• Remedial Design: Touchscreen Backlash Prompts Aftermarket Control Knob and Buttons for Teslas

    Touchscreens were really cool 15 years ago, when the iPad first came out. Now that the novelty's worn off, more people seem to realize that navigating submenus sucks. Manufacturers, particularly automotive ones, love touchscreens because it reduces their production costs. But the user experience suffers for it, and leaves many craving physical knobs, buttons, dials and switches.A Bulgarian company called Enhance manufactures an aftermarket knob for the Tesla. In keeping with the puerility of the target market, it's called the S3XY Knob. The retrofittable knob, which comes in a housing flanked with four programmable buttons, communicates with the car via Bluetooth and Tesla's API. It's mounted in the center console and allows drivers to access the climate control, media playback, drive modes and more without needing to fuss with the touchscreen. Visual feedback comes via a small circular screen atop the knob.Here's a demo of what it can do:The company also makes standalone S3XY Buttons for Teslas that are user-programmable. They come with stickers of various functions. The knobs run about and buy-in for the buttons starts at for a four-pack.The question is whether these objects will proliferate, or if manufacturers will listen to customer feedback and give people the kinds of controls they actually like.
    #remedial #design #touchscreen #backlash #prompts
    Remedial Design: Touchscreen Backlash Prompts Aftermarket Control Knob and Buttons for Teslas
    Touchscreens were really cool 15 years ago, when the iPad first came out. Now that the novelty's worn off, more people seem to realize that navigating submenus sucks. Manufacturers, particularly automotive ones, love touchscreens because it reduces their production costs. But the user experience suffers for it, and leaves many craving physical knobs, buttons, dials and switches.A Bulgarian company called Enhance manufactures an aftermarket knob for the Tesla. In keeping with the puerility of the target market, it's called the S3XY Knob. The retrofittable knob, which comes in a housing flanked with four programmable buttons, communicates with the car via Bluetooth and Tesla's API. It's mounted in the center console and allows drivers to access the climate control, media playback, drive modes and more without needing to fuss with the touchscreen. Visual feedback comes via a small circular screen atop the knob.Here's a demo of what it can do:The company also makes standalone S3XY Buttons for Teslas that are user-programmable. They come with stickers of various functions. The knobs run about and buy-in for the buttons starts at for a four-pack.The question is whether these objects will proliferate, or if manufacturers will listen to customer feedback and give people the kinds of controls they actually like. #remedial #design #touchscreen #backlash #prompts
    WWW.CORE77.COM
    Remedial Design: Touchscreen Backlash Prompts Aftermarket Control Knob and Buttons for Teslas
    Touchscreens were really cool 15 years ago, when the iPad first came out. Now that the novelty's worn off, more people seem to realize that navigating submenus sucks. Manufacturers, particularly automotive ones, love touchscreens because it reduces their production costs. But the user experience suffers for it, and leaves many craving physical knobs, buttons, dials and switches.A Bulgarian company called Enhance manufactures an aftermarket knob for the Tesla. In keeping with the puerility of the target market, it's called the S3XY Knob. The retrofittable knob, which comes in a housing flanked with four programmable buttons, communicates with the car via Bluetooth and Tesla's API. It's mounted in the center console and allows drivers to access the climate control, media playback, drive modes and more without needing to fuss with the touchscreen. Visual feedback comes via a small circular screen atop the knob.Here's a demo of what it can do:The company also makes standalone S3XY Buttons for Teslas that are user-programmable. They come with stickers of various functions. The knobs run about $450, and buy-in for the buttons starts at $330 for a four-pack.The question is whether these objects will proliferate, or if manufacturers will listen to customer feedback and give people the kinds of controls they actually like.
    0 Comentários 0 Compartilhamentos
  • Core77 Weekly Roundup (5-27-25 to 5-30-25)

