Here is a Storify collecting the online conversations from the Wikipedia editing workshop at this year’s

The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.

Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.

While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:

The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource

The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.

Tenable offers fastest, broadest coverage of CISA’s KEV catalog

At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.

Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.

FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure

The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.

How Tenable’s library of compliance audits can help with Enhanced Logging

Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.

FY 2024 NOFO continues to require applicants to address program objectives in their applications

As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:

• Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

How Tenable can help agencies meet Objective 2 of the program

Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).

Source: Tenable, October 2024

Tenable One deployment options offer flexibility for SLT agencies

Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:

• Centralized risk-based vulnerability program managed by a state Department of Information Technology (DoIT)
• Multi-entity projects
• Decentralized deployments of Tenable One managed by individual municipalities,
• Managed Security Service Provider (MSSP) models that allow agencies to rapidly adopt solutions by utilizing Tenable’s Technology Partner network.

Whole-of-state approach enables state-wide collaboration and cooperation

A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.

FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices

As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.

How Tenable One can help agencies meet the CISA CPGs

The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.

Learn more

• $1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
• Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
• How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives
• New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA's CPGs
• Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

Here is a Storify round up of the SpotOn London session: Incentivising Open Access and Open

Here is a Storify collating the online conversation around the Open, Portable, Decoupled – How should

Here is a Storify collecting the online conversations from the Communicating Science in an Open Access

At this year’s SpotOn London, one of the most popular and widely tweeted sessions organised

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.

Since the 18th National Congress of the Communist Party of China, China’s economicdevelopment has entered a new stage. Under the circumstances, the goal of “Common Prosperity” has attracted more and more attention over the past several years. China’s long-term implementation of urban-biased policies led to a huge gap between urban and rural areas for a long time and hindered the realization of common prosperity.

Carl Herbold is a cold-blooded psychopath who has just escaped the penitentiary where he was serving a life sentence. Bent on revenge, he's going back to where he began--Blewer County, Texas... Born deaf, lately widowed, Anna Corbett fights to keep the ranch that is her son's birthright, unaware that she is at the center of Herbold's horrific scheme--and that her world of self-imposed isolation is about to explode... Drifter Jack Sawyer arrives at Anna's ranch asking for work, hoping to protect the innocent woman and her son from Herbold's rage. But Sawyer can't outrun the secrets that stalk him--or the day of reckoning awaiting them all...

Thrilled that their playwright friend’s Broadway debut was a rousing success, Nic and Nigel are trying to enjoy the A-list after-party with their pal Harper. Unfortunately, all the champagne and repartee in the world aren’t enough to overlook the churlish behavior of Harper’s theater-critic husband, Dan. Nic is shocked the next morning when she learns that Dan’s been murdered. Nigel thinks the world may be a better place without him. Still, Harper is their friend and they’re intent on helping her any way they can. Invigorated by the thrill of the hunt and fortified by a flood of cocktails, catching the killer becomes the Martinis’ top priority . . . with their behemoth Bullmastiff Skippy along for the ride. Includes cocktail recipes!

Mystery author Rachel Goldman is getting used to the idea that her fictional creation Duffy Madison has somehow taken flesh-and-blood form and is investigating missing person cases not far from where Rachel lives. Wait. No. She’s not getting used to it at all, and the presence of this real-life Duffy is making her current manuscript—what’s the word?—lousy. So she doesn’t want to see Duffy—the living one—at all. To make matters worse, when he shows up at her door and insists on talking to her, it’s about the one thing she doesn’t want to do: Find a missing person. But the man Duffy seeks this time around might be able to solve Rachel’s problem. He might just be the man Duffy was before he became Duffy five years ago. The only problem is she could be letting Duffy lead her into danger yet again… Entertaining and witty, the second in E.J. Copperman's Mysterious Detective Mystery series Edited Out will delight his fans, both new and old.

Montreal - The Canadian Securities Administrators (CSA) is warning the public to be vigilant for unsolicited communications that come from scammers posing as CSA staff or staff of CSA members.

TORONTO – New Self-Regulatory Organization of Canada (New SRO) and the Canadian Securities Administrators (CSA) are warning Canadian investors not to be fooled by fraudsters impersonating real investment advisors.

