Linux fréttir

Google's data partner HouseCanary has begun displaying home listings directly in search results in select markets, sending Zillow's shares tumbling more than 8% yesterday as investors weighed whether the search giant might eventually cut into the portal business that Zillow dominates. The experiment places property details, prices, images and a "Request a tour" button at the top of mobile search results. HouseCanary, a full-service brokerage licensed in all 50 states and Washington D.C., said it contacted every MLS in the test regions before launching. Analysts are largely downplaying immediate concerns. Goldman Sachs noted that most of Zillow's traffic comes directly through its apps and websites rather than Google searches, though the firm views the development as a long-term risk. Piper Sandler called the fears "overblown," and Wells Fargo suggested portals like Zillow would likely end up bidding for ad units on Google rather than losing traffic outright.

Read more of this story at Slashdot.

Rising DRAM and NAND prices are squeezing handset makers and threatening a fragile market recovery

AI-nflation The smartphone industry's brief bounce back now looks set to run straight into a wall, with analysts warning that rising memory costs are about to test buyers' patience.…

Anthony Enzor-DeMeo picked to replace interim boss Laura Chambers

Mozilla Corporation on Tuesday said it has appointed Anthony Enzor-DeMeo as Chief Executive Officer, replacing Laura Chambers, who served as interim CEO for the past two years.…

But when will Chipzilla bring back will.i.am?

Intel has hired a veteran Republican operator as its head of government affairs, just months after Uncle Sam became the struggling chip vendor's biggest shareholder.…

An anonymous reader quotes a report from BleepingComputer: Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors. In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

Read more of this story at Slashdot.

Adult site, streaming platform, and Japanese retailer expose user info, but not credentials

Three very different companies have now confirmed data breaches affecting millions of users – each insisting the damage stopped well short of passwords and payment details.…

New spy boss says officers must master code alongside tradecraft as agency navigates 'space between peace and war'

MI6's new chief Blaise Metreweli outlined her vision for technology-augmented intelligence gathering in her first public speech on 15 December, warning that the UK operates "in a space between peace and war."…

Massive procurement deal for laptops and software comes after minister vows to squeeze better value from big vendors

The UK government plans to tender a commercial framework for end-user hardware and software worth up to £24 billion ($32.18 billion) including tax - double the £12 billion maximum announced six months ago.…

Theologians give scriptural OK to online faith communities

The Bishop of Hong Kong said last week that AI was definitely not a gift from the devil at a meeting of his peers across Asia that called for sensible engagement with the technology.…

PayPal has applied to become a US bank by forming a Utah-chartered industrial loan company, signaling a push to deepen its financial services "as companies rush to capitalize on a friendly regulatory environment under the Trump administration," reports Reuters. From the report: If approved, the move will help PayPal to strengthen its lending offerings to small businesses in the U.S. as well as reduce its reliance on third parties. "Securing capital remains a significant hurdle for small businesses striving to grow and scale," said PayPal CEO Alex Chriss. "Establishing PayPal Bank will strengthen our business and improve our efficiency, enabling us to better support small business growth and economic opportunities across the U.S." PayPal also plans to offer interest-bearing savings accounts to customers. The company has provided over $30 billion in loans and capital since 2013, it said. [...] PayPal has selected Mara McNeill to serve as PayPal Bank's president. She comes with over two decades of experience in banking and commercial lending, and has previously served as the CEO of Toyota Financial Savings Bank.

Read more of this story at Slashdot.

Watchdog reviews if failures breached availability rules after downtime left millions unable to make calls

Ofcom has opened formal investigations into BT and Three after mobile outages this summer left Britons unable to make calls – including to emergency services.…

