ign Pencils, Paper, and Now NLRA Legal Protections – New General Counsel Memorandum Provides College Student Athletes with a Very Significant New “School Supply” By www.littler.com Published On :: Fri, 01 Oct 2021 18:32:52 +0000 On September 29, 2021, National Labor Relations Board (NLRB) General Counsel (GC) Jennifer A. Abruzzo released a nine-page memorandum taking the unequivocal position that “certain Players at Academic Institutions” are employees under Section 2(3) of the National Labor Relations Act (NLRA). Refusing to call such players “student athletes,” Abruzzo asserts in the memorandum (GC 21-08) that: Full Article
ign Florida’s Governor Signs Bill to Defund DEI Initiatives at Colleges By www.littler.com Published On :: Tue, 16 May 2023 20:01:03 +0000 Governor Ron DeSantis has signed Senate Bill (SB) 266, officially prohibiting the state’s public colleges and universities from spending state or federal money on programs or campus activities that advocate for Diversity, Equity, and Inclusion (DEI). The legislation aims to replace “niche subjects” like Critical Race Theory (CRT) and gender studies with “more employable majors,” according to the governor. The law would also restrict public colleges from providing initiatives like anti-bias, DEI, and cultural competence training for educators, staff members, and students. Full Article
ign DHS Announces Updated STEM Designated Degree Program List By www.littler.com Published On :: Thu, 03 Aug 2023 14:42:51 +0000 On July 12, 2023, the U.S. Department of Homeland Security (DHS) updated the STEM Designated Degree Program List by adding eight new qualifying fields of study. The Program List is generally used to determine whether a degree completed by an F-1 nonimmigrant student qualifies as a science, technology, engineering, or mathematics (STEM) degree as determined by DHS. Full Article
ign Connecticut Addresses E-Cigarettes and Vapor Products, Imposes Signage Requirements on Select Employers By www.littler.com Published On :: Thu, 05 Nov 2015 14:21:46 +0000 Connecticut has passed a new law regulating electronic nicotine delivery systems and vapor products in various venues, including numerous places of employment. Effective October 1, 2015, Public Act No. 15 206 (the Act) supersedes and preempts any relevant provisions of municipal laws or ordinances regarding the use of these products. The Law The Act prohibits the use of electronic nicotine delivery systems and vapor products in: 1. buildings owned or leased and operated by the state or its political subdivisions, Full Article
ign Littler Receives 15th Consecutive Perfect Score in the Human Rights Campaign Foundation's 2023-2024 Corporate Equality Index By www.littler.com Published On :: Fri, 01 Dec 2023 21:57:41 +0000 (December 1, 2023) – Littler, the world’s largest employment and labor law practice representing management, earned the top score of 100 on the Human Rights Campaign Foundation’s 2023-2024 Corporate Equality Index (CEI) for the 15th consecutive year. The firm joins the ranks of 545 major U.S. businesses who also earned top marks in this year’s benchmarking survey and report, which measures corporate policies and practices related to LGBTQ+ workplace equality. Full Article
ign Colorado’s Landmark AI Legislation Would Create Significant Compliance Burden for Employers Using AI Tools By www.littler.com Published On :: Thu, 16 May 2024 21:09:22 +0000 UPDATE: On May 17, 2024, Colorado Governor Jared Polis signed Senate Bill 24-205 into law, although not without reservations. Governor Polis sent a letter to the members of the Colorado General Assembly encouraging them to reconsider and amend aspects of Senate Bill 24-205 before it takes effect on February 1, 2026. Full Article
ign ETSI releases three specifications for cloud-based digital signatures By www.etsi.org Published On :: Thu, 28 Apr 2022 09:16:42 GMT ETSI releases three specifications for cloud-based digital signatures Sophia Antipolis, 2 April 2019 The ETSI technical committee on Electronic Signature Infrastructure (TC ESI) has just released a set of three Technical Specifications for cloud-based digital signatures supporting mobile devices: ETSI TS 119 431-1, ETSI TS 119 431-2 and ETSI TS 119 432. This new set of standards supports the creation of digital signatures in the cloud, facilitating digital signature deployment by avoiding the need for specialized user software and secure devices. Read More... Full Article