TORONTO – The Canadian Securities Administrators (CSA) warns Canadians about fraudulent “investment groups” promoted on social media like Facebook and Instagram. These groups could be running a scam called a “pump and dump.”How the scam works:

Citation Marivoet, Wim; and Hema, Aboubacar. 2024. How did households in Mali cope with covariate shocks between 2018 and 2023? Source: IFPRI Africa Regional Office (AFR)

Targeting is an important but challenging process in the design and delivery of social and humanitarian assistance programs. Community-based targeting (CBT) approaches are often preferred for their local information advantages, especially when data-driven methods are not feasible. However, how different variants of CBT approaches fare under various constraints and environments remains unclear. For example, it […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

Este documento es parte de una consultoría del IFPRI con el Banco Mundial para apoyar al gobierno de Argentina, y en particular al Ministerio de Agricultura, Ganadería y Pesca (MAGyP), en el análisis de los derechos o impuestos de exportación (DEXs), llamados también retenciones en la Argentina. Este es un tema con importantes implicaciones políticas, económicas y sociales.

La desnutrición y la deficiencia de micronutrientes es un problema grave en Guatemala. Los resultados de la IV Encuesta Nacional de Salud Materno-Infantil 2014-15 (MSPAS, INE, ICF, 2017) indican que el 46.5% de los niños menores de cinco años padecen de desnutrición crónica. Según el portal de datos del Banco Mundial, Guatemala es el país con mayor prevalencia de desnutrición crónica de América Latina y el Caribe y sexto en el mundo.

En 2022, el mundo se enfrentó a múltiples crisis. Continuaron las perturbaciones de los sistemas alimentarios debidas a la prolongada pandemia de COVID-19, las grandes catástrofes naturales, los disturbios civiles y la inestabilidad política, así como los crecientes efectos del cambio climático, mientras la guerra entre Rusia y Ucrania y la inflación agravaban una crisis mundial de alimentos y fertilizantes.

En el Perú, se estima que hay aproximadamente 6 millones de personas que migraron internamente en algún momento de su vida. Esto equivale al 20.3% de la población, siendo su mayoría originaria de la serranía peruana. Aunque Lima es el principal polo de atracción, en los últimos años, se ha observado un aumento en la migración hacia las regiones de Madre de Dios, Tacna, Arequipa y Moquegua (INEI, 2022). Entre el 2002 y 2007, Madre de Dios fue el departamento que tuvo la mayor cantidad de migrantes con un saldo migratorio neto de 14,8% (Yamada, 2012).

Panel Members  Xenia van Edig (Copernicus Publications) Jigisha Patel (BioMed Central) Micah Allen (UCL) Michael

"In Taisho-era Japan, kindhearted Tanjiro Kamado makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … After their initial confrontation with Kokushibo, the most powerful of Muzan's demons, Tokito is severely wounded and Genya has been cut in half— but is still alive! Can his regenerative power heal even this fatal wound? Then the Hashira Himejima and Sanemi square off against Kokushibo and unleash all the skill they have against him. Himejima is blind, but if he can see into the Transparent World, he might have a chance. Who will survive this whirlwind of flashing blades?"-- Provided by publisher.

"Collects Spider-Woman (2020) #6-10. Road trip— to space! After learning some startling secrets about her family, Jessica Drew goes on a mission to find the one person who might know more: the High Evolutionary! But she's going to need her BFF by her side— and that means it's Captain Marvel team-up time! Before long though, those closest to Spider-Woman will abandon her. Only one person will come to her aid: Octavia Vermis! Octavia has a cure for Jessica, and the prescription is crime! Is Jess willing to resort to theft to gather all the tools needed to fix what's wrong? In the shadow of Knull's invasion, Spider-Woman must put everything on the line— and then cross it! Even if Jess can find the cure for what ails her, will she still have a life worth saving?" -- Page [4] of cover.

"Bruce Wayne's latest ward, Tim Drake, has all the makings of becoming the greatest Robin yet. He's intelligent, athletic, and levelheaded, and his detective skills rival those of his mentor. However, every Boy Wonder who has come before has endured tragedy, and Tim may be no exception when his parents are marked for death by the sinister Obeah Man. Will the Dark Knight stop the Obeah Man in time, or must Tim face a deadly rite of passage in order to be worthy of inheriting the mantle of Robin?"--Provided by publisher.

