View and Vote

View and Vote

View and Vote

Web design tools and resources, both free and premium, are designed to help you take full advantage of your creativity. Thereby enhance your ability to create stunning websites. There is a huge variety of products and services to choose from. They are ranging from complete platforms to specialized software applications. Just like design frameworks, wireframing […]

It’s a New Year, but one thing hasn’t changed. The number of web design resources and tools just keeps on increasing. That’s a good thing. But it does make it that much more difficult to find a theme, plugin, or resource you really have a need for if you are to stay abreast of or […]

If you haven’t used Adobe’s brand-new Enhance feature yet, I urge you to give it...

The post Create Better Images with Enhance and Super Resolution appeared first on Alphatracks.

The content provides a detailed list of tools essential to digital marketing including areas of social automation, organic outreach, content creation, research, content discovery, and search engine optimization. Key tools like Hoot Suite for scheduling social media posts, Social Quant for driving engagement, Buzzsumo for content popularity, Envato for content creation, and SemRush for SEO analysis were highlighted as particularly useful in their respective fields.

The post Awesome list of top 28 social marketing resources appeared first on WPCult.

Discover top AI image upscalers to boost resolution and clarity without quality loss—perfect for designers, marketers, and content creators.

So you want to make an awesome infographic, but you aren’t sure where to start. Capsicum Mediaworks has 27 (Secrets) on How To Create An Awesome Viral Infographic in 2023.

This is definitely and example of “Do what I say, not what I do”.

There’s some fantastic information here! Ironically, this is NOT a great infographic. Saving a bunch of text as a JPG file does not make a good infographic. This infographic design goes against some of their own best advice! More visuals, less text. Make it big, not gigantic. Highlight/focus on the important points.

We all know that beautiful infographics are much more interesting as compared to long, plain text. It is the basic human tendency to associate more with anything that explains the same point with more visual appeal and less jargon.

Which is why infographics have become such a big deal.

The pictorial representation of the data, colorful backgrounds, short, to-the-point text, and easy to understand themes, are just some of the reasons why infographics have surpassed other digital marketing strategies in terms of popularity. And they are definitely here to stay.

So if you haven't jumped on this bandwagon yet, it's high time you do!

Found on Capsicum Mediaworks.

Showcasing your photography is vital in the digital age – so much so that to lack an online presence can make you seem behind the times. What’s more, you may have already recognized you need a website, but perhaps your choice of theme leaves your design looking outdated. That’s not a good situation to be in. […]

The post Crafting a Symbol that Resonates with Your Identity by Designing a Logo Online appeared first on DailyBlogTips.com.

In a follow up to James Currall's plenary talk on "The Tangled Web is but a Fleeting Dream ...but then again..." this session will discuss the challenges of Web preservation (what should we actually preserve?; what about IPR? and how do we address the technical challenges?). The session will review some of the approachs to the preservation of static content which were addressed at the first of the JISC PoWR workshops which was organised by the JISC-funded Preservation of Web Resources (PoWR) project. The workshop will go on to explore some of the adaditional challenges being posed by Web 2.0. The session was facilitated by Marieke Guy and Brian Kelly, UKOLN, University of Bath.

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

TORONTO – The Canadian Securities Administrators (CSA) is providing an update to interested parties on the status of its work to introduce binding authority for an independent dispute resolution service.

Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights

Avenues to empowerment.

The post Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights appeared first on IFPRI.

Resource-poor rice farmers in Myanmar suffer double impact from political conflict

Productivity erodes amid turmoil.

The post Resource-poor rice farmers in Myanmar suffer double impact from political conflict appeared first on IFPRI.

Use of Proteomics for Dietary Reconstruction: A Case Study Using Animal Teeth from Ancient Mesopotamia  ACS Publications

Decrypting the molecular basis of cellular drug phenotypes by dose-resolved expression proteomics  Nature.com

Resolutions are easy to make, even easier to break. But what if a story or idea can motivate us in a whole new way? This hour, TED speakers offer different perspectives on our most common resolutions. Guests include neuroscientists Wendy Suzuki and Sandra Aamodt, science journalist Catherine Price, behavioral scientist Wendy De La Rosa, and authors Pico Iyer and A.J. Jacobs.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original Broadcast Date: January 13, 2023. Resolutions are easy to make, even easier to break. But what if a story or idea can motivate us in a whole new way? This hour, TED speakers offer different perspectives on our most common resolutions. Guests include neuroscientists Wendy Suzuki and Sandra Aamodt, science journalist Catherine Price, behavioral scientist Wendy De La Rosa, and authors Pico Iyer and A.J. Jacobs.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

There’s a lot of advice out there about resolutions. Here are our tactics—backed by research—for actually taking them on.

