news aggregator

Researchers say tens of thousands of instances remain publicly reachable

Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.…

Operation Cronos didn’t kill LockBit – it just came back meaner

Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …

Digital ID will be mandatory in order to work in the UK, as part of plans to tackle illegal migration. From a report: Sir Keir Starmer said the new digital ID scheme would make it tougher to work in the UK illegally and offer "countless benefits" to citizens. However, opposition parties argued the proposals would not stop people crossing the Channel in small boats. The prime minister set out his plans in a broader speech to a gathering of world leaders, in which he said it had been "too easy" for people to work illegally in the UK because the centre-left had been "squeamish" about saying things that were "clearly true." Addressing the Global Progressive Action Conference in London - attended by politicians including Australian Prime Minister Anthony Albanese and Canadian Prime Minister Mark Carney - Sir Keir said it was time to "look ourselves in the mirror and recognise where we've allowed our parties to shy away from people's concerns." "It is not compassionate left-wing politics to rely on labour that exploits foreign workers and undercuts fair wages," he said. "The simple fact is that every nation needs to have control over its borders. We do need to know who is in our country."

Read more of this story at Slashdot.

As exorcist convention decries AI's potential for 'necromancy'

The CEO of a software testing company told a panel at Catholic University of America that AI will not create mass unemployment – though it could make people more stupid.…

Longtime Slashdot reader hackingbear writes: President Donald Trump signed an executive order Thursday that he says will allow TikTok to continue operating in the United States in a way that meets national security concerns. Trump's order will enable an American-led of group of investors to "buy the app" (up to 80% ownership) from China's ByteDance, though the deal is not yet finalized and also requires China's approval. However, much about the deal is still unknown. So, did the U.S. successfully snatch TikTok from ByteDance? It is probably up to individual's interpretation. As with any deals between U.S. and China, the devil is in the details. According Shen Yi, an internet influencer and a professor at Shanghai's Fudan University, what the U.S. investor will eventually take control of is an entity known as TikTok U.S. Data Security Company ("USDS"), which is a subsidiary of TikTok U.S. and is exclusively responsible to handle data security in the U.S.. ByteDance will continue, through its U.S. subsidiary "ByteDance TikTok U.S. Company," to operate business and other related activities (such as e-commerce, advertising for brands, and cross-border commercial activities). It is important to stress that "Byte TikTok U.S. Company" remains 100% owned by ByteDance through its global TikTok subsidiary -- this arrangement has not changed. The TikTok algorithm remains the property of ByteDance, only licensed to USDS for use. This point was in fact explicitly clarified by a relevant official of China's Cyberspace Administration at the press conference following the Madrid talks. After reaching the TikTok deal, Beijing and Washington are now selling it to their respective domestic audience, each highlighting the part of the deal that it can characterize as a win. Shen's details are not in conflict with the widely-reported account given by Karoline Leavitt, the White House Press Secretary, who emphasized "a new board with six American directors out of seven." Observers can also find the TikTok arrangement being very similar to that of Apple's iCloud operation in China being run by GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd.) while Apple retain controls of the brand and business.

Read more of this story at Slashdot.

More fun with AI agents and their security holes

A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…

The downstream consequences of Miljödata’s ransomware attack continue to affect major organizations

Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider.…