You are here

Agreguesi i feed

Mageia 2024-0217: golang Security Advisory Updates

LinuxSecurity.com - Pre, 14/06/2024 - 3:32pd
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. (CVE-2024-24789)

A Growing Number of Americans Are Getting Their News From TikTok

Slashdot - Pre, 14/06/2024 - 2:45pd
According to a new survey from the Pew Research Center, TikTok is the second most popular source of news for Americans after X, "though most TikTok users don't primarily think of the shortform video app as a news source," notes The Verge. The survey looked at how Facebook, Instagram, TikTok and X play a role in Americans' news diets. From the report: Among TikTok users, only 15 percent say keeping up with the news is a major reason they use the app. Still, 35 percent of those surveyed said they wouldn't have seen the news they get on TikTok elsewhere. And unlike other apps, the news users see on TikTok is just as likely to come from influencers or celebrities as it is from journalists -- and it's far more likely to come from total strangers. (Meanwhile, most Facebook and Instagram users say the news that pops up on their feeds is posted by friends, relatives, or other people they know; on X, users are more likely to see news posted by media outlets or reporters.)

Read more of this story at Slashdot.

OIN Expands Linux Patent Protection Yet Again (But Not To AI)

Slashdot - Pre, 14/06/2024 - 2:02pd
Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies. This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc. Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

Read more of this story at Slashdot.

Google's Privacy Sandbox Accused of Misleading Chrome Browser Users

Slashdot - Pre, 14/06/2024 - 1:20pd
Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web." However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking. Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."

Read more of this story at Slashdot.

Amazon Says It'll Spend $230 Million On Generative AI Startups

Slashdot - Pre, 14/06/2024 - 12:40pd
An anonymous reader quotes a report from TechCrunch: Amazon says that it will commit up to $230 million to startups building generative AI-powered applications. The investment, roughly $80 million of which will fund Amazon's second AWS Generative AI Accelerator program, aims to position AWS as an attractive cloud infrastructure choice for startups developing generative AI models to power their products, apps and services. Much of the new tranche -- including the entire portion set aside for the accelerator program -- comes in the form of compute credits for AWS infrastructure, meaning that it can't be transferred to other cloud service providers like Google Cloud and Microsoft Azure. To sweeten the pot, Amazon is pledging that startups in this year's Generative AI Accelerator cohort will gain access to experts and tech from Nvidia, the program's presenting partner. They will also be invited to join the Nvidia Inception program, which provides companies opportunities to connect with potential investors and additional consulting resources. The Generative AI Accelerator program has also grown substantially. Last year's cohort, which had 21 startups, received only up to $300,000 in AWS compute credits, amounting to around a combined $6.3 million investment. "With this new effort, we will help startups launch and scale world-class businesses, providing the building blocks they need to unleash new AI applications that will impact all facets of how the world learns, connects, and does business," Matt Wood, VP of AI products at AWS, said in a statement. Further reading: How Amazon Blew Alexa's Shot To Dominate AI

Read more of this story at Slashdot.

Police Arrest Conti and LockBit Ransomware Crypter Specialist

Slashdot - Pre, 14/06/2024 - 12:00pd
The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit. "As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.

Read more of this story at Slashdot.

Debian LTS: DLA-3826-1: cups Security Advisory Updates

LinuxSecurity.com - Enj, 13/06/2024 - 11:57md
An issue has been found in cups, the Common UNIX Printing System(tm). When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an

Oracle Is Shutting Down Its Ad Business

Slashdot - Enj, 13/06/2024 - 11:20md
During its earnings call on Monday, Oracle CEO Safra Catz told analysts that it is shutting down its ads business. "In Q4, we decided to exit the advertising business, which had declined to about $300 million in revenue in fiscal year '24," said Catz, according to an earnings transcript. Adweek's Catherine Perloff reports: In August 2022, Business Insider reported that Oracle Advertising made $2 billion in revenue. At the time, revenue was only growing by 2% a year and many employees had been laid off as part of a reorganization in 2022, Business Insider reported. Oracle spent billions on entering the advertising business, acquiring nearly a dozen ad technology companies for over a decade. Notable acquisitions include data firms DataLogix, bought in 2014 for $1.2 billion, and brand safety platform Moat, purchased in 2017 for a reported $850 million. "Oracle's bet on the advertising industry was undermined when Meta [...] shut down its data to third parties including Oracle in 2018, following the Cambridge Analytica scandal," notes Adweek. Europe's GDPR further restricted Oracle's advertising business, leading the company to shut down its 'AddThis' publisher audience tool in 2019, which relied on third-party data.