ign ETSI and the Linux Foundation sign Memorandum of Understanding enabling industry standards and Open Source collaboration By www.etsi.org Published On :: Thu, 28 Apr 2022 13:57:05 GMT ETSI and the Linux Foundation sign Memorandum of Understanding enabling industry standards and Open Source collaboration San Francisco, US, and Sophia Antipolis, France, 26 April 2019 Today, the Linux Foundation, the nonprofit organization enabling mass innovation through sustainable open source, signed a Memorandum of Understanding with ETSI, the independent organization providing global standards for ICT services across all sectors of industry, to bring open source and standards closer and foster synergies between them. Read More... Full Article
ign COAI and ETSI sign MoU to foster a closer co-operation on Telecom Standardization By www.etsi.org Published On :: Tue, 02 Jul 2019 07:17:19 GMT COAI and ETSI sign MoU to foster a closer co-operation on Telecom Standardization New Delhi & Sophia Antipolis, 13 May 2019 Acknowledging the role of standards, especially in the context of emerging technologies and technologies of the future and the need to collaborate and work in partnership with different types of organizations around the world, COAI, the apex industry association representing leading Telecom, Internet, Technology and Digital Services companies and ETSI, a leading standardization organization for Information and Communication Technology (ICT) standards fulfilling European and global market needs announced to come together once again to work and collaborate on areas of mutual interest. Read More... Full Article
ign ETSI signs MoUs with Khronos and OARC for Augmented Reality By www.etsi.org Published On :: Wed, 03 Jun 2020 15:41:00 GMT ETSI signs MoUs with Khronos and OARC for Augmented Reality Liaison agreements strengthen the outreach of the ETSI group on AR Sophia Antipolis, 3 June 2020 ETSI has signed two Memoranda of Understanding (MoUs) with the Khronos® Group and OARC (Open AR Cloud Association) to allow the exchange of views and expertise between ETSI and both organizations to further develop interoperability of AR components, systems and services necessary to enable a thriving ecosystem with a diverse range of technologies and solution providers. Read More... Full Article
ign SESAR Deployment Manager signs MoU with ETSI for European Air Traffic Management modernization By www.etsi.org Published On :: Thu, 28 Apr 2022 06:23:22 GMT SESAR Deployment Manager signs MoU with ETSI for European Air Traffic Management modernization Sophia Antipolis, 27 July 2020 SESAR Deployment Manager (SDM) has recently signed an MoU with ETSI, namely to participate to the ETSI technical group making standards for aeronautics (TG AERO). SESAR aims at the modernization of Europe’s Air Traffic Management (ATM), crucial for the sustainability of European aviation and the forecasted increase in air traffic by 2035 (pre covid-19 forcast). SDM synchronizes and coordinates the deployment of common projects, translating the regulatory requirements to the industry. Read More... Full Article
ign Designing tomorrow’s world: ETSI unveils strategy in line with its ambitious vision By www.etsi.org Published On :: Thu, 17 Dec 2020 13:13:55 GMT ‘Designing tomorrow’s world’: ETSI unveils strategy in line with its ambitious vision Sophia Antipolis, 3 December 2020 At the meeting of its General Assembly yesterday ETSI has validated a new strategy, the result of an intensive development process over the last months. Titled ‘Designing tomorrow’s world’, the strategy has been shaped by ETSI’s diverse global community, drawing on the expertise and experience of more than 900 member organizations that include multinational and smaller companies, start-ups, research organizations and governmental institutions. Read More... Full Article
ign The Agricultural Industry Electronics Foundation signs MoU with ETSI By www.etsi.org Published On :: Wed, 20 Jan 2021 10:29:19 GMT The Agricultural Industry Electronics Foundation signs MoU with ETSI Sophia Antipolis, 20 January 2021 On 7 January, the Agricultural Industry Electronics Foundation (AEF) signed a Memorandum for Understanding (MoU) with ETSI. Read More... Full Article
ign ETSI standard to secure digital signatures solves issue for 4,000 banks By www.etsi.org Published On :: Fri, 04 Jun 2021 16:07:39 GMT ETSI standard to secure digital signatures solves issue for 4,000 banks Sophia Antipolis, 17 March 2021 ETSI is pleased to unveil ETSI TS 119 182-1, a specification for digital signatures supported by PKI and public key certificates which authenticates the origin of transactions ensuring that the originator can be held accountable and access to sensitive resources can be controlled. Read More... Full Article