    Here's what we looked at this week:Crucial Detail's Ona Wine Chiller is an unusual-looking object for keeping wine bottles cool. Marc 3DP's love letter to 3D-printed fidget toys.A jeweler shows you her method for making Trinity Rings.The Newave: A modular surfboard that breaks down for transport.Inside the design of the Delta Three Oscar Halo system, a high-end ballistic helmet liner.China hosts world's first humanoid robot fighting competition, and more are on the way.Remedial design: Touchscreen backlash prompts aftermarket control knob and buttons for Teslas.Mafell's crazy pull-push portable table saw.A Dutch-Danish housing crunch solution: Build floating neighborhoods.MAFGA?Swatchbox's Second Life Samples program is an easy way to recycle your firm's material samples.Extreme package design: The Art Edition of the "Calatrava - Complete Works" book.Once known for scissors, Fiskars has a hit with a demolition tool, their Pro IsoCore Wrecking Bar.A modern take on the doorknob by industrial designer Will Zhang.Industrial design case study: PDR brings dignity to catheter bags.
    #core77 #weekly #roundup
    Core77 Weekly Roundup (5-27-25 to 5-30-25)
    Here's what we looked at this week:Crucial Detail's Ona Wine Chiller is an unusual-looking object for keeping wine bottles cool. Marc 3DP's love letter to 3D-printed fidget toys.A jeweler shows you her method for making Trinity Rings.The Newave: A modular surfboard that breaks down for transport.Inside the design of the Delta Three Oscar Halo system, a high-end ballistic helmet liner.China hosts world's first humanoid robot fighting competition, and more are on the way.Remedial design: Touchscreen backlash prompts aftermarket control knob and buttons for Teslas.Mafell's crazy pull-push portable table saw.A Dutch-Danish housing crunch solution: Build floating neighborhoods.MAFGA?Swatchbox's Second Life Samples program is an easy way to recycle your firm's material samples.Extreme package design: The Art Edition of the "Calatrava - Complete Works" book.Once known for scissors, Fiskars has a hit with a demolition tool, their Pro IsoCore Wrecking Bar.A modern take on the doorknob by industrial designer Will Zhang.Industrial design case study: PDR brings dignity to catheter bags. #core77 #weekly #roundup
    WWW.CORE77.COM
    Core77 Weekly Roundup (5-27-25 to 5-30-25)
    Here's what we looked at this week:Crucial Detail's Ona Wine Chiller is an unusual-looking object for keeping wine bottles cool. Marc 3DP's love letter to 3D-printed fidget toys.A jeweler shows you her method for making Trinity Rings.The Newave: A modular surfboard that breaks down for transport.Inside the design of the Delta Three Oscar Halo system, a high-end ballistic helmet liner.China hosts world's first humanoid robot fighting competition, and more are on the way.Remedial design: Touchscreen backlash prompts aftermarket control knob and buttons for Teslas.Mafell's crazy pull-push portable table saw.A Dutch-Danish housing crunch solution: Build floating neighborhoods.MAFGA (Make American Fonts Great Again)?Swatchbox's Second Life Samples program is an easy way to recycle your firm's material samples.Extreme package design: The Art Edition of the "Calatrava - Complete Works" book.Once known for scissors, Fiskars has a hit with a demolition tool, their Pro IsoCore Wrecking Bar.A modern take on the doorknob by industrial designer Will Zhang.Industrial design case study: PDR brings dignity to catheter bags.
    0 Comentários 0 Compartilhamentos
  • ‘Check your PI cover’ warning to architects after Supreme Court ruling

    Developers have a ‘clearer path’ to pursue architects who design unsafe buildings following a recent Supreme Court ruling, legal experts have warned

    The judgement, which interprets important elements of the Building Safety Act 2022and the Defective Premises Act 1972, heightens the need for practices to hold ‘comprehensive’ professional indemnityinsurance, according to top lawyers.
    Earlier this monththe Supreme Court ruled that BDW, the main trading arm of Barratt Developments, was able to pursue damages from structural engineering company URS for alleged negligence in provision of design services for two residential schemes. This was despite BDW undertaking remedial works on the properties voluntarily more than three years ago and no longer owning the buildings.
    Judges dismissed the engineering firm’s latest appeal against BDW’s right to claim for compensation on all four grounds.Advertisement

    Nick Stockley, partner at law firm Mayo Wynne Baxter, said: ‘This ruling creates an easier route for builders to reclaim losses that they incur for the actions of design contractors.
    ‘It suggests that the time-out defence is no longer a fail-safe if the genuine blame rests with a design contractor. The ruling also takes away any voluntary-decision defence that either a design contractor or architect may try to raise.
    ‘It means that any design contractor needs to maintain insurance that extends to their work, irrespective of when the work was carried out.
    ‘An architect’s work should always be covered by professional indemnity insurance but that cover will need to be more extensive. An architect should review any existing insurance policy cover in order to check that that policy extends to all work carried out by the architect.’
    The two projects at the centre of the BDW claim are Capital East in London and Freemens Meadow in Leicester. Advertisement