A new study warns that glaciers in the European Alps will hit their peak extinction rate within eight years, with global glacier loss accelerating toward thousands per year unless emissions are rapidly cut. "Glaciers in the western US and Canada are forecast to reach their peak year of loss less than a decade later, with more than 800 disappearing each year by then," adds the Guardian. From the report: About 200,000 glaciers remain worldwide, with about 750 disappearing each year. However, the research indicates this pace will accelerate rapidly as emissions from burning fossil fuels continue to be released into the atmosphere. Current climate action plans from governments are forecast to push global temperatures to about 2.7C above preindustrial levels, supercharging extreme weather. Under this scenario, glacier losses would peak at about 3,000 a year in 2040 and plateau at that rate until 2060. By the end of the century, 80% of today's glaciers will have gone. By contrast, rapid cuts to carbon emissions to keep global temperature rise to 1.5C would cap annual losses at about 2,000 a year in 2040, after which the rate would decline. [...] The new study, published in Nature Climate Change, analyzed more than 200,000 glaciers from a database of outlines derived from satellite images. The researchers used three global glacier models to assess their fate under different heating scenarios. Regions with the smallest and fastest-melting glaciers were found to be the most vulnerable. The study estimates the 3,200 glaciers in central Europe would shrink by 87% by 2100 -- even if global temperature rise is limited to 1.5C, rising to 97% under 2.7C of heating. In the western US and Canada, including Alaska, about 70% of today's 45,000 glaciers are projected to vanish under 1.5C of heating, and more than 90% under 2.7C. The Caucasus and southern Andes are also expected to face devastating losses. Larger glaciers take longer to melt, with those in Greenland reaching their peak extinction rate in about 2063 -- losing 40% by 2100 under 1.5C of heating and 59% under 2.7C. However, the melting is forecast to continue beyond 2100. The researchers said the peak loss dates represent more than a numerical milestone. "They mark turning points with profound implications for ecosystems, water resources and cultural heritage," they wrote. "[It is] a human story of vanishing landscapes, fading traditions and disrupted daily routines."

Read more of this story at Slashdot.

Bum note for 20 percent of users whose data leaked

Music hosting and streaming service SoundCloud has admitted it suffered a cyberattack.…

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

EV sales didn’t accelerate as hoped, so it will repurpose idling factories

Automotive giant Ford has decided to start a business building big batteries, in part to cash in on the datacenter construction boom.…

Once a star of the self-driving hype cycle, lidar maker Luminar has filed for bankruptcy amid legal turmoil, layoffs, and a cooling autonomous-vehicle market. It plans to sell off its assets before shutting down entirely. The Verge reports: As part of its bankruptcy, Luminar is seeking permission to sell both its lidar and semiconductor businesses, the latter of which it has already agreed to sell to Quantum Computing for $110 million. The company plans to continue to operate during the bankruptcy proceedings "to minimize disruptions and maintain delivery of its LiDAR hardware and software." That said, Luminar will cease to exist once the process is complete. "As we navigate this process, our top priority is to continue delivering the same quality, reliability and service our customers have come to expect from us," CEO Paul Ricci said in a statement. After launching in 2017, Luminar muscled its way to the front of the autonomous vehicle industry as a top maker of lidar systems, a key technology that driverless cars use to sense the shapes and distances of objects around them. Luminar has sold sensors to Mercedes-Benz, Volvo, Audi, Toyota Research Institute, Caterpillar, and even Tesla, which has dismissed lidar sensors in favor of traditional cameras. The company was valued at nearly $3 billion when it went public through a reverse merger with a SPAC in 2020.

Read more of this story at Slashdot.

After introducing an AI Mode shortcut earlier this year, Google has now added a new "plus" menu to its Search homepage, highlighting options for image and file uploads. 9to5Google reports: On google.com, the Search bar now has a plus icon at the far left that replaces the magnifying glass. Clicking lets you "Upload image" or "Upload file." It very much matches the AI Mode experience. Those two capabilities aren't new, but this plus menu does help emphasize that you can use Google to accomplish tasks, and not just find information. Additionally, it helps indicate that they can be used with AI Mode and AI Overviews. This is just available on desktop web (not mobile) and is live on all the devices we checked today, including across signed-out Incognito sessions.

Read more of this story at Slashdot.

Palantir's former IT boss just took over as CEO of Thrive-backed AI MSP platform

Former Palantir CIO Jim Siders has departed the company to join Shield Technology Partners as CEO, in a bid he says is meant to bring AI to bear in the sprawling managed services landscape.…

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw. Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

Read more of this story at Slashdot.