The National Association of Manufacturers has announced Rachel Jones as its new Vice President of Energy and Resources Policy.

The Resonance Acoustic Method (RAM) is a long-standing nondestructive test (NDT) that measures the structural responses of a part. These responses are a set of unique and measurable natural frequency (resonance) data.

Maplesoft will welcome experts and users of Maple T.A. and Möbius to Vienna from October 19-21, 2016, for its annual user summit. Long-time customers and users will gather at the Vienna University of Technology for presentations on the latest news and features of Maple T.A., Maplesoft’s testing and assessment tool, and the recently introduced Möbius, Maplesoft’s platform for developing online science, technology, engineering and mathematics (STEM) courseware.

James Cooper Recognized for Enhancing Quality of Education and for Outstanding Contributions to the Discipline of Engineering Waterloo, Canada; November 08, 2016: Maplesoft™ announced that James (Jim) Cooper, its president and CEO, has received an honorary doctorate from the University of Waterloo (UW). The University presented Cooper with a Doctor of Engineering degree at a recent graduation ceremony held at the university.

Maplesoft announced that James (Jim) Cooper, its president and CEO, has received an honorary doctorate from the University of Waterloo (UW). The University presented Cooper with a Doctor of Engineering degree at a recent graduation ceremony held at the university.

The chief executive officer of Waterloo math software company Maplesoft was recently awarded an honorary PhD in engineering from his alma mater. He had wanted to return to university and do that, but it never happened.

Maplesoft and the University of Waterloo have partnered to collaborate on educational STEM content. Through this partnership, Maplesoft’s Möbius will blend with Waterloo-developed coursework and content for an online learning hub for college-level students and professors.

Maplesoft today announced that the 2017 Maplesoft Excellence Scholarship Awards are being presented to two graduate students from the University of Birmingham. The scholarships provide monetary assistance for three years to each student for their graduate studies. They were selected from a group of students that were instrumental in encouraging and contributing to the use of technology in various undergraduate courses at the university.

Maplesoft today released Möbius, a hands-on learning tool focused on science, technology, engineering and mathematics education. The online courseware environment provides an interactive platform for students to explore STEM concepts, visualize problems and solutions, and receive real-time assessment feedback.

ETAS Inc. and Maplesoft™ today announced the release of a Hardware-in-the-Loop (HIL) Battery Cell Simulator package which satisfies the highest demands for the test and calibration of Battery Management Systems. The solution is based on Maplesoft’s efficient, high-fidelity MapleSim battery model and ETAS’ high-precision Battery Cell Simulator (BCS) BCS-LABCAR.

The worksheet shows a procedure for the resolution and construction of convex right-angled hyperbolic polygons, given p-3 sides of the polygon.

The worksheet shows a procedure for the resolution and construction of convex and self-intersecting hyperbolic polygons, given 2p-3 data of the sides and angles of the polygon.

Uponor North America (Uponor) has been named the 2018 Minnesota Manufacturer of the Year in the large-company category by the Manufacturers Alliance. This is the first time in the association’s history they have honored a company twice.

Ducted Systems Academy programs feature a combination of hands-on experiences, virtual resources, on-demand courses, and in-person courses at the state-of-the art academy in Oklahoma City, Oklahoma.

As Rochester city leaders set the ambitious goal of reducing greenhouse gas emissions by 50% by 2030 and 100% by 2050, the challenge is now how to follow through.

In this episode Michael and our guest Prashant Jain talk about patterns for resource management. Efficient management of resources is critical in the execution of any kind of software. Ranging from embedded software in a mobile device to software in a large enterprise server, it is important that the resources, such as memory, threads, file handles, or network connections, are managed efficiently to allow the systems to function properly and effectively. Michael and Prashant discuss various patterns, such as Lazy Acquisition, Caching, Leasing and Evictor and explain when, why, and how to apply them for effective resource management.

