or authentication requirements built-in. In other words, if you are on the same network as one or more of these devices, you can likely compromise them simultaneously by issuing a single command across the network.
THERE’S NO PLACE LIKE 127.0.0.1
The combination of these two security realities came to the fore in October 2025, when an undergraduate computer science student at the Rochester Institute of Technology began closely tracking Kimwolf’s growth, and interacting directly with its apparent creators on a daily basis.
Benjamin Brundage is the 22-year-old founder of the security firm Synthient, a startup that helps companies detect proxy networks and learn how those networks are being abused. Conducting much of his research into Kimwolf while studying for final exams, Brundage told KrebsOnSecurity in late October 2025 he suspected Kimwolf was a new Android-based variant of Aisuru, a botnet that was incorrectly blamed for a number of record-smashing DDoS attacks last fall.
Brundage says Kimwolf grew rapidly by abusing a glaring vulnerability in many of the world’s largest residential proxy services. The crux of the weakness, he explained, was that these proxy services weren’t doing enough to prevent their customers from forwarding requests to internal servers of the individual proxy endpoints.
Most proxy services take basic steps to prevent their paying customers from “going upstream” into the local network of proxy endpoints, by explicitly denying requests for local addresses specified in RFC-1918, including the well-known Network Address Translation (NAT) ranges 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/12. These ranges allow multiple devices in a private network to access the Internet using a single public IP address, and if you run any kind of home or office network, your internal address space operates within one or more of these NAT ranges.
However, Brundage discovered that the people operating Kimwolf had figured out how to talk directly to devices on the internal networks of millions of residential proxy endpoints, simply by changing their Domain Name System (DNS) settings to match those in the RFC-1918 address ranges.
“It is possible to circumvent existing domain restrictions by using DNS records that point to 192.168.0.1 or 0.0.0.0,” Brundage wrote in a first-of-its-kind security advisory sent to nearly a dozen residential proxy providers in mid-December 2025. “This grants an attacker the ability to send carefully crafted requests to the current device or a device on the local network. This is actively being exploited, with attackers leveraging this functionality to drop malware.”
As with the digital photo frames mentioned above, many of these residential proxy services run solely on mobile devices that are running some game, VPN or other app with a hidden component that turns the user’s mobile phone into a residential proxy — often without any meaningful consent.
In a report published today, Synthient said key actors involved in Kimwolf were observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality.
“Synthient expects to observe a growing interest among threat actors in gaining unrestricted access to proxy networks to infect devices, obtain network access, or access sensitive information,” the report observed. “Kimwolf highlights the risks posed by unsecured proxy networks and their viability as an attack vector.”
ANDROID DEBUG BRIDGE
After purchasing a number of unofficial Android TV box models that were most heavily represented in the Kimwolf botnet, Brundage further discovered the proxy service vulnerability was only part of the reason for Kimwolf’s rapid rise: He also found virtually all of the devices he tested were shipped from the factory with a powerful feature called Android Debug Bridge (ADB) mode enabled by default.
Many of the unofficial Android TV boxes infected by Kimwolf include the ominous disclaimer: “Made in China. Overseas use only.” Image: Synthient.
ADB is a diagnostic tool intended for use solely during the manufacturing and testing processes, because it allows the devices to be remotely configured and even updated with new (and potentially malicious) firmware. However, shipping these devices with ADB turned on creates a security nightmare because in this state they constantly listen for and accept unauthenticated connection requests.
For example, opening a command prompt and typing “adb connect” along with a vulnerable device’s (local) IP address followed immediately by “:5555” will very quickly offer unrestricted “super user” administrative access.
Brundage said by early December, he’d identified a one-to-one overlap between new Kimwolf infections and proxy IP addresses offered for rent by China-based IPIDEA, currently the world’s largest residential proxy network by all accounts.
“Kimwolf has almost doubled in size this past week, just by exploiting IPIDEA’s proxy pool,” Brundage told KrebsOnSecurity in early December as he was preparing to notify IPIDEA and 10 other proxy providers about his research.
Brundage said Synthient first confirmed on December 1, 2025 that the Kimwolf botnet operators were tunneling back through IPIDEA’s proxy network and into the local networks of systems running IPIDEA’s proxy software. The attackers dropped the malware payload by directing infected systems to visit a specific Internet address and to call out the pass phrase “krebsfiveheadindustries” in order to unlock the malicious download.
On December 30, Synthient said it was tracking roughly 2 million IPIDEA addresses exploited by Kimwolf in the previous week. Brundage said he has witnessed Kimwolf rebuilding itself after one recent takedown effort targeting its control servers — from almost nothing to two million infected systems just by tunneling through proxy endpoints on IPIDEA for a couple of days.
Brundage said IPIDEA has a seemingly inexhaustible supply of new proxies, advertising access to more than 100 million residential proxy endpoints around the globe in the past week alone. Analyzing the exposed devices that were part of IPIDEA’s proxy pool, Synthient said it found more than two-thirds were Android devices that could be compromised with no authentication needed.
SECURITY NOTIFICATION AND RESPONSE
After charting a tight overlap in Kimwolf-infected IP addresses and those sold by IPIDEA, Brundage was eager to make his findings public: The vulnerability had clearly been exploited for several months, although it appeared that only a handful of cybercrime actors were aware of the capability. But he also knew that going public without giving vulnerable proxy providers an opportunity to understand and patch it would only lead to more mass abuse of these services by additional cybercriminal groups.
On December 17, Brundage sent a security notification to all 11 of the apparently affected proxy providers, hoping to give each at least a few weeks to acknowledge and address the core problems identified in his report before he went public. Many proxy providers who received the notification were resellers of IPIDEA that white-labeled the company’s service.
KrebsOnSecurity first sought comment from IPIDEA in October 2025, in reporting on a story about how the proxy network appeared to have benefitted from the rise of the Aisuru botnet, whose administrators appeared to shift from using the botnet primarily for DDoS attacks to simply installing IPIDEA’s proxy program, among others.
On December 25, KrebsOnSecurity received an email from an IPIDEA employee identified only as “Oliver,” who said allegations that IPIDEA had benefitted from Aisuru’s rise were baseless.
“After comprehensively verifying IP traceability records and supplier cooperation agreements, we found no association between any of our IP resources and the Aisuru botnet, nor have we received any notifications from authoritative institutions regarding our IPs being involved in malicious activities,” Oliver wrote. “In addition, for external cooperation, we implement a three-level review mechanism for suppliers, covering qualification verification, resource legality authentication and continuous dynamic monitoring, to ensure no compliance risks throughout the entire cooperation process.”
“IPIDEA firmly opposes all forms of unfair competition and malicious smearing in the industry, always participates in market competition with compliant operation and honest cooperation, and also calls on the entire industry to jointly abandon irregular and unethical behaviors and build a clean and fair market ecosystem,” Oliver continued.
Meanwhile, the same day that Oliver’s email arrived, Brundage shared a response he’d just received from IPIDEA’s security officer, who identified himself only by the first name Byron. The security officer said IPIDEA had made a number of important security changes to its residential proxy service to address the vulnerability identified in Brundage’s report.
“By design, the proxy service does not allow access to any internal or local address space,” Byron explained. “This issue was traced to a legacy module used solely for testing and debugging purposes, which did not fully inherit the internal network access restrictions. Under specific conditions, this module could be abused to reach internal resources. The affected paths have now been fully blocked and the module has been taken offline.”
Byron told Brundage IPIDEA also instituted multiple mitigations for blocking DNS resolution to internal (NAT) IP ranges, and that it was now blocking proxy endpoints from forwarding traffic on “high-risk” ports “to prevent abuse of the service for scanning, lateral movement, or access to internal services.”
An excerpt from an email sent by IPIDEA’s security officer in response to Brundage’s vulnerability notification. Click to enlarge.
Brundage said IPIDEA appears to have successfully patched the the vulnerabilities he identified. He also noted he never observed the Kimwolf actors targeting proxy services other than IPIDEA, which has not responded to requests for comment.

Riley Kilmer is founder of Spur.us, a technology firm that helps companies identify and filter out proxy traffic. Kilmer said Spur has tested Brundage’s findings and confirmed that IPIDEA and all of its affiliate resellers indeed allowed full and unfiltered access to the local LAN.
Kilmer said one model of unsanctioned Android TV boxes that is especially popular — the Superbox, which we profiled in November’s Is Your Android TV Streaming Box Part of a Botnet? — leaves Android Debug Mode running on localhost:5555.
“And since Superbox turns the IP into an IPIDEA proxy, a bad actor just has to use the proxy to localhost on that port and install whatever bad SDKs [software development kits] they want,” Kilmer told KrebsOnSecurity.
Superbox media streaming boxes for sale on Walmart.com.
ECHOES FROM THE PAST
Both Brundage and Kilmer say IPIDEA appears to be the second or third reincarnation of a residential proxy network formerly known as 911S5 Proxy, a service that operated between 2014 and 2022 and was wildly popular on cybercrime forums. 911S5 Proxy imploded a week after KrebsOnSecurity published a deep dive on the service’s sketchy origins and leadership in China.
In that 2022 profile, we cited work by researchers at the University of Sherbrooke in Canada who were studying the threat 911S5 could pose to internal corporate networks. The researchers noted that “the infection of a node enables the 911S5 user to access shared resources on the network such as local intranet portals or other services.”
“It also enables the end user to probe the LAN network of the infected node,” the researchers explained. “Using the internal router, it would be possible to poison the DNS cache of the LAN router of the infected node, enabling further attacks.”
911S5 initially responded to our reporting in 2022 by claiming it was conducting a top-down security review of the service. But the proxy service abruptly closed up shop just one week later, saying a malicious hacker had destroyed all of the company’s customer and payment records. In July 2024, The U.S. Department of the Treasury sanctioned the alleged creators of 911S5, and the U.S. Department of Justice arrested the Chinese national named in my 2022 profile of the proxy service.
Kilmer said IPIDEA also operates a sister service called 922 Proxy, which the company has pitched from Day One as a seamless alternative to 911S5 Proxy.
“You cannot tell me they don’t want the 911 customers by calling it that,” Kilmer said.
Among the recipients of Synthient’s notification was the proxy giant Oxylabs. Brundage shared an email he received from Oxylabs’ security team on December 31, which acknowledged Oxylabs had started rolling out security modifications to address the vulnerabilities described in Synthient’s report.
Reached for comment, Oxylabs confirmed they “have implemented changes that now eliminate the ability to bypass the blocklist and forward requests to private network addresses using a controlled domain,” the company said in a written statement. But it said there is no evidence that Kimwolf or other other attackers exploited its network.
“In parallel, we reviewed the domains identified in the reported exploitation activity and did not observe traffic associated with them,” the Oxylabs statement continued. “Based on this review, there is no indication that our residential network was impacted by these activities.”
PRACTICAL IMPLICATIONS
Consider the following scenario, in which the mere act of allowing someone to use your Wi-Fi network could lead to a Kimwolf botnet infection. In this example, a friend or family member comes to stay with you for a few days, and you grant them access to your Wi-Fi without knowing that their mobile phone is infected with an app that turns the device into a residential proxy node. At that point, your home’s public IP address will show up for rent at the website of some residential proxy provider.
Miscreants like those behind Kimwolf then use residential proxy services online to access that proxy node on your IP, tunnel back through it and into your local area network (LAN), and automatically scan the internal network for devices with Android Debug Bridge mode turned on.
By the time your guest has packed up their things, said their goodbyes and disconnected from your Wi-Fi, you now have two devices on your local network — a digital photo frame and an unsanctioned Android TV box — that are infected with Kimwolf. You may have never intended for these devices to be exposed to the larger Internet, and yet there you are.
Here’s another possible nightmare scenario: Attackers use their access to proxy networks to modify your Internet router’s settings so that it relies on malicious DNS servers controlled by the attackers — allowing them to control where your Web browser goes when it requests a website. Think that’s far-fetched? Recall the DNSChanger malware from 2012 that infected more than a half-million routers with search-hijacking malware, and ultimately spawned an entire security industry working group focused on containing and eradicating it.
XLAB
Much of what is published so far on Kimwolf has come from the Chinese security firm XLab, which was the first to chronicle the rise of the Aisuru botnet in late 2024. In its latest blog post, XLab said it began tracking Kimwolf on October 24, when the botnet’s control servers were swamping Cloudflare’s DNS servers with lookups for the distinctive domain 14emeliaterracewestroxburyma02132[.]su.
This domain and others connected to early Kimwolf variants spent several weeks topping Cloudflare’s chart of the Internet’s most sought-after domains, edging out Google.com and Apple.com of their rightful spots in the top 5 most-requested domains. That’s because during that time Kimwolf was asking its millions of bots to check in frequently using Cloudflare’s DNS servers.
The Chinese security firm XLab found the Kimwolf botnet had enslaved between 1.8 and 2 million devices, with heavy concentrations in Brazil, India, The United States of America and Argentina. Image: blog.xLab.qianxin.com
It is clear from reading the XLab report that KrebsOnSecurity (and security experts) probably erred in misattributing some of Kimwolf’s early activities to the Aisuru botnet, which appears to be operated by a different group entirely. IPDEA may have been truthful when it said it had no affiliation with the Aisuru botnet, but Brundage’s data left no doubt that its proxy service clearly was being massively abused by Aisuru’s Android variant, Kimwolf.
XLab said Kimwolf has infected at least 1.8 million devices, and has shown it is able to rebuild itself quickly from scratch.
“Analysis indicates that Kimwolf’s primary infection targets are TV boxes deployed in residential network environments,” XLab researchers wrote. “Since residential networks usually adopt dynamic IP allocation mechanisms, the public IPs of devices change over time, so the true scale of infected devices cannot be accurately measured solely by the quantity of IPs. In other words, the cumulative observation of 2.7 million IP addresses does not equate to 2.7 million infected devices.”
XLab said measuring Kimwolf’s size also is difficult because infected devices are distributed across multiple global time zones. “Affected by time zone differences and usage habits (e.g., turning off devices at night, not using TV boxes during holidays, etc.), these devices are not online simultaneously, further increasing the difficulty of comprehensive observation through a single time window,” the blog post observed.
XLab noted that the Kimwolf author “shows an almost ‘obsessive’ fixation on Yours Truly, apparently leaving “easter eggs” related to my name in multiple places through the botnet’s code and communications:
Image: XLAB.
ANALYSIS AND ADVICE
One frustrating aspect of threats like Kimwolf is that in most cases it is not easy for the average user to determine if there are any devices on their internal network which may be vulnerable to threats like Kimwolf and/or already infected with residential proxy malware.
Let’s assume that through years of security training or some dark magic you can successfully identify that residential proxy activity on your internal network was linked to a specific mobile device inside your house: From there, you’d still need to isolate and remove the app or unwanted component that is turning the device into a residential proxy.
Also, the tooling and knowledge needed to achieve this kind of visibility just isn’t there from an average consumer standpoint. The work that it takes to configure your network so you can see and interpret logs of all traffic coming in and out is largely beyond the skillset of most Internet users (and, I’d wager, many security experts). But it’s a topic worth exploring in an upcoming story.
Happily, Synthient has erected a page on its website that will state whether a visitor’s public Internet address was seen among those of Kimwolf-infected systems. Brundage also has compiled a list of the unofficial Android TV boxes that are most highly represented in the Kimwolf botnet.
If you own a TV box that matches one of these model names and/or numbers, please just rip it out of your network. If you encounter one of these devices on the network of a family member or friend, send them a link to this story and explain that it’s not worth the potential hassle and harm created by keeping them plugged in.
The top 15 product devices represented in the Kimwolf botnet, according to Synthient.
Chad Seaman is a principal security researcher with Akamai Technologies. Seaman said he wants more consumers to be wary of these pseudo Android TV boxes to the point where they avoid them altogether.
“I want the consumer to be paranoid of these crappy devices and of these residential proxy schemes,” he said. “We need to highlight why they’re dangerous to everyone and to the individual. The whole security model where people think their LAN (Local Internal Network) is safe, that there aren’t any bad guys on the LAN so it can’t be that dangerous is just really outdated now.”
“The idea that an app can enable this type of abuse on my network and other networks, that should really give you pause,” about which devices to allow onto your local network, Seaman said. “And it’s not just Android devices here. Some of these proxy services have SDKs for Mac and Windows, and the iPhone. It could be running something that inadvertently cracks open your network and lets countless random people inside.”
In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants collectively dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million unsanctioned Android streaming devices engaged in advertising fraud. Google said the BADBOX 2.0 botnet, in addition to compromising multiple types of devices prior to purchase, also can infect devices by requiring the download of malicious apps from unofficial marketplaces.
Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malware prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors — usually during the set-up process.
The FBI said BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. The original BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase.
Lindsay Kaye is vice president of threat intelligence at HUMAN Security, a company that worked closely on the BADBOX investigations. Kaye said the BADBOX botnets and the residential proxy networks that rode on top of compromised devices were detected because they enabled a ridiculous amount of advertising fraud, as well as ticket scalping, retail fraud, account takeovers and content scraping.
Kaye said consumers should stick to known brands when it comes to purchasing things that require a wired or wireless connection.
“If people are asking what they can do to avoid being victimized by proxies, it’s safest to stick with name brands,” Kaye said. “Anything promising something for free or low-cost, or giving you something for nothing just isn’t worth it. And be careful about what apps you allow on your phone.”
Many wireless routers these days make it relatively easy to deploy a “Guest” wireless network on-the-fly. Doing so allows your guests to browse the Internet just fine but it blocks their device from being able to talk to other devices on the local network — such as shared folders, printers and drives. If someone — a friend, family member, or contractor — requests access to your network, give them the guest Wi-Fi network credentials if you have that option.
There is a small but vocal pro-piracy camp that is almost condescendingly dismissive of the security threats posed by these unsanctioned Android TV boxes. These tech purists positively chafe at the idea of people wholesale discarding one of these TV boxes. A common refrain from this camp is that Internet-connected devices are not inherently bad or good, and that even factory-infected boxes can be flashed with new firmware or custom ROMs that contain no known dodgy software.
However, it’s important to point out that the majority of people buying these devices are not security or hardware experts; the devices are sought out because they dangle something of value for “free.” Most buyers have no idea of the bargain they’re making when plugging one of these dodgy TV boxes into their network.
It is somewhat remarkable that we haven’t yet seen the entertainment industry applying more visible pressure on the major e-commerce vendors to stop peddling this insecure and actively malicious hardware that is largely made and marketed for video piracy. These TV boxes are a public nuisance for bundling malicious software while having no apparent security or authentication built-in, and these two qualities make them an attractive nuisance for cybercriminals.
Stay tuned for Part II in this series, which will poke through clues left behind by the people who appear to have built Kimwolf and benefited from it the most.
View the full article

• 0 comments
• 77 views

Krebs

January 2Jan 2

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF documentView the full article

• 0 comments
• 39 views

Hacker News

January 2Jan 2

Certified Kubernetes Administrator Learning Path for Engineers

Certified Kubernetes Administrator Learning Path for Engineers

Introduction
The Certified Kubernetes Administrator (CKA) certification has become a vital credential for professionals working in cloud infrastructure, DevOps, and container-based environments. It validates hands-on expertise in managing Kubernetes clusters used in real production systems. As organizations continue to modernize applications using containers and microservices, Kubernetes has emerged as the most trusted orchestration platform. Because of this widespread adoption, certified administrators are in strong demand across industries.
In real-world environments, Kubernetes is used to deploy microservices, automate CI/CD pipelines, maintain high availability systems, handle disaster recovery, and manage cloud infrastructure efficiently. When selecting tools, platforms, or training in this domain, professionals should evaluate practical lab exposure, real cluster usage, exam-focused learning, mentor expertise, and long-term career guidance. These criteria ensure lasting professional success rather than short-term certification achievement.
To understand the complete certification scope and learning structure, visit
Certified Kubernetes Administrator
Why Certified Kubernetes Administrator Is Important
Kubernetes now supports the core digital systems of many global organizations. Industries such as finance, healthcare, retail, telecom, and media rely on Kubernetes to run scalable, secure, and resilient applications.
Value for Organizations
Faster application releases Improved system stability Better infrastructure security Efficient resource management Reduced downtime Value for Professionals
High global job demand Competitive salary growth Senior and leadership roles Strong long-term career prospects Key Kubernetes Keywords Every Professional Should Know
This blog naturally includes the following ten important keywords:
Kubernetes Certification, Kubernetes Administrator Training, CKA Exam Preparation, Cloud Native Infrastructure, Kubernetes Cluster Management, Kubernetes Security, Kubernetes Networking, DevOps Career Growth, Kubernetes Deployment, Container Orchestration
Core Knowledge Areas Covered in CKA
Skill AreaPractical FocusCluster ArchitectureHigh availability, node managementInstallation & ConfigurationCluster setup, networkingWorkload ManagementDeployments, scaling, servicesNetworkingDNS, ingress, traffic routingStoragePersistent volumes, storage classesSecurityRBAC, secrets, policiesMonitoring & TroubleshootingMetrics, logs, issue resolution Commonly Used Kubernetes Tools
ToolUsageKubectlCluster administrationHelmApplication deploymentPrometheusMonitoring and alertsGrafanaVisualizationIstioService meshCalicoNetwork securityVeleroBackup and recoveryKubeadmCluster installationMinikubeLocal environment testingK9sTerminal-based management How to Choose the Right Learning Platform
Learning Kubernetes effectively requires more than theory. The right training platform should offer practical experience and expert guidance. DevOpsSchool is globally recognized as a trusted leader in DevOps and Kubernetes education.
Why DevOpsSchool Is Highly Regarded
Job-oriented curriculum Hands-on labs using real Kubernetes clusters Structured exam preparation Career mentoring and interview support Training programs in Kubernetes, Cloud, DevOps, DevSecOps, SRE, and automation Thousands of professionals worldwide have advanced their careers through DevOpsSchool’s learning ecosystem.
Expert Guidance by Rajesh Kumar
The program is governed and mentored by Rajesh Kumar, a globally respected technology expert with over 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and Cloud technologies. His mentorship focuses on practical skills, real-world scenarios, and long-term career growth.
How to Prepare for the CKA Exam
Preparation Strategy
Learn Kubernetes architecture concepts clearly Build and manage clusters multiple times Practice networking and storage configurations Apply security policies in real scenarios Troubleshoot live cluster issues Take timed mock exams for confidence Career Opportunities After Certification
RoleMarket DemandKubernetes AdministratorVery HighCloud EngineerVery HighDevOps EngineerExtremely HighPlatform EngineerHighSRE EngineerHigh Benefits of Becoming Certified
Global professional recognition Higher earning potential Job mobility across industries Leadership growth opportunities Long-term career stability Common Challenges and Solutions
ChallengePractical SolutionComplex networkingRepeated lab practiceSecurity configurationPolicy-based scenariosTroubleshooting pressureProduction simulationsExam time managementMock test practice Who Should Pursue Certified Kubernetes Administrator
DevOps Engineers Cloud Engineers System Administrators Software Engineers moving into cloud roles Infrastructure and platform professionals Conclusion & Overview
The Certified Kubernetes Administrator credential has become essential for professionals building strong careers in cloud computing and DevOps. Kubernetes powers modern digital platforms, and certified administrators remain in high demand globally. With structured training from DevOpsSchool and expert mentorship from Rajesh Kumar, learners gain not only certification success but long-term confidence, leadership readiness, and deep technical expertise. This journey helps professionals become trusted Kubernetes and cloud infrastructure specialists.
Contact & Call to Action
📧 Email: [email protected]
📞 Phone & WhatsApp (India): +91 7004 215 841
📞 Phone & WhatsApp (USA): +1 (469) 756-6329
🌐 Website: https://www.devopsschool.com/

View the full article

• 0 comments
• 41 views

reporter

January 2Jan 2

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion.
They will be sentenced on March 12, 2026, the US Department of Justice announced this week.
Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-consiprator was also listed in the court filings.
They were accused of targeting five companies with the ransomware: a Florida medical device company, a Maryland pharmaceutical company, a doctor’s office in California, an engineering company in California, and a drone manufacturer in Virginia.
BlackCat ransomware, also known as ALPHV, is particularly pernicious as it can exploit cloud copies of data intended to protect against ransomware attacks as a way into the enterprise. Those behind it are among the most dangerous ransomware groups active today.
Goldberg and Martin didn’t develop BlackCat, though: they identified victims and targeted them with the ransomware-as-a-service, sharing ransom payouts  with the developers.
The two reached plea agreements with the US Attorney for the Southern District of Florida on Dec. 18, 2025, and these were accepted by the US District Court for the Southern District fo Florida on Dec. 29, court records show.
The ransomware attacks resulted in losses exceeding $9.5 million, the parties agreed. However, authorities were only able to trace $324,123.26 in proceeds of the crimes to Goldberg and Martin, according to the plea agreements.
The pair face a maximum sentence of 20 years in prison.
US authorities have been after them and the developers of the BlackCat software they used for years. The wider ransomware group is believed to have targeted more than 1,000 victims around the world, according to a DOJ news release.
The group was defanged in December 2023, when the US Federal Bureau of Investigation (FBI) developed a tool that could decrypt data held to ransom, according ot the DOJ. It estimated this saved hundreds of victims some $99 million in ransomware payments.

View the full article

• 0 comments
• 40 views

CSOonline

January 2Jan 2

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion.
They will be sentenced on March 12, 2026, the US Department of Justice announced this week.
Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-conspirator was also listed in the court filings.
They were accused of targeting five companies with the ransomware: a Florida medical device company, a Maryland pharmaceutical company, a doctor’s office in California, an engineering company in California, and a drone manufacturer in Virginia.
BlackCat ransomware, also known as ALPHV, is particularly pernicious as it can exploit cloud copies of data intended to protect against ransomware attacks as a way into the enterprise. Those behind it are among the most dangerous ransomware groups active today.
Goldberg and Martin didn’t develop BlackCat, though: they identified victims and targeted them with the ransomware-as-a-service, sharing ransom payouts  with the developers.
The two reached plea agreements with the US Attorney for the Southern District of Florida on Dec. 18, 2025, and these were accepted by the US District Court for the Southern District fo Florida on Dec. 29, court records show.
The ransomware attacks resulted in losses exceeding $9.5 million, the parties agreed. However, authorities were only able to trace $324,123.26 in proceeds of the crimes to Goldberg and Martin, according to the plea agreements.
The pair face a maximum sentence of 20 years in prison.
US authorities have been after them and the developers of the BlackCat software they used for years. The wider ransomware group is believed to have targeted more than 1,000 victims around the world, according to a DOJ news release.
The group was defanged in December 2023, when the US Federal Bureau of Investigation (FBI) developed a tool that could decrypt data held to ransom, according ot the DOJ. It estimated this saved hundreds of victims some $99 million in ransomware payments.