    The housebuilder carried out voluntary remedial works at these properties in 2020 and 2021, despite no longer owning them, after defects were discovered that created a danger to occupants.  
    It claimed damages from URS but the engineering firm appealed, initially to the Court of Appeal then to the Supreme Court, arguing that a voluntary act could not lead to recoverable losses, and only claims brought by a property owner under the DPA were subject to an extended 30-year limitation period. 
    URS claimed that a third party could not be owed a duty under the DPA and added that a contribution for liability could only be made once a settlement was finalised. 
    However, the Supreme Court found in BDW’s favour, saying that URS’s interpretation of the law ‘would penalise responsible developers, such as such as BDW, who had been pro-active in investigating, identifying and remedying building safety defects’. 
    It said DPA would ‘better serve the policy of ensuring the safety of dwellings’ if it had a wider application, ruling that ‘BDW itself has rights under the DPA against a party primarily liable for the defects’. 
    It added that BDW had ‘acted responsibly’ and ‘in accordance with the government’s strong encouragement’ in carrying out remediation work at Capital East and Freemens Meadow, concluding: ‘Penalisation ofdevelopers would be contrary to the purpose of the legislation’.
    Rob Horne, head of construction disputes for Osbourne Clarke, which represented BDW, said: ‘For residential developers there is now significantly more clarity over the full effect of the retrospective limitation period introduced by the BSA.
    ‘Ultimately, the aim of the BSA was to ensure that safety failures are properly addressed and that those responsible bear the costs. This case furthers that aim by ensuring that developers have a clearer path to recover funds from designers and constructors who designed and built unsafe buildings.’ 
    Horne added: ‘The Supreme Court has commented that proactive developers who, in effect, do the right thing in effecting necessary safety works, should not be penalised by having rights of recovery barred. 
    ‘Such developers are able to recover the remedial costs from those most responsible for the safety defects in question.’ 
    ‘This reading gives the Defective Premises Act far more teeth’
    Julia Tobbell, partner at law firm Forsters, said the decision will be ‘a relief to proactive developers’ as, ‘although their decision to voluntarily take on repairs may be a factor in assessing reasonableness of mitigation, it does not bar them in principle from being able to recover from negligent contractors’. 
    She added: ‘The court also found that the duty to build homes properly under Section 1 of the PDA is not just for the benefit of the homeowner, but also the developer who procures the contractor to carry out the works.  
    ‘The developer can both owe a dutyand be owed a duty; this reading gives the DPA far more teeth.’ 