"A brilliant general in the service of Venice, Othello is also the new husband of the adoring— and young— Desdemona, whose innocent hero worship has blossomed into love. But can a beautiful girl, so much younger than her husband, truly be faithful? Othello's trusted ensign Iago seems to think not. Can Othello trust him? Can Othello trust anyone? Manga Classics presents Shakespeare's classic story of love, hate, vengeance, and betrayal, in its full, original glory!" -- Description provided by publisher.

"Harvey Dent is dead. Or is he? A gang of thieves thrusts Gotham City into a state of fear when they are mysteriously well armed with military-grade weapons: flamethrowers, grenade launchers, and even tanks. And this gang claims it is funded by none other than former district attorney Harvey Dent. Bruce Wayne, balancing his two lives, must find the truth by tapping his growing network of agents, including Alfred Pennyworth, Jim Gordon, Waylon 'Killer Croc' Jones, and the savvy new Catwoman. Bruce is distracted by the seemingly impossible return of another figure believed dead: his grandfather Adrian Arkham. He must also comfort his longtime friend, Gotham City Mayor Jessica Dent, who is scarred both physically and mentally from her experience with the Riddler, which resulted in the gruesome death of her brother. But is Harvey back, plotting revenge on a city he proclaims to be guilty? When Batman discovers the truth behind these many mysteries, his entire world unravels … ." -- Page [4] of cover.

"Giant, sprawling future Gotham City is under martial law, protected and regulated by a private security force led by the infamous Peacekeepers. Their mandate is to maintain the safety of the citizens of Gotham, regardless of any Constitutional rights, and to hunt down, incarcerate, or kill all masked vigilantes, villains, and criminals in the city limits. It's a dangerous and violent look at a possible future Gotham City and the heroes and villains who live there!" -- Provided by publisher.

"Miles Morales, the Ultimate Universe's newest Spider-Man, is back in action with a new status quo and a new outlook on life! But now Miles must face with the worst nightmare of the Spider-Man legacy: Norman Osborn, the Green Goblin— the man who killed Peter Parker! Or did he … ? Even as new villains start coming out of the woodwork, Miles finds himself with— a girlfriend! Her name is Katie Bishop, but she has a secret … and it's bad news for Spider-Man! As Miles makes a life-changing decision, he discovers a mind-blowing truth about his family! But what does it have to do with S.H.I.E.L.D.? Doctor Doom steps from the shadows and Spider-Man gathers the mighty Ultimates— but no matter what happens next, this might be the end of the world for Miles Morales!" -- Description provided by publisher.

"Nate Adams is just an average kid until the mysterious Whisper gives him the Yo-kai Watch. Now he can see what others cannot: Yo-kai of all shapes and forms! … A mysterious door opens, causing Nate to run into weird and wacky Yo-kai from the past, present and future. Watch as they participate in a battle royale to decide which Yo-kai is the strongest!" -- Provided by publisher.

"Sail the Pacific Islands in search of destiny and the demigod Maui in this retelling of Disney Moana. Moana is a spirited teenager who loves the ocean, yet she is forbidden to travel beyond the reef that surrounds her island home of Motunui. But she feels called to something more, and wants to discover who she was meant to be. When darkness begins to consume the island, and nature is out of balance, Moana knows the solution lies beyond the safety of the reef. Following the messages of her ancestors, and with encouragement from the ocean itself, Moana sails into the open sea to find the demigod Maui and right a wrong from his past. Together they face rough waters, monstrous creatures, and the unknown, in a mission to stop the darkness from spreading, and restore life to the islands! Become a master wayfinder in this action-packed story as Moana's love for the sea turns her into a hero among her people, the gods, and the ocean." -- Provided by publisher

This document is available as PDF only. The following links go to sections in the PDF. 

This document is only available in PDF format.

"Ethiopia's agricultural sector, which is dominated by smallscale, mixed-crop, and livestock farming, is the mainstay of the country's economy. It constitutes more than half of the country's gross domestic product, generates more than 85 percent of foreign exchange earnings, and employs about 80 percent of the population. Unfortunately, Ethiopia's dependence on agriculture makes the country particularly vulnerable to the adverse impactsof climate change on crop and livestock production.

Agricultural production remains the main source of livelihood for rural communities in Sub-Saharan Africa, providing employment to more than 60 percent of the population and contributing about 30 percent of gross domestic product. With likely long-term changes in rainfall patterns and shifting temperature zones, climate change is expected to significantly affect agricultural production, which could be detrimental to the region’s food security and economic growth.