View the full article

• 0 comments
• 41 views

CSOonline

January 2Jan 2

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity experts plead guilty to running ransomware operation

Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion.
They will be sentenced on March 12, 2026, the US Department of Justice announced this week.
Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-conspirator was also listed in the court filings.
They were accused of targeting five companies with the ransomware: a Florida medical device company, a Maryland pharmaceutical company, a doctor’s office in California, an engineering company in California, and a drone manufacturer in Virginia.
BlackCat ransomware, also known as ALPHV, is particularly pernicious as it can exploit cloud copies of data intended to protect against ransomware attacks as a way into the enterprise. Those behind it are among the most dangerous ransomware groups active today.
Goldberg and Martin didn’t develop BlackCat, though: they identified victims and targeted them with the ransomware-as-a-service, sharing ransom payouts  with the developers.
The two reached plea agreements with the US Attorney for the Southern District of Florida on Dec. 18, 2025, and these were accepted by the US District Court for the Southern District fo Florida on Dec. 29, court records show.
The ransomware attacks resulted in losses exceeding $9.5 million, the parties agreed. However, authorities were only able to trace $324,123.26 in proceeds of the crimes to Goldberg and Martin, according to the plea agreements.
The pair face a maximum sentence of 20 years in prison.
US authorities have been after them and the developers of the BlackCat software they used for years. The wider ransomware group is believed to have targeted more than 1,000 victims around the world, according to a DOJ news release.
The group was defanged in December 2023, when the US Federal Bureau of Investigation (FBI) developed a tool that could decrypt data held to ransom, according ot the DOJ. It estimated this saved hundreds of victims some $99 million in ransomware payments.
View the full article

• 0 comments
• 34 views

CSOonline

January 2Jan 2

Your Path Starts Here: The ITIL Certification Training Course

Your Path Starts Here: The ITIL Certification Training Course

ITIL Certification Training Course delivers essential IT service management skills for professional success. This detailed guide explores its framework, rewards, and how to get started effectively.
Grasping ITIL Essentials
ITIL represents Information Technology Infrastructure Library, a framework of best practices for ITSM. ITIL 4 refreshes it to prioritize value in contemporary IT settings. It ensures IT services support business aims with reliable methods.​
Foundation training imparts key vocabulary and lifecycle insights. IT workers use it to optimize delivery and tackle issues head-on.​
Advancing to ITIL 4 Design
ITIL 4 moves beyond strict processes to versatile systems fitting cloud, agile, and digital eras. The Service Value System (SVS) unifies elements for superior performance. It meshes well with DevOps workflows.​
Enterprises apply it for prompt demand fulfillment and faster value output. ITIL 4 promotes resilience amid tech evolution.​
Key Principles Unpacked
Service value centers on meeting user needs through IT. Four dimensions—orgs/people, info/tech, partners/suppliers, processes/streams—provide rounded insights.​
Principles like value emphasis and broad thinking steer operations. They enable tangible service upgrades.​
Exploring Service Value System
SVS channels opportunities to value via cohesive parts. Governance steers, practices implement, improvement iterates.​
Service Value Chain includes plan, improve, engage, design/transition, obtain/build, deliver/support. Engage sustains user connections fully.​
SVS PartDescriptionGuiding PrinciplesChoice-making aids ​GovernanceSteering & controls ​Service Value ChainValue-building actions ​PracticesExecution methods ​Continual ImprovementEndless refinement ​ Vital Practices Reviewed
ITIL 4 spotlights practices such as incident response and service desk for core IT duties. They slot into chains for real-world execution.​
Service desk handles initial user interactions, change enablement mitigates update risks. They underpin stable services.​
Incident management: Fast recovery. Problem management: Cause analysis. Service request management: Everyday processing. Monitoring and event management: Early warnings.​ Job and Salary Upsides
Certified individuals enjoy 40% pay hikes, averaging $98K-$130K. Indian beginners earn INR 9-10 lakhs. Opens doors to service management or consulting.​
ITIL affirms ITSM command, improving prospects. Teams cut expenses and downtime.​
RoleSalary Avg (USD)Service Manager$112,500 ​Project Manager$98,000 ​IT Consultant$89,000 ​IT Director$136,000 ​ Perfect Participants
Service engineers, DevOps entrants, managers ideal. Basic IT suffices. Great for infra experts.​
Analysts, support teams grasp lifecycle swiftly. Service enhancers benefit.​
In-Depth ITIL Certification Training Course
This ITIL Certification Training Course offers 15 hours online instructor-led. Covers ITIL 4 foundation, lifecycle, tech evolution.​
Lifetime LMS: recordings, notes, PDFs, guides, Q&A, tests, projects. AWS labs for seamless practice. Stands out with lifetime support, exam dumps, group deals.​
FeatureDevOpsSchoolOthersLifetime Tech SupportYesNo ​Lifetime LMSYesBriefExam DumpsYesRareGroup DiscountsYesSporadic ​ Industry certs from DevOpsSchool/DevOpsCertification.co post-course. Kit in 12 hours.​
Rajesh Kumar: Leading Mentor Profile
Mentored by Rajesh Kumar, 20+ year authority in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, cloud. Trained thousands at Blue Yonder etc., slashing deploys 95% via Terraform, Ansible, Jenkins, CI/CD.​
LinkedIn-hyped for SRE/K8s prowess. Covers AIOps/ML ops in trainings. Conference speaker, OSS contributor, guide author on site. Interactive teaching excels.​
DevOpsSchool Platform Strengths
DevOpsSchool tops DevOps/cloud/ITSM with AWS/Azure/GCP/K8s/SRE/ITIL. Lifetime LMS, AWS labs, 24h forums, venue perks (past).​
Kubernetes Admin, SRE courses shine. Alumni love AWS demos, quick support. Partners DevOpsCertification.co for global certs. Trusted in Jharkhand/Pune/Bangalore.​
Genuine Reviews from Participants
Abhinav Gupta, Pune (5.0): Useful interactive, confidence boost. Indrayani (5.0): Query mastery, examples great.​
Ravi Daur, Noida (5.0): Basics solid. Sumit Kulkarni (5.0): Organized tool depth. Vinayakumar PM (5.0): Knowledge standout. All 5.0s.​
Exam Readiness and Progression
Updated banks, mocks, dumps for passes. Foundation to Pro/Master. Permanent validity.​
Steps to advanced ITSM.​
Enrollment Made Easy
Sign up, pay, kit quick. Grab for service management, ITSM, chain, principles, practices.​
Advance now: ITIL Certification Training Course.
Connect with DevOpsSchool
Email: [email protected]
Phone & WhatsApp (India): +91 7004 215 841
Phone & WhatsApp (USA): +1 (469) 756-6329
Website: DevOpsSchool
Conclusion and Overview
ITIL Certification Training Course forges ITSM mastery for IT triumphs. Modern practices, pay rises, DevOps ties for value services.​
Overview: Core to systems, via expert-led proven paths.​


View the full article

• 0 comments
• 75 views

reporter

January 2Jan 2

The ROI Problem in Attack Surface Management

The ROI Problem in Attack Surface Management

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between effort andView the full article

• 0 comments
• 43 views

Hacker News

January 2Jan 2

Achieve Your Goals with Our Popular Certification Programs

Achieve Your Goals with Our Popular Certification Programs

Certs in DevOps check skills for automation of CI/CD containers in the cloud to beat job crowds. Practice projects join class to real team speed. Need grows for DevOps SRE DevSecOps for pay rise chance grab.​
DevOps Certs Edge Current
Join learn job do. Jenkins, Docker, Kubernetes, and Terraform Ansible low high. Cert right pay high role fast crew. DevOps certification cloud training Kubernetes courses, DevSecOps programs, and SRE certifications hunt words.​
OUR POPULAR CERTIFICATION PROGRAMS ARE FULL OF LARGE DEVOPS EXAMS. CDE CDP CDA CDM 9999 INR 3h. DCP 24999/60h does a deep auto check.​
Exam Quick Know Base
Proofreading tools have:
CDE CI/CD auto starts at 9999 in 3 h. CDP crew mid-same. CDA makes growth. The CDM crew steers. Stuff knows badge swift work kick.​
Test Train Pack Rich
Ride learn full:
DCP 24999 60h Jenkins Docker CI/CD Prometheus eye. MDE 99999 120h high Terraform K8s total. DSOCP 49999 100h Sonar Vault safe flow. SRECP 49999 Splunk and Grafana upkeep. MLOps, AIOps, and DataOps: 49999/100, 60h ML, AI, and data path. Do LMS stay for lab prep chat?​
Table Cost Time Cert Sharp
TypeSampleINRLengthFormExam OnlyCDE CDP CDA CDM9,9993 HoursSwift check ​Train + ExamDCP DSOCP SRECP MLOCP24,999-49,99960-100 HoursDo liveMastersMDE Microservices99,999120+ HoursTotal pushCloud PrepAWS DevOps Azure KCAD24,999-34,99920-60 HoursMark setBaseDevOps SRE DevSecOps FinOps24,9995 DaysFast door ​ Fixed cost groups drop 10-25% soft.​
Cloud Tool Cert Hit Spot
Skill aim:
KCAD holds 29999 20h CKA CKAD gear. Vault Terraform guard infra 24999 15h. AWS DevOps Pro CI/CD stream 24999 60h. CKA, CKS, and CKAD guards make 24999 8-15h. GitOps Argo CGOA CAPA 24999 10-15h. Mark did fit the job nicely.​
New Trend Ops Cert Up
Spot hot:
DevSecOps Base safe CI/CD soon. SRE Base up SLO fault. DataOps, MLOps, and AIOps data ML and AI run 24999-49999 GitOps join. FinOps, NoOps, and CloudOps cash no flow cloud up. 2026 AI cloud up best hit grow ask.​
Full Stack Lang Dev Path Open
Skill open:
QA Full FSQCP test run 24999 60h Selenium. Dev Full FSDCP craft 24999 63h Java Spring. Master Python, JS, Angular, Node, PHP, Laravel, and Golang for 24999 in 10-80 hours. Selenium, AppDynamics, Datadog, GitLab, New Relic, and Splunk tools look. DevOps smooth road shift.​
DevOpsSchool Cert Prime Base
DevOpsSchool  prime spot 50+ low-top live talk small AWS lab LMS life vid note slide how 50+ chat pack job ping group DCP True badge kick career though global. Live blend room Bangalore Hyderabad Chennai Delhi 6+ GoToMeeting flow: 200+ year guide, big trust.​
Key stand:
Guide pro 10-15+ yr live yarn. Cloud lab is free. Small tight ask solve. Skip record for the next 3m. Do badge win pass. Rajesh Kumar Core Steer
Steer Rajesh Kumar  20+ yr ace DevOps, DevSecOps, SRE DataOps, AIOps, MLOps, K8s cloud 8+ mega ServiceNow JDA Intuit Adobe IBM Lead Arch Cotocus boss AWS Azure GCP shift Jenkins ArgoCD path Docker K8s box ELK Splunk Prometheus Grafana spot BITS M.Tech coach, 10k+ tech aid 70+ biz Verizon Nokia World Bank Cognizant HCL Vodafone HSBC slashed costs by 50%+ hiked quality speed 95% CI/CD IaC Terraform proof cloud hop GitOps zero safe true yarn blog LinkedIn fresh share.​
Fit Gain Top Who
Top who:
New DevOps root solid. Tech K8s cloud Terraform Ansible rise. The chief CDM crew steers. Guard DSOCP shift ace. Data ML MLOps DataOps crew. IT is any good root. Rise quick, all ranks.​
Good Help Join Perk Pack
Stay fixed, tech skip heal record, next 3m crew drop 10% 2-3 15% 4-6 25% 7+ cost lock, no chat, web sign, bill, aid, start, no back, fair, slide, life, hold, all.
Cert Path Touch Go Now
Touch go path:
Email: [email protected]
Phone & WhatsApp (India): +91 7004 215 841
Phone & WhatsApp (USA): +1 (469) 756-6329
Website: DevOpsSchool 
Conclusion and Overview
OUR POPULAR CERTIFICATION PROGRAMS: Every path, swift test top DevOps SRE DevSecOps cloud K8s MLOps gear do. DevOpsSchool Rajesh lab aid true up pay hold job. Full 50+ cheap true soft—prime job key 2026.​


View the full article

• 0 comments
• 39 views

reporter

January 2Jan 2

Essential Steps for Implementing Microservices Using Container Serverless Apps

Essential Steps for Implementing Microservices Using Container Serverless Apps

Microservices split massive applications into compact, standalone components that interact via APIs, enabling quicker iterations and simpler scaling for development teams. Containers via Docker encapsulate these components with their dependencies, guaranteeing consistent behavior across development, testing, and production environments. Serverless paradigms, exemplified by AWS Lambda, execute functions on-demand without infrastructure management, ideal for variable workloads.​
This integration empowers developers to prioritize innovation over operational overhead, significantly reducing costs and enhancing deployment velocity in dynamic application landscapes. As of 2026, proficiency in these technologies is indispensable for thriving in DevOps and cloud engineering positions amid escalating demands for resilient systems.​
Comprehensive Guide to Implementing Microservices Using Containers Serverless
Implementing Microservices using Containers Serverless provides an immersive curriculum for designing, deploying, and maintaining microservices leveraging containerization and serverless computing on AWS infrastructure. Participants explore Docker for service packaging, Kubernetes and AWS ECS for orchestration, AWS Lambda for event-driven processing, and integration with SQS and SNS for inter-service communication.​
The program encompasses the entire development lifecycle: architecting decoupled services, containerizing applications, managing clusters, incorporating serverless capabilities for elasticity, persisting data in DynamoDB, and processing streams with Amazon Kinesis. Through authentic projects, learners transition from conceptual understanding to operational mastery, simulating production-grade implementations.​
Essential Technology Stack
The curriculum emphasizes industry-standard tools:
Docker and AWS ECR for efficient image building and registry management.​ AWS ECS and Kubernetes for robust container orchestration and scheduling.​ AWS Lambda for scalable, pay-per-use serverless execution.​ SQS, SNS, and SES for reliable asynchronous messaging and notifications.​ API Gateway combined with CloudFront for secure, low-latency API exposure.​ DynamoDB for high-performance NoSQL storage and Kinesis for real-time data streaming.​ Collectively, these technologies facilitate the construction of fault-tolerant, high-throughput distributed systems.​
Strategic Advantages of Containerized Serverless Microservices
Adopting this architecture yields transformative outcomes:
Granular scalability where individual services auto-adjust to demand independently.​ Accelerated release cycles with isolated service updates deployable in minutes.​ Optimized resource utilization through consumption-based pricing models.​ Enhanced team productivity via polyglot persistence and technology heterogeneity.​ Improved system resilience through service isolation and failure containment.​ Organizations routinely achieve 50-70% reductions in deployment times alongside elevated availability metrics.​
Detailed Program Structure and Experiential Learning
Spanning 25-30 hours of instructor-led online sessions, Implementing Microservices using Containers and Serverless progresses logically from foundational principles to advanced integrations. Initial modules address microservices rationale and patterns, followed by containerization fundamentals, orchestration strategies, and serverless hybridization, culminating in comprehensive capstone projects.​
Learners engage in industry-relevant projects constructing end-to-end microservices ecosystems incorporating Docker, ECS, Lambda, and associated AWS services. Lifetime access to the Learning Management System encompasses session recordings, comprehensive notes, presentation slides, web-based tutorials, and over 50 curated interview preparation kits featuring scenario-driven questions.​
Prerequisites remain accessible: a standard PC with 2GB RAM suffices, supplemented by AWS Free Tier instances for laboratory exercises.​
Comparative Features Analysis Table
Program AspectDevOpsSchool DifferentiationConventional AlternativesDuration25-30 hours fully interactive live instructionVariable or asynchronousProject IntegrationComplete real-world codebases from inception to deploymentIntroductory demonstrationsSupport EcosystemLifetime technical assistance and interview resourcesTime-limited accessLearning ResourcesPerpetual LMS with videos, notes, tutorialsEphemeral materialsInstructor Credentials10-15+ years industry-vetted professionalsVariable qualificationsPricing IncentivesTiered group discounts (10-25%)Minimal flexibility This framework underscores a commitment to substantive skill acquisition.​
DevOpsSchool: Premier Training Ecosystem
DevOpsSchool distinguishes itself as the foremost authority in DevOps, cloud-native, and Site Reliability Engineering education, offering extensive portfolios encompassing Kubernetes, CI/CD pipelines, AWS/Azure/GCP certifications, Terraform, and allied disciplines. Drawing from over 200 collective years of practitioner expertise, the platform delivers job opportunity notifications, community forums, and the esteemed DevOps Certified Professional credential.​
Distinguishing attributes include:
Intentionally limited cohort sizes fostered personalized engagement.​ Provisioned AWS cloud laboratories with meticulous setup documentation.​ On-site classroom delivery in Bangalore, Hyderabad, Chennai, and Delhi for qualifying groups.​ Seamless virtual facilitation via the GoToMeeting platform.​ Performance-based certification upon project completion and evaluation.​ The institution has propelled thousands toward professional advancement globally.​
Expert Mentorship by Rajesh Kumar
The initiative is stewarded by Rajesh Kumar, a preeminent DevOps architect and educator possessing over 20 years of specialized proficiency across DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes orchestration, and multi-cloud ecosystems. Having collaborated with more than 70 enterprises and upskilled countless professionals, Rajesh excels in CI/CD automation, Infrastructure as Code via Terraform, container ecosystems, and observability stacks including Prometheus, ELK, Jenkins, and Docker.​
His pedagogy incorporates battlefield-tested narratives, such as refactoring monolithic architectures into microservices yielding 95% deployment acceleration. Emphasizing test-driven methodologies and pragmatic cloud migrations, Rajesh equips participants for immediate enterprise applicability. He actively disseminates cutting-edge perspectives on GitOps and zero-trust paradigms through his blog and LinkedIn presence.​
Ideal Participant Profile
This program optimally suits:
DevOps practitioners seeking advanced containerization and serverless competencies.​ Application developers are transitioning toward microservices paradigms.​ Solution architects engineering scalable AWS-based portfolios.​ SRE professionals optimizing orchestration and observability.​ Novices possessing foundational cloud and Docker familiarity.​ It systematically addresses knowledge discontinuities through structured project immersion.​
Immersive Real-World Project Emphasis
The centerpiece project entails architecting a comprehensive microservices application spanning ideation to operationalization. Scope includes Docker/ECR image lifecycle, ECS/Kubernetes deployment, Lambda invocation orchestration, SQS/SNS integration, API Gateway/CloudFront ingress, DynamoDB persistence, and Kinesis analytics pipelines.​
Supplementary elements encompass observability, autoscaling configurations, and resilience engineering, replicating enterprise-grade imperatives. Graduates receive bespoke interview armamentaria with scenario-centric interrogatives.​
Testimonials from Esteemed Alumni
Participant endorsements affirm programmatic efficacy:
Abhinav Gupta, Pune (5.0): “Remarkably interactive; Rajesh instilled profound confidence.”​ Indrayani, India (5.0): “Superb query adjudication and pragmatic exemplars.”​ Ravi Daur, Noida (5.0): “Comprehensive DevOps fundamentals with efficacious sessions.”​ Sumit Kulkarni (5.0): “Meticulously structured; illuminated tool intricacies.”​ Vinayakumar, Bangalore (5.0): “Grateful for Rajesh’s encyclopedic acumen.”​ Numerous alumni secure positions expeditiously post-completion.​
Enrollment Logistics, Pricing Framework, Policies
The curriculum maintains a fixed fee structure for the 25-30 hour immersion, eschewing negotiations. Volume discounts incentivize collaboration: 10% for 2-3 participants, 15% for 4-6, and 25% for seven or more. Seamless online registration yields automated invoicing with dedicated support. Commencement precludes refunds, though equitable deferrals accommodate extenuating circumstances.​
Absences permit remediation via recordings or subsequent cohorts within three months.​
Immediate Action: Contact Channels
Poised to elevate your microservices proficiency? Engage DevOpsSchool forthwith:
Email: [email protected] Phone & WhatsApp (India): +91 7004 215 841 Phone & WhatsApp (USA): +1 (469) 756-6329 Website: DevOpsSchool Conclusion and Executive Overview
Implementing microservices using containers and serverless endows practitioners with the acumen to engineer scalable, resilient cloud-native applications harnessing Docker, Kubernetes, AWS ECS, and Lambda. DevOpsSchool’s rigorous, project-centric methodology under Rajesh Kumar’s stewardship forges comprehensive competencies for premier DevOps and SRE trajectories. Succinctly, the syllabus traverses theoretical foundations to production orchestration, positioning participants at the vanguard of expeditious technological evolution.​


View the full article

• 0 comments
• 41 views

reporter

January 2Jan 2

The Essential Guide to HashiCorp Vault Certification Training

The Essential Guide to HashiCorp Vault Certification Training

HashiCorp Vault stands as a robust secrets management tool built to protect, store, and manage access to critical items such as tokens, passwords, certificates, API keys, and encryption keys. Accessible via an intuitive UI, CLI, or HTTP API, it excels in low-trust settings common in today’s IT landscapes. By delivering “Encryption as a Service,” Vault enables businesses to unify secret handling and swap enduring secrets for short-term, dynamically created X.509 certificates.​
It excels at both retaining static, long-term secrets and producing dynamic ones as needed. Deployable as a single binary, it doubles as a root or intermediate Certificate Authority and boasts a plugin-based architecture for seamless expansions.​
Essential Features and Advantages
HashiCorp Vault delivers vital features tailored for DevOps and security professionals. Its dynamic secret creation produces fleeting, recallable credentials, slashing potential damage from exposures. Additional strengths encompass detailed audit trails, identity-driven permissions, and compatibility with major clouds including AWS, Azure, and Google Cloud.​
Check this table for main features:
FeatureDescriptionKey BenefitDynamic SecretsCreates short-lived credentials upon request ​Reduces exposure timeEncryption as ServiceCentralizes data encryption/decryption ​Simplifies app securityLease ManagementAutomatic renewal or revocation of secrets ​Prevents overusePlugins & ExtensibilitySupports databases, clouds, and custom backends ​Adapts to any workflowHigh AvailabilityClustering for production reliability ​Ensures uptime Such tools aid in meeting regulations like SOC 2, GDPR, and PCI-DSS, all while optimizing workflows.
Practical Use Cases
Vault integrates seamlessly into DevOps pipelines by supplying secrets to CI/CD without repository storage. Examples include temporary AWS IAM roles for Kubernetes pods or DB creds for Jenkins builds. Enterprises leverage it for managing certificate lifecycles in microservices, automating renewals to sidestep lapses.​
Further uses:
Safeguarding API keys in serverless apps. Handling SSH keys during Terraform provisioning. Encrypting data on-the-fly with the Transit Secrets Engine. Logging access for sectors like finance or healthcare.​ It unifies secrets across hybrid and multi-cloud deployments effectively.
Details on HashiCorp Vault Certification Training
The HashiCorp Vault Certification Training provides a thorough 15-hour live online course targeting HashiCorp Vault Associate (003) and advanced topics. Topics span setup, auth methods, policies, engines, and live ops via practical labs and projects.​
Students tackle Java, Python, or .NET microservices from dev to prod. Perks feature lifetime LMS, notes, videos, guides, and 50+ interview kits with scenarios.​
Basic reqs: 2GB RAM PC, 20GB space on Windows/Mac/Linux. Labs on AWS Free Tier/VMs; demos on DevOpsSchool cloud.
Standout Benefits of DevOpsSchool
DevOpsSchool leads in DevOps/cloud/security certs, with training on AWS, Azure, K8s, Terraform, Ansible, etc. Practical focus yields lifetime support, 25 top tools, job forums, and DevOps Certified Professional badge.​
Highlights:
Small classes for interaction. Full project guidance. Recording access or batch swaps. In-person in Bangalore/Hyderabad/Chennai/Delhi (6+). Discounts: 10% (2-3), 15% (4-6), 25% (7+).​ Instructors have 10-15+ years, selected via demos/background checks.
Guidance from Rajesh Kumar
Under Rajesh Kumar, gain from his 20+ years in DevOps architecture, training, consulting. Expert in DevSecOps, SRE, DataOps, AIOps, MLOps, K8s, multi-cloud; ex-IBM/Intuit/global.​
Prioritizes practicals, TDD, CI/CD with Jenkins/Docker/ELK/Prometheus. Trained thousands; aids jobs via prep/projects. Shares GitOps/zero-trust via blog/LinkedIn.​
Learner Testimonials
Reviews highlight value:
Abhinav Gupta, Pune (5.0): “Very useful and interactive. Rajesh built our confidence.”​ Indrayani, India (5.0): “Excellent query resolution and hands-on examples.”​ Ravi Daur, Noida (5.0): “Solid DevOps basics with good sessions.”​ Sumit Kulkarni (5.0): “Well-organized, deepened tool understanding.”​ Vinayakumar, Bangalore (5.0): “Appreciate Rajesh’s vast knowledge.”​ Alumni note stronger interviews/readiness.
Enrollment and Costs
15-hour online fixed price, no haggle. Sign up online for LMS. Invoices post-pay; options flexible. No refunds after start, but case-by-case extensions.​
Reach Out Now
Boost with Vault expertise? Connect DevOpsSchool:
Email: [email protected]
Phone & WhatsApp (India): +91 7004 215 841
Phone & WhatsApp (USA): +1 (469) 756-6329
Website: DevOpsSchool
Conclusion and Overview
HashiCorp Vault Certification Training builds expertise in secrets handling, dynamic creds, PKI, secure DevOps for 2026 cloud era. DevOpsSchool’s guided program by Rajesh Kumar delivers projects, certs, job prep for top roles. Long-term gains in security/infra await.​


View the full article

• 0 comments
• 44 views

reporter

January 2Jan 2

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("View the full article

• 0 comments
• 39 views

Hacker News

January 2Jan 2

Cybersecurity skills matter more than headcount in the AI era

Cybersecurity skills matter more than headcount in the AI era

Cybersecurity teams are navigating a shift as skills shortages overtake headcount as the primary concern, according to ISC2’s 2025 Cybersecurity Workforce Study. The research, based on responses from some 16,029 cybersecurity professionals globally, reveals that while budget cuts and layoffs have leveled off after last year’s surge, the pressure on security teams has intensified.
ISC2, a nonprofit member organization for cybersecurity professionals, found that cybersecurity workforce budget limitations remain a key driver of staff shortages, with 33% of respondents stating that their organizations do not have enough resources to “adequately” staff their teams. Another 29% of respondents said they cannot afford to hire staff with the skills they need to “adequately secure their organizations,” this year’s study found. And nearly three-fourths (72%) of respondents said that they believe reducing security personnel “significantly increases the risk of a breach in their organizations,” according to ISC2.
Economic conditions affecting cybersecurity budgets showed signs of stabilizing in 2025, according to ISC2, with reports of budget cuts dropping to 36% (down one percentage point from 2024) and layoffs declining to 24% (also down one point). Still, underlying workforce challenges remain.
“Based on what we’re seeing in the data and the sentiment of cybersecurity professionals globally, there is no indication that budget cuts or layoffs will accelerate significantly in 2026,” says Casey Marks, Chief Operating Officer at ISC2. “Economic conditions will always play an important role in workforce development and enablement. However, the overall outlook does not suggest a worsening trend in 2026.”
Skills gaps drive security consequences
The study highlights a critical trend: Nearly 90% of respondents (88%) have experienced at least one significant cybersecurity event in their organizations due to skills shortages, with 69% reporting more than one event. The severity of skills needs has grown substantially, with 95% of respondents reporting at least one skill need (up 5% from 2024) and 59% citing critical or significant skills gaps (a 15% increase from the previous year).
“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said Debra Taylor, ISC2 Acting CEO and CFO, in a statement. “Skills deficits raise cybersecurity risk levels and challenge business resilience.”
Organizations have experienced oversights in cybersecurity processes and procedures (26%), been forced to put underqualified or inexperienced people into roles to cover them (25%), are lacking the time or resources to train cybersecurity staff (25%), and are dealing with misconfigured systems (24%), according to this year’s study. The report also states
“Another commonly cited (24%) outcome of skills shortages is that parts of the organization are left under-secured and staff are unable to take advantage of emerging cybersecurity technologies (24% each),” the report states.
While the study doesn’t tie security consequences to specific technical domains, the number of consequences shows how capability development has become more critical than simply adding headcount, Marks says.
“AI and cloud security continue to stand out as the most urgent skills needs from both hiring managers and cybersecurity professionals. Nearly everyone in the study reports at least one skills need, and most report significant ones,” Marks says. “That tells us capability development has become more critical than simply adding headcount.”
AI adoption accelerates
The research found that AI adoption is accelerating quickly, with 28% of respondents reporting that they have already integrated AI tools into their operations and 69% involved in some level of adoption, through integration, active testing, or early evaluation.
“What stands out is how fast AI has moved from experimentation into day-to-day operations. More than two-thirds of respondents are already using, testing, or actively evaluating AI tools in their security programs,” Marks explains. “For those who are using them today, the majority are already seeing measurable productivity gains. That tells us that AI is quickly becoming a practice part of how security work gets done, not a future concept.”
The study shows that cybersecurity professionals view AI technology as a career accelerator. The study found that 73% believe AI will create more specialized cybersecurity skills, 72% say it will necessitate more strategic cybersecurity mindsets, and 66% said they believe it will require broader skillsets across the workforce.
AI remains one of the top skills needed for the second consecutive year, with 41% of respondents of the 2025 study citing it as a critical skill, followed by cloud security at 36%. According to the report, 48% of respondents are already working to gain generalized AI knowledge and skills, while “35% are educating themselves on AI solutions at risk to better understand vulnerabilities and exploits.”
“The use of AI tools and the perception that AI will be a career-booster in the cybersecurity industry are prompting professionals to take proactive steps to develop and expand their knowledge and skill base to future-proof their careers,” Marks says. “They see it as a driver of new and more specialized skills, more strategic responsibilities, and broader career pathways.”
High cybersecurity job satisfaction
The research found that 87% believe there will always be a need for cybersecurity professionals, 81% are confident the profession will remain strong, and 68% are satisfied in their current job (up two percentage points from 2024). Another 80% report feeling passionate about their work.
“While satisfaction with organizations and leadership varies, confidence in the profession itself remains high, and that sense of purpose is a powerful stabilizing force. Cybersecurity is a mission-driven field, and 80% reported feeling passionate about their work, while 71% are satisfied with their day-to-day experience. A large majority believe the profession will remain essential in the long term and will continue to feel passionate about their role,” Marks says.
Almost half (48%) of respondents feel exhausted from trying to stay current on the latest cybersecurity threats and emerging technologies, and 47% feel overwhelmed by workload, according to the study. ISC2’s findings suggest that sustained investment in skills development—especially related to AI—realistic workload expectations, and support for continuous learning during working hours are essential.
The study also found that career development is important to cybersecurity professionals. Nearly one-third (31%) of respondents said they consider advancement opportunities critical, and 23% cited unplanned financial or benefit rewards as key drivers. According to the 2025 study, 75% are likely to stay at their current organization for the next year, but that number drops to 66% when considering the next two years. The study’s findings proves that organizations must rethink their approach to cybersecurity workforce development, according to ISC2’s Marks.
“The data shows tremendous energy at the individual level around AI upskilling. Nearly half of respondents are already building AI skills on their own, and many plan to pursue AI-focused qualifications,” Marks says. “Organizations are investing in development through training budgets, internal education and cross-training, but the scale of demand for AI skills is significant. Our research shows widespread individual and organizational investment in AI upskilling, with demand continuing to grow.”
View the full article