ign ‘Designing tomorrow’s world’: ETSI introduces its new strategy in line with its ambitious vision By www.etsi.org Published On :: Fri, 07 May 2021 12:23:36 GMT ‘Designing tomorrow’s world’: ETSI introduces its new strategy in line with its ambitious vision Sophia Antipolis, 5 May 2021 Today ETSI is pleased to introduce its new strategy, the result of an intensive development process over the last months, validated at the ETSI General Assembly in December 2020. Titled ‘Designing tomorrow’s world’, the strategy builds on a recognition of the global importance of Information and Communication Technology (ICT) for a sustainable development and to support the digital transformation of society. Read More... Full Article
ign ETSI virtual training on electronic signatures and trust services: register now! By www.etsi.org Published On :: Wed, 26 May 2021 13:42:39 GMT ETSI virtual training on electronic signatures and trust services: register now! Sophia Antipolis, 26 May 2021 The ETSI Technical Committee Electronic Signatures and Infrastructures (TC ESI) is organising a training on its standards on trust services and their use. This virtual event will take place on 1 June from 11:00 CEST to 15:00 CEST. Read More... Full Article
ign ASIA PKI Consortium signs MoU with ETSI By www.etsi.org Published On :: Thu, 02 Dec 2021 14:38:11 GMT ASIA PKI Consortium signs MoU with ETSI Sophia Antipolis, 2 December 2021 During the ETSI General Assembly, ASIA PKI and ETSI signed a Memorandum of Understanding (MoU) to structure and strengthen the relationship between both organizations and foster a closer relationship. Read More... Full Article
ign PKI Consortium signs MoU with ETSI By www.etsi.org Published On :: Tue, 01 Feb 2022 12:56:06 GMT PKI Consortium signs MoU with ETSI Sophia Antipolis, 1 February 2022 On 26 January PKI Consortium and ETSI signed a Memorandum of Understanding (MoU) to structure and strengthen the relationship between both organizations and foster a closer relationship. Read More... Full Article
ign Bureau of Indian Standards signs MoU with ETSI By www.etsi.org Published On :: Mon, 16 May 2022 08:26:52 GMT Bureau of Indian Standards signs MoU with ETSI Sophia Antipolis, 16 May 2022 Bureau of Indian Standards (BIS), India’s national standards body, has signed a Memorandum of Understanding (MoU) with the European standards body ETSI with a common objective to perform & promote international standardization, which will benefit both by adopting a complimentary approach to the standardization, fostering closer cooperation, and further strengthening their relationship. Read More... Full Article
ign ETSI eSignature testing event helps industry to comply with EU regulation By www.etsi.org Published On :: Tue, 26 Jul 2022 08:11:45 GMT ETSI eSignature testing event helps industry to comply with EU regulation Sophia Antipolis, 22 July 2022 With the eIDAS Regulation, European Union Member States have put in place the necessary technical means to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body. In order to ensure that the cross-border dimension works in practice, testing needs to be done to mutually check Member States’ signatures against their existing digital signature validation applications. Read More... Full Article
ign ETSI signs MoU with the French organization for railway standardization By www.etsi.org Published On :: Mon, 24 Oct 2022 08:53:00 GMT ETSI signs MoU with the French organization for railway standardization Sophia Antipolis, 24 October 2022 ETSI and the Bureau de normalisation ferroviaire (BNF), the French organization for railway standardization, have just signed a Memorandum of Understanding to structure and strengthen their relationship. Read More... Full Article
ign ETSI signs MoU with the OpenID Foundation By www.etsi.org Published On :: Tue, 25 Oct 2022 06:31:39 GMT ETSI signs MoU with the OpenID Foundation Sophia Antipolis, 25 October 2022 ETSI and the OpenID Foundation signed a Memorandum of Understanding on 12 September to contribute to the establishment of a global information infrastructure. Read More... Full Article
ign 6G-IA and ETSI sign MoU bridging the gap between European research, standards and industry By www.etsi.org Published On :: Tue, 24 Jan 2023 09:09:38 GMT Sophia Antipolis, France/Brussels, Belgium 24 January 2023 The 6G-IA brings together a global industry community of telecoms and digital actors such as operators, manufacturers, research institutes, universities, verticals, SMEs and ICT associations. The association carries out a wide range of activities in strategic areas including standardization, frequency spectrum, R&D projects, technology skills, collaboration with key vertical industry sectors, notably the development of trials, and international cooperation. Read More... Full Article
