That of ServiceNow, whose tools help businesses automate various tasks, dropped by 13%
If AI can kill ServiceNow, I’ll happily praise our new AI Overlords. I’m sure ServiceNow can be really good. I’ve just never seen it in practice. Perhaps we just never paid for the “interface which doesn’t suck” module.
I ditched cable TV over a decade ago for a simple antenna (and wrote a notable Reddit post on the antenna while I was at it). That was done because I was tired of my wallet being raped each month, because I had to buy a higher bundle to get the channels I wanted. I was stuck with cable internet for a number of years afterwards, as it was the only option in my area. Then T-Mobile offered up 5G based internet in my area at a low price. That was around 6 years ago and I haven’t looked back.
The cable companies sat on their laurels while the world moved on. They are now shocked that their terrible offerings for terrible prices are falling to real competition. Sure, I fully expect the new carriers to do everything in their power to enshitify their service offerings. That’s the nature of business/ But, with the market open to competition, there is now a real opportunity for us customers to shop around and get a less shitty experience. Broadband internet is a commodity and is completely fungible. Prices should be falling and it was only rent seeking rules keeping the prices up.
While it’s not a service I would use, if it helps move the needle away from Windows’ dominance of the gaming market, that’s a good thing. The more people who can ditch Windows, the better. It probably means an Eternal September for Linux. But that is ultimately a good thing. If Linux becomes the default choice for gaming PCs for the mass market, more games will be released with Linux Native versions, driving further Linux adoption. It’s the type of virtuous cycle which is needed to kill the giant that is Windows.
Rather than interact with a machine, you’ll just be walking around, sipping coffee, having thoughtful conversations with a bot laughing along with your jokes as it writes your letter and does your taxes.
So, basically the computers from Star Trek: TNG. I’d go for that, but unfortunately, what we’ll get instead is enshitified AI slop which exists to suck a subscription fee out of you every month while pushing ads.
They are chopping the development teams and titles up into convenient bite-sized chunks. Ubisoft will hang onto the large titles in the Vantage Studios vertical, and the rest will be spun off or sold off. Any spun off studios will be saddled with crippling debt.
I mean, no shit? Part of the Snowden leaks was information that the NSA had intercepted Cisco routers and backdoored them before they were shipped on to international customers. So, even without willing actions by US vendors, there is that to worry about. And the idea that a private company would install a backdoor for US Spy agencies in their infrastructure isn’t new. The fact that any Chinese company is using US hardware/software just seems incredibly stupid. And no one should be using CheckPoint.
It’s the same reason Huiwei was thrown out of US infrastructure. You cannot build trusted architecture with hardware/software from a nation which you know wants to hack you. I work for a US based company in cybersecurity, we treat WeChat as Chinese State spyware, because it is. We wouldn’t consider a router or firewall from a Chinese based company and we treat any software from China with outright suspicion. Sure that all sucks and we may be missing out on some great stuff which isn’t malicious. But, the risks far outweigh the costs. I’d expect my Chinese counterparts to be making the exact same risk calculation for US based tech.
You could try using Autopsy to look for files on the drive. Autopsy is a forensic analysis toolkit, which is normally used to extract evidence from disk images or the like. But, you can add local drives as data sources and that should let you browse the slack space of the filesystem for lost files. This video (not mine, just a good enough reference) should help you get started. It’s certainly not as simple as the photorec method, but it tends to be more comprehensive.
If you installed an update in the last 5 years you’re good.
The sad part is that there are apparently quite a few devices online for which this isn’t the case. That said, I do wonder how many of these “over 10,000 devices” are honeypots? This seems like something folks at the SANS ISC or GreyNoise would have added to their default setups.
This strategy really depends on their ability to bribe President Trump for a pardon.
While this patch might stop some existing attacks, it’s not really a fix. First off, the type of people who might install a third party Windows patch are probably the exact same people who would be cautious about clicking on an LNK file embedded in a ZIP file. Second, even if this patch somehow became widespread, attackers would just shift their attacks into the 260 character limit. Sure, it would now be visible in the properties, people aren’t looking at the properties of LNK files.
The problem is this “vulnerability” is essentially “as designed”. LNK files exist to allow both pointers to other files and a quick way to run complex commands. It’s like calling powershell.exe a vulnerability, because it can be used to get up to all sorts of malicious stuff. Both are powerful tools on Windows, but those tools can be abused.
While that is possible, I’d seriously doubt it happening. Wagner’s run at Moscow seemed like the best opportunity for that to happen, but it just stalled out. I’m still surprised Prighozin, stopped his push short of Moscow. I was not surprised afterwards when an airplane he was on suffered “technical difficulties”. But, between the failure of Wagner to remove Putin and them now being rolled into the Russian military, I think Putin has done a lot to consolidate his control over the armed forces, exactly to prevent that outcome.
Ya, it could happen, I don’t believe it’s likely.
While I like the sentiment, unless the EU is interested in a WWII style total war and invasion of Russia, Putin is never going to be held to account for the invasion of Ukraine.
The Russian government (Read: Putin and his cronies) are not going to agree to hand Putin over to The Hague. Even if the current war ends on favorable terms for Ukraine, that is never going to look anything like the German or Japanese surrenders. At best, this war ends with Russian military exhaustion and withdrawal. More like the end of Soviet involvement in Afghanistan. There will be no push to Moscow, no mass bombing of Russian factories or cities. Just Russian soldiers packing up and going home, leaving death and devastation behind for the survivors of their invasion to deal with.