• 0 comments
• 49 views

CSOonline

January 2Jan 2

Wie KI die Cybersicherheit neu gestaltet

Wie KI die Cybersicherheit neu gestaltet

PeopleImages.com – Shutterstock.com
Generative KI (GenAI) ist zu einem allgegenwärtigen Werkzeug in Unternehmen geworden. Laut einer Umfrage der Boston Consulting Group nutzen 50 Prozent der Unternehmen die Technologie, um Arbeitsabläufe neu zu gestalten. 77 Prozent der Befragten sind überzeugt, dass KI-Agenten in den nächsten drei bis fünf Jahren eine zentrale Rolle für ihre Unternehmensfunktionen spielen werden.
CISOs und ihre Sicherheitsteams sind mit der Leistungsfähigkeit künstlicher Intelligenz bestens vertraut und von den Fortschritten der KI ebenso betroffen wie alle anderen Funktionen im Unternehmen.
Während Machine Learning seit Jahren ein wichtiger Bestandteil von Cyber-Operationen ist, führt der jüngste Fortschritt der KI – insbesondere im Bereich der generativen KI – dazu, dass sich die Technologie immer tiefer in die Sicherheitsprozesse vordringt. Diese Tools, teils selbst entwickelt, teils von Anbietern bereitgestellt, unterstützen unter anderem bei der Forensik, Incident Response, Log-Analyse, Orchestrierung, Schwachstellenmanagement und der Erstellung von Berichten.
Der zunehmende Einsatz von KI in Sicherheitsprozessen verändert CyberOps grundlegend. Er steigert die Wirksamkeit und Produktivität von Sicherheitsexperten und verändert nachhaltig, wie Cybersicherheitsarbeit geleistet wird.
„Es ist nicht das Was von CyberOps, das KI verändert, sondern das Wie. Sie verändert die Geschwindigkeit, mit der wir bestimmte Vorgänge erledigen können, und ermöglicht es Menschen, sich auf anspruchsvollere Tätigkeiten zu konzentrieren“, erklärt Matt Gorham, Leiter des Cyber & Risk Innovation Institute bei PwC.
Kompetenzen erweitern, Aufgaben automatisieren
„Da KI Aufgaben mit einer Geschwindigkeit ausführen kann, die menschliche Fähigkeiten übersteigt, skaliert sie das Arbeitsvolumen einer Cybersicherheitsfunktion exponentiell“, betont Rob T. Lee, Chief of Research für KI und neue Bedrohungen sowie Leiter der Fakultät am SANS Institute.
Darüber hinaus sei KI besonders gut darin, repetitive Aufgaben jedes Mal nahezu perfekt auszuführen, heben Experten hervor. Damit liefere sie eine Konsistenz, die menschlichen Mitarbeitern kaum erreichen können.
„Wenn jemand aus irgendeinem Grund nicht in Bestform ist, können die Ergebnisse variieren“, erklärt Dan Mellen, globaler Cyber-CTO bei EY.
KI hingegen verfolgt einen deterministischen Ansatz und erledigt dieselbe Aufgabe immer auf die gleiche Weise.“ Dadurch sei die Konsistenz der Ergebnisse deutlich höher und vorhersehbarer ist als bei Menschen, so Mellen.
KI könne jedoch nicht nur die Geschwindigkeit und die Skalierbarkeit des Sicherheitsteams steigern, sondern auch das Kompetenzniveau erhöhen, argumentiert Jeffrey Brown, Dozent bei IANS Research, Cybersicherheitsberater für Finanzdienstleistungen bei Microsoft und ehemaliger CISO des Bundesstaates Connecticut.
„KI ist ein Kraftmultiplikator für die Verteidigung, und zwar gleich in zweierlei Hinsicht“, erklärt Brown: „Die Technologie hebt das Wissensniveau von Junior-Mitarbeiter deutlich an und hilft ihnen, sich schneller einzuarbeiten. Gleichzeitig macht sie erfahrene Mitarbeiter effektiver und definiert Produktivität auf höherem Niveau neu.“
Als Beispiel verweist der Cybersecurity-Experte auf den Einsatz von KI in einem Security Operations Center (SOC). Dort könne KI einen erheblichen Teil – und in einigen Fällen sogar alle – Level-1-Support-Aufgaben übernehmen, etwa Ticket-Triage und -Routing. Damit würden SOC-Mitarbeiter entlastet und könnten sich um komplexere Level-2- oder-3-Probleme kümmern. Generative KI könne den SOC-Mitarbeitern zudem automatisierte Fallstudien und Handlungsempfehlungen für anspruchsvollere Aufgaben liefern und so Effizienz und Produktivität steigern.
Trotz der Befürchtungen, dass durch KI Arbeitsplätze verloren gehen könnten, hat Brown bisher beobachtet, dass CISOs KI nicht zum Ersatz von Mitarbeitern, sondern zur Verbesserung ihrer Arbeit einsetzen. „KI ist am effektivsten, wenn weiterhin ein Mensch im Loop bleibt“, erklärt er.
Auf diese Weise erweitere KI den Handlungsspielraum von CISO-Teams und befähige mehr Teammitglieder, anspruchsvollere Aufgaben zu übernehmen. So habe etwa der Einsatz von KI im Threat Modelling es Unternehmen mit kleineren, weniger spezialisierten Teams ermöglicht, potenzielle Sicherheitsbedrohungen proaktiv zu identifizieren, zu analysieren und zu entschärfen – Aufgaben, die sie vor der Einführung von KI nicht bewältigen konnten.
„Im Allgemeinen beobachten wir, dass SecOps-Teams mit den vorhandenen Ressourcen mehr leisten und das Qualifikationsniveau insgesamt steigt. Ihre Arbeit verschiebt sich spürbar nach oben“, erklärt Wolfgang Goerlich, Dozent bei IANS Research und CISO im öffentlichen Sektor.
Kleinere Teams, neues Qualifikationsparadigma
All dies wirkt ich auch auf die Personalstrategie aus. Sicherheitsexperten gehen davon aus, dass traditionelle Einstiegspositionen im IT-Security-Bereich bald verschwinden werden. Berufseinsteiger müssten bereit sein, auf einer höheren Ebene einzusteigen.
Dies gelte insbesondere, da agentenbasierte KI immer ausgereifter werde, in immer mehr Sicherheitsabteilungen zum Einsatz komme und einen zunehmend größeren Teil der Aufgaben übernehme, so Brown. „Wir müssen uns überlegen, wie viele und welche Arten von Experten wir benötigen“, fügt er hinzu.
Als Brown CISO für den Bundesstaat Connecticut war, hatte er beispielsweise einen Mitarbeiter in seinem Sicherheitsteam, der sich auf Phishing konzentrierte. Heute stellt er in Frage, ob es eine solche Spezialisierung noch braucht, wenn Agentic AI automatisch große Teile oder sogar den gesamten Workflow zur Reaktion auf Phishing-Angriffe übernehmen kann.
Mit KI werden Cybersicherheitsteams nach Einschätzung von Brown mit KI kleiner – und bestehen aus weniger klassischer Spezialisten. „Stattdessen werden sie zu Managern von Agenten, die ihnen bei der Arbeit helfen“, sagt er.
Brown räumt jedoch ein, dass der Einsatz von KI in CyberOps neue Kompetenzen erfordern wird – und dass CISOs gezielt nach diesen Fähigkeiten suchen müssen. Kenntnisse in KI-Governance, Prompt Engineering und Data Science werden seiner Ansicht nach auf allen Ebenen der IT-Sicherheit unverzichtbar.
„Das ist ein gewaltiger Paradigmenwechsel“, erklärt er. „Wir brauchen Menschen, die sich mit Agenten auskennen, und erkennen können, ob dieser die richtige Antwort gibt – oder nicht.“
„Menschliche Intuition ist unersetzlich“, so Brown abschließend. „Es wird eher eine Symbiose zwischen Mensch und KI sein, eine Partnerschaft, bei der KI die Produktivität steigert, aber immer mit einem Menschen im Loop.“
Der Bedarf an Governance, Agilität und Geschwindigkeit
Die beschleunigte Nutzung von KI im gesamten Unternehmen verändert auch die Sicherheitsmaßnahmen. Die Cybersicherheit muss mit der Absicherung von KI und den von ihr verwendeten Daten überall dort Schritt halten, wo KI eingesetzt wird.
Damit tun sich Security-Teams bereits heute schwer.
Laut dem Bericht „State of Cybersecurity Resilience 2025“ von Accenture „hinken besorgniserregende 77 Prozent der Unternehmen bei der Einführung wesentlicher Sicherheitsmaßnahmen für Daten und KI hinterher. Nur 22 Prozent haben klare Richtlinien und Schulungen für den Einsatz von GenAI implementiert, und nur wenige führen ein vollständiges Inventar ihrer KI-Systeme – eine wichtige Voraussetzung, um das Risiko in der Lieferkette zu managen. Darüber hinaus ist der Datenschutz nach wie vor unzureichend – nur 25 Prozent der Unternehmen nutzen Verschlüsselung und Zugriffskontrollen konsequent, um sensible Informationen während der Übertragung, im Ruhezustand und bei der Verarbeitung zu schützen.“
Zudem stellt der Bericht fest, dass sich die Sicherheitslücken auch auf die Cloud-Infrastruktur erstrecken. Denn, so Accenture: „Trotz der Abhängigkeit der KI von Cloud-basierter Verarbeitung haben 83 Prozent der Unternehmen keine sichere Cloud-Basis mit integrierten Überwachungs-, Erkennungs- und Reaktionsfunktionen geschaffen.“
In ähnlicher Weise schreibt Gartner in seinem Bericht „A CISO’s Guide to AI Cyber Stewardship“ vom Juli 2025, dass „CISOs bei der Sicherung der KI im gesamten Unternehmen hinterherhinken“. Um KI-bezogene Cyberrisiken zu managen, rät der Report CISOs, „einen Ansatz für die KI-Cyber-Stewardship zu verfolgen, der auf Kompetenz, Governance über den gesamten Lebenszyklus, interdisziplinären Schnittstellen, menschlicher Aufsicht, Basiskontrollen und AI TRiSM [Trust, Risk and Security Management] basiert.“
Sicherheitsverantwortliche sind sich einig, dass CyberOps seine KI-Governance-Funktion ausbauen muss – ebenso wie die Fähigkeit, KI-Agenten zu integrieren, zu identifizieren und zu autorisieren.
„Es muss Kontrollmechanismen geben, um sicherzustellen, dass KI-Agenten nicht ihre Befugnisse überschreiten, genauso wie wir es bei Menschen handhaben“, erklärt Mellen.
Zugleich muss die IT-Sicherheit schneller werden, wenn es darum geht, KI im Unternehmen abzusichern.
„Das Tempo des geschäftlichen Wandels wird weiter steigen, und der CISO muss Schritt halten“, konstatiert Gorham. „Die dafür erforderlichen Fähigkeiten werden sich verändern; Cybersecurity-Teams brauchen neben den traditionellen Sicherheitskompetenzen eine Kombination aus KI-Fähigkeiten wie Prompt Engineering und Data-Science-Know-how.“
Cyber-Teams neu denken
Avivah Litan, Distinguished VP Analyst bei Gartner, geht davon aus, dass KI mindestens ebenso viele Arbeitsplätze schaffen wird, wie sie ersetzt. Wie viele andere glaubt sie, dass KI „Menschen dazu befähigen wird, mehr und bessere Arbeit zu leisten“.
Diese neuen CyberOps-Rollen werden ihrer Einschätzung nach notwendig sein, da Hacker KI nutzen, um immer raffiniertere Angriffe zu starten.
„KI wird es Unternehmen ermöglichen, dem wirksamer zu begegnen“, fügt sie hinzu.
All dies erfordert jedoch, dass CISOs ihre Security-Organisationen überdenken, um sicherzustellen, dass sie sowohl KI als auch Menschen optimal einsetzen.
„Sie müssen sich fragen: ‚Wo ist es sinnvoll, einen Menschen einzusetzen, und was kann ich an die KI auslagern? Und welche Kosten entstehen dadurch, weil mir bestimmte Ressourcen im Team fehlen?‘“, erklärt CISO Goerlich.
„Wir sind im Security-Bereich seit langem unterbesetzt, und darin liegt eine große Chance. Andererseits möchte niemand ein SOC-Team, das nur noch auf Knöpfe klickt.“
Goerlich zufolge müssen CISOs ihre Talentstrategien aktualisieren und Roadmaps entwickeln – um bestehender Mitarbeiter weiterzuentwickeln und neue Mitarbeiter für die Positionen der Zukunft einzustellen, in denen sie Seite an Seite mit KI und KI-Agenten arbeiten werden. Dabei darf jedoch die menschliche Intelligenz in den Sicherheitsprozessen nicht verloren gehen.
Dies ist besonders wichtig, da – wie CISOs wissen – auch die Angreifer KI einsetzen. Und sie tun dies oft schneller, da sie anders als die Unternehmen nicht an ethische Vorgaben und rechtliche Vorschriften gebunden sind.
Goerlich bemerkt dazu: „Die Zukunft der Security Operations wird ein Wettstreit zwischen KI und KI sein. Maschine gegen Maschine – mit Menschen im Cockpit, die auf der Verteidigerseite sicherstellen, dass die richtigen Dinge geschehen – oder auf der Seite der Angreifer dafür sorgen, dass die Attacken erfolgreich sind. Das wird uns zwingen, unsere Sicherheitsmaßnahmen zu überdenken.“ (mb)
View the full article

• 0 comments
• 53 views

CSOonline

January 2Jan 2

Wie KI die Cybersicherheit neu gestaltet

Wie KI die Cybersicherheit neu gestaltet

PeopleImages.com – Shutterstock.com
Generative KI (GenAI) ist zu einem allgegenwärtigen Werkzeug in Unternehmen geworden. Laut einer Umfrage der Boston Consulting Group nutzen 50 Prozent der Unternehmen die Technologie, um Arbeitsabläufe neu zu gestalten. 77 Prozent der Befragten sind überzeugt, dass KI-Agenten in den nächsten drei bis fünf Jahren eine zentrale Rolle für ihre Unternehmensfunktionen spielen werden.
CISOs und ihre Sicherheitsteams sind mit der Leistungsfähigkeit künstlicher Intelligenz bestens vertraut und von den Fortschritten der KI ebenso betroffen wie alle anderen Funktionen im Unternehmen.
Während Machine Learning seit Jahren ein wichtiger Bestandteil von Cyber-Operationen ist, führt der jüngste Fortschritt der KI – insbesondere im Bereich der generativen KI – dazu, dass sich die Technologie immer tiefer in die Sicherheitsprozesse vordringt. Diese Tools, teils selbst entwickelt, teils von Anbietern bereitgestellt, unterstützen unter anderem bei der Forensik, Incident Response, Log-Analyse, Orchestrierung, Schwachstellenmanagement und der Erstellung von Berichten.
Der zunehmende Einsatz von KI in Sicherheitsprozessen verändert CyberOps grundlegend. Er steigert die Wirksamkeit und Produktivität von Sicherheitsexperten und verändert nachhaltig, wie Cybersicherheitsarbeit geleistet wird.
„Es ist nicht das Was von CyberOps, das KI verändert, sondern das Wie. Sie verändert die Geschwindigkeit, mit der wir bestimmte Vorgänge erledigen können, und ermöglicht es Menschen, sich auf anspruchsvollere Tätigkeiten zu konzentrieren“, erklärt Matt Gorham, Leiter des Cyber & Risk Innovation Institute bei PwC.
Kompetenzen erweitern, Aufgaben automatisieren
„Da KI Aufgaben mit einer Geschwindigkeit ausführen kann, die menschliche Fähigkeiten übersteigt, skaliert sie das Arbeitsvolumen einer Cybersicherheitsfunktion exponentiell“, betont Rob T. Lee, Chief of Research für KI und neue Bedrohungen sowie Leiter der Fakultät am SANS Institute.
Darüber hinaus sei KI besonders gut darin, repetitive Aufgaben jedes Mal nahezu perfekt auszuführen, heben Experten hervor. Damit liefere sie eine Konsistenz, die menschlichen Mitarbeitern kaum erreichen können.
„Wenn jemand aus irgendeinem Grund nicht in Bestform ist, können die Ergebnisse variieren“, erklärt Dan Mellen, globaler Cyber-CTO bei EY.
KI hingegen verfolgt einen deterministischen Ansatz und erledigt dieselbe Aufgabe immer auf die gleiche Weise.“ Dadurch sei die Konsistenz der Ergebnisse deutlich höher und vorhersehbarer ist als bei Menschen, so Mellen.
KI könne jedoch nicht nur die Geschwindigkeit und die Skalierbarkeit des Sicherheitsteams steigern, sondern auch das Kompetenzniveau erhöhen, argumentiert Jeffrey Brown, Dozent bei IANS Research, Cybersicherheitsberater für Finanzdienstleistungen bei Microsoft und ehemaliger CISO des Bundesstaates Connecticut.
„KI ist ein Kraftmultiplikator für die Verteidigung, und zwar gleich in zweierlei Hinsicht“, erklärt Brown: „Die Technologie hebt das Wissensniveau von Junior-Mitarbeiter deutlich an und hilft ihnen, sich schneller einzuarbeiten. Gleichzeitig macht sie erfahrene Mitarbeiter effektiver und definiert Produktivität auf höherem Niveau neu.“
Als Beispiel verweist der Cybersecurity-Experte auf den Einsatz von KI in einem Security Operations Center (SOC). Dort könne KI einen erheblichen Teil – und in einigen Fällen sogar alle – Level-1-Support-Aufgaben übernehmen, etwa Ticket-Triage und -Routing. Damit würden SOC-Mitarbeiter entlastet und könnten sich um komplexere Level-2- oder-3-Probleme kümmern. Generative KI könne den SOC-Mitarbeitern zudem automatisierte Fallstudien und Handlungsempfehlungen für anspruchsvollere Aufgaben liefern und so Effizienz und Produktivität steigern.
Trotz der Befürchtungen, dass durch KI Arbeitsplätze verloren gehen könnten, hat Brown bisher beobachtet, dass CISOs KI nicht zum Ersatz von Mitarbeitern, sondern zur Verbesserung ihrer Arbeit einsetzen. „KI ist am effektivsten, wenn weiterhin ein Mensch im Loop bleibt“, erklärt er.
Auf diese Weise erweitere KI den Handlungsspielraum von CISO-Teams und befähige mehr Teammitglieder, anspruchsvollere Aufgaben zu übernehmen. So habe etwa der Einsatz von KI im Threat Modelling es Unternehmen mit kleineren, weniger spezialisierten Teams ermöglicht, potenzielle Sicherheitsbedrohungen proaktiv zu identifizieren, zu analysieren und zu entschärfen – Aufgaben, die sie vor der Einführung von KI nicht bewältigen konnten.
„Im Allgemeinen beobachten wir, dass SecOps-Teams mit den vorhandenen Ressourcen mehr leisten und das Qualifikationsniveau insgesamt steigt. Ihre Arbeit verschiebt sich spürbar nach oben“, erklärt Wolfgang Goerlich, Dozent bei IANS Research und CISO im öffentlichen Sektor.
Kleinere Teams, neues Qualifikationsparadigma
All dies wirkt ich auch auf die Personalstrategie aus. Sicherheitsexperten gehen davon aus, dass traditionelle Einstiegspositionen im IT-Security-Bereich bald verschwinden werden. Berufseinsteiger müssten bereit sein, auf einer höheren Ebene einzusteigen.
Dies gelte insbesondere, da agentenbasierte KI immer ausgereifter werde, in immer mehr Sicherheitsabteilungen zum Einsatz komme und einen zunehmend größeren Teil der Aufgaben übernehme, so Brown. „Wir müssen uns überlegen, wie viele und welche Arten von Experten wir benötigen“, fügt er hinzu.
Als Brown CISO für den Bundesstaat Connecticut war, hatte er beispielsweise einen Mitarbeiter in seinem Sicherheitsteam, der sich auf Phishing konzentrierte. Heute stellt er in Frage, ob es eine solche Spezialisierung noch braucht, wenn Agentic AI automatisch große Teile oder sogar den gesamten Workflow zur Reaktion auf Phishing-Angriffe übernehmen kann.
Mit KI werden Cybersicherheitsteams nach Einschätzung von Brown mit KI kleiner – und bestehen aus weniger klassischer Spezialisten. „Stattdessen werden sie zu Managern von Agenten, die ihnen bei der Arbeit helfen“, sagt er.
Brown räumt jedoch ein, dass der Einsatz von KI in CyberOps neue Kompetenzen erfordern wird – und dass CISOs gezielt nach diesen Fähigkeiten suchen müssen. Kenntnisse in KI-Governance, Prompt Engineering und Data Science werden seiner Ansicht nach auf allen Ebenen der IT-Sicherheit unverzichtbar.
„Das ist ein gewaltiger Paradigmenwechsel“, erklärt er. „Wir brauchen Menschen, die sich mit Agenten auskennen, und erkennen können, ob dieser die richtige Antwort gibt – oder nicht.“
„Menschliche Intuition ist unersetzlich“, so Brown abschließend. „Es wird eher eine Symbiose zwischen Mensch und KI sein, eine Partnerschaft, bei der KI die Produktivität steigert, aber immer mit einem Menschen im Loop.“
Der Bedarf an Governance, Agilität und Geschwindigkeit
Die beschleunigte Nutzung von KI im gesamten Unternehmen verändert auch die Sicherheitsmaßnahmen. Die Cybersicherheit muss mit der Absicherung von KI und den von ihr verwendeten Daten überall dort Schritt halten, wo KI eingesetzt wird.
Damit tun sich Security-Teams bereits heute schwer.
Laut dem Bericht „State of Cybersecurity Resilience 2025“ von Accenture „hinken besorgniserregende 77 Prozent der Unternehmen bei der Einführung wesentlicher Sicherheitsmaßnahmen für Daten und KI hinterher. Nur 22 Prozent haben klare Richtlinien und Schulungen für den Einsatz von GenAI implementiert, und nur wenige führen ein vollständiges Inventar ihrer KI-Systeme – eine wichtige Voraussetzung, um das Risiko in der Lieferkette zu managen. Darüber hinaus ist der Datenschutz nach wie vor unzureichend – nur 25 Prozent der Unternehmen nutzen Verschlüsselung und Zugriffskontrollen konsequent, um sensible Informationen während der Übertragung, im Ruhezustand und bei der Verarbeitung zu schützen.“
Zudem stellt der Bericht fest, dass sich die Sicherheitslücken auch auf die Cloud-Infrastruktur erstrecken. Denn, so Accenture: „Trotz der Abhängigkeit der KI von Cloud-basierter Verarbeitung haben 83 Prozent der Unternehmen keine sichere Cloud-Basis mit integrierten Überwachungs-, Erkennungs- und Reaktionsfunktionen geschaffen.“
In ähnlicher Weise schreibt Gartner in seinem Bericht „A CISO’s Guide to AI Cyber Stewardship“ vom Juli 2025, dass „CISOs bei der Sicherung der KI im gesamten Unternehmen hinterherhinken“. Um KI-bezogene Cyberrisiken zu managen, rät der Report CISOs, „einen Ansatz für die KI-Cyber-Stewardship zu verfolgen, der auf Kompetenz, Governance über den gesamten Lebenszyklus, interdisziplinären Schnittstellen, menschlicher Aufsicht, Basiskontrollen und AI TRiSM [Trust, Risk and Security Management] basiert.“
Sicherheitsverantwortliche sind sich einig, dass CyberOps seine KI-Governance-Funktion ausbauen muss – ebenso wie die Fähigkeit, KI-Agenten zu integrieren, zu identifizieren und zu autorisieren.
„Es muss Kontrollmechanismen geben, um sicherzustellen, dass KI-Agenten nicht ihre Befugnisse überschreiten, genauso wie wir es bei Menschen handhaben“, erklärt Mellen.
Zugleich muss die IT-Sicherheit schneller werden, wenn es darum geht, KI im Unternehmen abzusichern.
„Das Tempo des geschäftlichen Wandels wird weiter steigen, und der CISO muss Schritt halten“, konstatiert Gorham. „Die dafür erforderlichen Fähigkeiten werden sich verändern; Cybersecurity-Teams brauchen neben den traditionellen Sicherheitskompetenzen eine Kombination aus KI-Fähigkeiten wie Prompt Engineering und Data-Science-Know-how.“
Cyber-Teams neu denken
Avivah Litan, Distinguished VP Analyst bei Gartner, geht davon aus, dass KI mindestens ebenso viele Arbeitsplätze schaffen wird, wie sie ersetzt. Wie viele andere glaubt sie, dass KI „Menschen dazu befähigen wird, mehr und bessere Arbeit zu leisten“.
Diese neuen CyberOps-Rollen werden ihrer Einschätzung nach notwendig sein, da Hacker KI nutzen, um immer raffiniertere Angriffe zu starten.
„KI wird es Unternehmen ermöglichen, dem wirksamer zu begegnen“, fügt sie hinzu.
All dies erfordert jedoch, dass CISOs ihre Security-Organisationen überdenken, um sicherzustellen, dass sie sowohl KI als auch Menschen optimal einsetzen.
„Sie müssen sich fragen: ‚Wo ist es sinnvoll, einen Menschen einzusetzen, und was kann ich an die KI auslagern? Und welche Kosten entstehen dadurch, weil mir bestimmte Ressourcen im Team fehlen?‘“, erklärt CISO Goerlich.
„Wir sind im Security-Bereich seit langem unterbesetzt, und darin liegt eine große Chance. Andererseits möchte niemand ein SOC-Team, das nur noch auf Knöpfe klickt.“
Goerlich zufolge müssen CISOs ihre Talentstrategien aktualisieren und Roadmaps entwickeln – um bestehender Mitarbeiter weiterzuentwickeln und neue Mitarbeiter für die Positionen der Zukunft einzustellen, in denen sie Seite an Seite mit KI und KI-Agenten arbeiten werden. Dabei darf jedoch die menschliche Intelligenz in den Sicherheitsprozessen nicht verloren gehen.
Dies ist besonders wichtig, da – wie CISOs wissen – auch die Angreifer KI einsetzen. Und sie tun dies oft schneller, da sie anders als die Unternehmen nicht an ethische Vorgaben und rechtliche Vorschriften gebunden sind.
Goerlich bemerkt dazu: „Die Zukunft der Security Operations wird ein Wettstreit zwischen KI und KI sein. Maschine gegen Maschine – mit Menschen im Cockpit, die auf der Verteidigerseite sicherstellen, dass die richtigen Dinge geschehen – oder auf der Seite der Angreifer dafür sorgen, dass die Attacken erfolgreich sind. Das wird uns zwingen, unsere Sicherheitsmaßnahmen zu überdenken.“ (mb)
View the full article

• 0 comments
• 37 views

CSOonline

January 2Jan 2

Was CISOs von Moschusochsen lernen können

Was CISOs von Moschusochsen lernen können

Wirestock Creators – shutterstock.com
Drittanbieter-Risikomanagement ist für CISOs und Sicherheitsentscheider eine signifikante Herausforderung. Wird sie nicht (richtig) gestemmt, drohen weitreichende geschäftliche Konsequenzen – bis hin zum Stillstand der Produktion.
Das wurde in den vergangenen Monaten von diversen Cyberattacken auf Drittanbieter unterstrichen. Zum Beispiel, als die russische Hackergruppe APT29 (auch bekannt als “Cozy Bear”) im Juni 2024 die kostenlose Remote-Access-Software TeamViewer ins Visier nahm, die im Unternehmensumfeld weit verbreitet ist. Selbst, wenn Sie TeamViewer nicht einsetzen – ähnliche Tools gibt es auch von diversen, anderen Anbietern. Beispielsweise von Perimeter81, AnyDesk, GoToMyPC oder LogMeIn.
Die entscheidenden Fragen sind dabei:
Welcher Drittanbieter wird als nächstes angegriffen? Und können Sie es sich leisten, diesbezüglich ein Risiko einzugehen? Drittanbieter sind Ihr schwächstes Glied
Leider verlassen sich so gut wie alle Unternehmen in zu hohem Maße auf zu viele verschiedene Drittanbieter, die in ihre Softwarelieferketten und Geschäftsprozesse eingebettet sind. Dabei reden wir nicht über zwei oder drei Third-Party-Partner, sondern mit Blick auf populäre Software-as-a-Service-Angebote eher über Hunderte oder Tausende, auf die sich Unternehmen jeden Tag verlassen.
Das Risiko, das einer Zusammenarbeit mit Drittanbietern inhärent ist, steigt entsprechend drastisch an – und nicht nur, wenn ihre Anzahl überhandnimmt. Weitere Risikofaktoren in diesem Bereich sind beispielsweise:
Eingeschränkte Transparenz. So gut wie alle Anbieter bieten potenziellen Kunden diverse Daten an, um ihre Fähigkeiten anzupreisen. Dabei kommen in einigen Fällen allerdings Informationen zum Einsatz, die nicht aktuell sind und somit die aktuelle Risikolage nicht adäquat widerspiegeln. Mehr Komplexität. Diverse Drittanbieter arbeiten selbst mit Zulieferern und Subunternehmen zusammen, von denen Sie möglicherweise nichts wissen. Unausgereifte Prozesse. Nicht wenige Third-Party-Anbieter arbeiten mit Cybersecurity-Richtlinien und -Standards, die weniger ausgereift sind als Ihre eigenen. Geringere Investitionen. Letztgenannter Punkt hängt oft auch damit zusammen, dass viele Drittanbieter ein begrenztes Budget für Cybersicherheit zur Verfügung haben. Das kann sich auf das Sicherheitsniveau ihrer Tools und Services auswirken. Zwar wurde eine Reihe von Best Practices und Playbooks entwickelt, um diese Lücken zu schließen – diese haben sich in weiten Teilen allerdings nicht bewährt:
Vendor Assessments verkommen regelmäßig zu papierbasierten “Ankreuzübungen”, die nur Zeit fressen, aber nicht dazu beitragen, Risiken zu minimieren. Auch im Rahmen von Vertragsverhandlungen dafür sorgen zu wollen, dass strengere Sicherheitsanforderungen bei Drittanbietern angelegt werden, hat in vielen Fällen nichts bewirkt. Einige Unternehmen setzen auf Continuous Monitoring, um einen Überblick und mehr, datengetriebene Einblicke in das Sicherheitsniveau von Drittanbietern zu erhalten. Andere implementieren mit Blick auf Third-Party-Partner Incident-Response-Pläne, um Strategien zu entwickeln und einzuüben, falls es bei diesen zu einem Sicherheitsvorfall kommt. Insbesondere die letzten beiden Punkte können für Unternehmen hilfreich sein. Allerdings adressieren auch diese Maßnahmen das Risiko in Zusammenhang mit Drittanbietern nicht vollumfänglich. Vielmehr stellen sie ein Mittel dar, um zu überwachen und zu reagieren, falls es zu einer Cyberattacke kommt.
Die Moschusochsen-Strategie
Ich bin stolzes Mitglied des “Financial Services Information Sharing and Analysis Center” (FS-ISAC) und habe zusammen mit anderen CISOs aus der Finanzdienstleistungsbranche den Vorsitz des strategischen Ausschusses in der Asien-Pazifik-Region inne. Das Konsortium bietet Finanzdienstleistern auf der ganzen Welt ein umfassendes Cyber-Intelligence-Netzwerk, um sich untereinander über möglicherweise bevorstehende oder bereits laufende Angriffskampagnen auszutauschen.
Weil viele verschiedene Unternehmen der Branche mit unterschiedlich ausgeprägtem Knowhow und Ressourcen an Bord sind, sind die Mitglieder in der Lage, eine umfassende Perspektive zu erhalten, die sie alleine nicht erreichen könnten. Das FS-ISAC ist insofern ein hervorragendes Beispiel dafür, wie wir als Sicherheitsentscheider zusammenarbeiten können, um uns besser gegen Risiken abzusichern.
Das ist die Essenz dessen, was ich als “Moschusochsenstrategie” bezeichne. Der Hintergrund: Werden Moschusochsen von Wölfen angegriffen, bildet die Herde einen Kreis, in dessen Mitte sich die schwächeren Mitglieder befinden. Die Hörner der “Frontline”-Tiere sind dabei nach außen positioniert. Für die Angreifer ist dieser gemeinschaftliche Verteidigungswall kaum noch zu überwinden. Ich bin der festen Überzeugung, dass sich diese Strategie auch auf das Drittanbieter-Risikomanagement übertragen lässt.
Ähnlich wie bei den Moschusochsen die Kälber sind die Drittanbieter, auf die wir uns verlassen, die schwächsten Herdenmitglieder. Werden Sie in Mitleidenschaft gezogen, wirkt sich das auf unsere kritischen Geschäftsprozesse aus. Der Unterschied zu den Moschusochsen: Wir bilden keinen Kreis, in dessen Mitte sich die Drittanbieter befinden. Stattdessen wäre es angebracht, sich im Kollektiv darüber auszutauschen, wenn die Sorge besteht, dass die Cybersecurity-Maßnahmen bei einem Third-Party-Anbieter zu wünschen übriglassen und verstärkt werden sollten.
Noch wichtiger wäre allerdings eine gemeinsame Übereinkunft darüber, den Drittanbieter bei seinen Bemühungen zu unterstützen. Das würde potenziell Koordinationsarbeit und unter Umständen auch eine Neuverhandlung von Verträgen erfordern – hätte aber den Vorteil, diese Schwachstelle, die uns alle betrifft, besser absichern zu können.
Von der Theorie zur Praxis
Ein solches Zusammenwirken könnte unter Juristen durchaus Bedenken aufwerfen – Stichwort Wettbewerbsrecht. Dennoch hat der Moschusochsenansatz das Potenzial, die Risikolage in Sachen Drittanbieter entscheidend zu verbessern – und Unternehmen dabei zu unterstützen, Third-Party-Risiken besser zu managen.
Das könnte – zum Beispiel – folgendermaßen aussehen:
Bestimmen Sie, welche Drittanbieter Ihnen am meisten Sorgen bereiten und erstellen Sie eine “Hot List”. Tauschen Sie sich mit anderen Unternehmen aus, um diese Liste abzugleichen und die Kandidaten zu ermitteln, die Sie gemeinsam haben. Verhandeln Sie über einen gemeinschaftlichen “Schutzschild” für diese Anbieter. Denselben Ansatz haben wir bei FS-ISAC als möglichen Weg für die Zukunft diskutiert. Die ersten beiden Schritte sind relativ simpel zu bewerkstelligen – der dritte macht hingegen deutlich mehr Aufwand, aber auch den entscheidenden Unterschied. Ein praktischer Ansatz, um diesen umzusetzen, könnte dabei darin bestehen, dass die größten Unternehmen eine Führungsrolle einnehmen und kleinere unter ihre Fittiche nehmen.
Vergessen sollten Sie dabei nicht, dass auch die Moschusochsen-Strategie ihre Grenzen hat: Wenn ein Bär angreift, machen sich auch Moschusochsen aus dem Staub – dann ist jeder auf sich allein gestellt. Das lässt sich ebenfalls auf die Cybersicherheit übertragen: Je mächtiger der Feind, desto wahrscheinlicher ist es, dass der Angriff in einen Kampf ums blanke Überleben ausartet. Aber auch wenn diese Strategie nicht auf jedes Szenario anwendbar ist, könnte sie unser kollektives Risiko erheblich minimieren. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 62 views