    2025-05-30
    Will Ing

    comment and share
    #check #your #cover #warning #architects
    ‘Check your PI cover’ warning to architects after Supreme Court ruling
    Developers have a ‘clearer path’ to pursue architects who design unsafe buildings following a recent Supreme Court ruling, legal experts have warned The judgement, which interprets important elements of the Building Safety Act 2022and the Defective Premises Act 1972, heightens the need for practices to hold ‘comprehensive’ professional indemnityinsurance, according to top lawyers. Earlier this monththe Supreme Court ruled that BDW, the main trading arm of Barratt Developments, was able to pursue damages from structural engineering company URS for alleged negligence in provision of design services for two residential schemes. This was despite BDW undertaking remedial works on the properties voluntarily more than three years ago and no longer owning the buildings. Judges dismissed the engineering firm’s latest appeal against BDW’s right to claim for compensation on all four grounds.Advertisement Nick Stockley, partner at law firm Mayo Wynne Baxter, said: ‘This ruling creates an easier route for builders to reclaim losses that they incur for the actions of design contractors. ‘It suggests that the time-out defence is no longer a fail-safe if the genuine blame rests with a design contractor. The ruling also takes away any voluntary-decision defence that either a design contractor or architect may try to raise. ‘It means that any design contractor needs to maintain insurance that extends to their work, irrespective of when the work was carried out. ‘An architect’s work should always be covered by professional indemnity insurance but that cover will need to be more extensive. An architect should review any existing insurance policy cover in order to check that that policy extends to all work carried out by the architect.’ The two projects at the centre of the BDW claim are Capital East in London and Freemens Meadow in Leicester. Advertisement The housebuilder carried out voluntary remedial works at these properties in 2020 and 2021, despite no longer owning them, after defects were discovered that created a danger to occupants.   It claimed damages from URS but the engineering firm appealed, initially to the Court of Appeal then to the Supreme Court, arguing that a voluntary act could not lead to recoverable losses, and only claims brought by a property owner under the DPA were subject to an extended 30-year limitation period.  URS claimed that a third party could not be owed a duty under the DPA and added that a contribution for liability could only be made once a settlement was finalised.  However, the Supreme Court found in BDW’s favour, saying that URS’s interpretation of the law ‘would penalise responsible developers, such as such as BDW, who had been pro-active in investigating, identifying and remedying building safety defects’.  It said DPA would ‘better serve the policy of ensuring the safety of dwellings’ if it had a wider application, ruling that ‘BDW itself has rights under the DPA against a party primarily liable for the defects’.  It added that BDW had ‘acted responsibly’ and ‘in accordance with the government’s strong encouragement’ in carrying out remediation work at Capital East and Freemens Meadow, concluding: ‘Penalisation ofdevelopers would be contrary to the purpose of the legislation’. Rob Horne, head of construction disputes for Osbourne Clarke, which represented BDW, said: ‘For residential developers there is now significantly more clarity over the full effect of the retrospective limitation period introduced by the BSA. ‘Ultimately, the aim of the BSA was to ensure that safety failures are properly addressed and that those responsible bear the costs. This case furthers that aim by ensuring that developers have a clearer path to recover funds from designers and constructors who designed and built unsafe buildings.’  Horne added: ‘The Supreme Court has commented that proactive developers who, in effect, do the right thing in effecting necessary safety works, should not be penalised by having rights of recovery barred.  ‘Such developers are able to recover the remedial costs from those most responsible for the safety defects in question.’  ‘This reading gives the Defective Premises Act far more teeth’ Julia Tobbell, partner at law firm Forsters, said the decision will be ‘a relief to proactive developers’ as, ‘although their decision to voluntarily take on repairs may be a factor in assessing reasonableness of mitigation, it does not bar them in principle from being able to recover from negligent contractors’.  She added: ‘The court also found that the duty to build homes properly under Section 1 of the PDA is not just for the benefit of the homeowner, but also the developer who procures the contractor to carry out the works.   ‘The developer can both owe a dutyand be owed a duty; this reading gives the DPA far more teeth.’  2025-05-30 Will Ing comment and share #check #your #cover #warning #architects
    WWW.ARCHITECTSJOURNAL.CO.UK
    ‘Check your PI cover’ warning to architects after Supreme Court ruling
    Developers have a ‘clearer path’ to pursue architects who design unsafe buildings following a recent Supreme Court ruling, legal experts have warned The judgement, which interprets important elements of the Building Safety Act 2022 (BSA) and the Defective Premises Act 1972 (DPA), heightens the need for practices to hold ‘comprehensive’ professional indemnity (PI) insurance, according to top lawyers. Earlier this month (21 May) the Supreme Court ruled that BDW, the main trading arm of Barratt Developments, was able to pursue damages from structural engineering company URS for alleged negligence in provision of design services for two residential schemes. This was despite BDW undertaking remedial works on the properties voluntarily more than three years ago and no longer owning the buildings. Judges dismissed the engineering firm’s latest appeal against BDW’s right to claim for compensation on all four grounds.Advertisement Nick Stockley, partner at law firm Mayo Wynne Baxter, said: ‘This ruling creates an easier route for builders to reclaim losses that they incur for the actions of design contractors. ‘It suggests that the time-out defence is no longer a fail-safe if the genuine blame rests with a design contractor. The ruling also takes away any voluntary-decision defence that either a design contractor or architect may try to raise. ‘It means that any design contractor needs to maintain insurance that extends to their work, irrespective of when the work was carried out. ‘An architect’s work should always be covered by professional indemnity insurance but that cover will need to be more extensive. An architect should review any existing insurance policy cover in order to check that that policy extends to all work carried out by the architect.’ The two projects at the centre of the BDW claim are Capital East in London and Freemens Meadow in Leicester. Advertisement The housebuilder carried out voluntary remedial works at these properties in 2020 and 2021, despite no longer owning them, after defects were discovered that created a danger to occupants.   It claimed damages from URS but the engineering firm appealed, initially to the Court of Appeal then to the Supreme Court, arguing that a voluntary act could not lead to recoverable losses, and only claims brought by a property owner under the DPA were subject to an extended 30-year limitation period.  URS claimed that a third party could not be owed a duty under the DPA and added that a contribution for liability could only be made once a settlement was finalised.  However, the Supreme Court found in BDW’s favour, saying that URS’s interpretation of the law ‘would penalise responsible developers, such as such as BDW, who had been pro-active in investigating, identifying and remedying building safety defects’.  It said DPA would ‘better serve the policy of ensuring the safety of dwellings’ if it had a wider application, ruling that ‘BDW itself has rights under the DPA against a party primarily liable for the defects’.  It added that BDW had ‘acted responsibly’ and ‘in accordance with the government’s strong encouragement’ in carrying out remediation work at Capital East and Freemens Meadow, concluding: ‘Penalisation of [such] developers would be contrary to the purpose of the legislation’. Rob Horne, head of construction disputes for Osbourne Clarke, which represented BDW, said: ‘For residential developers there is now significantly more clarity over the full effect of the retrospective limitation period introduced by the BSA. ‘Ultimately, the aim of the BSA was to ensure that safety failures are properly addressed and that those responsible bear the costs. This case furthers that aim by ensuring that developers have a clearer path to recover funds from designers and constructors who designed and built unsafe buildings.’  Horne added: ‘The Supreme Court has commented that proactive developers who, in effect, do the right thing in effecting necessary safety works, should not be penalised by having rights of recovery barred.  ‘Such developers are able to recover the remedial costs from those most responsible for the safety defects in question.’  ‘This reading gives the Defective Premises Act far more teeth’ Julia Tobbell, partner at law firm Forsters, said the decision will be ‘a relief to proactive developers’ as, ‘although their decision to voluntarily take on repairs may be a factor in assessing reasonableness of mitigation, it does not bar them in principle from being able to recover from negligent contractors’.  She added: ‘The court also found that the duty to build homes properly under Section 1 of the PDA is not just for the benefit of the homeowner, but also the developer who procures the contractor to carry out the works.   ‘The developer can both owe a duty (to the homeowner) and be owed a duty (by the contractor); this reading gives the DPA far more teeth.’  2025-05-30 Will Ing comment and share
    0 Comentários 0 Compartilhamentos
  • CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

    May 23, 2025Ravie LakshmananCloud Security / Vulnerability
    The U.S. Cybersecurity and Infrastructure Security Agencyon Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment.
    "Threat actors may have accessed client secrets for Commvault'sMicrosoft 365backup software-as-a-servicesolution, hosted in Azure," the agency said.
    "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault."
    CISA further noted that the activity may be part of a broader campaign targeting various software-as-a-serviceproviders' cloud infrastructures with default configurations and elevated permissions.
    The advisory comes weeks after Commvault revealed that Microsoft notified the company in February 2025 of unauthorized activity by a nation-state threat actor within its Azure environment.
    The incident led to the discovery that the threat actors had been exploiting a zero-day vulnerability, an unspecified flaw in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells.
    "Based on industry experts, this threat actor uses sophisticated techniques to try to gain access to customer M365 environments," Commvault said in an announcement. "This threat actor may have accessed a subset of app credentials that certain Commvault customers use to authenticate their M365 environments."