Read more of this story at Slashdot.

Oracle7: ELSA-2024-3741 : bind, bind-dyndb-ldap, and dhcp Important (aarch64) Security Advisory Updates

LinuxSecurity.com - Enj, 13/06/2024 - 10:44md
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Oracle7: ELSA-2024-3741 : bind, bind-dyndb-ldap, and dhcp Important Security Advisory Updates

LinuxSecurity.com - Enj, 13/06/2024 - 10:44md
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Fired Employee Accessed NCS' Computer 'Test System' and Deleted Servers

Slashdot - Enj, 13/06/2024 - 10:40md
An anonymous reader quotes a report from Singapore's CNA news channel: Kandula Nagaraju, 39, was sentenced to two years and eight months' jail on Monday (Jun 10) for one charge of unauthorized access to computer material. Another charge was taken into consideration for sentencing. His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022. According to court documents, Kandula felt "confused and upset" when he was fired as he felt he had performed well and "made good contributions" to NCS during his employment. After leaving NCS, he did not have another job in Singapore and returned to India. Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS. NCS is a company that offers information communication and technology services. The system that Kandula's former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system." It consisted of about 180 virtual servers, and no sensitive information was stored on them. After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023. In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS' system once on Feb 23, 2023. During the unauthorized access in those two months, he wrote some computer scripts to test if they could be used on the system to delete the servers. In March 2023, he accessed NCS' QA system 13 times. On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time. The following day, the NCS team realized the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted. [...] As a result of his actions, NCS suffered a loss of $679,493.

Read more of this story at Slashdot.

Congress Seeks Answers From Microsoft Boss After a 'Cascade' of Security Errors

Slashdot - Enj, 13/06/2024 - 10:01md
Speaking of Microsoft, the House Homeland Security committee is grilling Microsoft President Brad Smith Thursday about the software giant's plans to improve its security after a series of devastating hacks reached into federal officials' email accounts, challenging the company's fitness as a dominant government contractor. Washington Post adds:The questioning followed a withering report on one of those breaches, where the federal Cyber Safety Review Board found the event was made possible by a "cascade of avoidable errors" and a security culture "that requires an overhaul." In that hack, suspected agents of China's Ministry of State Security last year created digital keys using a tool that allowed them to pose as any existing Microsoft customer. Using the tool, they impersonated 22 organizations, including the U.S. Departments of State and Commerce, and rifled through Commerce Secretary Gina Raimondo's email among others. The event triggered the sharpest criticism in decades of the stalwart federal vendor, and has prompted rival companies and some authorities to push for less government reliance on its technology. Two senators wrote to the Pentagon last month, asking why the agency plans to improve nonclassified Defense Department tech security with more expensive Microsoft licenses instead of with alternative vendors. "Cybersecurity should be a core attribute of software, not a premium feature that companies upsell to deep-pocketed government and corporate customers," Sens. Eric Schmitt (R-Mo.) and Ron Wyden (D-Ore.) wrote. "Through its buying power, DOD's strategies and standards have the power to shape corporate strategies that result in more resilient cybersecurity services." Any serious shift in executive branch spending would take years, but Department of Homeland Security leaders say plans are in motion to add security guarantees and requirements to more government purchases -- an idea touted in the Cyber Safety Review Board's Microsoft report.

Read more of this story at Slashdot.

Mars Got Cooked by a Recent Solar Storm

Slashdot - Enj, 13/06/2024 - 9:22md
The sun fired off a volley of radiation-riddled outbursts in May. When they slammed into Earth's magnetic bubble, the world was treated to iridescent displays of the northern and southern lights. But our planet wasn't the only one in the solar firing line. From a report: A few days after Earth's light show, another series of eruptions screamed out of the sun. This time, on May 20, Mars was blitzed by a beast of a storm. Observed from Mars, "this was the strongest solar energetic particle event we've seen to date," said Shannon Curry, the principal investigator of NASA's Mars Atmosphere and Volatile Evolution orbiter, or MAVEN, at the University of Colorado, Boulder. When the barrage arrived, it set off an aurora that enveloped Mars from pole to pole in a shimmering glow. If they were standing on the Martian surface, "astronauts could see these auroras," Dr. Curry said. Based on scientific knowledge of atmospheric chemistry, she and other scientists say, observers on Mars would have seen a jade-green light show, although no color cameras picked it up on the surface. But it's very fortunate that no astronauts were there. Mars's thin atmosphere and the absence of a global magnetic shield meant that its surface, as registered by NASA's Curiosity rover, was showered by a radiation dose equivalent to 30 chest X-rays -- not a lethal dose, but certainly not pleasant to the human constitution.