CSOonline

January 2Jan 2

Was CISOs von Moschusochsen lernen können

Was CISOs von Moschusochsen lernen können

Wirestock Creators – shutterstock.com
Drittanbieter-Risikomanagement ist für CISOs und Sicherheitsentscheider eine signifikante Herausforderung. Wird sie nicht (richtig) gestemmt, drohen weitreichende geschäftliche Konsequenzen – bis hin zum Stillstand der Produktion.
Das wurde in den vergangenen Monaten von diversen Cyberattacken auf Drittanbieter unterstrichen. Zum Beispiel, als die russische Hackergruppe APT29 (auch bekannt als “Cozy Bear”) im Juni 2024 die kostenlose Remote-Access-Software TeamViewer ins Visier nahm, die im Unternehmensumfeld weit verbreitet ist. Selbst, wenn Sie TeamViewer nicht einsetzen – ähnliche Tools gibt es auch von diversen, anderen Anbietern. Beispielsweise von Perimeter81, AnyDesk, GoToMyPC oder LogMeIn.
Die entscheidenden Fragen sind dabei:
Welcher Drittanbieter wird als nächstes angegriffen? Und können Sie es sich leisten, diesbezüglich ein Risiko einzugehen? Drittanbieter sind Ihr schwächstes Glied
Leider verlassen sich so gut wie alle Unternehmen in zu hohem Maße auf zu viele verschiedene Drittanbieter, die in ihre Softwarelieferketten und Geschäftsprozesse eingebettet sind. Dabei reden wir nicht über zwei oder drei Third-Party-Partner, sondern mit Blick auf populäre Software-as-a-Service-Angebote eher über Hunderte oder Tausende, auf die sich Unternehmen jeden Tag verlassen.
Das Risiko, das einer Zusammenarbeit mit Drittanbietern inhärent ist, steigt entsprechend drastisch an – und nicht nur, wenn ihre Anzahl überhandnimmt. Weitere Risikofaktoren in diesem Bereich sind beispielsweise:
Eingeschränkte Transparenz. So gut wie alle Anbieter bieten potenziellen Kunden diverse Daten an, um ihre Fähigkeiten anzupreisen. Dabei kommen in einigen Fällen allerdings Informationen zum Einsatz, die nicht aktuell sind und somit die aktuelle Risikolage nicht adäquat widerspiegeln. Mehr Komplexität. Diverse Drittanbieter arbeiten selbst mit Zulieferern und Subunternehmen zusammen, von denen Sie möglicherweise nichts wissen. Unausgereifte Prozesse. Nicht wenige Third-Party-Anbieter arbeiten mit Cybersecurity-Richtlinien und -Standards, die weniger ausgereift sind als Ihre eigenen. Geringere Investitionen. Letztgenannter Punkt hängt oft auch damit zusammen, dass viele Drittanbieter ein begrenztes Budget für Cybersicherheit zur Verfügung haben. Das kann sich auf das Sicherheitsniveau ihrer Tools und Services auswirken. Zwar wurde eine Reihe von Best Practices und Playbooks entwickelt, um diese Lücken zu schließen – diese haben sich in weiten Teilen allerdings nicht bewährt:
Vendor Assessments verkommen regelmäßig zu papierbasierten “Ankreuzübungen”, die nur Zeit fressen, aber nicht dazu beitragen, Risiken zu minimieren. Auch im Rahmen von Vertragsverhandlungen dafür sorgen zu wollen, dass strengere Sicherheitsanforderungen bei Drittanbietern angelegt werden, hat in vielen Fällen nichts bewirkt. Einige Unternehmen setzen auf Continuous Monitoring, um einen Überblick und mehr, datengetriebene Einblicke in das Sicherheitsniveau von Drittanbietern zu erhalten. Andere implementieren mit Blick auf Third-Party-Partner Incident-Response-Pläne, um Strategien zu entwickeln und einzuüben, falls es bei diesen zu einem Sicherheitsvorfall kommt. Insbesondere die letzten beiden Punkte können für Unternehmen hilfreich sein. Allerdings adressieren auch diese Maßnahmen das Risiko in Zusammenhang mit Drittanbietern nicht vollumfänglich. Vielmehr stellen sie ein Mittel dar, um zu überwachen und zu reagieren, falls es zu einer Cyberattacke kommt.
Die Moschusochsen-Strategie
Ich bin stolzes Mitglied des “Financial Services Information Sharing and Analysis Center” (FS-ISAC) und habe zusammen mit anderen CISOs aus der Finanzdienstleistungsbranche den Vorsitz des strategischen Ausschusses in der Asien-Pazifik-Region inne. Das Konsortium bietet Finanzdienstleistern auf der ganzen Welt ein umfassendes Cyber-Intelligence-Netzwerk, um sich untereinander über möglicherweise bevorstehende oder bereits laufende Angriffskampagnen auszutauschen.
Weil viele verschiedene Unternehmen der Branche mit unterschiedlich ausgeprägtem Knowhow und Ressourcen an Bord sind, sind die Mitglieder in der Lage, eine umfassende Perspektive zu erhalten, die sie alleine nicht erreichen könnten. Das FS-ISAC ist insofern ein hervorragendes Beispiel dafür, wie wir als Sicherheitsentscheider zusammenarbeiten können, um uns besser gegen Risiken abzusichern.
Das ist die Essenz dessen, was ich als “Moschusochsenstrategie” bezeichne. Der Hintergrund: Werden Moschusochsen von Wölfen angegriffen, bildet die Herde einen Kreis, in dessen Mitte sich die schwächeren Mitglieder befinden. Die Hörner der “Frontline”-Tiere sind dabei nach außen positioniert. Für die Angreifer ist dieser gemeinschaftliche Verteidigungswall kaum noch zu überwinden. Ich bin der festen Überzeugung, dass sich diese Strategie auch auf das Drittanbieter-Risikomanagement übertragen lässt.
Ähnlich wie bei den Moschusochsen die Kälber sind die Drittanbieter, auf die wir uns verlassen, die schwächsten Herdenmitglieder. Werden Sie in Mitleidenschaft gezogen, wirkt sich das auf unsere kritischen Geschäftsprozesse aus. Der Unterschied zu den Moschusochsen: Wir bilden keinen Kreis, in dessen Mitte sich die Drittanbieter befinden. Stattdessen wäre es angebracht, sich im Kollektiv darüber auszutauschen, wenn die Sorge besteht, dass die Cybersecurity-Maßnahmen bei einem Third-Party-Anbieter zu wünschen übriglassen und verstärkt werden sollten.
Noch wichtiger wäre allerdings eine gemeinsame Übereinkunft darüber, den Drittanbieter bei seinen Bemühungen zu unterstützen. Das würde potenziell Koordinationsarbeit und unter Umständen auch eine Neuverhandlung von Verträgen erfordern – hätte aber den Vorteil, diese Schwachstelle, die uns alle betrifft, besser absichern zu können.
Von der Theorie zur Praxis
Ein solches Zusammenwirken könnte unter Juristen durchaus Bedenken aufwerfen – Stichwort Wettbewerbsrecht. Dennoch hat der Moschusochsenansatz das Potenzial, die Risikolage in Sachen Drittanbieter entscheidend zu verbessern – und Unternehmen dabei zu unterstützen, Third-Party-Risiken besser zu managen.
Das könnte – zum Beispiel – folgendermaßen aussehen:
Bestimmen Sie, welche Drittanbieter Ihnen am meisten Sorgen bereiten und erstellen Sie eine “Hot List”. Tauschen Sie sich mit anderen Unternehmen aus, um diese Liste abzugleichen und die Kandidaten zu ermitteln, die Sie gemeinsam haben. Verhandeln Sie über einen gemeinschaftlichen “Schutzschild” für diese Anbieter. Denselben Ansatz haben wir bei FS-ISAC als möglichen Weg für die Zukunft diskutiert. Die ersten beiden Schritte sind relativ simpel zu bewerkstelligen – der dritte macht hingegen deutlich mehr Aufwand, aber auch den entscheidenden Unterschied. Ein praktischer Ansatz, um diesen umzusetzen, könnte dabei darin bestehen, dass die größten Unternehmen eine Führungsrolle einnehmen und kleinere unter ihre Fittiche nehmen.
Vergessen sollten Sie dabei nicht, dass auch die Moschusochsen-Strategie ihre Grenzen hat: Wenn ein Bär angreift, machen sich auch Moschusochsen aus dem Staub – dann ist jeder auf sich allein gestellt. Das lässt sich ebenfalls auf die Cybersicherheit übertragen: Je mächtiger der Feind, desto wahrscheinlicher ist es, dass der Angriff in einen Kampf ums blanke Überleben ausartet. Aber auch wenn diese Strategie nicht auf jedes Szenario anwendbar ist, könnte sie unser kollektives Risiko erheblich minimieren. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 51 views

CSOonline

January 2Jan 2

What Do You Want to See From Apple in 2026?

What Do You Want to See From Apple in 2026?

As we shared in our annual What to Expect Guide yesterday, 2026 is going to be a busy year for Apple. There are a lot of firsts in development, including the first foldable iPhone and the first OLED MacBook, plus an all new home hub device that will kick off Apple's major expansion into smart home devices and robotics.


We'll get new M5 Macs and new iPads early in the year, along with an updated ‌iPhone‌ 17e. In the spring, we're expecting iOS 26.4 with the revamped version of Siri, and the home hub, a new Apple TV, and a new HomePod mini could launch in that same timeframe.

We're aware of what's likely to launch based on rumors and past release information, but we'd love to hear from the MacRumors community. What do you want to see Apple release this year?

Are you excited for the new version of ‌Siri‌? Planning to get an ‌iPhone‌ Fold? What do you want to see from iOS 27 and macOS 27?

Let us know your thoughts in the comments, and take a look at our What to Expect guide for an overview of the current rumors. We'll be hearing a lot more about Apple's 2026 plans in the coming months, and you can count on us to have in-depth coverage of every rumor that surfaces.

If you want to discuss Apple's 2026 products, our MacRumors forums are an excellent resource, plus they're a great place to get help on current Apple products and software, or to find like-minded folks in the Apple community.

Our readers and our forum members continue to make MacRumors the number one source for Apple news, rumors, and advice, so thank you for being here! MacRumors celebrated its 25th birthday this year, thanks to the MacRumors community. We're looking forward to another year of rumors and product launches in 2026, and we hope you are too. Happy New Year!
This article, "What Do You Want to See From Apple in 2026?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 49 views

reporter

January 1Jan 1

No iPhone 18 Launch This Year, Reports Suggest

No iPhone 18 Launch This Year, Reports Suggest

Apple is not expected to release a standard iPhone 18 model this year, according to a growing number of reports that suggest the company is planning a significant change to its long-standing annual iPhone launch cycle.


Despite the immense success of the iPhone 17 in 2025, the ‌iPhone 18‌ is not expected to arrive until the spring of 2027, leaving the ‌iPhone 17‌ in the lineup as the latest standard model for over 18 months. This would mark the first time Apple skips an entire calendar year without releasing a new generation of its flagship non-Pro ‌iPhone‌.

For more than a decade, Apple has introduced its mainline ‌iPhone‌ lineup in the fall, with all core models launching simultaneously in September. That pattern is expected to change this year, when the company is widely rumored to split its upcoming ‌iPhone‌ releases across two distinct release windows rather than unveiling the entire lineup at once. Under this strategy, Apple is expected to prioritize higher-end models in the fall while delaying lower-cost or standard models until the following year.

As a result, Apple is not expected to ship the ‌iPhone 18‌ in 2026. Instead, reports indicate that Apple plans to launch the ‌iPhone 18‌ Pro, ‌iPhone 18‌ Pro Max, and foldable ‌iPhone‌ in the usual fall timeframe, while holding the standard ‌iPhone 18‌ back until the spring of 2027, where it will launch alongside the ‌iPhone‌ 18e and iPhone Air 2.

The rumored change is tied to Apple's expanding ‌iPhone‌ lineup. With the introduction of the iPhone 16e and ‌iPhone Air‌ in 2025, the expected debut of the first foldable ‌iPhone‌ in 2026, and the continued presence of older models like the iPhone 16 and ‌iPhone 16‌ Plus, there could be at least eight distinct ‌iPhone‌ models on sale from Apple by the end of 2026. A staggered release schedule would allow the company to further differentiate its models, give them a longer sales window without internal competition, and spread ‌iPhone‌ launches more evenly across the year.

Supply chain analysts have also pointed to manufacturing and logistics benefits as a factor behind the rumored shift. By spacing out launches, Apple could reduce production bottlenecks, better manage component supply for advanced technologies, and smooth revenue recognition across fiscal quarters rather than concentrating ‌iPhone‌ sales in a single period.
This article, "No iPhone 18 Launch This Year, Reports Suggest" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 1Jan 1

ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting what “cybercrime” looks like inView the full article

• 0 comments
• 40 views

Hacker News

January 1Jan 1

Enterprise Spotlight: Setting the 2026 IT agenda

Enterprise Spotlight: Setting the 2026 IT agenda

IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results. 
Download the January 2026 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World and learn about the trends and technologies that will drive the IT agenda in the year ahead.
View the full article

• 0 comments
• 44 views

CSOonline

January 1Jan 1

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in anView the full article

• 0 comments
• 38 views

Hacker News

January 1Jan 1

How To Browse Faster and Get More Done Using Adapt Browser

How To Browse Faster and Get More Done Using Adapt Browser

As web browsers evolve into all-purpose platforms, performance and productivity often suffer.  Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment. This article explores how adopting a lightweight, task-focused browser, likeView the full article

• 0 comments
• 44 views

Hacker News

January 1Jan 1

Critical vulnerability in IBM API Connect could allow authentication bypass

Critical vulnerability in IBM API Connect could allow authentication bypass

IBM is urging customers to quickly patch a critical vulnerability in its API Connect platform that could allow remote attackers to bypass authentication.
The company describes API Connect as a full lifecycle application programming interface (API) gateway used “to create, test, manage, secure, analyze, and socialize APIs.”
It particularly touts it as a way to “unlock the potential of agentic AI” by providing a central point of control for access to AI services via APIs. The platform also includes API Agent, which automates tasks across the API lifecycle using AI.
A key component is a customizable self-service portal that allows developers to easily onboard themselves, and to discover and consume multiple types of API, including SOAP, REST, events, ASyncAPIs, GraphQL, and others.
The flaw, tracked as CVE-2025-13915, affects IBM API Connect versions 10.0.8.0 through 10.0.8.5, and version 10.0.11.0, and could give unauthorized access to the exposed applications, with no user interaction required.
An architectural assumption is broken
“CVE-2025-13915 is not best understood as a security bug,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “It is better understood as a moment where a long standing architectural assumption finally breaks in the open. The assumption is simple and deeply embedded in enterprise design: If traffic passes through the API gateway, identity has been enforced and trust has been established. This vulnerability proves that assumption can fail completely.”
He noted that the classification of the weakness, which maps to CWE-305, is important because it rules out a whole class of what he called comforting explanations. “This is not stolen credentials. It is not role misconfiguration. It is not a permissions mistake,” he said. “The authentication enforcement itself can be circumvented.”
When that happens, he explained, downstream services do not simply face elevated risk, they lose the foundation on which their access decisions were built because they do not revalidate identity. They were never designed to; they inherit trust.
“Once enforcement fails upstream, inherited trust becomes unearned trust, and the exposure propagates silently,” he said. “This class of vulnerability aligns with automation, broad scanning, and opportunistic probing rather than careful targeting.”
Interim fixes provided
IBM said that the issue was discovered during internal testing, and it has provided interim fixes for each affected version of the software, with individual update details for VMware, OCP/CP4I, and Kubernetes.
The only mitigation suggested for the flaw, according to IBM’s security bulletin, is this: “Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimize their exposure to this vulnerability.”
The company also notes in its installation instructions for the fixes that the image overrides described in the document must be removed when upgrading to the next release or fixpack.
This, said Gogia, further elevates the risk. “That is not a cosmetic detail,” he noted. “Management planes define configuration truth, lifecycle control, and operational authority across the platform. When remediation touches this layer, the vulnerability sits close to the control core, not at an isolated gateway edge. That raises both blast radius and remediation risk.”
This is because errors in these areas can turn into prolonged exposure or service instability. “[Image overrides] also introduce a governance hazard: Image overrides create shadow state; if they are not explicitly removed later, they persist quietly,” he pointed out. “Over time, they drift out of visibility, ownership, and audit scope. This is how temporary fixes turn into long term risk.”
Most valuable outcome: Learning
He added that the operational challenges involved in remediation are not so much in knowing what has to be done, but in doing it fast enough without breaking the business. And, he said, API governance now needs to include up to date inventories of APIs, their versions, dependencies, and exposure points, as well as monitoring of behavior.
“The most valuable outcome here is not closure,” Gogia observed. “It is learning. Enterprises should ask what would have happened if this flaw had been exploited quietly for weeks. Which services would have trusted the gateway implicitly? Which logs would have shown abnormal behavior? Which teams would have noticed first? Those answers reveal whether trust assumptions are visible or invisible. Organizations that stop at patching will miss a rare opportunity to strengthen resilience before the next control plane failure arrives.”
This article originally appeared on InfoWorld.
View the full article

• 0 comments
• 44 views

CSOonline

January 1Jan 1

Apple Shares 'Detectives' Ad Promoting iPhone 17 Pro Camera

Apple Shares 'Detectives' Ad Promoting iPhone 17 Pro Camera

Apple today shared a new "Shot on iPhone" ad promoting the 8x optical zoom feature on the iPhone 17 Pro and ‌iPhone 17 Pro‌ Max.


The ad includes a series of quick zooms to show off what the ‌iPhone 17 Pro‌ models can do. Apple's video description highlight the 200mm focal length of the lens.

8x zoom is a new feature this year, exclusive to the ‌iPhone 17 Pro‌ and the ‌iPhone 17 Pro‌ Max. The prior iPhone 16 Pro models were limited to 5x optical zoom.Tag: Apple Ads
This article, "Apple Shares 'Detectives' Ad Promoting iPhone 17 Pro Camera" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

December 31, 2025Dec 31

Everything Apple Is Releasing in 2026: iPhone Fold, LLM Siri, Low-Cost MacBook and More

Everything Apple Is Releasing in 2026: iPhone Fold, LLM Siri, Low-Cost MacBook and More

If rumors are accurate, 2026 is going to be a huge year for Apple. We're expecting the first foldable iPhone, an all-new home hub device, updated displays, and possibly, the first OLED MacBook Pro and the first AI smart glasses.

Subscribe to the MacRumors YouTube channel for more videos.
Apple will split its ‌iPhone‌ launches, introduce a low-cost MacBook, and debut a much smarter, LLM-based version of Siri. In our 2026 guide, we've outlined everything we know about the new products coming from Apple in 2026, based on current rumors.

iPhones

While we'll get a low-cost ‌iPhone‌ 17e in 2026, the iPhone 18 that's normally sold alongside the ‌iPhone 18‌ Pro models is supposedly being held back until 2027, which means there won't be a standard ‌iPhone 18‌ in 2026. September 2026 will see Apple launching the foldable ‌iPhone‌ and the Pro ‌iPhone‌ models, so be prepared to spend some cash if you want a brand new ‌iPhone‌ in 2026.

iPhone 17e (Early 2026)

An ‌iPhone‌ 17e is expected in early 2026. It could have a refreshed design with slimmed down bezels and a Dynamic Island instead of a notch, giving it a more modern look that's more in line with the iPhone 17 lineup.


Another rumor says that it will have slimmer bezels but no ‌Dynamic Island‌, so it is not clear if it will have a notch or a ‌Dynamic Island‌.

While the iPhone 16e did not include a magnetic ring to allow it to attach to MagSafe chargers, the ‌iPhone‌ 17e could include ‌MagSafe‌ compatibility.

iPhone 18 Pro (September 2026)

The ‌iPhone 18‌ Pro models will look a lot like the iPhone 17 Pro models, but there could be some changes to the display thanks to new Face ID technology. We're expecting the same 6.3-inch and 6.9-inch size options, with the same bezel, display quality, and rear camera setup with the camera plateau that was introduced in 2025.


Apple may have finally figured out under-screen ‌Face ID‌, so 2026 could be the year that the ‌Dynamic Island‌ disappears, allowing for more screen space. Rumors suggest that the ‌Face ID‌ components will be under the display, but there will be a hole-punch camera cutout at the top left corner of the screen. It will be a noticeably different look compared to the ‌iPhone 17 Pro‌ models, and if the ‌Dynamic Island‌ is indeed going away, there will be some loss of functionality. Apple uses the ‌Dynamic Island‌ to display Live Activities and other important notifications.

Rumors suggest the ‌iPhone 18‌ Pro Max could be slightly thicker than the 17 Pro Max, and there's also a chance Apple could use a frosted glass material for the ‌MagSafe‌ charging area to reduce the two-tone appearance between the glass and the aluminum frame. Rumored color options include burgundy, brown, and purple, but Apple is expected to choose just one to go along with more traditional colors like silver.

With the ‌iPhone 18‌ Pro models, Apple is expected to introduce its first chip built on a new 2-nanometer node, the A20. With an updated process, the A20 chip could be up to 15 percent faster than the A19, and up to 30 percent more power efficient, perhaps leading to battery life improvements. Apple is also rumored to be implementing a new packaging technology (Wafer-Level Multi-Chip Module, WL-MCM).

Apple currently uses an SoC that integrates the CPU, GPU, Neural Engine, Secure Enclave, and other supporting components like the Image Signal Processor onto a single die, but RAM is a separate chip that's stacked on top of the SoC during the packaging process. If the A20 is upgraded with WL-MCM technology, RAM will be added at the wafer level (before the wafer is cut into chips) instead of the packaging level (after the wafer is cut), reducing interconnect delays.

With WL-MCM, RAM is more closely integrated with the other chip components, improving memory bandwidth, reducing latency, and boosting efficiency.

The ‌iPhone 18‌ Pro models will continue to feature a triple-lens rear camera setup with Wide, Ultra Wide, and Telephoto lenses, but the main wide-angle lens could get an upgrade. Rumors suggest Apple will add a variable aperture, which would allow users to control the amount of light that's hitting the lens for better performance in low lighting conditions and more control over depth of field. All prior iPhones have had fixed apertures.

Apple might tweak the Camera Control button, eliminating the swipe-based touch gestures and the haptic feedback. It is easy to accidentally change image parameters when taking a photo because of the Camera Control button's swipe controls. Apple added a setting to disable the swipe functionality in iOS 26 after user complaints, but the button might be better off without it.

The ‌iPhone 18‌ Pro could get Apple's C1X modem, or an upgraded C2 modem that supports mmWave 5G. Current ‌iPhone 17 Pro‌ models use Qualcomm modems, but Apple is ready to expand its in-house modem technology to the entire ‌iPhone‌ lineup. An N1 networking chip with combined Wi-Fi 7, Bluetooth 6, and Thread is expected.

Foldable iPhone (September 2026)

The first foldable ‌iPhone‌ is on track to launch in September 2026, coming seven years after Samsung released its first foldable smartphone. Naming hasn't been announced, but rumors have taken to calling it the "‌iPhone‌ Fold."


Apple is going with a book-style design, so the ‌iPhone‌ Fold will open and close like a book. When the display is open, it will be around 7.6 inches, and when it's closed, it will be around 5.3 inches. It's said to look similar to an iPad mini when it is unfolded, and it will use OLED display technology.

Apple is prioritizing thinness, and so the foldable ‌iPhone‌ could be just 4.5mm when it's open, making it Apple's thinnest device by far. When closed, it could be between 9mm and 9.5mm.

The foldable ‌iPhone‌ won't have a notch or a ‌Dynamic Island‌, and rumors suggest that it might not have ‌Face ID‌ at all. Apple could instead use a Touch ID side button, similar to an iPad. There will be a camera in the top-left corner of the display for taking selfies, and there will also be a pair of rear cameras.

Apple has been focused on ensuring the ‌iPhone‌ Fold doesn't have a noticeable crease when it's open, a problem that the company has reportedly solved with display improvements and a strong, durable hinge made from Liquidmetal. The crease is said to be "nearly invisible" when the ‌iPhone‌ is unfolded.

Apple will use the 2-nanometer A20 chip for its fall 2026 iPhones, including the foldable ‌iPhone‌.

The ‌iPhone‌ Fold isn't going to be cheap, and rumors suggest the price will be between $2,000 and $2,500. The most recent information is on the higher end of that range.

iPads

Several iPads are getting updates in 2026, but most will be minor refreshes. The ‌iPad mini‌ is an exception, because rumors say it could get an OLED display. There's no iPad Pro rumored for 2026, with the next update expected in 2027.

iPad (Spring 2026)

A 12th-generation ‌iPad‌ could come out in spring 2026, likely around March. There are no changes expected for the design, so it will continue to have an 11-inch edge-to-edge display, ‌Touch ID‌ Side Button, USB-C, and thicker bezels than other ‌iPad‌ options.


The next low-cost ‌iPad‌ is expected to use Apple's A19 chip, which is the chip that Apple used for the ‌iPhone 17‌. It is built on a 3-nanometer process and it will offer major speed and efficiency improvements over the A16 chip that's in the current model.

The A16 chip that Apple used in 2025 does not support Apple Intelligence, but the A19 does, so that will mark a major update for Apple's affordable tablet. The 2026 model should be able to support ‌Apple Intelligence‌ features that are unavailable with the 2025 model.

The A19 also offers hardware-accelerated ray tracing and similar features for improved gameplay. The 11th-generation ‌iPad‌ has 6GB RAM, but Apple will need to bump that up to 8GB for ‌Apple Intelligence‌.

It is unusual for Apple to use such a new chip in its most affordable device, but the company may want to ensure that the ‌iPad‌ is able to keep up with all of the ‌Apple Intelligence‌ features coming in 2026, such as the new version of ‌Siri‌.

iPad Air (Spring 2026)

The iPad Air will get an early 2026 update, around the March/April timeframe. No design changes are rumored for the ‌iPad Air‌, so we can expect the same 11-inch and 13-inch size options.


Apple will upgrade the ‌iPad Air‌ to the M4 chip. The M4 CPU is up to 30 percent faster than the M3 CPU, while the GPU is up to 21 percent faster.

In actual use, you may not see much of a difference between the M3 and M4 on the ‌iPad Air‌, though you might experience modest improvements with system intensive games and tasks like video editing.

The ‌iPad Pro‌ was upgraded with fast charge functionality with the update to the M5 chip, and that's something that could trickle down to the ‌iPad Air‌.

The ‌iPad Air‌ could get the N1 networking chip and the C1X modem.

iPad mini

The next-generation version of the ‌iPad mini‌ is rumored to feature a major technology upgrade, with Apple set to adopt an OLED display. The ‌iPad mini‌ will be the second tablet to adopt OLED after the ‌iPad Pro‌.


Along with an OLED display, the ‌iPad mini‌ 8 is expected to have a more water resistant design that better holds up to splashes and even submersion in water. Apple is creating a vibration-based speaker system that uses the display or chassis to produce sound, eliminating the need for a traditional speaker.

With the surface vibration speaker, Apple could remove the speaker holes in the ‌iPad mini‌, making it better able to withstand exposure to moisture.

Leaked Apple code suggests that the ‌iPad mini‌ will feature the A20 Pro chip. That's the next-generation chip that we're expecting Apple to use in the ‌iPhone 18‌ Pro models, so if the ‌iPad mini‌ is using the same chip, it could come out around the same time as the ‌iPhone 18‌ Pro.

If Apple ends up going with the A19 Pro instead, the ‌iPad mini‌ could launch earlier in the year.

With OLED display technology and the more water resistant design, the ‌iPad mini‌ 8 could be $100 more expensive than the current model.

Macs

Apple will refresh the Mac lineup with M5 chips early in the year, plus there's a new low-cost model. Later in the year, there's a possibility we'll get an M6 OLED ‌MacBook Pro‌.

Low-Cost MacBook (Early 2026)

Apple is going to release a low-cost MacBook in 2026, with the device set to be more affordable than the $999 MacBook Air. With the affordable notebook, Apple is aiming to better compete with cheap Chromebooks and Windows PCs.


Apple analyst Ming-Chi Kuo believes the low-cost MacBook will have a display that's around 13 inches in size. The ‌MacBook Air‌ has a 13.6-inch display, so the more affordable MacBook could be slightly smaller. It's sounding like it won't be too far off from the 13-inch ‌MacBook Air‌, though.

There are no details on how thick it might be, but Apple probably won't prioritize a thin design for a machine optimized for a low price. Since the ‌MacBook Air‌ can run fine with an M-series chip and no fan in an enclosure that's 0.44 inches thick, there's no reason for the MacBook to be any thicker than that.