    Commvault said it has taken several remedial actions, including rotating app credentials for M365, but emphasized that there has been no unauthorized access to customer backup data.
    To mitigate such threats, CISA is recommending that users and administrators follow the below guidelines -

    Monitor Entra audit logs for unauthorized modifications or additions of credentials to service principals initiated by Commvault applications/service principals
    Review Microsoft logsand conduct internal threat hunting
    For single tenant apps, implement a conditional access policy that limits authentication of an application service principal to an approved IP address that is listed within Commvault's allowlisted range of IP addresses
    Review the list of Application Registrations and Service Principals in Entra with administrative consent for higher privileges than the business need
    Restrict access to Commvault management interfaces to trusted networks and administrative systems
    Detect and block path-traversal attempts and suspicious file uploads by deploying a Web Application Firewall and removing external access to Commvault applications

    CISA, which added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog in late April 2025, said it's continuing to investigate the malicious activity in collaboration with partner organizations.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #cisa #warns #suspected #broader #saas
    CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
    May 23, 2025Ravie LakshmananCloud Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agencyon Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault'sMicrosoft 365backup software-as-a-servicesolution, hosted in Azure," the agency said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." CISA further noted that the activity may be part of a broader campaign targeting various software-as-a-serviceproviders' cloud infrastructures with default configurations and elevated permissions. The advisory comes weeks after Commvault revealed that Microsoft notified the company in February 2025 of unauthorized activity by a nation-state threat actor within its Azure environment. The incident led to the discovery that the threat actors had been exploiting a zero-day vulnerability, an unspecified flaw in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells. "Based on industry experts, this threat actor uses sophisticated techniques to try to gain access to customer M365 environments," Commvault said in an announcement. "This threat actor may have accessed a subset of app credentials that certain Commvault customers use to authenticate their M365 environments." Commvault said it has taken several remedial actions, including rotating app credentials for M365, but emphasized that there has been no unauthorized access to customer backup data. To mitigate such threats, CISA is recommending that users and administrators follow the below guidelines - Monitor Entra audit logs for unauthorized modifications or additions of credentials to service principals initiated by Commvault applications/service principals Review Microsoft logsand conduct internal threat hunting For single tenant apps, implement a conditional access policy that limits authentication of an application service principal to an approved IP address that is listed within Commvault's allowlisted range of IP addresses Review the list of Application Registrations and Service Principals in Entra with administrative consent for higher privileges than the business need Restrict access to Commvault management interfaces to trusted networks and administrative systems Detect and block path-traversal attempts and suspicious file uploads by deploying a Web Application Firewall and removing external access to Commvault applications CISA, which added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog in late April 2025, said it's continuing to investigate the malicious activity in collaboration with partner organizations. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #cisa #warns #suspected #broader #saas
    THEHACKERNEWS.COM
    CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
    May 23, 2025Ravie LakshmananCloud Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," the agency said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." CISA further noted that the activity may be part of a broader campaign targeting various software-as-a-service (SaaS) providers' cloud infrastructures with default configurations and elevated permissions. The advisory comes weeks after Commvault revealed that Microsoft notified the company in February 2025 of unauthorized activity by a nation-state threat actor within its Azure environment. The incident led to the discovery that the threat actors had been exploiting a zero-day vulnerability (CVE-2025-3928), an unspecified flaw in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells. "Based on industry experts, this threat actor uses sophisticated techniques to try to gain access to customer M365 environments," Commvault said in an announcement. "This threat actor may have accessed a subset of app credentials that certain Commvault customers use to authenticate their M365 environments." Commvault said it has taken several remedial actions, including rotating app credentials for M365, but emphasized that there has been no unauthorized access to customer backup data. To mitigate such threats, CISA is recommending that users and administrators follow the below guidelines - Monitor Entra audit logs for unauthorized modifications or additions of credentials to service principals initiated by Commvault applications/service principals Review Microsoft logs (Entra audit, Entra sign-in, unified audit logs) and conduct internal threat hunting For single tenant apps, implement a conditional access policy that limits authentication of an application service principal to an approved IP address that is listed within Commvault's allowlisted range of IP addresses Review the list of Application Registrations and Service Principals in Entra with administrative consent for higher privileges than the business need Restrict access to Commvault management interfaces to trusted networks and administrative systems Detect and block path-traversal attempts and suspicious file uploads by deploying a Web Application Firewall and removing external access to Commvault applications CISA, which added CVE-2025-3928 to its Known Exploited Vulnerabilities Catalog in late April 2025, said it's continuing to investigate the malicious activity in collaboration with partner organizations. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    0 Comentários 0 Compartilhamentos
  • Why console makers can legally brick your game console

    Who owns what?