Any negotiated peace is going to look pretty similar. It will stop the death sooner at the cost of giving Russia something it’s willing to accept. That’s the way negotiations work. If you want to force the other side to accept your terms, without any compromise, that’s what war is for. Since it seems neither the EU nor the US are willing to engage in a direct confrontation with Russia, then the only choice to end this war early is compromise. And Putin facing accountability is almost certainly not going to be on the table.
First off, why does a beer company have personal data on customers? It seems like the best protection for this data would be, don’t have it in the first place. You sell beer, you don’t need to hoover up personal data on people to make and sell beer.
“That reflects a wider truth that companies are investing more than ever in digital defences, yet adversaries continue to outpace them, exploiting weak links in supply chains or breaking in through trusted partners,” he (Shankar Haridas, head of UK and Ireland at ManageEngine) added.
Ya, they are spending money, but failing at basic cyber hygiene (read: documentation, patching and network segmentation). But hey, I Mr. ManageEngine here will be happy to sell us another product which just papers over the failures to get the basics done. And it will almost certainly have “Agentic AI” to do…something.
The compromise seems to have started with network equipment at one site, impacting the OT environment and potentially expanding into IT systems
I’d bet a lot of money the Asahi security team had been screaming about the OT environment being a big, juicy target for a long time. But, applying security controls in the OT environment is hard and scary and might cause a blip in production. So nope, all those shit-boxes running Windows XP must never be touched. Also, NDR is expensive and hard, so stop asking about it. But yes, those same shit-boxes really do need to be fully internet connected and logged on 24x7 as a local admin, with the same password everywhere, because identity management is hard.
We seriously need to start dragging CTOs, CIOs and CEOs out into the street, tarring and feathering them when this shit happens. Also, the companies making the OT systems need to have their entire management put through a chipper shredder the first time one of them suggests that their systems just shouldn’t be patched. If your shit is so fragile that an OS patch might break something, chipper shredder goes BRRRR…
Sorry, OT systems are a bit of a pain point.
Ya, AI as a tool has it’s place. I’m currently working on documentation to meet some security compliance frameworks (I work in cybersecurity). Said documentation is going to be made to look pretty and get a check in the box from the auditors. It will then be stored in a SharePoint library to be promptly lost and ignored until the next time we need to hand it over to the auditors. It’s paperwork for the sake of paperwork. And I’m going to have AI spit out most of it and just pepper in the important details and iron out the AI hallucinations. Even with the work of fixing the AI’s work, it will still take less time than making up all the bullshit on my own. This is what AI is good for. If I actually care about the results, and certainly if I care about accuracy, AI won’t be leaned on all that much.
The technology actually it pretty amazing, when you stop and think about it. But, it also often a solution in search of a problem.
There are a number of sites which provide either labs or virtual machines which are intentionally vulnerable. Some provide other resources to help learn.
I’d also suggest getting a good foundation in programming and building systems.
deleted by creator
AWS seems to be cratering as well: https://downdetector.com/status/aws-amazon-web-services/
And Google, why not?
Was going to say the same. I work in cybersecurity and while I have avoided the management track like the plague, I do recognize that it’s a fairly reasonable progression for someone in any tech field. Even if you don’t end up pursuing management, knowing how to speak to management will make your job in cybersecurity easier. Project management is also a worthwhile skill to pick up and that often comes from business school.
It’s not just speed, CGNAT is a near complete “fuck you” to self-hosting. You can work around it with a VPN endpoint “in the cloud”, but that still means you are reliant on someone else’s computer.
While I don’t know the specific post you are referring to, Malware exists for Linux. Here’s a great overview from last year. If someone wants to argue, “oh it’s from a security company trying to sell a product” then let me point you at the Malware Bazaar and specifically the malware tagged elf. Those are real samples of real malware in the Linux specific ELF executable binary format (warning: yes it’s real malware, don’t run anything from this site). On the upshot, most seem to be Linux variants of the Mirai botnet. Not something you want running, but not quite as bad as ransomware. But, dig a bit and there are other threats. Linux malware exists, it has for a long time and it’s getting more prevalent as more stuff (especially servers) run on Linux.
While Linux is far more secure than Windows by design, it’s not malware proof. It is harder for malware to move from user space into root (usually), but that’s often not needed for the activities malware gets up to today. Ransomware, crypto miners and info stealers will all happily execute in user-land. And for most people, this is where their important stuff lives. Linux’s days of living in “security through obscurity” are over. Attackers are looking at Linux now and starting to go after it.
All that said, is it worth having a bloated A/V engine doing full on-access scanning? That depends on how you view the risk. Many of the drive-by type attacks (e.g. ClickFix, fake tech-support scams) all heavily target Windows and would fail on a Linux system. The malware and backdoors that come bundled with pirated software are likely to fail on a Linux system, though I’ll admit to not having tested that sort of thing with Wine/Proton installed. For those use cases, I’d suggest not downloading pirated software. Or, if you absolutely are going to, run those file through ClamAV at minimum.
Personally, I don’t feel the need to run anything as heavy as on-access file scanning or anything to keep trawling memory for signatures on my home systems. Keeping software up to date and limiting what I download, install and run is enough to manage my risk. I do have ClamAV installed to let me do a quick, manual scan of anything I do download. But, I wouldn’t go so far as to buy A/V product. Most of the engines out there for Linux are crap anyway.
Professionally, I am one of the voices who pushed for A/V (really EDR) on the Linux systems in my work environment. My organization has a notable Linux footprint and we’ve seen attackers move to Linux based systems specifically because they are less likely to be well monitored. In a work environment, we have less control over how the systems get (ab)used and have a higher need for telemetry and investigation.