The low-cost MacBook will have a standard LCD display with no mini-LED technology or ProMotion refresh rate. It could come in bright colors like the iMac, with Kuo suggesting Apple will offer it in silver, blue, pink, and yellow.

Apple is planning to use its A18 Pro chip in the MacBook. We first saw the A18 Pro in the iPhone 16 Pro models. The chip is built on Apple's second-generation 3-nanometer process, featuring 8GB RAM and support for ‌Apple Intelligence‌.

It's fast and efficient, and more than capable of handling day-to-day tasks. In Geekbench 6 benchmarks, the A18 Pro offers single-core CPU performance scores at the level of the M3 Ultra, and multi-core performance scores higher than the M1 chip that Apple used in the first Apple silicon ‌MacBook Air‌. Metal scores that measure GPU performance are also similar to the ‌M1‌ chip Metal scores.

The A18 Pro will be equivalent to the ‌M1‌ for some tasks, and faster for other tasks. Apple no longer sells the ‌M1‌ ‌MacBook Air‌ from its own store, but it has offered the machine through Walmart at a $599 price point.

There are no specific details on price as of yet, but Bloomberg claims it will cost "well under $1,000." The ‌MacBook Air‌ is priced starting at $999, so it would need to come in under that.

Apple could launch the low-cost MacBook in the first half of 2026. Updates are planned for the ‌MacBook Air‌ in early 2026, so the low-cost model could launch sometime in that same timeframe.

MacBook Air (Early 2026)

Apple is working on an updated ‌MacBook Air‌, and rumors suggest that it will come out in the first few months of 2026. It's going to get the M5 chip, but no other new features are rumored. The design will remain the same, and we'll get the same 13-inch and 15-inch size options.


Based on updates to the 14-inch ‌MacBook Pro‌, it could also get a faster SSD, and there might be a new color option to replace the light blue from 2025.

MacBook Pro (Early 2026)

14-inch and 16-inch ‌MacBook Pro‌ models with M5 Pro and M5 Max chips are expected to join the M5 ‌MacBook Pro‌ that came out in October 2025.


The M5 Pro and M5 Max will have more CPU cores and better GPUs for improved performance, with the chips available in both 14-inch and 16-inch machines. Apple is also expected to add faster SSDs to the new machines.

As with the ‌MacBook Air‌, no design changes are expected for the early 2026 refresh, with a major overhaul coming in the final months of 2026 or the early months of 2027.

Mac mini (Mid-2026)

There is a new version of the Mac mini in development, with M5 and M5 Pro chips. So far, there are no rumors of design changes or other updates, but the ‌Mac mini‌ could get the same SSD improvements as Apple's 14-inch ‌MacBook Pro‌.


Mac Studio (Mid-2026)

The Mac Studio could come out in the same timeframe as the ‌Mac mini‌. Apple didn't release an M4 Ultra chip, but there will be an M5 Ultra.


Sometime around the middle of 2026, the ‌Mac Studio‌ will get M5 Max and M5 Ultra chip technology. The M5 Max will offer much faster CPU and GPU performance than the M5, and the M5 Ultra will double the M5 Max.

We haven't heard rumors of design changes or any other updates for the ‌Mac Studio‌ as of yet.

Mac Displays (Early to Mid-2026)

Apple hasn't released a new display since the Studio Display launched in 2022, but there are apparently two new models that are in development and slated for release in 2026.


The next-generation version of the Studio Display could feature the same 27-inch screen size, but with mini-LED technology instead of LCD. mini-LED means better HDR, brightness, contrast, and colors. The current Studio Display has an A-series chip inside, and the next-generation version could get the A19 Pro that Apple used in the ‌iPhone 17 Pro‌.

There are actually two displays in development, but it's unclear if that's the next Studio Display in two sizes, or a Studio Display and a more expensive Pro Display XDR successor.

OLED MacBook Pro (Late 2026/Early 2027)

Apple is developing a revamped touchscreen OLED ‌MacBook Pro‌ that uses next-generation M6 chip technology. It's not yet clear if the machine will come out in late 2026 or early 2027, but 2026 is a possibility.


If Apple does debut the OLED ‌MacBook Pro‌ in late 2026, it will be a year with two ‌MacBook Pro‌ refreshes. Apple has done that once before when the M2 Pro and ‌M2‌ Max chips launched in early 2023 followed by M3 chips later in the year, but it is a rare occurrence.

Rumors suggest that the OLED ‌MacBook Pro‌ will feature a hole-punch camera without a notch, maximizing the available display area. The design could be closer to the ‌iPhone‌'s ‌Dynamic Island‌, but there is no sign that Apple plans to adopt ‌Face ID‌ on the Mac. Touch integration will be added to the Mac's screen for the first time, and Apple plans to adopt a reinforced hinge that stays stationary when the display is touched, and cuts down on any vibration associated with touch-based gestures.

OLED technology offers better brightness, a higher contrast ratio with deeper blacks and whiter whites, better colors, and less power usage for battery improvements.

The design of the MacBook will also be updated, and it will have a thinner, lighter chassis. There will be a keyboard and trackpad as usual, with the touch gestures augmenting existing functionality.

The M6 could be built on TSMC's 2-nanometer process, introducing speed and efficiency improvements for impressive gains in battery life without compromising power. The OLED ‌MacBook Pro‌ could also be the first MacBook to incorporate 5G connectivity, with Apple including a C2 chip in the device. The C2 chip is Apple's rumored second-generation in-house modem that will support mmWave and sub-6GHz 5G speeds.

With an OLED display and touchscreen technology, the ‌MacBook Pro‌ could see a price increase. Apple may also limit the features to higher-end, more expensive models.

M5 iMac (Timing and Status Unknown)

The ‌iMac‌ could get an M5 chip at some point in 2026, but timing isn't clear. We haven't heard anything about the ‌iMac‌ in some time, and there are no rumors of design changes or major updates on the horizon.


There have been nebulous rumors of an ‌iMac‌ with a larger display, but there's no sign that such a Mac is still in active development.

M5 Max iMac (Timing Unknown)

Leaked internal software suggests that Apple is developing a new version of the ‌iMac‌ that includes an M5 Max chip. Max chips are typically reserved for "Pro" machines, so it's entirely possible that Apple is planning to launch a new ‌iMac‌ Pro at some point in 2026.


Nothing else is known about this mysterious ‌iMac‌, and it could also be a machine that Apple uses exclusively for internal testing. If there is a larger-screened ‌iMac‌ in the works, it could feature mini-LED display technology, similar to the rumored Studio Display 2. Sizing is unclear, but it would presumably be larger than the standard 24-inch ‌iMac‌.

Mac Pro (Timing Unknown)

Apple is probably going to release a new Mac Pro at some point, but it's unclear when. Bloomberg originally said a ‌Mac Pro‌ would come before the end of 2025 with some kind of M4 chip, but that didn't happen, so now 2026 or later is the only option.


It's possible the ‌Mac Pro‌ will get a refresh with the M5 Ultra chip when the ‌Mac Studio‌ does, but we haven't heard confirmation of that and Bloomberg says it's not going to happen. The ‌Mac Pro‌ is reportedly on the back burner at Apple, so no new model could come at all.

If Apple refreshes the ‌Mac Pro‌ this year, it will get Thunderbolt 5, and it will likely support at least 512GB RAM and 16TB storage, because that's what the M3 Ultra chip supports.

Home Products

We didn't get a new HomePod mini or Apple TV in 2025, so those are expected in 2026, plus Apple is working on a new home hub device.

Home Hub (March/April 2026)

Apple is working on a home hub or "command center" that will serve as a centralized location for controlling smart home products, listening to music, making video calls, getting the weather, looking things up with ‌Siri‌, displaying photos, making notes, viewing calendar events, and more.


The device has an all-display design that resembles an ‌iPad‌, with a 7-inch display. It's said to be similar in size and shape to two iPhones placed side-by-side, but Apple is designing two variants. The first version is designed to be mounted on a wall, while the second version has a speaker base that looks similar to a ‌HomePod mini‌ and can be placed on a desktop or countertop.

The home hub will have its own operating system, and while there won't be an App Store, Apple apps will be available as widgets.

Built-in sensors will be able to determine when someone is near the home hub, and the features displayed will change based on presence. If no one is by the hub, it might show information like the time and temperature, but if someone approaches, it could shift to an interface for adjusting the temperature.

Presence detection will enable features like turning on the lights when someone enters the room, and it might also be able to tell one person from another. The home hub will play music, and it does have a camera that can be used for video calls.

Touch-based interactions will be available for widgets, but the hub will be heavily reliant on ‌Siri‌ voice commands. ‌Siri‌ could have a personified look on the hub, with one design described as a version of the Mac Finder icon.

While screen-based smart home devices like the Echo Show are available for under $200, Apple could price the home hub somewhere around $350. Price could vary for the version with the speaker base and the wall-mounted version without it.

Apple is aiming to launch the home hub sometime in the March to April 2026 timeframe.

HomePod mini (Early 2026)

A new ‌HomePod mini‌ is ready to launch, and it could launch in early 2026. The ‌HomePod mini‌ 2 will get an updated S-series chip based on the Apple Watch S10, and there will be new color options.


We haven't heard anything about other features that could come to Apple's small speaker, but no design changes are expected.

Apple TV (Early 2026)

Like the ‌HomePod mini‌, the next ‌Apple TV‌ 4K won't look any different, but it will get an updated A-series chip, like the A17 Pro or A18. The new chip will support ‌Apple Intelligence‌, so the next-generation ‌Apple TV‌ could be more capable than before.


Apple is expected to add the N1 networking chip to the ‌Apple TV‌ with Wi-Fi 7, Bluetooth 6, and Thread support.

The ‌HomePod mini‌ and the ‌Apple TV‌ are linked to Apple's smart home platform and serve as smart home hubs for Matter, the cross-platform protocol that opens up the number of smart home accessories that are compatible with HomeKit.

AirTag 2 (Early 2026)

The AirTag 2 supposedly isn't getting a new design, but it will have an updated Ultra Wideband chip and a speaker that's harder to remove to prevent tampering. Leaked Apple code suggests it will get improved pairing, more detailed battery level reporting, and improvements to tracking AirTags that are moving and in crowded places.


Apple Security Cameras (Late 2026)

Rumors suggest that Apple is designing its own indoor security cameras that will connect to ‌HomeKit‌ and interface with the planned home hub.


Cameras designed directly by Apple would offer unique integrations with Apple devices, and would offer greater privacy than competing devices because of Apple's dedication to privacy and security. The first cameras could come out as soon as late 2026, and we could see other accessories like doorbells follow.

Wearables

Apple could introduce AI smart glasses as soon as 2026, plus we're expecting new Apple Watch models.

Apple Watch Series 12 (September 2026)

No big design updates are expected for the 2026 Apple Watch, and another major design refresh isn't planned until 2028 at the earliest.


There are no health features that are ready to go, though Apple is working on non-invasive blood glucose monitoring.

It's been a long time since the Apple Watch got a major processor update, and with the ‌iPhone‌ shifting to a 2nm chip, 2026 could also be the year that the Apple Watch gets a speed boost. Apple could introduce a new S12 chip.

Apple Watch Ultra and Apple Watch SE

Apple doesn't update the Apple Watch Ultra and the Apple Watch SE on an annual basis, so it's not clear if we're going to get new models in 2026 yet.


AI Smart Glasses (Late 2026 Introduction)

Apple is working on smart glasses that will rival Meta's AI Ray-Bans, and we could see them as soon as 2026. Rumors suggest that Apple will show off the glasses late in the year, but a launch won't happen until 2027.


Previewing devices and features early has not worked out well for Apple with the canceled AirPower and the delayed ‌Apple Intelligence‌ ‌Siri‌ implementation, so it's still not clear if an early introduction will happen.

The smart glasses are expected to include cameras, speakers, sensors, and AI integration, but no displays will be included. The glasses will let users do things like take photos, listen to audio, make phone calls, and get answers to questions.

Processing will be done on the ‌iPhone‌, and Apple is aiming to make the glasses a fashion accessory with multiple material and frame options.

AirPods Pro (Late 2026)

Even though the AirPods Pro 3 were just released in 2025, Apple analyst ‌Ming-Chi Kuo‌ believes that another AirPods Pro update is coming in 2026.


The AirPods Pro could get an infrared camera for enhanced spatial audio with the Vision Pro and support for in-air gestures. It's possible the AirPods Pro won't be a new version, but a higher-end update to the ‌AirPods Pro 3‌.

Software

We'll get iOS 27 at WWDC as usual, but the next major update will actually happen in spring when Apple releases iOS 26.4.

iOS 26.4 with LLM Siri (March/April 2026)

Right around March or April, Apple will release iOS 26.4, an update that's expected to introduce some major changes to ‌Siri‌. The software is supposed to include the smarter, more capable version of Siri that Apple debuted way back in June 2024.


Apple has held off on launching the home hub because it is waiting to debut the smarter, more capable version of ‌Siri‌ that's been in the works since ‌Apple Intelligence‌ features launched in iOS 18. The original plan was for a better version of ‌Siri‌ to come out in an iOS 18 update, but Apple decided ‌Siri‌ just wasn't good enough to do what it wanted.

‌Siri‌ was delayed so Apple could overhaul the underlying architecture that powers the personal assistant. The new ‌Siri‌ will be more similar to ChatGPT or Claude than the ‌Siri‌ of today, incorporating large language models to answer complex queries and complete more complicated tasks.

Here's what Apple originally promised ‌Siri‌ would be able to do with ‌Apple Intelligence‌:

Personal Context

With personal context, ‌Siri‌ will be able to keep track of emails, messages, files, photos, and more, learning more about you to help you complete tasks and keep track of what you've been sent.

Show me the files Eric sent me last week.
Find the email where Eric mentioned ice skating.
Find the books that Eric recommended to me.
Where's the recipe that Eric sent me?
What's my passport number?


Onscreen Awareness

Onscreen awareness will let ‌Siri‌ see what's on your screen and complete actions involving whatever you're looking at. If someone texts you an address, for example, you can tell ‌Siri‌ to add it to their contact card. Or if you're looking at a photo and want to send it to someone, you can ask ‌Siri‌ to do it for you.

Deeper App Integration

Deeper app integration means that ‌Siri‌ will be able to do more in and across apps, performing actions and completing tasks that are just not possible with the personal assistant right now. We don't have a full picture of what ‌Siri‌ will be capable of, but Apple has provided a few examples of what to expect.

Moving files from one app to another.
Editing a photo and then sending it to someone.
Get directions home and share the ETA with Eric.
Send the email I drafted to Eric.

This summer, Apple software engineering chief Craig Federighi said that transitioning ‌Siri‌ to new architecture was a success, and that the personal assistant is going to be an even bigger update than expected.

"The work we've done on this end-to-end revamp of ‌‌Siri‌‌ has given us the results we needed," Federighi told employees. "This has put us in a position to not just deliver what we announced, but to deliver a much bigger upgrade than that we envisioned."

Apple decided to use AI technology from Google, so ‌Siri‌ will in part be powered by a Google Gemini model that Google designed for Apple. ‌Siri‌ will be as capable as Gemini since it is using the same underlying technology, but Apple will run the model on its own Private Cloud Compute server with no information provided to Google.

The new version of ‌Siri‌ is expected to be ready for an iOS 26.4 update planned for the same March or April timeframe rumored for the home hub.

iOS 27, macOS 27 and More

New versions of iOS, macOS, and Apple's other software platforms will be previewed in June at WWDC before launching in September. New ‌Apple Intelligence‌ features are expected thanks to the improved ‌Siri‌ that Apple will be rolling out in the months ahead of WWDC.


‌Apple Intelligence‌ could be used for nutrition planning and medical suggestions, as part of a new paid Health+ service that's coming out next year. We don't know specifics yet, but ‌Apple Intelligence‌ features could also expand to additional apps.

With iOS 27, Apple could update Siri's design. ‌Siri‌ will get its major overhaul in iOS 26.4, but a new visual look is supposedly planned for iOS 27. There are no specifics about what the redesign might entail, but rumors linked to Apple's upcoming tabletop robot suggest that the company might introduce a version of ‌Siri‌ that's more animated, similar to the Mac Finder logo. That more animated version of ‌Siri‌ could also come to the ‌iPhone‌ and ‌iPad‌.

Apple is working on several new satellite features for the ‌iPhone‌, and some of these could come in iOS 27, though timing is unclear.

Apple Maps via satellite
Photos in Messages via satellite
Satellite API framework for third-party apps
Satellite over 5G
Satellite connectivity without the need for a view of the sky.

Some of these features could require new hardware, but options like ‌Apple Maps‌ via satellite would not require components beyond what's available now.

There will be new iOS 27 features that are designed for the foldable ‌iPhone‌, such as interfaces and experiences made for a larger screen.

Bloomberg's Mark Gurman has described iOS 27 as a "Snow Leopard" update, suggesting that Apple will focus on improving underlying performance and quality rather than introducing major new functionality.

Read More

Make sure to follow MacRumors.com and the MacRumors roundups and guides over the course of 2026 to keep up with all of the rumors we're hearing. Bookmark our What to Expect Guide and our Events Guide to see a continually updated overview of what's on the horizon.
This article, "Everything Apple Is Releasing in 2026: iPhone Fold, LLM Siri, Low-Cost MacBook and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 54 views

reporter

December 31, 2025Dec 31

What's Happening With the Mac Pro?

What's Happening With the Mac Pro?

Apple hasn't updated the Mac Pro since 2023, and according to recent rumors, there's no update coming in the near future. In fact, Apple might be finished with the ‌Mac Pro‌.


Bloomberg recently said that the ‌Mac Pro‌ is "on the back burner" and has been "largely written off" by Apple. Apple apparently views the more compact Mac Studio as the ideal high-end pro-level desktop, and it has almost replaced the ‌Mac Pro‌.

Apple is working on an M5 Ultra chip that will come out next year, but Bloomberg says the company is only planning to use it in the ‌Mac Studio‌, and not in an updated ‌Mac Pro‌. Apple has no plans to update the ‌Mac Pro‌ in 2026 in a "significant way." If we are truly at the end for the ‌Mac Pro‌, will we see Apple discontinue it when the next-generation ‌Mac Studio‌ launches?

The current ‌Mac Studio‌ has a newer, higher-end M3 Ultra chip that supports more CPU cores, more GPU cores, more maximum storage (16TB vs. 8TB), and more maximum unified memory (512GB vs. 192GB). The ‌Mac Studio‌ can support up to four 8K displays, while the ‌Mac Pro‌ is limited to three, and the ‌Mac Pro‌ doesn't have Thunderbolt 5.

The ‌Mac Pro‌ has fallen behind, and the gap will only increase with the launch of an M5 Ultra ‌Mac Studio‌. The only benefit that the ‌Mac Pro‌ offers over the ‌Mac Studio‌ is PCIe expansion slots. It's heavier, bulkier, and more expensive than the ‌Mac Studio‌ when comparing equivalent RAM and storage. For most people, there's no reason to choose a ‌Mac Pro‌ over a ‌Mac Studio‌, but some of Apple's high-end customers still need the space for things like RED capture cards and specialized audio interfaces.

Over the years, Apple has struggled with meeting the needs of pro users who want a desktop. The now-infamous "trash can" ‌Mac Pro‌ that came out in 2013 prioritized design over functionality, and the machine ended up being a failure. Apple was criticized for misunderstanding its pro user base because there was no space for internal upgrades like additional GPUs.

Apple was never able to update the trash can ‌Mac Pro‌ because it wasn't thermally capable of supporting rapidly evolving GPUs. In 2019, Apple unveiled a modular ‌Mac Pro‌ that had a more traditional enclosure able to support expansion with eight PCIe slots and three impeller fans. Apple did update the ‌Mac Pro‌ a couple of times after that, but it has once again been sidelined.

Apple is still selling the M2 Ultra version of the ‌Mac Pro‌ and it hasn't been discontinued or removed from the company's website. Until it's officially discontinued, there's a chance we could get another ‌Mac Pro‌ at some point in the future, but it doesn't sound like 2026 will be the year. Related Roundup: Mac ProBuyer's Guide: Mac Pro (Neutral)Related Forum: Mac Pro
This article, "What's Happening With the Mac Pro?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

December 31, 2025Dec 31

Apple Says Final Intel MacBook Air and Apple Watch Series 5 Now 'Vintage'

Apple Says Final Intel MacBook Air and Apple Watch Series 5 Now 'Vintage'

Apple today added the final 13-inch MacBook Air powered by Intel processors, the Apple Watch Series 5, and additional products to its vintage products list. The iPhone 11 Pro was also added to the list after the iPhone 11 Pro Max was added back in September.


The full list of products added to Apple's vintage and obsolete list today:

MacBook Air (Retina, 13-inch, 2020)
iPhone 8 Plus 128GB - other capacities were already vintage
iPhone 11 Pro
iPad Air 3, Wi-Fi + Cellular - Wi-Fi-only models not yet vintage
Apple Watch Series 5, Aluminum, 40mm
Apple Watch Series 5, Aluminum, 44mm
Apple Watch Series 5, Ceramic, 40mm
Apple Watch Series 5, Ceramic, 44mm
Apple Watch Series 5 Hermes, 40mm
Apple Watch Series 5 Hermes, 44mm
Apple Watch Series 5 Nike, 40mm
Apple Watch Series 5 Nike, 44mm
Apple Watch Series 5, Stainless Steel, 40mm
Apple Watch Series 5, Stainless Steel, 44mm
Apple Watch Series 5, Titanium, 40mm
Apple Watch Series 5, Titanium, 44mm

The final Intel MacBook Air was introduced in March 2020 and featured a 1.1GHz dual-core Intel Core i3, 1.1GHz quad-core Intel Core i5, or 1.2GHz quad-core Intel Core i7 processor, depending on configuration. It only remained on the market for eight months before it was discontinued when Apple debuted the M1 MacBook Air in November of that year as part of its initial Apple silicon launch.

Apple considers a device to be vintage after more than five years have passed since the company stopped distributing it for sale. Apple and Apple Authorized Service Providers may offer repairs for vintage devices, but only if parts remain available.

In addition to the newly vintage products, Apple today shifted the special-edition Beats Solo3 Wireless headphones released in 2018 to celebrate the 90th anniversary of Mickey Mouse from the vintage list to the obsolete list.

Apple considers a device to be obsolete once more that seven years have passed since it was offered for sale, and hardware service is generally unavailable for those devices. Mac laptops are, however, eligible for an extended battery-only repair period of up to 10 years from the date of discontinuation, subject to parts availability.Tag: Vintage and Obsolete Apple Products
This article, "Apple Says Final Intel MacBook Air and Apple Watch Series 5 Now 'Vintage'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 40 views

reporter

December 31, 2025Dec 31

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension sourceView the full article

• 0 comments
• 44 views

Hacker News

December 31, 2025Dec 31

Get an AirTag 4-Pack for Just $64.98 on Amazon

Get an AirTag 4-Pack for Just $64.98 on Amazon

Apple's AirTag 4-Pack has dropped to $64.98 this week on Amazon, down from the original price of $99.00. Free shipping options have a delivery estimate around January 5, while Prime members should be able to get it delivered a few days sooner.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Overall, this is a solid second-best price on the AirTag 4-pack that's within $2 of the Amazon all-time low price, which we last tracked during Black Friday. If you're shopping for a single AirTag, Amazon has the AirTag 1-Pack for $19.00, down from $29.00.

$10 OFFAirTag 1-Pack for $19.00
$34 OFFAirTag 4-Pack for $64.98

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get an AirTag 4-Pack for Just $64.98 on Amazon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

December 31, 2025Dec 31

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, theView the full article

• 0 comments
• 48 views

Hacker News

December 31, 2025Dec 31

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gainView the full article

• 0 comments
• 40 views

Hacker News

December 31, 2025Dec 31

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time onView the full article

• 0 comments
• 39 views

Hacker News

December 31, 2025Dec 31

Equifax Europe CISO: Notorious breach spurred cybersecurity transformation

Equifax Europe CISO: Notorious breach spurred cybersecurity transformation

The 2017 Equifax breach was one of biggest security incidents of the 21st century. A textbook data leak case, the breach impacted more than 147 million people, spawning a number of scandals and controversies, with the credit reporting agency being criticized for a range of issues, from a lax security posture to their botched response.
The high-profile incident has proved transformational for the company. In the wake of the breach, the multinational company has fortified itself and now even provides advanced solutions for risk management, fraud, and compliance.
Javier Checa, the current CISO of Equifax for Continental Europe, is a computer scientist with more than 20 years of experience in senior cybersecurity positions at various companies, including serving as information security director at El Corte Inglés. Checa wasn’t with Equifax when the data breach occurred; he joined three years later. But he did experience the incident, which he describes as “very significant,” from the outside.
As he recalls in an interview with CSO/Computerworld Spain, although “there had already been other similar incidents, for some reason, probably due to the type of customer and consumer information that Equifax handles, it did have a major impact on the industry at that time.” Furthermore, he adds: “While it’s true that in subsequent years there have been much more serious incidents, [the Equifax breach] was a watershed moment in everything related to cybersecurity.”
A quick learning curve
Checa praises the work done by Mark W. Begor, Equifax’s CEO since 2018, and Jamil Farshchi, Equifax’s global EVP, CISO, and CTO, who have led a complete transformation of the company at a time when it was still very badly affected both financially — it had to face $700 million in fines, compensation, and expenses to protect consumers after the data breach — and from a reputational point of view.
A path in which the CEO’s “personal” commitment to adopting the cloud IT delivery model and the strengthening of cybersecurity and trust to make the company a “security leader” have been vital.
“Equifax has invested nearly $3 billion in a complete overhaul of both our technology and security platforms,” ​​Checa says, adding that the change in the company’s IT strategy is “comprehensive”: “Before, the focus was more on technology, while now security is part of everything we do; it’s embedded in all our processes.”
The company’s CISO for Continental Europe explains that Equifax has built its strategy on the NIST Cybersecurity Framework and its Privacy Framework, which focuses more on the issue of privacy risks and the protection of personal information.
“Where are we now?” he asks. “We’re in a happy place because we’ve already completed the transformation of our infrastructure to the cloud model.”
Cloud as a new technological axis
Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain alone.
“Now, in Spain, for several months now, all the applications and products we serve to our customers are delivered from the cloud,” Checa says. The project, carried out with Google Cloud, has not only consisted of migrating workloads, he adds, but “restructuring, reorganizing, and refactoring all our assets to truly become a cloud-native company.”
The impact of cloud adoption on the company’s security strategy has been clear: “My security philosophy isn’t just about defining a framework of controls; security must have a very important technological component directly related to simplicity. Migrating to the cloud has made it easier for us to simplify all the components and the way we develop,” Checa explains.
The European CISO adds that it has been positive for the company to “reduce legacy systems to zero,” one of the biggest problems for companies with a long market history.
“Now we have a live infrastructure whose systems we update and re-platform every month, something previously unthinkable,” he says.
The company has also seen its security processes simplified. “Aligning the cloud transformation with the security changes has allowed us to implement security controls, measures, and processes that are completely aligned with all the new technology we have,” he points out.
360-degree safety culture
“Now, a security culture is part of our DNA as a company,” says Checa, who works within the multinational’s team of 300 cybersecurity specialists.
But “security isn’t just the responsibility of the technology or security team, but of every employee in the company,” he adds. An example of this mindset is that, “as Jamil [Farshchi] often mentions, Equifax was the first publicly traded company whose employees could access a bonus that included security as one of its components; an initiative that other companies have since copied.” With this, Checa asserts, the company conveys the importance of cybersecurity to its entire workforce.
When asked about the foundations of the multinational’s information security strategy, Checa doesn’t hesitate: “Transparency and collaboration are our cybersecurity pillars.”
The first, “a commitment from the CEO himself,” has been key to regaining customer trust.
“In 2017, after the incident, we needed to win back our customers’ confidence. It’s important to remember that at that time the company’s stock price dropped significantly,” the CISO explains. “Having delivered on our promises is one of the reasons why the company’s stock price is now even higher than before the 2017 incident.”
But there’s another kind of transparency, “the kind we demand of ourselves,” Checa continues.
“Jamil always says it’s easy to be motivated [to be transparent] after a security incident, but the challenge is maintaining that focus over time.” That’s why, Checa adds, the company decided five years ago to launch an annual security report “where we truly open our doors and provide information that few companies had previously offered, from indicators of how long it takes us to respond to an incident to the click-through rate in our phishing simulations.”
Information, he says, that has helped Equifax gain in transparency and customer loyalty. Moreover, he acknowledges, “the biggest lesson learned from the incident is the need to be transparent to regain customer trust.”
Regarding the second pillar, collaboration, Checa is clear about its value: “In the new environment of escalating threats we live in, we understand that no one can win this battle alone.”
Therefore, in addition to sharing security information to be more transparent, Equifax publishes its list of controls so that any company can use them.
“We publish our core security not only for the sake of transparency, but so that all companies and governments worldwide can use it — information that has taken us a great deal of effort to develop,” Checa says.
Furthermore, he emphasizes that Equifax collaborates with security agencies such as the FBI and participates in more than 30 security forums. “We share knowledge, collaborate with states in developing their security awareness programs, and have even helped them resolve some security breaches,” he says.
Juan Marquez | Foundry
Although the cyberattack on Equifax had an economic motive, the reasons driving cybercriminals today are highly diverse. “With the rise in geopolitical tension, new threats emerge and new actors enter the scene,” explains Checa. These threats, he acknowledges, are “more complex, persistent, and sophisticated,” and the actors “aren’t really seeking short-term financial gain, but rather accumulating resources that will later facilitate other practices related to espionage, influence, and even corruption.”
According to the company’s latest report, with data from 2024, Equifax neutralizes more than 15 million cyber threats every day, which represents 175 hostile attempts every second, a 25% increase compared to 2023. “We have seen a significant increase in attacks carried out with artificial intelligence,” Checa adds.
He reflects that AI “has democratized cyberattacks, and now people with less technical knowledge can carry out more complex attacks.”
Checa also mentions the rise of deepfakes, audiovisual content that appears real but has been manipulated with AI to deceive the audience. “To counter this, we have migrated to an authentication platform that allows employees accessing our services to use other authentication factors, both biometric and otherwise, instead of passwords.”
AI, on the other hand, is also already a defensive weapon, although Checa urges against using it for everything in cybersecurity, or certainly not as the sole option.
“Our strategy is hybrid. AI alone isn’t capable of defending everything, although it’s a great help. But you can’t base all your defenses on a single technology; the more controls you put in different places and the more different types of technologies you use, the better,” he says, explaining that Equifax leverages various signature protection technologies, among many others.
Challenges of a regional CISO
The CISO acknowledges that cybersecurity management at Equifax is an activity handled internally and globally, although supported by local teams.
“My responsibility as regional CISO is to ensure that the company’s security program is properly implemented at the European level and that we are able to adapt to our specific regulatory environment,” he says.
Checa welcomes the EU’s regulatory push in cybersecurity. “The main regulations that affect us are DORA, as financial service providers, and NIS2, and frankly, they haven’t required anything we weren’t already doing; we’ve simply had to adapt certain aspects.”
He acknowledges that the need to comply with regulations means that “many companies with our risk appetite can secure the necessary cybersecurity budgets,” and he points out that the NIS2 regulation has not yet been transposed into Spanish law. “But the delay also means that the transposition is being taken with the importance it deserves,” he adds.
He further argues that regulation has led to senior management now being directly responsible for company security, which has helped place it at the heart of corporate strategy in many companies. “The most important aspect of cybersecurity regulation, beyond the streamlining of processes and controls imposed by these regulations, is its strategic alignment with senior management.”
The executive is pleased that security, especially since the 2017 incident, has a high profile among Equifax’s senior management. “In fact, I, as Equifax’s CISO for Continental Europe, am part of the management committee, where the budget for this matter is decided,” he says.
Regarding the evolution of the CISO role in the market in general, Checa states: “I’ve been working in security since 2003, so yes, I’ve seen a clear change in this function.” First, he recalls, because “it’s a role that didn’t even exist before, and when it emerged, it had a primarily technical focus. Over the years, it has evolved into a more strategic company profile, more closely tied to the business. The CISO must be a communicator capable of explaining the implications of cybersecurity for the business.”
When asked about the relationship CISOs should have with their CIOs, to whom many CISOs report, Checa says: “In my opinion, there should be a certain degree of independence between the CIO and the CISO, but every company is different. In our case, our global CISO sits on the global management committee; we do as well at the local level.” He acknowledges, however, that from a tactical perspective, it’s beneficial to have close ties with the company’s IT department. “But, as I said, the important thing is to analyze each company’s specific circumstances, its risk appetite, and what works best for it.”
Looking ahead, Checa states that one of his biggest challenges as Equifax’s CISO for Continental Europe is “continuing to adapt to regulatory changes and being able to anticipate and adjust to all the new threats that emerge.” He adds, “My greatest commitment to the company is to be a security leader that delivers value and business. To be a differentiator. That’s what truly motivates and concerns me.”
Not forgetting all the work Equifax is already doing — which Checa says he can’t reveal — to be prepared for the post-quantum era: “We have very strong internal initiatives in this regard,” he says.
Checa works, as he explains, “to ensure that security truly becomes a differentiator from a business perspective, and this, of course, involves protecting all the highly sensitive information we have about our clients and consumers.”
He acknowledges that the role of CISO is “very stressful, but also very rewarding, requiring you to give your best, keep learning, and always be prepared for change.” He concludes that this role must be aware that “you can never reach the final state of security with all the evolving threats, technologies, and problems that exist today.”
PROFILE OF JAVIER CHECAJavier Checa is a member of the board of directors of Equifax Iberia and Equifax CISO (Chief Information Security Officer) for Continental Europe. He joined the global credit information company in September 2021 as a senior security analyst and currently combines the role of CISO with that of security risk officer for Equifax Europe.

