Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Submission + - VMware Prevents Some Perpetual License Holders From Downloading Patches (theregister.com)

Submitted by Anonymous Coward
An anonymous reader writes: Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for software subscriptions. Yet many customers in this situation run products that Broadcom continues to support with patches and updates.

In April 2024, Broadcom CEO Hock Tan promised “free access to zero-day security patches for supported versions of vSphere” so customers "are able to use perpetual licenses in a safe and secure fashion." VMware patches aren’t freely available; users must log on to Broadcom’s support portal to access the software. Some VMware users in this situation have told The Register that when they enter the portal they cannot download patches, and that VMware support staff have told them it may be 90 days before the software fixes become available.

Submission + - Brave browser blocks Microsoft Recall to protect user privacy (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: Brave just made it even clearer that it puts privacy first, and I’m here for it. Starting with version 1.81 on Windows, the browser will now block Microsoft Recall from logging your activity. That means no sneaky screenshots of your browsing sessions will end up in Recall’s controversial database.

Microsoft’s Recall feature has faced heavy criticism since it was first introduced in 2024. The tool automatically captured full-screen images every few seconds and stored them locally in plaintext. It didn’t take long for privacy experts to sound the alarm. With such a setup, any malware or person with access to your machine could sift through your digital life with ease.

Submission + - Clorox Sues Its 'Service Desk' Vendor For Simply Giving Out Passwords (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed. So you log in to the network with these new credentials and set about planting ransomware or exfiltrating data in the target network, eventually doing an estimated $380 million in damage. Easy, right?

According to The Clorox Company, which makes everything from lip balm to cat litter to charcoal to bleach, this is exactly what happened to it in 2023. But Clorox says that the "debilitating" breach was not its fault. It had outsourced the "service desk" part of its IT security operations to the massive services company Cognizant—and Clorox says that Cognizant failed to follow even the most basic agreed-upon procedures for running the service desk. In the words of a new Clorox lawsuit, Cognizant's behavior was "all a devastating lie," it "failed to show even scant care," and it was "aware that its employees were not adequately trained."

"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," says the lawsuit, using italics to indicate outrage emphasis. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over. Cognizant is on tape handing over the keys to Clorox’s corporate network to the cybercriminal—no authentication questions asked." [...] The new lawsuit, filed in California state courts, wants Cognizant to cough up millions of dollars to cover the damage Clorox says it suffered after weeks of disruption to its factories and ordering systems. (You can read a brief timeline of the disruption here.)

Comment KDE Neon (Score 1) 33

by x_t0ken_407 (#65161893) Attached to: KDE Plasma 6.3 Released

Been a KDE user since '09, and happily been running KDE Neon (stable variant) for a couple years now and it's been rock solid, despite it being "bleeding edge" KDE. I had growing pains a couple times (5.x -> 6.x, 22.04 -> 24.04), but nothing I couldn't overcome for a few days before fixed packages were released. Highly recommend for *nix newbs and vets

Slashdot Top Deals

There is no likelihood man can ever tap the power of the atom. -- Robert Millikan, Nobel Prize in Physics, 1923

Close