Ben Hindman talks to Jeff Meyerson about Apache Mesos, a distributed systems kernel. Mesos abstracts away many of the hassles of managing a distributed system. Hindman starts with a high-level explanation of Mesos, explaining the problems he encountered trying to run multiple instances of Hadoop against a single data set. He then discusses how Twitter uses Mesos for cluster management. The conversation evolves into a more granular discussion of the abstractions Mesos provides and different ways to leverage those abstractions.

The largest and most advanced wave pool is opening in Scotland giving surfers the chance to ride the waves no matter what the weather.

The Minnesota Public Utilities Commission approved Xcel Energy’s 2019 Integrated Resources Plan (IRP), which guides the utility’s direction over the next 15 years.

It's unbelievable that 2016 is here and the school year is half over, but that also means we are closer to the busiest time of year for those of us in the assessment industry.

I hope everyone has created and follows a secure assessment policy, but if not, John Kleeman, founder of Questionmark, created Ten tips for Securing Your Assessment System, which provides a secure foundation for your assessment system.  It seems security breaches most often occur as we get busy and are more prone to creating shortcuts in our work, but a "system" should help minimize these errors.  Please read John's post in its entirety and address any weaknesses in your assessment security:

What can you do to make your assessment system more secure? How can you avoid a disruptive data breach where people’s personal information is disclosed? Using a vendor who takes security seriously reduces risk, as I wrote in my blog article Eight ways to check if security is more than skin deep. But security involves both vendor and user. This post gives ten good practice tips on how you as a user or administrator of an assessment system can reduce the risk of data breaches.

1. Don’t give yourself or other administrators unnecessary privileges. Follow the principle of least privilege. It may sound counter-intuitive, but most administrative users don’t need access to all capabilities and data within your system. Limiting access reduces the impact of a data breach if an account is compromised or someone makes a mistake. If you are using Questionmark, allocate appropriate roles to limit people to what they need.

2. When someone leaves the project or organization, remove their access. Don’t allow someone who has left your team to still have access to your assessment data.

3. Follow good password security. Do not share passwords between people. Do not use the same password for two accounts. Choose strong passwords and change them periodically. If someone asks you for your password, never, ever give it. And if a web page doesn’t look right, don’t type your password into it.

4. Install all the patches and secure the system. A common cause of security breaches is failing to install the latest versions of software, and attackers exploit known vulnerabilities. You need to be proactive and always install the latest version of system and application software, set up good technical security and follow the vendor’s recommendations.

If you haven’t got the time or resources to do this properly, move to a cloud solution. In a cloud SaaS solution like Questionmark OnDemand, the vendor is responsible for updating Windows, updating the application, monitoring security and ensuring that everything is up to date.

5. Install good quality antivirus / anti-malware software. Reportedly there are nearly a million new or variant malware and viruses produced each day. Protect your computer and those of your co-workers with up to date, professional software to address this threat.

6. Protect any downloaded data. Questions, assessments and reports on results are generally safer on a server or in an on-demand service than on a workstation. If you need to download data locally, set up security procedures to protect it and try to ensure that any download is temporary only.

7. Dispose of data properly. Deleting a file on a computer doesn’t erase the data, it simply erases the index to it. If you use a reputable service like Questionmark OnDemand, if a disk is repaired or reaches end of life, it will be securely destroyed for example by degaussing. But if you download data locally or use installable software to manage your assessments, you need to do this yourselves. A recent study suggested that about half of used hard drives sold online contain residual data. Make sure this is not your assessment data!

8. Be careful about clicking on a link or attachment in an email. Phishing attacks use email or malicious websites (clicking on a link) to collect sensitive information or infect your machine with malware and viruses. Such attacks could even be aimed at your organization or assessment activity directly (this is called spear phishing!). Think before clicking.

9. Be aware of social engineering. Social engineering is when someone tries to trick you or someone else into a security breach. For example someone might ring up and claim to be a student who wants their results, but really is an imposter. Or someone might spoof an email from your boss asking for the questions for the next test to review. Be wary of strange phone calls or emails that ask for something urgent. If something seems suspicious, clear it with a security professional before you give them info or ask a caller to hang up and call them back on an official number.

10. Conduct security awareness training. If you’re not already doing this, organize training sessions for all your authors, proctors, administrators and other users to help them be security aware. if you can, deliver tests after the training to check understanding. Sharing this blog article with your co-workers would be a great way to start.

To see more Questionmark posts click HERE.