    Why console makers can legally brick your game console

    "If the abilityis there, someone will want to 'see how it goes.'"

    Kyle Orland



    May 22, 2025 6:09 pm

    |

    13

    The martial artist is a console maker. The brick is your console.

    Credit:

    Getty Images

    The martial artist is a console maker. The brick is your console.

    Credit:

    Getty Images

    Story text

    Size

    Small
    Standard
    Large

    Width
    *

    Standard
    Wide

    Links

    Standard
    Orange

    * Subscribers only
      Learn more

    Earlier this month, Nintendo received a lot of negative attention for an end-user license agreementupdate granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so.
    Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software.
    If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software.
    The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment."
    Microsoft, if anything, is even more straightforward in its Xbox Software License Agreement. Efforts to "install Unauthorized Software" or "defeat or circumvent any... technical limitation, security, or anti-piracy system" can mean that "your Xbox Console, Kinect Sensor or Authorized Accessory may stop working permanently at that time or after a later Xbox Software update," the company writes. While it's unclear how far back in history this legal clause goes, the mention of the now-defunct Kinect sensor suggests it dates back at least to the Xbox One era.

    A prototype SX Core device soldered to a Nintendo Switch motherboard.

    Credit:
    Team Xeceuter

    A prototype SX Core device soldered to a Nintendo Switch motherboard.

    Credit:

    Team Xeceuter

    While console makers routinely ban players and consoles from online play and services, remotely bricking a game console's offline capabilities for EULA violations seems exceedingly rare in practice. Even when cases of public console hacking have led to protracted legal fights—such as George Hotz's saga with the PS3 or Team Xecuter's Switch jailbreaks—console makers don't seem to have used technical means to completely disable offline functions for specific consoles.
    In 2015, Microsoft even went so far as to actively deny reports that it had bricked a console associated with a leak of an early Gears of War beta. "To be clear, if a console is suspended from Xbox Live for a violation of the Terms of Use, it can still be used offline," Microsoft said at the time. "Microsoft enforcement action does not result in a console becoming unusable."
    That said, it appears console makers sometimes take steps to remotely brick consoles after they've been reported stolen. It's not hard to find online reports of people buying used consoles only to find that they had been rendered entirely useless due to a prior theft. As always with secondhand hardware, let the buyer beware.
    They have thepower
    Just because the major console makers don't tend to make use of the "brick switch" on their hardware doesn't mean they don't have the legal right to do so. "Although users own the hardware, the software that's needed to run it is subject to a license agreement," attorney Jon Loiterman told Ars. "If you violate the license terms, Nintendo has the right to revoke your access to that software. It's less common for software makers to revoke access to software in a way that disables hardware you bought from them, but the principle is the same."
    While these kinds of "bricking" clauses haven't been tested in court, lawyers who spoke to Ars felt they would probably hold up to judicial review. That's especially true if the facts of the "bricking" case centered around software piracy or some other method of getting around digital rights protections baked into the console itself.

    Consoles like these may get banned from Nintendo's online services, but they tend to still work offline.

    Credit:
    Kate Temkin / ReSwitched

    Consoles like these may get banned from Nintendo's online services, but they tend to still work offline.

    Credit:

    Kate Temkin / ReSwitched

    "Unfortunately, 'bricking' personal devices to limit users’ rights and control their behavior is nothing new," Electronic Frontier Foundation attorney Victoria Noble told Ars Technica. "It would likely take selective enforcement to rise to a problematic level," attorney Richard Hoeg said.
    Last year, a collection of 17 consumer groups urged the Federal Trade Commission to take a look at the way companies use the so-called practice of "software tethering" to control a device's hardware features after purchase. Thus far, though, the federal consumer watchdog has shown little interest in enforcing complaints against companies that do so.
    "Companies should not use EULAs to strip people of rights that we normally associate with ownership, like the right to tinker with or modify their own personal devices," Noble told Ars. "owners deserve the right to make otherwise legal modifications to their own devices without fear that a company will punish them by remotely bricking their."
    The court of public opinion
    In the end, these kinds of draconian bricking clauses may be doing their job even if the console makers involved don't invoke them. "In practice, I expect this kind of thing is more about scaring people away from jailbreaking and modifying their systems and that Nintendo is unlikely to go about bricking large volumes of devices, even if they technically have the right to," Loiterman said.
    "Just because they put a remedy in the EULA doesn’t mean they will certainly use it either," attorney Mark Methenitis said. "My suspicion is this is to go after the people who eventually succeeded in jailbreaking the original Switch and try to prevent that for the Switch 2."
    The threat of public backlash could also hold the console makers back from limiting the offline functionality of any hacked consoles. After citing public scrutiny that companies like Tesla, Keurig, and John Deere faced for limiting hardware via software updates, Methenitis said that he "would imagine Nintendo would suffer similar bad publicity if they push things too far."
    That said, legal capacities can sometimes tend to invite their own use. "If the ability is there, someone will want to 'see how it goes.'" Hoeg said.