The potential adverse effects of climate change on Ethiopia’s agricultural sector are a major concern, particularly given the country’s dependence on agricultural production. Securing Ethiopia’s economic and social well-being in the face of climate change requires that policymakers and stakeholders work together to integrate climate change adaptation into the country’s development process.

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website. 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Every year, over 10,000 letters addressed to Juliet Capulet arrive in Verona, Italy, the famous hometown of Shakespeare's Romeo & Juliet. These handwritten letters come from people all over the world, seeking guidance and support from Juliet herself. Capturing the pain, joy, humor, and confusion of love, the 60 letters in this book offers encouragement, comfort, hope-and a nod to the human condition. Including responses from Juliet herself, this romantic and relatable, and perfect as a Valentine's Day gift, Dear Juliet proves that love is the universal language.

Designed for the use of senior citizens to recall the traditions associated with Christmas in America.

Ce document présente une analyse des chaînes de valeur agroalimentaires de manioc, de riz, de lait et de poisson le long du corridor économique entre les capitales provinciales de Bukavu (Sud-Kivu) et Kalemie (Tanganyika) situées dans la partie orientale de la République démocratique du Congo (RDC). Les principales données utilisées pour cette étude proviennent d’enquêtes menées en 2021 auprès d’environ 3000 acteurs conomiques familiaux, y compris des agriculteurs, des transformateurs et des intermédiaires, actifs dans une ou plusieurs des quatre filières ciblées.

En 2022, le monde a subi des crises multiples. Les perturbations des systèmes alimentaires dues à la longue pandémie de COVID-19, des catastrophes naturelles majeures, des troubles civils, l’instabilité politique et les impacts croissants du changement climatique ont persisté, tandis qe l’inflation et la guerre entre la Russie et l’Ukraine ont exacerbé la crise alimentaire mondiale et la crise des engrais.

2022 began with concerns over supply chains and Software Bills of Material (SBOM) as organizations worldwide were forced to reconsider how they respond to incidents in anticipation of the next major event. Tenable’s Security Response Team (SRT) continuously monitors the threat landscape throughout the year, always at the forefront of trending vulnerabilities and security threats. This dashboard provides a summary of Tenable data that has been compiled over the past year.

In a year marked by hacktivism, ransomware and attacks targeting critical infrastructure in a turbulent macroeconomic environment, organizations struggled to keep pace with the demands on cybersecurity teams and resources. Attacks against critical infrastructure remained a common concern. Ransomware continued to wreak havoc, even as some groups had operations shuttered by law enforcement, collapsed under the weight of internal power struggles, or splintered into new groups. New and complex vulnerabilities emerged, providing remediation challenges.

Perhaps most alarming is that the vulnerabilities of years past continue to haunt organizations. In fact, known flaws were so prominent inn 2022 that they warranted a spot on Tenable’s list of top vulnerabilities of 2022. We cannot stress this enough: Threat actors continue to find success with known and proven exploitable vulnerabilities that organizations have failed to patch or remediate successfully.

The constant evolution of the modern digital environment introduces new challenges for security practitioners. Successful security programs must take a comprehensive approach and understand where the most sensitive data and systems reside and what vulnerabilities or misconfigurations pose the greatest risk. Given the brisk rate of digital transformation, a complete understanding of the external attack surface is paramount.

With thousands of new vulnerabilities patched each year, only a small subset will ever see active exploitation. Focusing resources on the vulnerabilities that are exploitable and understanding how attackers chain vulnerabilities and misconfigurations enables security teams to design comprehensive strategies to reduce their overall risk exposure.

The Tenable 2022 Threat Landscape Report (TLR) inspects key aspects of the cybersecurity landscape and describes how organizations can revise their programs to focus on reducing risk. The TLR covers:

• Significant vulnerabilities disclosed and exploited throughout the year, including how common cloud misconfigurations can affect even large tech companies
• The continuous transformation of the ransomware ecosystem and the rise of extortion-only threat groups
• Ongoing risks, vulnerabilities and attacks within the software supply chain
• Tactics used by advanced persistent threat groups to target organizations with cyber espionage as well as financially motivated attacks.
• Breach factors and the challenges in analyzing breach data, given the limited information available and lack of detailed reporting requirements
• Details of the key vulnerabilities affecting enterprise software