ign New ETSI White Paper on MEC Support for Edge Native Design: an application developer perspective By www.etsi.org Published On :: Thu, 22 Jun 2023 13:06:18 GMT Sophia Antipolis, 22 June 2023 ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. Read More... Full Article
ign ETSI releases standard for IT solution providers to comply with EU regulation on electronic signatures in email messages By www.etsi.org Published On :: Tue, 19 Sep 2023 15:47:36 GMT Sophia Antipolis, 20 September 2023 ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. Read More... Full Article
ign New White Paper Explores ETSI TeraFlowSDN Alignment with TIP OOPT MUST Requirements By www.etsi.org Published On :: Sat, 30 Sep 2023 15:13:52 GMT Sophia Antipolis, 27 September 2023 The Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) group is making significant strides in advancing network management and interoperability. Read More... Full Article
ign ETSI Signs Pledge to Future Standardization Professionals By www.etsi.org Published On :: Thu, 30 Nov 2023 15:07:44 GMT Sophia Antipolis, 30 November 2023 ETSI proudly announces its commitment to fostering the education and skills development of the next generation of European standardization professionals. This initiative is part of a voluntary pledge which ETSI’s Director-General Luis Jorge Romero signed today in Brussels in the presence of the Commissioner for Internal Market of the European Union, Thierry Breton. It was launched by the European Commission’s High-Level Forum on European Standardization, specifically under the workstream on Education and Skills. Read More... Full Article
ign Future confidence: Inaugural LTA Signature Augmentation and Validation Plugtests™ focuses on Long-Term Archive signatures By www.etsi.org Published On :: Fri, 12 Apr 2024 08:59:25 GMT Sophia Antipolis, 21 February 2024 ETSI’s first LTA Signature Augmentation and Validation Plugtests™ has seen international participants exchange over 35 000 digital signature validation reports. Held from 23 October - 22 December 2023, the remote interoperability event was organized by the ETSI Centre for Testing and Interoperability (CTI), on behalf of ETSI’s Technical Committee for Electronic Signatures and Trust Infrastructures (TC ESI). This Plugtests™ event was facilitated with the support and co-funding of the European Commission (EC) and the European Free Trade Association (EFTA). Conducted using a dedicated web portal, sessions over the month-long Plugtests™ attracted the involvement of 190 participants from 121 organizations across 38 countries. Read More... Full Article
ign Graphic Designer II By phf.tbe.taleo.net Published On :: Thu, 11 Jul 2024 20:27:58 GMT Job Summary The International Food Policy Research Institute (IFPRI) seeks a highly motivated Graphic Designer II to join our Communications and Public Affairs team. This position is a one-year, renewable appointment, based in its New Delhi office, India and report to the Manager for Creative Solutions, who is based in Washington, DC. The Graphic Designer will produce high-quality and professional visual communication products to promote IFPRI's research to a diverse range of target audiences and through multiple channels. The successful candidate will be an enthusiastic, creative, and team-oriented individual with experience designing and delivering compelling visual communication outputs in a dynamic environment. Interested candidates should submit a resume, cover letter, and a portfolio demonstrating their graphic design work. The portfolio should include a variety of projects showcasing skills in typography, layout, creativity, and use of design software (Adobe InDesign, Illustrator, Photoshop, and Canva) and include. links to digital portfolios or PDF attachments. Applications without a portfolio will not be considered. Interested applicants must have work authorization to work in India. Essential Duties: Specific duties and responsibilities include but are not limited to: Design both print and digital visual communication products: Develop multiple design concepts and carry them through to final delivery, including but not limited to conference banners, brochures, data visualizations, flyers, posters, presentations, research reports, and websites. Layout print publications: Design and layout policy papers and reports while assisting in the creation of flexible InDesign templates. Create engaging digital content: Design visual content for the IFPRI website, interactive applications, social media, and email campaigns. Apply design principles: Utilize knowledge of layout, color theory, typography, and iconography to execute a wide variety of graphic design projects for both print and