    Kyle Orland
    Senior Gaming Editor

    Kyle Orland
    Senior Gaming Editor

    Kyle Orland has been the Senior Gaming Editor at Ars Technica since 2012, writing primarily about the business, tech, and culture behind video games. He has journalism and computer science degrees from University of Maryland. He once wrote a whole book about Minesweeper.

    13 Comments
    #why #console #makers #can #legally
    Why console makers can legally brick your game console
    Who owns what? Why console makers can legally brick your game console "If the abilityis there, someone will want to 'see how it goes.'" Kyle Orland – May 22, 2025 6:09 pm | 13 The martial artist is a console maker. The brick is your console. Credit: Getty Images The martial artist is a console maker. The brick is your console. Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Earlier this month, Nintendo received a lot of negative attention for an end-user license agreementupdate granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so. Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software. If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software. The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment." Microsoft, if anything, is even more straightforward in its Xbox Software License Agreement. Efforts to "install Unauthorized Software" or "defeat or circumvent any... technical limitation, security, or anti-piracy system" can mean that "your Xbox Console, Kinect Sensor or Authorized Accessory may stop working permanently at that time or after a later Xbox Software update," the company writes. While it's unclear how far back in history this legal clause goes, the mention of the now-defunct Kinect sensor suggests it dates back at least to the Xbox One era. A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter While console makers routinely ban players and consoles from online play and services, remotely bricking a game console's offline capabilities for EULA violations seems exceedingly rare in practice. Even when cases of public console hacking have led to protracted legal fights—such as George Hotz's saga with the PS3 or Team Xecuter's Switch jailbreaks—console makers don't seem to have used technical means to completely disable offline functions for specific consoles. In 2015, Microsoft even went so far as to actively deny reports that it had bricked a console associated with a leak of an early Gears of War beta. "To be clear, if a console is suspended from Xbox Live for a violation of the Terms of Use, it can still be used offline," Microsoft said at the time. "Microsoft enforcement action does not result in a console becoming unusable." That said, it appears console makers sometimes take steps to remotely brick consoles after they've been reported stolen. It's not hard to find online reports of people buying used consoles only to find that they had been rendered entirely useless due to a prior theft. As always with secondhand hardware, let the buyer beware. They have thepower Just because the major console makers don't tend to make use of the "brick switch" on their hardware doesn't mean they don't have the legal right to do so. "Although users own the hardware, the software that's needed to run it is subject to a license agreement," attorney Jon Loiterman told Ars. "If you violate the license terms, Nintendo has the right to revoke your access to that software. It's less common for software makers to revoke access to software in a way that disables hardware you bought from them, but the principle is the same." While these kinds of "bricking" clauses haven't been tested in court, lawyers who spoke to Ars felt they would probably hold up to judicial review. That's especially true if the facts of the "bricking" case centered around software piracy or some other method of getting around digital rights protections baked into the console itself. Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched "Unfortunately, 'bricking' personal devices to limit users’ rights and control their behavior is nothing new," Electronic Frontier Foundation attorney Victoria Noble told Ars Technica. "It would likely take selective enforcement to rise to a problematic level," attorney Richard Hoeg said. Last year, a collection of 17 consumer groups urged the Federal Trade Commission to take a look at the way companies use the so-called practice of "software tethering" to control a device's hardware features after purchase. Thus far, though, the federal consumer watchdog has shown little interest in enforcing complaints against companies that do so. "Companies should not use EULAs to strip people of rights that we normally associate with ownership, like the right to tinker with or modify their own personal devices," Noble told Ars. "owners deserve the right to make otherwise legal modifications to their own devices without fear that a company will punish them by remotely bricking their." The court of public opinion In the end, these kinds of draconian bricking clauses may be doing their job even if the console makers involved don't invoke them. "In practice, I expect this kind of thing is more about scaring people away from jailbreaking and modifying their systems and that Nintendo is unlikely to go about bricking large volumes of devices, even if they technically have the right to," Loiterman said. "Just because they put a remedy in the EULA doesn’t mean they will certainly use it either," attorney Mark Methenitis said. "My suspicion is this is to go after the people who eventually succeeded in jailbreaking the original Switch and try to prevent that for the Switch 2." The threat of public backlash could also hold the console makers back from limiting the offline functionality of any hacked consoles. After citing public scrutiny that companies like Tesla, Keurig, and John Deere faced for limiting hardware via software updates, Methenitis said that he "would imagine Nintendo would suffer similar bad publicity if they push things too far." That said, legal capacities can sometimes tend to invite their own use. "If the ability is there, someone will want to 'see how it goes.'" Hoeg said. Kyle Orland Senior Gaming Editor Kyle Orland Senior Gaming Editor Kyle Orland has been the Senior Gaming Editor at Ars Technica since 2012, writing primarily about the business, tech, and culture behind video games. He has journalism and computer science degrees from University of Maryland. He once wrote a whole book about Minesweeper. 13 Comments #why #console #makers #can #legally