Tenable Research delivers world class cyber exposure intelligence, data science insights, alerts, and security advisories. The Tenable Research teams perform diverse work that builds the foundation of vulnerability management. The Security Response Team (SRT) tracks threat and vulnerability intelligence feeds and provides rapid insight to the Vulnerability Detection team, enabling them to quickly create plugins and tools that expedite vulnerability detection. This fast turnaround enables customers to gain immediate insight into their current risk posture. Tenable Research has released over 180,000 plugins and leads the industry on CVE coverage. Additionally, the SRT provides breakdowns for the latest vulnerabilities on the Tenable Blog and produces an annual Threat Landscape Report. The SRT continuously analyzes the evolving threat landscape, authors white papers, blogs, Cyber Exposure Alerts, and additional communications to provide customers with comprehensive information to evaluate cyber risk.

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.sc discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture. The requirements for this dashboard is: Nessus.

Components

TLR 2022 – Top 5 Vulnerabilities:  This component features the top five vulnerabilities of 2022 as described in Tenable's 2022 Threat Landscape Report: Log4shell, Apache Log4j - CVE-2021-44228, Follina, Microsoft Support Diagnostic Tool - CVE-2022-30190, Atlassian Confluence Server and Data Center - CVE-2022-26134, ProxyShell, Microsoft Exchange Server - CVE-2021-34473, and Known Vulnerabilities - CVE-20XX-XXXX.

2022 TLR – Mitigation Tasks:  This component provides a list of patches that mitigate the key vulnerabilities in 2022, leveraging the CVEs identified in Tenable's 2022 Threat Landscape Report (TLR). The Remediation Summary tool uses the concept of a Patch Chain, and identifies the top patch to be remediated for the greatest risk reduction. When the top patch is applied, all other patches in the chain will be remediated.

2022 TLR – 90 Day Trend Analysis of Key Vulnerabilities: This component provides a 90-day analysis of the most notable vulnerabilities in 2022, leveraging the CVEs identified in Tenable's 2022 Threat Landscape Report (TLR). There are over 180 CVEs discussed in the TLR, which, combined with the trend line, helps risk managers determine how risk has been reduced over a period of 90 days. The vulnerability last observed filter is set to 1 day to display risk changes on a daily basis.

2022 TLR CVSS to VPR Heat Map: This component provides a correlation between CVSSv3 scores and Vulnerability Priority Rating (VPR) scoring for the key vulnerabilities listed in the 2022 Threat Landscape Report (TLR). The CVSSv3 scores are the standard scoring system used to describe the characteristics and severity of software vulnerabilities. Tenable's VPR helps organizations refine the severity level of vulnerabilities in the environment by leveraging data science analysis and threat modeling based on emerging threats. Each cell is comprised of a combination of cross-mapping of CVSS, VPR scoring, and 2022 CVE identifiers. Using a heat map approach, the filters begin in the left upper corner with vulnerabilities that present least risk.  Moving to the right and lower down the matrix the colors change darker from yellow to red as the risk levels increase.  Tenable recommends that operations teams prioritize remediation for risks in the lower right corners, and then work towards the upper left cells.

2022 TLR – Zero Day Vulnerabilities by Software/Hardware Type: This component displays a list of software/hardware that had zero-day vulnerabilities described in the 2022 Threat Landscape Report (TLR). Each indicator uses CVE from the report through the entire 2022 year. Details are provided in Tenable's 2021 Threat Landscape Report (TLR).

2022 TLR Key Vulnerabilities: This component displays cells for the most significant vulnerabilities of 2022 using CVE filters from the 2022 Threat Landscape Report. These filters display the key vulnerabilities from 2022 as well as the notable legacy vulnerabilities from prior years. Details are provided in Tenable's 2022 Threat Landscape Report.

Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles

Enfoques para el desarrollo de políticas del sistema alimentario.

The post Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles appeared first on IFPRI.

How much does take-up timing for agricultural inputs depend on price? Evidence from an experiment in Nigeria

Insights into buying behavior.

The post How much does take-up timing for agricultural inputs depend on price? Evidence from an experiment in Nigeria appeared first on IFPRI.

HeadnotePursuant to National Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief from the prohibition on the use of corporate officer titles by certain registered individuals in respect of institutional clients -- Relief does not extend to interact