Read more of this story at Slashdot.

Indian Startup 3D Prints Rocket Engine in Just 72 Hours

Slashdot - Enj, 13/06/2024 - 7:20md
cusco writes: Indian space startup Agnikul used a 3-D printer from German company EOS to print an engine out of inconel, a high-performance nickel-chromium alloy, in one solid piece over the course of roughly 72 hours. While other companies like Relativity Space and Rocket Lab are using 3-D printers extensively, Agnikul's engine is unique in being printed in one go, rather than as multiple components that need to be stitched together. This approach significantly speeds up manufacturing time. The single-engine technology demonstration rocket produced 6 kilonewtons of thrust and reached an altitude of 6.5 kilometers before splashing down into the ocean. The launch vehicle used was about 6 meters tall with a single engine, making it roughly equivalent to the second stage of the company's planned commercial product, Agnibaan. Agnibaan will be a two-stage rocket, 18 meters tall, featuring eight engines in total, and capable of carrying a 300-kilogram payload to an altitude of around 700 km. The company believes that their 3D printing approach opens the door to providing low-cost, "on-demand" launch services to operators of small satellites. IEEE Spectrum adds: Assembling the rest of the rocket and integrating the engine took roughly two weeks. The company says that opens the door to providing low-cost, "on-demand" launch services to operators of small satellites, which otherwise need to wait for a ride share on a bigger rocket. The big challenge now will be going from a single engine to a cluster of seven on Agnibaan's first stage, says cofounder and CEO Srinath Ravichandran. This raises all kinds of challenges, from balancing thrust across the engines at lift-off to managing engine plume interactions when the engines gimbal to alter the trajectory. "But these are problems that people have figured out," he says. "We believe that we should just be able to fine-tune it for our mission and go." The company is currently building facilities to carry out ground tests of engine clusters, says Ravichandran, and is targeting its first orbital launch for this time next year.

Read more of this story at Slashdot.

Turkish Student Arrested For Using AI To Cheat in University Exam

Slashdot - Enj, 13/06/2024 - 6:40md
Turkish authorities have arrested a student for cheating during a university entrance exam by using a makeshift device linked to AI software to answer questions. From a report: The student was spotted behaving in a suspicious way during the exam at the weekend and was detained by police, before being formally arrested and sent to jail pending trial. Another person, who was helping the student, was also detained.

Read more of this story at Slashdot.

China Is Testing More Driverless Cars Than Any Other Country

Slashdot - Enj, 13/06/2024 - 6:01md
Assisted driving systems and robot taxis are becoming more popular in China with government help, as cities designate large areas for testing on public roads. From a report: The world's largest experiment in driverless cars is underway on the busy streets of Wuhan, a city in central China with 11 million people, 4.5 million cars, eight-lane expressways and towering bridges over the muddy waters of the Yangtze River. A fleet of 500 taxis navigated by computers, often with no safety drivers in them for backup, buzz around. The company that operates them, the tech giant Baidu, said last month that it would add a further 1,000 of the so-called robot taxis in Wuhan. Across China, 16 or more cities have allowed companies to test driverless vehicles on public roads, and at least 19 Chinese automakers and their suppliers are competing to establish global leadership in the field. No other country is moving as aggressively. The government is providing the companies significant help. In addition to cities designating on-road testing areas for robot taxis, censors are limiting online discussion of safety incidents and crashes to restrain public fears about the nascent technology. Surveys by J.D. Power, an automotive consulting firm, found that Chinese drivers are more willing than Americans to trust computers to guide their cars. "I think there's no need to worry too much about safety -- it must have passed safety approval," said Zhang Ming, the owner of a small grocery store near Wuhan's Qingchuan Pavilion, where many Baidu robot taxis stop. Another reason for China's lead in the development of driverless cars is its strict and ever-tightening control of data. Chinese companies set up crucial research facilities in the United States and Europe and sent the results back home. But any research in China is not allowed to leave the country. As a result, it's difficult for foreign carmakers to use what they learn in China for cars they sell in other countries.

Read more of this story at Slashdot.

Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems

LinuxSecurity.com - Enj, 13/06/2024 - 3:07md
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its Known Exploited Vulnerabilities (KEV) catalog . This bug is being actively exploited in the wild, and federal organizations have been given a deadline of June 20th to patch it, suggesting that private organizations follow suit.

Faqet

Subscribe to AlbLinux agreguesi