    ARSTECHNICA.COM
    Why console makers can legally brick your game console
    Who owns what? Why console makers can legally brick your game console "If the ability [to brick a console] is there, someone will want to 'see how it goes.'" Kyle Orland – May 22, 2025 6:09 pm | 13 The martial artist is a console maker. The brick is your console. Credit: Getty Images The martial artist is a console maker. The brick is your console. Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Earlier this month, Nintendo received a lot of negative attention for an end-user license agreement (EULA) update granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so. Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software (emphasis added). If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software. The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment." Microsoft, if anything, is even more straightforward in its Xbox Software License Agreement. Efforts to "install Unauthorized Software" or "defeat or circumvent any... technical limitation, security, or anti-piracy system" can mean that "your Xbox Console, Kinect Sensor or Authorized Accessory may stop working permanently at that time or after a later Xbox Software update," the company writes. While it's unclear how far back in history this legal clause goes, the mention of the now-defunct Kinect sensor suggests it dates back at least to the Xbox One era. A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter While console makers routinely ban players and consoles from online play and services, remotely bricking a game console's offline capabilities for EULA violations seems exceedingly rare in practice. Even when cases of public console hacking have led to protracted legal fights—such as George Hotz's saga with the PS3 or Team Xecuter's Switch jailbreaks—console makers don't seem to have used technical means to completely disable offline functions for specific consoles. In 2015, Microsoft even went so far as to actively deny reports that it had bricked a console associated with a leak of an early Gears of War beta. "To be clear, if a console is suspended from Xbox Live for a violation of the Terms of Use, it can still be used offline," Microsoft said at the time. "Microsoft enforcement action does not result in a console becoming unusable." That said, it appears console makers sometimes take steps to remotely brick consoles after they've been reported stolen. It's not hard to find online reports of people buying used consoles only to find that they had been rendered entirely useless due to a prior theft. As always with secondhand hardware, let the buyer beware. They have the (legal) power Just because the major console makers don't tend to make use of the "brick switch" on their hardware doesn't mean they don't have the legal right to do so. "Although users own the hardware, the software that's needed to run it is subject to a license agreement," attorney Jon Loiterman told Ars. "If you violate the license terms, Nintendo has the right to revoke your access to that software. It's less common for software makers to revoke access to software in a way that disables hardware you bought from them, but the principle is the same." While these kinds of "bricking" clauses haven't been tested in court, lawyers who spoke to Ars felt they would probably hold up to judicial review. That's especially true if the facts of the "bricking" case centered around software piracy or some other method of getting around digital rights protections baked into the console itself. Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched "Unfortunately, 'bricking' personal devices to limit users’ rights and control their behavior is nothing new," Electronic Frontier Foundation attorney Victoria Noble told Ars Technica. "It would likely take selective enforcement to rise to a problematic level [in court]," attorney Richard Hoeg said. Last year, a collection of 17 consumer groups urged the Federal Trade Commission to take a look at the way companies use the so-called practice of "software tethering" to control a device's hardware features after purchase. Thus far, though, the federal consumer watchdog has shown little interest in enforcing complaints against companies that do so. "Companies should not use EULAs to strip people of rights that we normally associate with ownership, like the right to tinker with or modify their own personal devices," Noble told Ars. "[Console] owners deserve the right to make otherwise legal modifications to their own devices without fear that a company will punish them by remotely bricking their [systems]." The court of public opinion In the end, these kinds of draconian bricking clauses may be doing their job even if the console makers involved don't invoke them. "In practice, I expect this kind of thing is more about scaring people away from jailbreaking and modifying their systems and that Nintendo is unlikely to go about bricking large volumes of devices, even if they technically have the right to," Loiterman said. "Just because they put a remedy in the EULA doesn’t mean they will certainly use it either," attorney Mark Methenitis said. "My suspicion is this is to go after the people who eventually succeeded in jailbreaking the original Switch and try to prevent that for the Switch 2." The threat of public backlash could also hold the console makers back from limiting the offline functionality of any hacked consoles. After citing public scrutiny that companies like Tesla, Keurig, and John Deere faced for limiting hardware via software updates, Methenitis said that he "would imagine Nintendo would suffer similar bad publicity if they push things too far." That said, legal capacities can sometimes tend to invite their own use. "If the ability is there, someone will want to 'see how it goes.'" Hoeg said. Kyle Orland Senior Gaming Editor Kyle Orland Senior Gaming Editor Kyle Orland has been the Senior Gaming Editor at Ars Technica since 2012, writing primarily about the business, tech, and culture behind video games. He has journalism and computer science degrees from University of Maryland. He once wrote a whole book about Minesweeper. 13 Comments
    0 Comentários 0 Compartilhamentos