Checa is a professional with more than 20 years of experience in the cybersecurity field, with expertise in risk management, network security, identity management, security operations or DevSecOps. Before joining Equifax, he had responsibilities in cybersecurity at Capgemini, CGI, British Telecom and El Corte Inglés, where he was director of information security, leading several security programs for more than 200,000 users and 5,000 developers.

Checa studied Computer Engineering at the Polytechnic University of Madrid and holds degrees in Data Networks Security Paradigms from the French National Higher School of Telecommunications and in Computer Aided Design of Digital Systems from the European Board of Technology Students, in addition to holding several specific certifications in the field of cybersecurity.
View the full article

• 0 comments
• 48 views

CSOonline

December 31, 2025Dec 31

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal HamouView the full article

• 0 comments
• 42 views

Hacker News

December 31, 2025Dec 31

Daran scheitert Passwordless

Daran scheitert Passwordless

Roman Samborskyi | shutterstock.com
Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026” von RSA (Download gegen Daten) wider, für den der Sicherheitsanbieter weltweit 2.000 Security-Experten befragt hat. Demnach haben 90 Prozent der Befragten Probleme mit Passwordless-Deployments.
“Die meisten Organisationen nutzen Passwordless nicht als primäre Authentifizierungsmethode. Das sind tolle Neuigkeiten für Cyberkriminelle, denn gestohlene Zugangsdaten sind Jahr für Jahr der häufigste Grund für Data Breaches”, kommentieren die Studienautoren.
Passwordless-Probleme
Kriminelle Hacker freuen sich jedoch auch, wenn unterschiedliche Betriebssysteme und spezielle Zugriffsabforderungen dafür sorgen, dass Organisationen mehrere Passwordless-Lösungen ausrollen müssen. Denn “zwischen” diesen Lösungen können neue Sicherheitslücken entstehen. Sicherheitsanalysten und -praktiker gehen davon aus, dass die meisten Unternehmen mit den heute existierenden Passwordless-Optionen 75 bis 85 Prozent ihrer Bedrohungslandschaft abdecken können.
“Es wird schwierig werden, 100 Prozent Abdeckung zu erreichen. Insbesondere in OT-Umgebungen mit eingebetteten Systemen und industriellen Steuerungsystemen. Besonders diffizil wird es auch mit Blick auf IoT, Embedded Linux – und allem, was mit Fertigung zu tun hat”, hält Will Townsend, Chefanalyst bei Moor Insights & Strategy, fest.
Zudem stellt sich die Frage, wie die Fallback-Lösung aussieht, wenn der Passwordless-Mechanismus versagt. Wird dabei auf Passwörter zurückgegriffen, ist das Ganze kontraproduktiv, wie Aaron Painter, CEO beim Identity-Spezialisten Nametag, skizziert: “Wenn in den Registrierungs- und Recovery-Prozessen von Passkeys Passwörter lauern, entsteht ein riskanter blinder Fleck. Woher wissen Sie, wer einen Passkey tatsächlich registriert oder zurücksetzt?”
Indem sie sowohl ein Passwort als auch einen Passkey verwendeten, würden Unternehmen lediglich ihre Angriffsfläche vergrößern, konstatiert der Security-Fachmann. Er ergänzt: “Eine echte Passwordless-Umstellung erfordert eine durchgängige Phishing-Resistenz von Enrollment-, Registrierungs- und Recovery-Prozessen.”
Laut der eingangs zitierten RSA-Studie ist die Komplexität von Enterprise-Umgebungen das potenziell gößte Hindernis für eine Passwordless-Einführung: “Weil die meisten Unternehmen in hybriden Umgebungen arbeiten und unterschiedliche Benutzer sowie Anwendungsfälle unterstützen müssen, ist eine Vielzahl von Formfaktoren nötig, um jedem User eine passwortlose Authentifizierung zu ermöglichen”, schreiben die Studienautoren. Die befragten Sicherheitsentscheider sehen drei wesentliche Herausforderungen bei der Umstellung auf passwortlose Authentifizierungslösungen:
Sicherheitsbedenken (57 Prozent), Bedenken hinsichtlich der Benutzererfahrung (56 Prozent), sowie vollständig fehlender Plattform-Support (inklusive Legacy-Anwendungen und Drittanbietersystemen). Passwordless-Lösungen
Wie so oft, kommt es auch bei der Einführung von Passwordless-Lösungen auf die richtige(n) Strategie(n) an. Oleg Naumenko, CEO beim Identity-Anbieter Hideez, empfiehlt CISOs, bei der Umstellung auf passwortlose Authentifizierung auf die Reihenfolge zu achten. Laut dem Experten beginnen viele Firmen damit, passwortlosen Zugang zu Cloud-Diensten zu implementieren, weil das einfacher ist. Komplexere, risikoreichere Systeme blieben hingegen weiterhin abhängig von Passwörtern. “Ich empfehle in der Regel, diese Reihenfolge umzukehren. Ein Unternehmen, das damit beginnt, privilegierte Benutzer und kritische Systeme zu sichern, kann damit das Risiko erheblich verringern.”
Privilegierte Benutzer wie Administratoren hätten den umfassendsten Zugriff, so Naumenko weiter. Wenn die passwortlose Anmeldung für sie funktioniere, ließe sie sich auch wesentlich einfacher auf den Rest des Unternehmens ausweiten.”Wenn der Rollout mit den einfachsten Integrationen beginnt, nur um mehr Benutzer zu erreichen, wird die Verbesserung nur oberflächlich ausfallen”, hält der Manager fest. Die meisten Cloud-Anwendungen ließen sich problemlos über SAML oder OIDC integrieren, während Legacy- oder benutzerdefinierte Systeme einen anderen Ansatz erforderten: “Die erste Option besteht darin, den Zugriff über eine VPN-Lösung zu beschränken, die durch passwortloses SSO geschützt ist. Die fortgeschrittenere Option wäre, einen Reverse-Proxy-Dienst zu nutzen, der direkten Passwordless-Zugriff ermöglicht”, empfiehlt Naumenko.
Mit Blick auf Legacy-Systeme hat auch Or Finkelstein, Head of Marketing beim Sicherheitsanbieter Secret Double Octopus, einen Tipp für CISOs und Sicherheitsentscheider auf Lager. Diesen hat er bei seiner Kundschaft beobachtet: “Die Technik besteht darin, das Legacy-Passwortfeld zu übernehmen und das vom Benutzer gewählte Passwort durch ein maschinengeneriertes temporäres Token zu ersetzen, das bei jeder Authentifizierung wechselt. Technisch gesehen ist das immer noch ein Passwort, aber kein Mensch wird es jemals sehen oder verwenden – es weist zudem nicht die Schwachstellen eines herkömmlichen Kennworts auf und kann nicht per Phishing abgegriffen werden.”
Erik Avakian, technischer Berater bei der Info-Tech Research Group, vergleicht die Situation um Passwordless-Lösungen mit der, in der sich CISOs schon mit Blick auf die Multi-Faktor-Authentifzierung (MFA) wiederfanden: “MFA bietet eine Reihe von Optionen für Authentifizierungsmechanismen. Einige sind robust, andere schwach. Unternehmen, die darauf nicht achten, gefährden ihre eigene Sicherheit. Es gilt, aus MFA zu lernen und Bequemlichkeit nicht über Schutz zu stellen”, so der Analyst. Seiner Meinung nach ähnelt die der Shift hin zu passwortloser Authentifizierung in vielerlei Hinsicht auch der Umstellung auf ein Zero-Trust-Modell: “Es handelt sich in beiden Fällen um einen mehrjährigen, mehrphasigen Prozess.” (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 64 views

CSOonline

December 31, 2025Dec 31

Cybercrime Inc.: Wenn Hacker besser organsiert sind als die IT

Cybercrime Inc.: Wenn Hacker besser organsiert sind als die IT

Cybercrime hat sich zur organisierten Industrie mit Arbeitsteilung gewandelt.
DC Studio – Shutterstock.com
Was einst in Foren mit selbstgeschriebenen Schadcodes begann, hat sich zu einer global vernetzten Untergrundökonomie entwickelt, die in Effizienz, Geschwindigkeit und Skalierung vielen Unternehmen überlegen ist. Hackergruppen arbeiten heute arbeitsteilig, nutzen Vertriebskanäle, betreiben Support, teilen Einnahmen mit Partnern und investieren in Forschung und Entwicklung.
Die entscheidende Frage lautet nicht mehr, ob ein Unternehmen Ziel eines Angriffs wird, sondern wie lange es nach einem Angriff stillsteht – und ob es in der Lage ist, sich davon zu erholen.
Strukturierte Schattenindustrie
Cybercrime hat sich von der Einzelaktion zur organisierten Industrie gewandelt. Die großen Gruppen agieren nach denselben Prinzipien wie internationale Konzerne. Sie haben Abteilungen, Prozesse, Führungsebenen und KPIs. Sie entwickeln Software, pflegen Kundendatenbanken und evaluieren ihre Erfolgsquoten.
Angriffe folgen längst einer betriebswirtschaftlichen Logik. Hinter jeder Phishing-Kampagne, jedem Datenleck und jeder Erpressung steht eine arbeitsteilig organisierte Lieferkette. Entwickler liefern Schadsoftware, Access Broker verkaufen Zugangsdaten, Logistiker stellen Server bereit, Kommunikationsspezialisten verhandeln Lösegelder.
Auf diese Weise entstand eine effiziente Schattenökonomie mit enormer Skalierbarkeit. Der Vertrieb läuft über geschlossene Foren, die Bezahlung über Kryptowährungen, die Buchhaltung über verschlüsselte Kommunikationskanäle.
Ransomware-as-a-Service: Amazon der Kriminalität
Das Modell Ransomware-as-a-Service (RaaS) hat zudem das Cybercrime-Business revolutioniert. Kriminelle Gruppen bieten ihre Malware wie ein Softwareprodukt an. Angreifer können den Code lizenzieren, Ziele auswählen und Angriffe starten – ganz ohne tiefgehende Programmierkenntnisse. Der Betreiber erhält dafür eine Provision.
So entwickelte sich ein Marktplatz, auf dem Dienstleistungen, Tools und Daten wie Produkte gehandelt werden. Der Zugang kostet eine Gebühr, Updates sind inklusive. Es gibt Handbücher, Rabattaktionen und Support-Foren. Selbst das Marketing wird professionell betrieben: „Zuverlässige Entschlüsselung, schnelle Reaktion, faire Aufteilung“ – so lauten Werbeslogans im Darknet.
Die Parallele zur legalen Wirtschaft ist frappierend. Es existieren Partnerschaften, Vertriebsnetze und Bonusmodelle. Ransomware ist kein Einzelfall mehr, sondern ein durchdachtes Geschäftsmodell mit klarer Gewinnstrategie.
Angriff als Dienstleistung
Cybercrime funktioniert inzwischen wie eine Servicekette. Wer heute einen Angriff plant, kann sämtliche Komponenten einkaufen – von initialen Zugangsdaten bis hin zum Leak-Management.
Access Broker verkaufen Zugänge zu Unternehmensnetzwerken. Botnet-Betreiber stellen Rechenleistung für Angriffe bereit. Entwickler liefern schlüsselfertige Exploits, die auf bekannte Schwachstellen zugeschnitten sind. Kommunikationsspezialisten übernehmen die Kontaktaufnahme zu den Opfern.
In dieser Parallelwirtschaft lässt sich nahezu jede Rolle auslagern. Der Effekt ist dieselbe Skalierung, die legale Plattformunternehmen stark gemacht hat – nur im Schatten des Rechts.
Die Rolle von Staaten
Zunehmend mischen sich staatlich tolerierte oder aktiv gesteuerte Gruppen in dieses Ökosystem ein. Angriffe auf Energieversorger, Krankenhäuser und öffentliche Verwaltungseinrichtungen zeigen, dass Cybercrime längst Teil geopolitischer Machtstrategien geworden ist.
Die Grenzen zwischen kriminellen und staatlichen Akteuren verschwimmen. Bestimmte Gruppen agieren unter dem Schutz von Regimen oder in deren Auftrag. So entstehen hybride Strukturen, die wirtschaftliche Interessen, politische Ziele und kriminelle Gewinne miteinander verknüpfen.
Diese Entwicklung macht die Lage besonders brisant. Cyberangriffe gefährden heute nicht nur IT-Systeme, sondern auch Versorgungssicherheit, öffentliche Ordnung und wirtschaftliche Stabilität.
Effiziente Angreifer
Was Cybercrime heute so gefährlich macht, ist nicht die Technologie allein, sondern die Effizienz ihrer Nutzung. Die Angreifer sind flexibel, vernetzt und experimentierfreudig. Sie testen, verwerfen, verbessern – in Zyklen, die in Unternehmen kaum vorstellbar sind.
Die Rekrutierung läuft wie in Start-ups. In Darknet-Foren kursieren Jobangebote für Entwickler, Social Engineers oder Sprachspezialisten. Es gibt Leistungsboni, Schulungen und Karrierepfade. Die Arbeitsweise ist agil, die Kommunikation dezentral, die Motivation finanziell klar geregelt.
Diese Strukturen erzeugen einen Innovationsdruck, der weit über technische Angriffe hinausgeht. Cybercrime-Gruppen investieren in KI, Automatisierung und Machine Learning. Sie analysieren Daten, um Schwachstellen gezielt auszunutzen.
Langsame Verteidiger
Anders sieht es bei den Angegriffenen aus. Viele Unternehmen agieren im Verteidigungsmodus – langsam, bürokratisch und oft reaktiv. Sicherheitskonzepte werden jährlich überprüft, Angriffe aber täglich angepasst. Zwischen Angriff und Erkennung liegen im Durchschnitt über 200 Tage.
Dieser Rückstand entsteht nicht aus Unwissen, sondern aus Strukturen. Während Kriminelle autark agieren, müssen Unternehmen Compliance prüfen, Budgets freigeben und Verantwortlichkeiten klären. Die Angreifer profitieren von der Trägheit ihrer Opfer.
Das größte Risiko ist nicht die fehlende Technologie, sondern die fehlende Reaktionsfähigkeit. Cyberresilienz wird dadurch zum entscheidenden Faktor.
Der Mensch als Einfallstor
Über 80 Prozent aller erfolgreichen Angriffe beginnen mit einem menschlichen Fehler. Phishing, Social Engineering oder manipulierte Chat-Nachrichten sind nach wie vor die einfachsten Mittel, um in Netzwerke einzudringen.
Die Qualität dieser Täuschungsversuche hat sich jedoch dramatisch verändert. Dank KI wirken E-Mails, Sprachaufnahmen und Deepfakes authentisch. Selbst erfahrene Mitarbeitende können Angriffe kaum noch erkennen.
Sicherheitsbewusstsein darf daher nicht mehr als lästige Pflichtübung gelten. Es muss Teil der Unternehmenskultur sein. Nur wer Angriffe als alltägliches Risiko begreift, kann angemessen reagieren.
Daten als Waffen
Ransomware-Gruppen setzen heute auf doppelte und dreifache Erpressung. Erst werden Systeme verschlüsselt, dann Daten gestohlen und schließlich sensible Informationen veröffentlicht, wenn kein Lösegeld gezahlt wird.
Dabei geht es nicht nur um Geld, sondern um Reputationsvernichtung. Vertrauliche Kommunikation, vertrauliche Forschungsergebnisse oder personenbezogene Daten werden gezielt veröffentlicht, um maximalen Druck zu erzeugen.
Dieser Mechanismus macht Cybercrime zur modernen Form der Wirtschaftsspionage. Jede Information kann zur Waffe werden, jedes Unternehmen zum Ziel.
Der KI-Wettlauf
Künstliche Intelligenz ist der Beschleuniger auf beiden Seiten. Kriminelle nutzen KI, um Phishing zu perfektionieren, Schadcode zu optimieren und Sicherheitsmechanismen zu umgehen. Gleichzeitig setzen Verteidiger KI-Systeme ein, um Anomalien zu erkennen und Vorfälle automatisiert zu isolieren.
Doch die Dynamik ist asymmetrisch. Die Angreifer können frei experimentieren, ohne regulatorische oder ethische Grenzen. Die Verteidiger müssen dagegen Datenschutz, Haftung und Compliance beachten. Diese Schieflage verschafft Cybercrime-Gruppen einen ständigen Geschwindigkeitsvorteil.
Der nächste Schritt ist absehbar: vollautomatisierte Angriffsketten, die auf Basis von Machine Learning in Echtzeit Entscheidungen treffen.
Von Prävention zu Resilienz
Angesichts dieser Entwicklung ist absolute Sicherheit nicht erreichbar. Entscheidend ist die Fähigkeit, nach einem Angriff schnell wieder funktionsfähig zu sein. Cyberresilienz beschreibt diese Kompetenz, Krisen nicht nur zu überstehen, sondern aus ihnen zu lernen.
Ein resilientes Unternehmen kennt seine kritischen Prozesse, testet Wiederanlaufpläne regelmäßig und verfügt über eine klare Kommunikationsstrategie. Incident-Response-Teams müssen trainiert sein, bevor der Ernstfall eintritt.
Dabei geht es nicht nur um Technik. Führung, Entscheidungsfähigkeit und interne Transparenz sind zentrale Erfolgsfaktoren. Wer in der Krise kommuniziert, statt zu schweigen, behält Kontrolle und Vertrauen.
Sicherheit als Asset
Ferner darf Cybersicherheit kein Kostenfaktor mehr sein, sondern muss als strategische Fähigkeit verstanden werden. Sie schützt nicht nur Systeme, sondern sichert Wettbewerbsfähigkeit, Kundendaten und Markenwert.
Die Professionalisierung der Angreifer zwingt Unternehmen dazu, selbst professioneller zu werden – in Strukturen, Prozessen und Mentalität. Nur wer Sicherheit in die DNA der Organisation integriert, kann langfristig bestehen.
Cybercrime wird 2026 kein vorübergehendes Risiko mehr sein, sondern ein permanenter Teil des wirtschaftlichen Ökosystems. Unternehmen, die darauf vorbereitet sind, werden überleben. Die anderen werden Teil einer Statistik, die Jahr für Jahr wächst.
Fazit
Cybercrime hat die Regeln der digitalen Wirtschaft adaptiert – Effizienz, Vernetzung, Automatisierung. Während viele Unternehmen noch in alten Sicherheitsparadigmen denken, hat sich im Untergrund längst eine globale Industrie formiert.
Sie agiert schneller, lernfähiger und kompromissloser. Der Unterschied zwischen Opfer und Überlebendem liegt nicht mehr in der Abwehr, sondern in der Fähigkeit, wieder aufzustehen.
View the full article

• 0 comments
• 43 views

CSOonline

December 31, 2025Dec 31

Daran scheitert Passwordless

Daran scheitert Passwordless

Roman Samborskyi | shutterstock.com
Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026” von RSA (Download gegen Daten) wider, für den der Sicherheitsanbieter weltweit 2.000 Security-Experten befragt hat. Demnach haben 90 Prozent der Befragten Probleme mit Passwordless-Deployments.
“Die meisten Organisationen nutzen Passwordless nicht als primäre Authentifizierungsmethode. Das sind tolle Neuigkeiten für Cyberkriminelle, denn gestohlene Zugangsdaten sind Jahr für Jahr der häufigste Grund für Data Breaches”, kommentieren die Studienautoren.
Passwordless-Probleme
Kriminelle Hacker freuen sich jedoch auch, wenn unterschiedliche Betriebssysteme und spezielle Zugriffsabforderungen dafür sorgen, dass Organisationen mehrere Passwordless-Lösungen ausrollen müssen. Denn “zwischen” diesen Lösungen können neue Sicherheitslücken entstehen. Sicherheitsanalysten und -praktiker gehen davon aus, dass die meisten Unternehmen mit den heute existierenden Passwordless-Optionen 75 bis 85 Prozent ihrer Bedrohungslandschaft abdecken können.
“Es wird schwierig werden, 100 Prozent Abdeckung zu erreichen. Insbesondere in OT-Umgebungen mit eingebetteten Systemen und industriellen Steuerungsystemen. Besonders diffizil wird es auch mit Blick auf IoT, Embedded Linux – und allem, was mit Fertigung zu tun hat”, hält Will Townsend, Chefanalyst bei Moor Insights & Strategy, fest.
Zudem stellt sich die Frage, wie die Fallback-Lösung aussieht, wenn der Passwordless-Mechanismus versagt. Wird dabei auf Passwörter zurückgegriffen, ist das Ganze kontraproduktiv, wie Aaron Painter, CEO beim Identity-Spezialisten Nametag, skizziert: “Wenn in den Registrierungs- und Recovery-Prozessen von Passkeys Passwörter lauern, entsteht ein riskanter blinder Fleck. Woher wissen Sie, wer einen Passkey tatsächlich registriert oder zurücksetzt?”
Indem sie sowohl ein Passwort als auch einen Passkey verwendeten, würden Unternehmen lediglich ihre Angriffsfläche vergrößern, konstatiert der Security-Fachmann. Er ergänzt: “Eine echte Passwordless-Umstellung erfordert eine durchgängige Phishing-Resistenz von Enrollment-, Registrierungs- und Recovery-Prozessen.”
Laut der eingangs zitierten RSA-Studie ist die Komplexität von Enterprise-Umgebungen das potenziell gößte Hindernis für eine Passwordless-Einführung: “Weil die meisten Unternehmen in hybriden Umgebungen arbeiten und unterschiedliche Benutzer sowie Anwendungsfälle unterstützen müssen, ist eine Vielzahl von Formfaktoren nötig, um jedem User eine passwortlose Authentifizierung zu ermöglichen”, schreiben die Studienautoren. Die befragten Sicherheitsentscheider sehen drei wesentliche Herausforderungen bei der Umstellung auf passwortlose Authentifizierungslösungen:
Sicherheitsbedenken (57 Prozent), Bedenken hinsichtlich der Benutzererfahrung (56 Prozent), sowie vollständig fehlender Plattform-Support (inklusive Legacy-Anwendungen und Drittanbietersystemen). Passwordless-Lösungen
Wie so oft, kommt es auch bei der Einführung von Passwordless-Lösungen auf die richtige(n) Strategie(n) an. Oleg Naumenko, CEO beim Identity-Anbieter Hideez, empfiehlt CISOs, bei der Umstellung auf passwortlose Authentifizierung auf die Reihenfolge zu achten. Laut dem Experten beginnen viele Firmen damit, passwortlosen Zugang zu Cloud-Diensten zu implementieren, weil das einfacher ist. Komplexere, risikoreichere Systeme blieben hingegen weiterhin abhängig von Passwörtern. “Ich empfehle in der Regel, diese Reihenfolge umzukehren. Ein Unternehmen, das damit beginnt, privilegierte Benutzer und kritische Systeme zu sichern, kann damit das Risiko erheblich verringern.”
Privilegierte Benutzer wie Administratoren hätten den umfassendsten Zugriff, so Naumenko weiter. Wenn die passwortlose Anmeldung für sie funktioniere, ließe sie sich auch wesentlich einfacher auf den Rest des Unternehmens ausweiten.”Wenn der Rollout mit den einfachsten Integrationen beginnt, nur um mehr Benutzer zu erreichen, wird die Verbesserung nur oberflächlich ausfallen”, hält der Manager fest. Die meisten Cloud-Anwendungen ließen sich problemlos über SAML oder OIDC integrieren, während Legacy- oder benutzerdefinierte Systeme einen anderen Ansatz erforderten: “Die erste Option besteht darin, den Zugriff über eine VPN-Lösung zu beschränken, die durch passwortloses SSO geschützt ist. Die fortgeschrittenere Option wäre, einen Reverse-Proxy-Dienst zu nutzen, der direkten Passwordless-Zugriff ermöglicht”, empfiehlt Naumenko.
Mit Blick auf Legacy-Systeme hat auch Or Finkelstein, Head of Marketing beim Sicherheitsanbieter Secret Double Octopus, einen Tipp für CISOs und Sicherheitsentscheider auf Lager. Diesen hat er bei seiner Kundschaft beobachtet: “Die Technik besteht darin, das Legacy-Passwortfeld zu übernehmen und das vom Benutzer gewählte Passwort durch ein maschinengeneriertes temporäres Token zu ersetzen, das bei jeder Authentifizierung wechselt. Technisch gesehen ist das immer noch ein Passwort, aber kein Mensch wird es jemals sehen oder verwenden – es weist zudem nicht die Schwachstellen eines herkömmlichen Kennworts auf und kann nicht per Phishing abgegriffen werden.”
Erik Avakian, technischer Berater bei der Info-Tech Research Group, vergleicht die Situation um Passwordless-Lösungen mit der, in der sich CISOs schon mit Blick auf die Multi-Faktor-Authentifzierung (MFA) wiederfanden: “MFA bietet eine Reihe von Optionen für Authentifizierungsmechanismen. Einige sind robust, andere schwach. Unternehmen, die darauf nicht achten, gefährden ihre eigene Sicherheit. Es gilt, aus MFA zu lernen und Bequemlichkeit nicht über Schutz zu stellen”, so der Analyst. Seiner Meinung nach ähnelt die der Shift hin zu passwortloser Authentifizierung in vielerlei Hinsicht auch der Umstellung auf ein Zero-Trust-Modell: “Es handelt sich in beiden Fällen um einen mehrjährigen, mehrphasigen Prozess.” (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 66 views

CSOonline

December 31, 2025Dec 31

Cybercrime Inc.: Wenn Hacker besser organsiert sind als die IT

Cybercrime Inc.: Wenn Hacker besser organsiert sind als die IT

Cybercrime hat sich zur organisierten Industrie mit Arbeitsteilung gewandelt.
DC Studio – Shutterstock.com
Was einst in Foren mit selbstgeschriebenen Schadcodes begann, hat sich zu einer global vernetzten Untergrundökonomie entwickelt, die in Effizienz, Geschwindigkeit und Skalierung vielen Unternehmen überlegen ist. Hackergruppen arbeiten heute arbeitsteilig, nutzen Vertriebskanäle, betreiben Support, teilen Einnahmen mit Partnern und investieren in Forschung und Entwicklung.
Die entscheidende Frage lautet nicht mehr, ob ein Unternehmen Ziel eines Angriffs wird, sondern wie lange es nach einem Angriff stillsteht – und ob es in der Lage ist, sich davon zu erholen.
Strukturierte Schattenindustrie
Cybercrime hat sich von der Einzelaktion zur organisierten Industrie gewandelt. Die großen Gruppen agieren nach denselben Prinzipien wie internationale Konzerne. Sie haben Abteilungen, Prozesse, Führungsebenen und KPIs. Sie entwickeln Software, pflegen Kundendatenbanken und evaluieren ihre Erfolgsquoten.
Angriffe folgen längst einer betriebswirtschaftlichen Logik. Hinter jeder Phishing-Kampagne, jedem Datenleck und jeder Erpressung steht eine arbeitsteilig organisierte Lieferkette. Entwickler liefern Schadsoftware, Access Broker verkaufen Zugangsdaten, Logistiker stellen Server bereit, Kommunikationsspezialisten verhandeln Lösegelder.
Auf diese Weise entstand eine effiziente Schattenökonomie mit enormer Skalierbarkeit. Der Vertrieb läuft über geschlossene Foren, die Bezahlung über Kryptowährungen, die Buchhaltung über verschlüsselte Kommunikationskanäle.
Ransomware-as-a-Service: Amazon der Kriminalität
Das Modell Ransomware-as-a-Service (RaaS) hat zudem das Cybercrime-Business revolutioniert. Kriminelle Gruppen bieten ihre Malware wie ein Softwareprodukt an. Angreifer können den Code lizenzieren, Ziele auswählen und Angriffe starten – ganz ohne tiefgehende Programmierkenntnisse. Der Betreiber erhält dafür eine Provision.
So entwickelte sich ein Marktplatz, auf dem Dienstleistungen, Tools und Daten wie Produkte gehandelt werden. Der Zugang kostet eine Gebühr, Updates sind inklusive. Es gibt Handbücher, Rabattaktionen und Support-Foren. Selbst das Marketing wird professionell betrieben: „Zuverlässige Entschlüsselung, schnelle Reaktion, faire Aufteilung“ – so lauten Werbeslogans im Darknet.
Die Parallele zur legalen Wirtschaft ist frappierend. Es existieren Partnerschaften, Vertriebsnetze und Bonusmodelle. Ransomware ist kein Einzelfall mehr, sondern ein durchdachtes Geschäftsmodell mit klarer Gewinnstrategie.
Angriff als Dienstleistung
Cybercrime funktioniert inzwischen wie eine Servicekette. Wer heute einen Angriff plant, kann sämtliche Komponenten einkaufen – von initialen Zugangsdaten bis hin zum Leak-Management.
Access Broker verkaufen Zugänge zu Unternehmensnetzwerken. Botnet-Betreiber stellen Rechenleistung für Angriffe bereit. Entwickler liefern schlüsselfertige Exploits, die auf bekannte Schwachstellen zugeschnitten sind. Kommunikationsspezialisten übernehmen die Kontaktaufnahme zu den Opfern.
In dieser Parallelwirtschaft lässt sich nahezu jede Rolle auslagern. Der Effekt ist dieselbe Skalierung, die legale Plattformunternehmen stark gemacht hat – nur im Schatten des Rechts.
Die Rolle von Staaten
Zunehmend mischen sich staatlich tolerierte oder aktiv gesteuerte Gruppen in dieses Ökosystem ein. Angriffe auf Energieversorger, Krankenhäuser und öffentliche Verwaltungseinrichtungen zeigen, dass Cybercrime längst Teil geopolitischer Machtstrategien geworden ist.
Die Grenzen zwischen kriminellen und staatlichen Akteuren verschwimmen. Bestimmte Gruppen agieren unter dem Schutz von Regimen oder in deren Auftrag. So entstehen hybride Strukturen, die wirtschaftliche Interessen, politische Ziele und kriminelle Gewinne miteinander verknüpfen.
Diese Entwicklung macht die Lage besonders brisant. Cyberangriffe gefährden heute nicht nur IT-Systeme, sondern auch Versorgungssicherheit, öffentliche Ordnung und wirtschaftliche Stabilität.
Effiziente Angreifer
Was Cybercrime heute so gefährlich macht, ist nicht die Technologie allein, sondern die Effizienz ihrer Nutzung. Die Angreifer sind flexibel, vernetzt und experimentierfreudig. Sie testen, verwerfen, verbessern – in Zyklen, die in Unternehmen kaum vorstellbar sind.
Die Rekrutierung läuft wie in Start-ups. In Darknet-Foren kursieren Jobangebote für Entwickler, Social Engineers oder Sprachspezialisten. Es gibt Leistungsboni, Schulungen und Karrierepfade. Die Arbeitsweise ist agil, die Kommunikation dezentral, die Motivation finanziell klar geregelt.
Diese Strukturen erzeugen einen Innovationsdruck, der weit über technische Angriffe hinausgeht. Cybercrime-Gruppen investieren in KI, Automatisierung und Machine Learning. Sie analysieren Daten, um Schwachstellen gezielt auszunutzen.
Langsame Verteidiger
Anders sieht es bei den Angegriffenen aus. Viele Unternehmen agieren im Verteidigungsmodus – langsam, bürokratisch und oft reaktiv. Sicherheitskonzepte werden jährlich überprüft, Angriffe aber täglich angepasst. Zwischen Angriff und Erkennung liegen im Durchschnitt über 200 Tage.
Dieser Rückstand entsteht nicht aus Unwissen, sondern aus Strukturen. Während Kriminelle autark agieren, müssen Unternehmen Compliance prüfen, Budgets freigeben und Verantwortlichkeiten klären. Die Angreifer profitieren von der Trägheit ihrer Opfer.
Das größte Risiko ist nicht die fehlende Technologie, sondern die fehlende Reaktionsfähigkeit. Cyberresilienz wird dadurch zum entscheidenden Faktor.
Der Mensch als Einfallstor
Über 80 Prozent aller erfolgreichen Angriffe beginnen mit einem menschlichen Fehler. Phishing, Social Engineering oder manipulierte Chat-Nachrichten sind nach wie vor die einfachsten Mittel, um in Netzwerke einzudringen.
Die Qualität dieser Täuschungsversuche hat sich jedoch dramatisch verändert. Dank KI wirken E-Mails, Sprachaufnahmen und Deepfakes authentisch. Selbst erfahrene Mitarbeitende können Angriffe kaum noch erkennen.
Sicherheitsbewusstsein darf daher nicht mehr als lästige Pflichtübung gelten. Es muss Teil der Unternehmenskultur sein. Nur wer Angriffe als alltägliches Risiko begreift, kann angemessen reagieren.
Daten als Waffen
Ransomware-Gruppen setzen heute auf doppelte und dreifache Erpressung. Erst werden Systeme verschlüsselt, dann Daten gestohlen und schließlich sensible Informationen veröffentlicht, wenn kein Lösegeld gezahlt wird.
Dabei geht es nicht nur um Geld, sondern um Reputationsvernichtung. Vertrauliche Kommunikation, vertrauliche Forschungsergebnisse oder personenbezogene Daten werden gezielt veröffentlicht, um maximalen Druck zu erzeugen.
Dieser Mechanismus macht Cybercrime zur modernen Form der Wirtschaftsspionage. Jede Information kann zur Waffe werden, jedes Unternehmen zum Ziel.
Der KI-Wettlauf
Künstliche Intelligenz ist der Beschleuniger auf beiden Seiten. Kriminelle nutzen KI, um Phishing zu perfektionieren, Schadcode zu optimieren und Sicherheitsmechanismen zu umgehen. Gleichzeitig setzen Verteidiger KI-Systeme ein, um Anomalien zu erkennen und Vorfälle automatisiert zu isolieren.
Doch die Dynamik ist asymmetrisch. Die Angreifer können frei experimentieren, ohne regulatorische oder ethische Grenzen. Die Verteidiger müssen dagegen Datenschutz, Haftung und Compliance beachten. Diese Schieflage verschafft Cybercrime-Gruppen einen ständigen Geschwindigkeitsvorteil.
Der nächste Schritt ist absehbar: vollautomatisierte Angriffsketten, die auf Basis von Machine Learning in Echtzeit Entscheidungen treffen.
Von Prävention zu Resilienz
Angesichts dieser Entwicklung ist absolute Sicherheit nicht erreichbar. Entscheidend ist die Fähigkeit, nach einem Angriff schnell wieder funktionsfähig zu sein. Cyberresilienz beschreibt diese Kompetenz, Krisen nicht nur zu überstehen, sondern aus ihnen zu lernen.
Ein resilientes Unternehmen kennt seine kritischen Prozesse, testet Wiederanlaufpläne regelmäßig und verfügt über eine klare Kommunikationsstrategie. Incident-Response-Teams müssen trainiert sein, bevor der Ernstfall eintritt.
Dabei geht es nicht nur um Technik. Führung, Entscheidungsfähigkeit und interne Transparenz sind zentrale Erfolgsfaktoren. Wer in der Krise kommuniziert, statt zu schweigen, behält Kontrolle und Vertrauen.
Sicherheit als Asset
Ferner darf Cybersicherheit kein Kostenfaktor mehr sein, sondern muss als strategische Fähigkeit verstanden werden. Sie schützt nicht nur Systeme, sondern sichert Wettbewerbsfähigkeit, Kundendaten und Markenwert.
Die Professionalisierung der Angreifer zwingt Unternehmen dazu, selbst professioneller zu werden – in Strukturen, Prozessen und Mentalität. Nur wer Sicherheit in die DNA der Organisation integriert, kann langfristig bestehen.
Cybercrime wird 2026 kein vorübergehendes Risiko mehr sein, sondern ein permanenter Teil des wirtschaftlichen Ökosystems. Unternehmen, die darauf vorbereitet sind, werden überleben. Die anderen werden Teil einer Statistik, die Jahr für Jahr wächst.
Fazit
Cybercrime hat die Regeln der digitalen Wirtschaft adaptiert – Effizienz, Vernetzung, Automatisierung. Während viele Unternehmen noch in alten Sicherheitsparadigmen denken, hat sich im Untergrund längst eine globale Industrie formiert.
Sie agiert schneller, lernfähiger und kompromissloser. Der Unterschied zwischen Opfer und Überlebendem liegt nicht mehr in der Abwehr, sondern in der Fähigkeit, wieder aufzustehen.
View the full article

• 0 comments
• 44 views

CSOonline

December 31, 2025Dec 31

External Attack Surface Management (EASM): Mit diesen vier Schritten minimieren Sie das Cyberrisiko

External Attack Surface Management (EASM): Mit diesen vier Schritten minimieren Sie das Cyberrisiko

IT-Security-Verantwortliche sollten die Angriffsfläche permanent analysieren und schützen. Dazu müssen sie stets im Blick haben, welche Assets über das Internet erreichbar sind.
Foto: NicoElNino – shutterstock.com
Von IoT-Devices über Cloud-basierte Infrastrukturen, Web-Applikationen und Firewalls bis hin zu VPN-Gateways: Die Anzahl unternehmenseigener Assets, die mit dem Internet verbunden sind, steigt exponentiell an. Sie ermöglichen beispielsweise den Zugriff auf Daten, Sensoren, Server, Onlineshops, Webseiten oder andere Anwendungen. Allerdings wächst mit jedem zusätzlichen Asset die externe Angriffsfläche – und damit das Risiko für erfolgreiche Cyberattacken.
Asset Discovery reicht nicht aus
Diese externe Angriffsfläche ändert sich bei vielen Unternehmen oftmals im Tagestakt, ist äußerst komplex und stellt die Security-Verantwortlichen vor erhebliche Herausforderungen. Sie müssen stets im Blick haben, welche (neuen) Assets über das Internet erreichbar sind, und sich über entdeckte Sicherheitslücken informieren. CISOs benötigen deshalb ein feines Gespür für mögliche Schwachstellen und Fehlkonfigurationen. Außerdem sollten sie über ein Team verfügen, das weiß, wie es gefundene Bedrohungen abwenden kann und welche Maßnahmen zu ergreifen sind. Aber welche Sicherheitslücke soll überhaupt zuerst geschlossen werden? Ein effektiver Schutz der unternehmenseigenen IT-Infrastruktur benötigt ein mehrstufiges Konzept für External Attack Surface Management (EASM), das auch eine Abwägung des individuellen, tatsächlichen Risikos der Schwachstellen umfasst. Dieser iterative Prozess lässt sich grob in vier aufeinander folgende Schritte einteilen.
Schritt 1: Assets identifizieren und klassifizieren
Nur wer alle Assets kennt, kann sich effektiv schützen und die Angriffsfläche aktiv managen. Doch die Identifizierung ist leichter gesagt als getan. Das gilt für mittelständische Unternehmen und noch viel mehr für große Konzerne mit zahlreichen Untergesellschaften. Sie tun sich oftmals schwer, alles extern Erreichbare im Blick zu behalten. Dazu trägt auch die Schatten-IT bei, in der Mitarbeitende entgegen den geltenden Compliance-Regeln ohne das Wissen und ohne die offizielle Zustimmung durch die interne IT-Abteilung zum Beispiel nicht freigegebene Software-Anwendungen installieren oder Cloud-Dienste nutzen. Um dennoch eine stichhaltige Übersicht über alle relevanten Assets zu erhalten, müssen Verantwortliche die externe Angriffsfläche regelmäßig automatisiert überprüfen. Im Idealfall werden dabei nicht nur alle relevanten Assets identifiziert, sondern auch den entsprechenden Unterorganisationen, Töchtern & Co. zugeordnet. External Attack Surface Management geht dabei weit über klassisches Asset Discovery und Vulnerability Scanning hinaus. Es nimmt auch “blinde Flecken” ins Visier – etwa vergessene Cloud Assets sowie nicht mehr genutzte oder fehlerhaft konfigurierte IT- und IoT-Infrastrukturen.
Schritt 2: Risikoerkennung
Um festzustellen, welche Anfälligkeiten bestehen und welches Gefährdungspotenzial sich dadurch für das eigene Unternehmen ergibt, werden diverse Testverfahren auf verschiedenen Ebenen durchgeführt. Ob die potenzielle Gefahr von bestimmten Anwendungen ausgeht, lässt sich beispielsweise mit Dynamic Application Security Testing (DAST) in Erfahrung bringen. Zudem sollte überprüft werden, ob sicherheitsrelevante Daten, beispielsweise für die Steuerung einer Produktionsanlage, eventuell bereits unbeabsichtigt über das Internet einsehbar sind. Ein weiteres Sicherheitsrisiko sind nicht autorisierte Anmeldungen. Hier kommt Credentials Testing zum Einsatz. Zudem sollten Unternehmen permanent im Auge behalten, ob ihre Assets von bereits bekannten und veröffentlichten Sicherheitslücken betroffen sind.
Schritt 3: Risikobewertung
Alle entdeckten Schwachstellen bergen ein gewisses Risiko, doch dieses ist nicht immer gleich hoch. Um es realistisch bewerten und klassifizieren zu können, stehen drei Metriken im Mittelpunkt.
Erstens die Exploitability mit der zentralen Frage: Gibt es für die spezielle Sicherheitslücke tatsächlich bereits bekannte Angriffsvektoren, oder ist sie bisher eher theoretischer Natur und noch nicht konkret ausgenutzt worden?
Zweitens die Attractiveness für Angreifer. Hier ist die Frage: Befindet sich die Sicherheitslücke auf einem Asset oder Zielsystem, das für eine Attacke interessant ist? Eine zentrale Datenbank ist hier beispielsweise wesentlich lohnenswerter als ein Asset einer Unterorganisation, das keinen Zugriff auf andere Systeme erlaubt.
Die dritte Metrik ist die Discoverability, die umschreibt, wie schnell und einfach ein Asset einem Unternehmen als potenziellem Ziel zugeordnet werden kann. Befindet es sich beispielsweise direkt auf der Website oder ist es als weitgehend unbekanntes Risiko bei einer Tochterorganisation “versteckt”?
Schritt 4: Priorisierung und Remediation
Um das externe Cyberrisiko der von außen erreichbaren Angriffsfläche effektiv klein zu halten, ist der wichtigste Faktor eine möglichst kurze Reaktionszeit für tatsächlich kritische Risiken. Das gilt für das Erkennen, aber natürlich auch für das rechtzeitige Schließen relevanter Schwachstellen. Doch was tun, wenn das Dashboard mehr Probleme zeigt, als Personal zu Verfügung steht, um sie zu beheben? Dann müssen die Schwachstellen sinnvoll priorisiert werden, um das Gesamtrisiko für erfolgreiche Angriffe so schnell und so stark wie möglich zu minimieren. So ist beispielsweise der direkte ungeschützte Zugriff von außen auf eine Kundendatenbank ohne Authentisierung in der Regel sicherlich deutlich kritischer als eine bisher nur theoretisch ausnutzbare Schwachstelle auf einer IP-Kamera. Es geht für das Security Operations Team also nicht in erster Linie darum, schnell möglichst viele Lücken zu schließen, sondern die relevantesten. Und oft bergen lediglich circa zehn Lücken den größten Teil – und zwar bis zu 90 Prozent – des gesamten externen Cyberrisikos eines Unternehmens in der aktuellen Woche. Ist die Remediation abgeschlossen, sollte die Wirksamkeit der Maßnahmen, bestenfalls automatisiert, von außen revalidiert werden.
Ein Fallbeispiel: Fatales Change Management
Die Vorteile des EASM-Konzepts lassen sich an einem Fallbeispiel illustrieren: Um Anfragen nach dem “Recht auf Vergessen” effizient bearbeiten zu können, muss ein E-Commerce-Händler umfangreiche Code-Änderungen umsetzen. Aufgrund des hohen Programmieraufwands bekommt das interne Team Unterstützung von externen Entwicklern. Damit die Bereitstellung der Infrastruktur für die externen Kolleginnen und Kollegen möglichst unkompliziert und gleichzeitig Compliance-konform ablaufen kann, richtet der Vertragspartner einen Jenkins-Server ein. Einige Tage später wird eine Firewall-Änderungsanforderung in dem Subnetz verarbeitet, in dem der Jenkins-Server bereitgestellt wurde.
Was der zuständige Entwickler allerdings nicht realisiert: Diese Änderung macht den Jenkins-Server über das Internet zugänglich. Da er jedoch nicht durch die Unternehmens-IT verwaltet wird, gibt es auch keine Sicherheitsüberwachung. Der Server ist also nicht gehärtet und das Standardkennwort wurde nicht geändert. Ein Angreifer entdeckt den weitgehend ungeschützten Server, schafft es, sich anzumelden und über ein Groovy-Skript die Shell in der Jenkins-Skriptkonsole auszuführen. Anschließend verschafft er sich Root-Rechte und findet private SSH-Schlüssel für die Bereitstellung von Assets sowie API-Schlüssel für Quellcode-Repositories. Diese verwendet er für den Zugriff auf die Code-Repositories und stößt so auf AWS-API-Schlüssel.
Mit diesem kompromittiert er mehrere Terabyte an Daten, die in S3-Buckets gespeichert sind, darunter auch personenbezogene Informationen (PII) von Kunden. Was als Projekt zur Umsetzung von Datenschutzvorschriften begann, führt am Ende zu einer Offenlegung genau der Daten, die ursprünglich besser geschützt werden sollten. Um einen solchen erfolgreichen Angriff in Zukunft zu verhindern, denken die Verantwortlichen darüber nach, die bisher jährlichen Penetrationstests ab sofort in jedem Quartal durchzuführen. Dieser gut gemeinte, letztlich aber leider wenig zielführende Vorschlag zeigt das häufigste Problem in Bezug auf EASM, nämlich mangelndes Risikobewusstsein.
Wer die externe Angriffsfläche effektiv schützen und das externe Cyberrisiko minimieren möchte, muss öffentlich sichtbare Cloud Assets und Anwendungen eines Unternehmens inklusive aller Unterorganisationen kontinuierlich – und aus Effizienz- und Kostengründen möglichst automatisiert – prüfen und überwachen.


Dann fällt die oben beschriebene Konfigurationsänderung und das implementierte Standardpasswort für den von außen zugänglichen Jenkins-Server direkt auf und in den internen Systemen wird automatisch eine entsprechende Risikomeldung ausgelöst. Eine gute EASM-Lösung liefert darüber hinaus auch wichtige Informationen zu effektiven Präventionsmaßnahmen, um ähnliche Vorfälle künftig zu verhindern. Denn unter Umständen kennt der zuständige Sicherheitsanalyst Jenkins nicht, fordert deshalb “nur” ein neues Passwort an und betrachtet den Vorgang und das Risiko damit als erledigt. Erst wenn er darüber informiert wird, dass Jenkins-Server niemals über das Internet erreichbar sein sollten, und es sich grundsätzlich empfiehlt, die Standard-Anmeldedaten zu ändern, lässt sich das externe Cyberrisiko verringern. Zudem kann das System den Analysten warnen, dass Angreifer möglicherweise bereits eingebrochen sind und eine gründlichere Untersuchung angebracht wäre. Darüber hinaus lassen sich mit der kontinuierlichen Überwachung durch EASM die getroffenen Maßnahmen validieren – als wirksam oder eben nicht.
Sicherer mit stetigem und zentralem EASM
Das ist nur ein Beispiel, das zeigt: Für einen effektiven Schutz der aus dem Internet erreichbaren Angriffsfläche reichen Einzelmaßnahmen wie halbjährlich durchgeführte Penetrationstest oder Vulnerability-Scans nicht aus. Auch der Einsatz eines “Flickenteppichs” aus Punktlösungen und -prozessen wiegt IT-Verantwortliche oft in falscher Sicherheit, denn nach offiziellen Vorgaben ist alles in Ordnung – aber nur, weil kritische Assets und Sicherheitslücken durchs Raster fallen können. Ein effektives EASM geht über reine Compliance-Standards hinaus und minimiert das externe Cyberrisiko auf Basis zweier Aspekte.
Der erste ist Kontinuität: Es muss regelmäßig sichergestellt werden, dass alle externen Assets korrekt erfasst und hinsichtlich ihres Risikostatus auf dem neuesten Stand sind. Der zweite ist Einheitlichkeit: Wer bei einzelnen Teilschritten wie Erkennung und Klassifizierung bis hin zur Risikobewertung, -priorisierung und Remediation mit Insellösungen “nachbessert”, optimiert damit nicht zwangsläufig auch den Gesamtprozess. Eine effektive Verringerung des externen Cyberrisikos kann über eine zentrale Plattformlösung für EASM erfolgen, die alle vier Phasen abdeckt. Sie identifiziert und analysiert – beispielsweise in einem wöchentlichen Turnus – automatisch alle relevanten Assets und minimiert so die Wahrscheinlichkeit, dass wichtige Risiken übersehen werden.
Anschließend gibt sie IT-Verantwortlichen konkrete Handlungsempfehlungen, indem sie kontinuierlich aufzeigt, welche die für das Unternehmen derzeit jeweils wichtigsten Sicherheitslücken sind, die umgehend geschlossen werden müssen. Damit das effektiv und binnen kürzester Zeit geschehen kann, sollte sich die EASM-Lösung zudem über entsprechende Schnittstellen in bestehende Prozesse und Systeme integrieren lassen. Das ermöglicht eine nahtlose Weitergabe aller relevanten Informationen und sorgt dafür, dass die kritischen Risiken schneller intern verstanden und Remediation-Maßnahmen zeitnah getroffen werden können.
Am Ende kommt es jedoch auch immer auf die Verantwortlichen im Unternehmen an. Denn eine technische Lösung kann zwar eine schnelle MTTD (Medium Time To Detection) garantieren und relevante Informationen bereitstellen, die letztlich relevante MTTR (Medium Time To Remediation) hängt allerdings von der Reaktionsschnelligkeit der zuständigen Abteilungen ab. Wenn Technologie und Mensch “Hand in Hand” arbeiten, sind die oben genannten vier Schritte für Unternehmen ein probater Weg, um das externe Cyberrisiko zu minimieren. (jm)
View the full article

• 0 comments
• 37 views

CSOonline

December 31, 2025Dec 31

So geht Post-Incident Review

So geht Post-Incident Review

dotshock | shutterstock.com
Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte – ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die Sache zu vergessen, wäre allerdings kontraproduktiv. Schließlich haben die Angreifer einen Weg gefunden, Ihre Systeme zu kompromittieren und dabei Abwehrmaßnahmen zu umgehen.
Deshalb ist an dieser Stelle ein Post-Incident Review essenziell: Ein strukturierter Prozess, in dessen Rahmen das Unternehmen analysiert,  
was gut gelaufen ist, was nicht, und wie die Performance in Zukunft verbessert werden kann. Das klingt erst einmal simpel – allerdings gilt es einige wichtige Dinge zu beachten, um eine robuste Post-Incident-Review-Strategie zu entwickeln. Welche das sind, haben wir im Gespräch mit verschiedenen Sicherheitsexperten herausgearbeitet.
1. Zeitnah handeln
Nicht nur wenn es um die Analyse geht, ist Timing bei Security Incidents von entscheidender Bedeutung. Lassen Sie erst einmal Wochen oder Monate ins Land ziehen, bevor Sie ein Post-Incident Review anberaumen, steigt das Risiko, dass wichtige Elemente in Vergessenheit geraten – und Sicherheitsentscheider und ihre Teams sich kein vollständiges Bild von dem Angriff mehr machen können.  
David Taylor, Managing Director bei der IT-Beratung Protiviti, rät deshalb dazu, möglichst zeitnah tätig zu werden: “Ein Review kurz nach einem Incident gewährleistet, dass alle Details noch frisch in den Köpfen sind und vermittelt zudem ein Gefühl von Dringlichkeit”. Zudem könnten die Review-Beteiligten auf diese Weise auch eine akkurate Timeline der Ereignisse erarbeiten, so der Chefberater.   
Wie diese Timeline ausgestaltet werden sollte, weiß Heather Clauson Haughian, Mitbegründerin und geschäftsführende Partnerin der auf Datenschutz spezialisierten Anwaltskanzlei CM Law: “Zunächst gilt es, festzuhalten, was genau passiert ist – von den ersten Anzeichen eines Problems bis hin zu seiner Bewältigung.”
Das unterstütze alle Beteiligten dabei, nachzuvollziehen, an welchen Stellen es zu Verzögerungen oder Fehlern gekommen ist – und an welchen nicht. “Es geht im Grunde darum, den Vorfall in eine verständliche ‚Story‘ zu gießen und daraus entsprechende Lehren zu ziehen”, erklärt die Rechtsexpertin.
2. Ursachenanalyse fahren
Pflichtbestandteil eines Post-Incident Reviews ist zudem eine Ursachenanalyse (auch Root Cause Analysis) – zumindest wenn Ihnen daran gelegen ist, künftige Incidents zu verhindern.
Dieser Überzeugung ist auch Michael Brown, Field CISO beim IT-Dienstleister Presidio: “Die Grundursache eines Vorfalls zu identifizieren, ist essenziell. Die Teams müssen herausfinden, ob es sich dabei um eine technische Schwachstelle, menschliches Versagen oder Prozess- beziehungsweise Technologielücken handelt. Nur so lässt sich sicherstellen, dass nicht nur Symptome behandelt werden.”
3. Lücken identifizieren
Ein Post-Incident Review sollte darüber hinaus auch beinhalten, die Performance des Sicherheitsteams mit Blick auf etablierte Prozesse (etwa den Incident-Response-Plan) zu evaluieren. Das ist laut Protiviti-Manager Taylor unerlässlich, um die Team-Fähigkeiten sukzessive zu verbessern: “Es kann wertvolle Informationen für innovative Optimierungen liefern, Schulungslücken identifizieren und Ineffizienzen in der Reaktionsphase beseitigen.”
Presidio geht diesbezüglich mit gutem Beispiel voran, wie Field CISO Brown verrät: “Im Rahmen unserer Post-Incident Reviews bewerten wir die Leistung unseres Incident-Response-Teams in unterschiedlichen Bereichen – etwa Detection, Reaktionszeit, Kommunikation, Koordination oder Prozesstreue.”
4. Business Impact analysieren
Die Auswirkungen eines Sicherheitsvorfalls vollumfänglich zu durchdringen, ist eine vielschichtige Angelegenheit, die sowohl quantitative als auch qualitative Analysen umfassen sollte. Ersteres sollte laut Sicherheitsentscheider Brown beispielsweise Aspekte wie finanzielle Einbußen, verlorene Marktanteile oder Kundenaufträge beinhalten.
Zweiteres sich hingegen mit Fragen befassen wie:
Wurde die Business Continuity nachhaltig beeinträchtigt? Wurden die zuständigen Behörden rechtzeitig informiert? Sind Reputationsschäden entstanden? 5. Kontext erfassen
Ein weiterer Schlüsselfaktor für Post-Incident-Analysen ist außerdem der Kontext des Sicherheitsvorfalls. Ihn zu erfassen, ist entscheidend, wenn es darum geht, eine Timeline für den Incident aufzusetzen, aus der alle Beteiligten lernen können.
“Allzu oft wird bei Nachbesprechungen der Kontext, in dem Entscheidungen getroffen wurden, übersprungen”, kritisiert Security-Forscher Eireann Leverett und ergänzt: “Dokumentieren Sie den Vorfall so, wie er sich entwickelt hat – nicht nur das Ergebnis. Incidents entwickeln sich im Zeitverlauf – und das Team, das diesen bearbeitet, kann selten vorab auf sämtliche Fakten zugreifen.”
Jede neue Entdeckung – etwa mit Blick auf das Einfallstor für den Angriff, seinen Scope oder die von den Angreifern verwendeten Tools, könnten die Untersuchungsziele des Teams verändern, so Leverett: “Was als Containment-Vorhaben beginnt, kann schnell zum umfänglichen Recovery-Projekt ausarten. Nur wenn Sie tracken, wann und warum Veränderungen stattgefunden haben, ist später auch nachvollziehbar, welche Maßnahmen ergriffen wurden.”
6. Abteilungsübergreifend kollaborieren
Ein Post-Incident Review zu leiten, ist Sache des CISO – oder anderer Security- oder IT-Führungskräfte. Allerdings ist es empfehlenswert, auch Personen aus anderen Abteilungen einzubinden, die potenziell Insights beitragen können. So empfiehlt etwa Sicherheitsexperte Leverett, das Post-Incident-Team um Kollegen aus den Bereichen Governance, Recht und Risikomanagement zu erweitern: “Diese können die Grundursache des Incidents möglicherweise mit allgemeinen, breiter angelegten Richtlinienlücken in Verbindung bringen.”
Sinnvoll ist nach Meinung von Leverett außerdem, die Finanz- und Personalabteilung einzubinden, sowie – je nach Art und Schwere des Vorfalls – auch Vorstandsmitglieder. Letzteres signalisiere eine strategische Priorisierung und unterstütze dabei, technische Erkenntnisse mit Risiko-Diskussionen auf Governance-Ebene zu verknüpfen, ist der Experte überzeugt.
“Wichtig ist dabei, dass alle Beteiligten gleichberechtigt zu Wort kommen – unabhängig von ihrer Position oder Rolle”, ergänzt Protiviti-Mann Taylor. Das trage nicht nur dazu bei, Security-Vorfälle besser zu durchdringen, sondern etabliere auch ein kooperatives Umfeld.
7. Schuldzuweisungen vermeiden
Im Rahmen eines Post-Incident Reviews “Fingerpointing” zu betreiben, ist mit hoher Wahrscheinlichkeit nicht produktiv. Deshalb empfiehlt auch IT-Anwältin Haughian, den Fokus darauf zu legen, zu lernen und zu optimieren: “Schuldzuweisungen bringen Sie nicht weiter. Es gilt, den tatsächlichen Ablauf der Ereignisse aufzudecken, Entscheidungsprozesse zu verstehen und alle Faktoren zu identifizieren, die zu Fehlern beigetragen haben. Dieser Ansatz kann dabei helfen, künftige strategische Entscheidungen in Zusammenhang mit Tools, Schulungen und Richtlinien zu treffen.”
Auch Leverett hält nichts von einer Kultur der Schuldzuweisung: “Es geht nicht darum, ob ein bestimmtes Individuum die richtige Entscheidung getroffen hat oder nicht. Vielmehr gilt es Fragen zu klären wie: ‚War das Team unter den gegebenen Umständen in der Lage, gute Entscheidungen zu treffen?‘ Oder: ‚Hätten eine bessere Dokumentation, andere Tools oder mehr Budget für schnellere und bessere Ergebnisse gesorgt?‘”
8. Aktiv werden
Sämtliche Erkenntnisse, die im Rahmen eines Post-Incident Reviews gewonnen werden, sind relativ nutzlos, wenn im Nachgang nichts passiert. Soll heißen: Den Erkenntnissen müssen konkrete Maßnahmen folgen.  
Um das bestmöglich umzusetzen, empfiehlt Rechtsexpertin Haughian, schriftlich genau festzuhalten, an welchen Stellen optimiert werden muss, wann das geschehen soll und wer dafür verantwortlich zeichnet: “Diese Verbesserungen können etwa Softwareaktualisierungen, Richtlinienänderungen oder neue Schulungsinitiativen sein. Unabhängig davon macht diese Nachbereitung ein Post-Incident Review erst wirklich nützlich. Bleibt sie aus, entfallen damit auch umsetzbare Empfehlungen – und das Ganze ist nicht mehr als eine akademische Übung”, hält die Datenschutzexpertin fest. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 38 views

CSOonline

December 31, 2025Dec 31

So geht Post-Incident Review

So geht Post-Incident Review

dotshock | shutterstock.com
Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte – ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die Sache zu vergessen, wäre allerdings kontraproduktiv. Schließlich haben die Angreifer einen Weg gefunden, Ihre Systeme zu kompromittieren und dabei Abwehrmaßnahmen zu umgehen.
Deshalb ist an dieser Stelle ein Post-Incident Review essenziell: Ein strukturierter Prozess, in dessen Rahmen das Unternehmen analysiert,  
was gut gelaufen ist, was nicht, und wie die Performance in Zukunft verbessert werden kann. Das klingt erst einmal simpel – allerdings gilt es einige wichtige Dinge zu beachten, um eine robuste Post-Incident-Review-Strategie zu entwickeln. Welche das sind, haben wir im Gespräch mit verschiedenen Sicherheitsexperten herausgearbeitet.
1. Zeitnah handeln
Nicht nur wenn es um die Analyse geht, ist Timing bei Security Incidents von entscheidender Bedeutung. Lassen Sie erst einmal Wochen oder Monate ins Land ziehen, bevor Sie ein Post-Incident Review anberaumen, steigt das Risiko, dass wichtige Elemente in Vergessenheit geraten – und Sicherheitsentscheider und ihre Teams sich kein vollständiges Bild von dem Angriff mehr machen können.  
David Taylor, Managing Director bei der IT-Beratung Protiviti, rät deshalb dazu, möglichst zeitnah tätig zu werden: “Ein Review kurz nach einem Incident gewährleistet, dass alle Details noch frisch in den Köpfen sind und vermittelt zudem ein Gefühl von Dringlichkeit”. Zudem könnten die Review-Beteiligten auf diese Weise auch eine akkurate Timeline der Ereignisse erarbeiten, so der Chefberater.   
Wie diese Timeline ausgestaltet werden sollte, weiß Heather Clauson Haughian, Mitbegründerin und geschäftsführende Partnerin der auf Datenschutz spezialisierten Anwaltskanzlei CM Law: “Zunächst gilt es, festzuhalten, was genau passiert ist – von den ersten Anzeichen eines Problems bis hin zu seiner Bewältigung.”
Das unterstütze alle Beteiligten dabei, nachzuvollziehen, an welchen Stellen es zu Verzögerungen oder Fehlern gekommen ist – und an welchen nicht. “Es geht im Grunde darum, den Vorfall in eine verständliche ‚Story‘ zu gießen und daraus entsprechende Lehren zu ziehen”, erklärt die Rechtsexpertin.
2. Ursachenanalyse fahren
Pflichtbestandteil eines Post-Incident Reviews ist zudem eine Ursachenanalyse (auch Root Cause Analysis) – zumindest wenn Ihnen daran gelegen ist, künftige Incidents zu verhindern.
Dieser Überzeugung ist auch Michael Brown, Field CISO beim IT-Dienstleister Presidio: “Die Grundursache eines Vorfalls zu identifizieren, ist essenziell. Die Teams müssen herausfinden, ob es sich dabei um eine technische Schwachstelle, menschliches Versagen oder Prozess- beziehungsweise Technologielücken handelt. Nur so lässt sich sicherstellen, dass nicht nur Symptome behandelt werden.”
3. Lücken identifizieren
Ein Post-Incident Review sollte darüber hinaus auch beinhalten, die Performance des Sicherheitsteams mit Blick auf etablierte Prozesse (etwa den Incident-Response-Plan) zu evaluieren. Das ist laut Protiviti-Manager Taylor unerlässlich, um die Team-Fähigkeiten sukzessive zu verbessern: “Es kann wertvolle Informationen für innovative Optimierungen liefern, Schulungslücken identifizieren und Ineffizienzen in der Reaktionsphase beseitigen.”
Presidio geht diesbezüglich mit gutem Beispiel voran, wie Field CISO Brown verrät: “Im Rahmen unserer Post-Incident Reviews bewerten wir die Leistung unseres Incident-Response-Teams in unterschiedlichen Bereichen – etwa Detection, Reaktionszeit, Kommunikation, Koordination oder Prozesstreue.”
4. Business Impact analysieren
Die Auswirkungen eines Sicherheitsvorfalls vollumfänglich zu durchdringen, ist eine vielschichtige Angelegenheit, die sowohl quantitative als auch qualitative Analysen umfassen sollte. Ersteres sollte laut Sicherheitsentscheider Brown beispielsweise Aspekte wie finanzielle Einbußen, verlorene Marktanteile oder Kundenaufträge beinhalten.
Zweiteres sich hingegen mit Fragen befassen wie:
Wurde die Business Continuity nachhaltig beeinträchtigt? Wurden die zuständigen Behörden rechtzeitig informiert? Sind Reputationsschäden entstanden? 5. Kontext erfassen
Ein weiterer Schlüsselfaktor für Post-Incident-Analysen ist außerdem der Kontext des Sicherheitsvorfalls. Ihn zu erfassen, ist entscheidend, wenn es darum geht, eine Timeline für den Incident aufzusetzen, aus der alle Beteiligten lernen können.
“Allzu oft wird bei Nachbesprechungen der Kontext, in dem Entscheidungen getroffen wurden, übersprungen”, kritisiert Security-Forscher Eireann Leverett und ergänzt: “Dokumentieren Sie den Vorfall so, wie er sich entwickelt hat – nicht nur das Ergebnis. Incidents entwickeln sich im Zeitverlauf – und das Team, das diesen bearbeitet, kann selten vorab auf sämtliche Fakten zugreifen.”
Jede neue Entdeckung – etwa mit Blick auf das Einfallstor für den Angriff, seinen Scope oder die von den Angreifern verwendeten Tools, könnten die Untersuchungsziele des Teams verändern, so Leverett: “Was als Containment-Vorhaben beginnt, kann schnell zum umfänglichen Recovery-Projekt ausarten. Nur wenn Sie tracken, wann und warum Veränderungen stattgefunden haben, ist später auch nachvollziehbar, welche Maßnahmen ergriffen wurden.”
6. Abteilungsübergreifend kollaborieren
Ein Post-Incident Review zu leiten, ist Sache des CISO – oder anderer Security- oder IT-Führungskräfte. Allerdings ist es empfehlenswert, auch Personen aus anderen Abteilungen einzubinden, die potenziell Insights beitragen können. So empfiehlt etwa Sicherheitsexperte Leverett, das Post-Incident-Team um Kollegen aus den Bereichen Governance, Recht und Risikomanagement zu erweitern: “Diese können die Grundursache des Incidents möglicherweise mit allgemeinen, breiter angelegten Richtlinienlücken in Verbindung bringen.”
Sinnvoll ist nach Meinung von Leverett außerdem, die Finanz- und Personalabteilung einzubinden, sowie – je nach Art und Schwere des Vorfalls – auch Vorstandsmitglieder. Letzteres signalisiere eine strategische Priorisierung und unterstütze dabei, technische Erkenntnisse mit Risiko-Diskussionen auf Governance-Ebene zu verknüpfen, ist der Experte überzeugt.
“Wichtig ist dabei, dass alle Beteiligten gleichberechtigt zu Wort kommen – unabhängig von ihrer Position oder Rolle”, ergänzt Protiviti-Mann Taylor. Das trage nicht nur dazu bei, Security-Vorfälle besser zu durchdringen, sondern etabliere auch ein kooperatives Umfeld.
7. Schuldzuweisungen vermeiden
Im Rahmen eines Post-Incident Reviews “Fingerpointing” zu betreiben, ist mit hoher Wahrscheinlichkeit nicht produktiv. Deshalb empfiehlt auch IT-Anwältin Haughian, den Fokus darauf zu legen, zu lernen und zu optimieren: “Schuldzuweisungen bringen Sie nicht weiter. Es gilt, den tatsächlichen Ablauf der Ereignisse aufzudecken, Entscheidungsprozesse zu verstehen und alle Faktoren zu identifizieren, die zu Fehlern beigetragen haben. Dieser Ansatz kann dabei helfen, künftige strategische Entscheidungen in Zusammenhang mit Tools, Schulungen und Richtlinien zu treffen.”
Auch Leverett hält nichts von einer Kultur der Schuldzuweisung: “Es geht nicht darum, ob ein bestimmtes Individuum die richtige Entscheidung getroffen hat oder nicht. Vielmehr gilt es Fragen zu klären wie: ‚War das Team unter den gegebenen Umständen in der Lage, gute Entscheidungen zu treffen?‘ Oder: ‚Hätten eine bessere Dokumentation, andere Tools oder mehr Budget für schnellere und bessere Ergebnisse gesorgt?‘”
8. Aktiv werden
Sämtliche Erkenntnisse, die im Rahmen eines Post-Incident Reviews gewonnen werden, sind relativ nutzlos, wenn im Nachgang nichts passiert. Soll heißen: Den Erkenntnissen müssen konkrete Maßnahmen folgen.  
Um das bestmöglich umzusetzen, empfiehlt Rechtsexpertin Haughian, schriftlich genau festzuhalten, an welchen Stellen optimiert werden muss, wann das geschehen soll und wer dafür verantwortlich zeichnet: “Diese Verbesserungen können etwa Softwareaktualisierungen, Richtlinienänderungen oder neue Schulungsinitiativen sein. Unabhängig davon macht diese Nachbereitung ein Post-Incident Review erst wirklich nützlich. Bleibt sie aus, entfallen damit auch umsetzbare Empfehlungen – und das Ganze ist nicht mehr als eine akademische Übung”, hält die Datenschutzexpertin fest. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article

• 0 comments
• 44 views

CSOonline

December 31, 2025Dec 31

Will the Apple Pencil Work With the iPhone Fold?

Will the Apple Pencil Work With the iPhone Fold?

Apple plans to enter the foldable smartphone market in September 2026, debuting its first foldable iPhone. We've heard multiple rumors about the design of the upcoming device, but little has been revealed about the operating system or the software features.


Rumors suggest the ‌iPhone‌ Fold will be around 5.4 inches when closed, and approximately 7.6 inches when open, giving it a 4:3 aspect ratio. We did a video featuring a rough ‌iPhone‌ Fold mockup at those dimensions yesterday, which provides an idea of what the device will look like.

Subscribe to the MacRumors YouTube channel for more videos.
When unfolded, the upcoming ‌iPhone‌ will be bigger than any ‌iPhone‌ to date, and not too far off in size from the original iPad mini. The current ‌iPad mini‌ has an 8.3-inch screen size, but the first models had a 7.9-inch display.

Since the ‌iPhone‌ Fold's inner display will be close to an iPad in size, will it run iOS or iPadOS? Will it work like a standard ‌iPhone‌ when the display is closed, and an ‌iPad‌ when it's open? Or will it get something in between?

We haven't heard much about iOS 27 as of yet or what Apple has in store for the ‌iPhone‌ Fold, so it's still a mystery. Bloomberg's Mark Gurman says that iOS 27 will lay the foundation for the foldable ‌iPhone‌ and future foldables, but that's about it.

With a larger display, the ‌iPhone‌ Fold will probably support some kind of split screen view or multitasking option, perhaps even adopting Slide Over. Apple Pencil support for a 7.6-inch display could make sense, but the ‌iPhone‌ Fold's display will be an awkward middle size between an ‌iPhone‌ and an ‌iPad‌. We haven't heard rumors that the ‌iPhone‌ Fold will work with the ‌Apple Pencil‌, but we also haven't heard rumors that it won't.

‌Apple Pencil‌ support could be useful for quick note taking, sketches, signing documents, editing photos and videos, and more. Steve Jobs famously said "Nobody wants a stylus," but in the years since he touted the ergonomics of the finger, the stylus has evolved. The ‌Apple Pencil‌ isn't one of the tiny plastic pens or imprecise rubber-tipped styluses that were around back in 2007 when Jobs commented on them. It's a writing implement that accurately mimics a pen or a pencil, and it feels natural to use.

Samsung's foldables supported the optional S Pen for many years, but the latest Galaxy Z Fold7 dropped the feature for a thinner and lighter design, which might not bode well for Apple offering the functionality. Rumors suggest the ‌iPhone‌ Fold is going to be somewhere around 4.5mm thick when unfolded, which will make it thinner than Apple's 5.1mm iPad Pro, the thinnest Apple device to date.

Some dedicated Samsung Galaxy Fold users are unhappy with the feature's removal, so there are definitely foldable smartphone customers out there who like the flexibility of being able to use a stylus. Rumors suggest that Samsung is considering bringing S Pen support back to the next-generation Galaxy Fold, which will, coincidentally, have a shorter, wider design to match the iPhone Fold. If Apple implements ‌Apple Pencil‌ support and Samsung doesn't, it's possible Apple will draw some switchers who don't want to use a foldable without a pen option. The opposite is also a possibility, so Apple could lose customers who don't want a foldable without a pen.

Google didn't design a stylus for the Pixel Fold, but it did implement support for the Universal Stylus Initiative (USI), so the device works with third-party USI pens. USI pens don't have the same functionality as the ‌Apple Pencil‌, lacking features like pressure sensitivity, but the basic stylus functionality is there for those who want it.

Apple could do something similar to Google. Add support for the ‌Apple Pencil‌ for those who want it, without making it a primary marketing point. That would make the ‌Apple Pencil‌ available for those who want the extra functionality, but it wouldn't be a necessity. Apple could also design an ‌iPhone‌ Fold-specific ‌Apple Pencil‌ that is sized to the device and able to be charged with it, but it all depends on how Apple wants to market the ‌iPhone‌ Fold.

If it's marketed as an ‌iPhone‌, ‌Apple Pencil‌ support is unlikely. Apple has long championed a touch-first approach, and no ‌Apple Pencil‌ support for the ‌iPhone‌ clearly separates it from the ‌iPad‌. If it's marketed as an ‌iPhone‌ and ‌iPad‌ hybrid device, ‌Apple Pencil‌ support seems like more of a possibility.

Apple might not be able to implement ‌Apple Pencil‌ support at all because of technical limitations. Rumors suggest that the ‌iPhone‌ Fold is so thin that it doesn't have the space for the TrueDepth camera hardware for Face ID, so Apple is instead adding a Touch ID button to the device. With space at such a premium, a digitizer layer for the ‌Apple Pencil‌ is probably impossible. Apple also needs to take into account how an ‌Apple Pencil‌ would impact ‌iPhone‌ Fold features like the crease in the middle, and that might add too much complication.

Even if the first-generation ‌iPhone‌ Fold doesn't get ‌Apple Pencil‌ support, it could be a feature that Apple adds in the future as display technology improves.

Do you want ‌Apple Pencil‌ support for the ‌iPhone‌ Fold? Let us know in the comments below.Tag: Foldable iPhone
This article, "Will the Apple Pencil Work With the iPhone Fold?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

December 30, 2025Dec 30

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

The Apple Fitness+ Instagram account today teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+.



What's Apple Fitness+ Planning for the New Year?
Something Big is Coming to Apple Fitness+
The Countdown Begins. Apple Fitness+ 2026 is Almost Here
2026 Plans Still Under Wraps-For Now

There are rumors that an AI-based Health+ service will be introduced at some point in 2026, but the Apple Fitness+ post may simply be referencing some kind of fitness program or fitness promotion that's designed to help people meet their New Year's Resolutions. It sounds like an announcement is planned for January 1, 2026.

The Health+ service that's in the works will supposedly incorporate AI for personalized health recommendations and health coaching. Health+ will rely on the LLM version of Siri that Apple has planned, which isn't expected until iOS 26.4 in the spring, so we're probably not hearing about the service in January.



Apple has a "Ring in the New Year" Apple Watch activity challenge that kicks off on January 1, so the Fitness+ announcement could be related to that.
This article, "Apple Teases 'Something Big' Coming Soon to Apple Fitness+" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 37 views

reporter

December 30, 2025Dec 30

Apple Raised $3 Million for Global Fund's AIDS Fight Through Apple Pay Promotion

Apple Raised $3 Million for Global Fund's AIDS Fight Through Apple Pay Promotion

This holiday season, Apple donated $5 to The Global Fund for every purchase made using Apple Pay on Apple.com, the Apple Store app, and Apple retail stores in the U.S. and other countries.


The Global Fund this week said that Apple raised a total of $3 million for the organization, which is dedicated to fighting HIV/AIDS, tuberculosis, and malaria in developing countries.

Apple capped donations at $3 million, so that means Apple customers raised the total possible amount through their purchases. Apple ran the promotion from November 28 through December 7 to fund critical health programs that save lives.

Apple has long supported The Global Fund with similar promotions and through sales of devices manufactured in (PRODUCT)RED colors. Apple has not offered any of its iPhones or accessories in (PRODUCT)RED colorways since the launch of the 2022 iPhone 14 models, but it does raise money each December in honor of World AIDS Day.

Apple has raised more than $250 million for The Global Fund during its 19-year partnership with the (RED) brand.Tags: Apple Pay Promo, (PRODUCT)RED
This article, "Apple Raised $3 Million for Global Fund's AIDS Fight Through Apple Pay Promotion" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

December 30, 2025Dec 30

iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging

iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging

iPhone 17 Pro and Pro Max owners are having trouble with the speakers of their devices, and have complained about a static or hissing noise that occurs when the iPhone is charging.


There are multiple discussions about the issue on Reddit, the MacRumors forums, and Apple's Support Community, where affected users say there is a noticeable static noise "like an old radio." Some people report hearing it when playing audio and turning the volume down, while others say the static is audible without anything playing from the speakers. In some cases, there is a low crackle or a hiss when scrolling through webpages when the ‌iPhone‌ is charging, and some people hear the noise at low volumes even when the ‌iPhone‌ isn't on a charger.

Affected users report that the noise can be heard with chargers of all types, including Apple's official chargers. MagSafe charging causes the problem as well, but users report that the static noise is quieter. Unplugging the ‌iPhone‌ from the charger eliminates the sound for users who are experiencing the static noise when charging.


Some ‌iPhone 17 Pro‌ users have exchanged their devices for new ones, but have run into the same issue.

One Reddit user has been in contact with Apple support, and says the issue has been forwarded to Apple engineers. Apple is apparently working on a fix, but the iOS updates that have been released so far do not appear to solve the problem. The sound is subtle according to most reports, so it may be a widespread issue that only those sensitive to the noise have noticed.
This article, "iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 41 views

reporter

December 30, 2025Dec 30

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues.


The speculative report notes that Apple has taken a restrained approach with AI innovations compared with peers such as OpenAI, Google, and Meta, which are investing hundreds of billions of dollars in data centers, chips, and large language model training. This has fueled criticism that Apple is falling behind in the AI space, particularly as Siri has significantly lagged behind more advanced, capable, and reliable conversational systems.

The report argues that market sentiment toward AI spending is beginning to show signs of skepticism, with questions emerging over whether such large investments can be justified by near-term revenue. Against that backdrop, Apple's decision to limit AI-specific capital expenditures has left it with more than $130 billion in cash and marketable securities, giving the company the option to pursue acquisitions or partnerships if valuations of AI startups fall.

Apple's biggest AI-related move in 2026 will be the long-anticipated overhaul of ‌Siri‌, which is expected to arrive in the spring. The updated assistant is set to be more conversational and capable of completing multi-step tasks. To power it, Apple is believed to be adopting Google's Gemini, reflecting an internal view that large language models may become commoditized and not worth the cost of large-scale proprietary development.

The iPhone is said to be a key strategic advantage. Unlike AI companies that rely on standalone apps or web services, Apple can distribute AI features directly through software updates and system-level integrations across its devices. Efforts by AI companies to build competing hardware face major challenges in manufacturing, distribution, and ecosystem development, areas where Apple has very strong footholds.

The Information also points to recent leadership changes as part of Apple's effort to refocus its AI work. ‌Siri‌ has been placed under Mike Rockwell, who was responsible for launching the Vision Pro headset, following significant delays to the assistant's overhaul. In addition, Apple's AI chief John Giannandrea announced his retirement earlier in December, with parts of his organization redistributed into product-focused teams amid internal concerns about a lack of clear product direction.

While Apple has a history of early but uneven AI efforts, including the original launch of ‌Siri‌ in 2011, The Information argues that these shortcomings have not materially harmed its core businesses. 2026 may be an inflection point in which Apple's cautious strategy could appear prescient if enthusiasm for large-scale AI spending continues to cool and the company finally delivers a more capable version of ‌Siri‌.Tags: Apple Intelligence, The Information
This article, "Report: Apple's AI Strategy Could Finally Pay Off in 2026" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

December 30, 2025Dec 30

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring anyView the full article

• 0 comments
• 42 views

Hacker News

December 30, 2025Dec 30

Jackery and Anker Hosting New Year's Sales With Up to 65% Off

Jackery and Anker Hosting New Year's Sales With Up to 65% Off

Anyone shopping for portable power stations can find up to 65 percent off Anker and Jackery's best accessories this week. Each retailer is hosting a New Year's sale for its most popular charging accessories, with major savings on these high-priced power stations that match Black Friday prices in many cases.

Jackery

Note: MacRumors is an affiliate partner with Jackery and Anker. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Jackery's event has up to $3,600 off select portable power stations this week. This includes everything from the smaller Explorer 500 to Jackery's line of HomePower Solar Generators that can power essential home electronics for as long as 30 days.

UP TO $3,600 OFFJackery New Year's Sale
Explorer 500 - $359.00, down from $499.00
Explorer 2000 v2 - $799.00, down from $1,499.00
Battery Pack 2000 Plus - $799.00, down from $1,399.00
Battery Pack 3600 - $999.00, down from $2,099.00
HomePower 3000 Solar Generator - $1,429.00, down from $2,499.00
Explorer 2000 v2 + Dual 200W Solar Panels - $1,399.00, down from $2,499.00
HomePower 3000 Solar Generator + Dual 200W Solar Panels - $1,799.00, down from $2,999.00
HomePower 3600 Plus Solar Generator - $2,099.00, down from $3,699.00
Explorer 5000 Plus - $4,099.00, down from $5,699.00

Anker SOLIX



Similar to Jackery, Anker SOLIX is hosting a sale that has up to 65 percent off select portable power stations. Overall, Anker SOLIX has a few more affordable options coming in under $500, as well as numerous high-end stations with various accessories like solar panels and expandable batteries.

UP TO 65% OFFAnker SOLIX New Year's Sale
Anker 521 PowerHouse (300W) - $129.00, down from $249.99
Anker 535 PowerHouse (500W) - $249.00, down from $649.99
SOLIX C1000 Gen 2 Portable Power Station - $429.00, down from $799.00
SOLIX C1000 Gen 2 + Solar Panel - $649.99, down from $1,298.00
SOLIX C2000 Gen 2 Portable Power Station - $749.99, down from $1,498.00
SOLIX F3000 Portable Power Station - $1,199.00, down from $2,599.00
SOLIX F3800 Portable Power Station - $1,998.95, down from $3,999.00
SOLIX F3000 + Expansion Battery + Solar Panel - $2,199.00, down from $5,397.00
SOLIX F3800 Plus Smart Home Power Kit - $4,693.95, down from $8,897.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Jackery and Anker Hosting New Year's Sales With Up to 65% Off" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 57 views

reporter

December 30, 2025Dec 30

Apple to Give Away Free Limited-Edition AirTag in Japan

Apple to Give Away Free Limited-Edition AirTag in Japan

Apple this week revealed its annual New Year Sale in Japan, offering Apple Gift Cards worth up to ¥38,000 alongside a free limited-edition AirTag for qualifying iPhone purchases.


The ‌AirTag‌ features a special engraving of a Daruma, a traditional Japanese talisman commonly associated with perseverance, good fortune, and the achievement of goals. The ‌AirTag‌ offer is limited to 65,000 units in total and will be distributed on a first-come, first-served basis.



Customers can receive gift cards worth up to ¥12,000 for eligible ‌iPhone‌ purchases, up to ¥38,000 for Mac purchases, and up to ¥15,000 for iPad purchases. Apple Watch purchases qualify for gift cards worth up to ¥8,000, while AirPods purchases are eligible for gift cards valued at up to ¥12,000.

The promotion will run from January 2 through January 5 and is available through Apple retail stores and the Apple Online Store in Japan. The New Year Sale has become a recurring annual event for Apple in Japan, where holiday retail traditions differ from those in the United States and Europe. Tag: Japan
This article, "Apple to Give Away Free Limited-Edition AirTag in Japan" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

December 30, 2025Dec 30

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in anView the full article

• 0 comments
• 44 views

Hacker News

December 30, 2025Dec 30

How to Integrate AI into Modern SOC Workflows

How to Integrate AI into Modern SOC Workflows

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problemsView the full article

• 0 comments
• 39 views

Hacker News

December 30, 2025Dec 30

The 5 Most Important Apple Software Features Introduced This Year

The 5 Most Important Apple Software Features Introduced This Year

2025 was a significant year of advancement for Apple's software, with a noticeable focus on visual design, productivity, and communication.


While Apple introduced and continued to iterate on a wide range of features throughout the year, several additions stood out for their scope and practical impact across multiple devices. As the year comes to an end, these five new features provide a useful lens for weighing up what the company focused on this year and how far its platforms evolved in 2025.

Liquid Glass

This year's most immediately visible change is the introduction of Liquid Glass, a new system-wide visual design language applied across Apple's operating systems. Liquid Glass replaces many of the flat, opaque UI elements introduced over the past decade with layered translucency, subtle refraction, and motion-responsive surfaces that react to underlying content.


Navigation bars, sidebars, control panels, and system overlays now appear as semi-transparent sheets that blend into their surroundings rather than sitting on top of them. Apple framed this as a unifying material across platforms rather than a purely aesthetic refresh, with the same visual logic appearing on iPhone, iPad, Mac, Apple Watch, and Apple TV.

In practice, it is one of Apple's biggest visual redesigns since the original iOS 7 shift away from skeuomorphism, and it signals a renewed focus on making the interface feel fresh, spatial, playful, and responsive rather than static.

Revamped iPad Multitasking

On the ‌iPad‌, the most consequential change is the introduction of an all-new multitasking system with windows and a macOS-style Menu Bar and cursor in iPadOS 26.


Apps can now run in freely resizable windows rather than being constrained to fixed split-screen layouts, allowing multiple overlapping windows to coexist on screen. Alongside this, a Menu Bar appears at the top of the display when invoked, exposing app commands in a structured, searchable format similar to macOS.

Instead of asking users to adapt desktop workflows to a touch-first model, Apple has now explicitly imported desktop interaction styles into iPadOS, addressing a significant number of user complaints about the software limitations of the ‌iPad‌. For users who want to use the ‌iPad‌ with true multitasking and desktop-style workflows, this is one of the most substantive capability upgrades the platform has ever received.

More Powerful Mac Spotlight

On the Mac, Spotlight received its most extensive overhaul to date, transforming it from a passive search tool into an actions-first command interface, similar to third-party apps like Alfred or Raycast.


Spotlight in macOS Tahoe can now execute hundreds of actions directly from the search field. Users can create and edit notes, send emails and messages, start timers, run Shortcuts, adjust system settings, and perform app-specific commands, without opening the corresponding app.

Apple also redesigned Spotlight's results presentation with richer, more structured browsing views. Instead of returning a flat list of matches, Spotlight now surfaces grouped results for files, applications, actions, and suggestions, allowing users to scan and refine results more quickly.

Spotlight now includes a built-in clipboard history, allowing users to view and reuse previously copied text or images directly from the Spotlight interface. Apple also integrated an app library-style view, providing a centralized, searchable overview of all installed applications.

Live Translation

Another major addition is Live Translation. Real-time translation now operates inside Messages, FaceTime, and the Phone app, translating both text and spoken audio during conversations.



In Messages, incoming and outgoing text can be translated inline. In ‌FaceTime‌, Live Translation provides real-time translated captions during video calls, allowing participants to speak naturally while reading translations as the conversation unfolds. In phone calls, spoken dialogue can be translated in near real time, with translated audio and on-screen text presented during the call.

Apple also extended Live Translation to AirPods, enabling real-time spoken translation directly through the earbuds during in-person conversations. When Live Translation is active, speech from another language can be translated on the paired ‌iPhone‌ and played back in the user's AirPods, while the user's responses can be translated and spoken aloud by the ‌iPhone‌ for the other participant.

Communication Screening and Hold Assist

Call Screening allows the ‌iPhone‌ to automatically answer calls from unknown numbers on the user's behalf. The system asks the caller to identify themselves and explain the reason for the call, then presents the user with a live transcript of the response before the call is connected.

With Hold Assist, when a user is placed on hold during a phone call, the ‌iPhone‌ can remain in the queue on their behalf and monitor the call until a live agent becomes available. Once the system detects that the call has resumed, it notifies the user to return to the conversation.

In Messages, Apple introduced more aggressive screening for unknown senders. Messages from numbers that are not in the user's contacts are automatically routed into a separate area, keeping potential spam and scam attempts out of the main conversation list.
This article, "The 5 Most Important Apple Software Features Introduced This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

December 30, 2025Dec 30