digital media. Provide branding guidance: Insure IFPRI products adhere to a consistent visual style and uphold professional standards, providing branding guidance to staff as needed. Brand design: Develop and execute creative concepts for branding, including logos, typography, color palettes, and overall visual identity. Innovate in interactive design: Lead initiatives on using innovative methods of interactive design to communicate research findings to both new and established audiences. Web Design: Develop visual design for IFPRI’s main website and microsites, ensure adherence to style guidelines. Coordinate printing: Manage the printing process of IFPRI publications and materials with local and international vendors. Collaborate effectively: Work collaboratively across the institution to ensure the timely delivery of high-quality design deliverables. Monitor and educate on digital trends: Stay updated on current digital trends, technologies, and industry standards, and educate both the team and IFPRI staff on best practices. Required Qualifications: Bachelor's Degree in Art Design, Fine arts, Communications, Marketing or related field plus five years of relevant professional experience or Master’s plus three years in related field. Experience in graphic design, producing high-quality artwork, illustrations, and other graphics for communication purposes, including websites. Proven graphic design experience with a strong portfolio demonstrating excellent typography, layout, and creativity. Extensive experience with Adobe InDesign, Illustrator, and Photoshop. Basic knowledge/understanding of DTP software like Corel Draw. Proficiency in using Canva for creating and managing visual content. In-depth knowledge and understanding of social media and web platforms, with demonstrated experience generating engaging content. Familiarity with designing within PowerPoint and MS Word. Ability to work quickly to meet tight deadlines and handle multiple projects simultaneously. Outstanding organizational and planning skills, with exceptional attention to detail. Strong interpersonal and collaboration skills; proven ability to be flexible in a team-oriented environment with diverse groups of people. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: data preparation, web-scraping, preparing, and analyzing data and figure s; dashboard; viewing computer terminal; extensive coding. Full Article
ign From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25 By www.tenable.com Published On :: Tue, 22 Oct 2024 11:11:11 -0400 Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.BackgroundIn January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.25 Significant CVEsCVE-1999-0211: SunOS Arbitrary Read/Write VulnerabilityArbitrary ReadArbitrary WriteLocalCritical1999Why it’s significant: To our knowledge, there is no formally recognized “first CVE.” However, the GitHub repository for CVE.org shows that the first CVE submitted was CVE-1999-0211 on September 29, 1999 at 12:00AM. Because it was the first one, we’ve chosen to highlight it. The vulnerability was first identified in 1991 and a revised patch was issued in 1994.CVE-2010-2568: Windows Shell Remote Code Execution VulnerabilityRemote Code ExecutionExploitedZero-DayLocalStuxnetHigh2010Why it’s significant: Regarded as one of the most sophisticated cyberespionage tools ever created, Stuxnet was designed to target SCADA systems in industrial environments to reportedly sabotage Iran's nuclear program. Stuxnet exploited CVE-2010-2568 as one of its initial infection vectors, spreading via removable drives. Once a compromised USB drive was inserted into a system, Stuxnet was executed automatically via the vulnerability, infecting the host machine, propagating to other systems through network shares and additional USB drives.CVE-2014-0160: OpenSSL Information Disclosure VulnerabilityHeartbleedInformation DisclosureExploitedZero-DayNetworkCybercriminalsHigh2014Why it’s significant: Dubbed “Heartbleed” because it was found in the Heartbeat extension of OpenSSL, this vulnerability allows an attacker, without prior authentication, to send a malicious heartbeat request with a false length field, claiming the packet contains more data than it does. The receiving system would then return data from its memory extending beyond the legitimate request, which may include sensitive private data, such as server keys and user credentials. OpenSSL is used by millions of websites, cloud services, and even VPN software, for encryption, making Heartbleed one of the most widespread vulnerabilities at the time.CVE-2014-6271: GNU Bash Shellshock Remote Code Execution VulnerabilityShellshock Bash Bug Remote Code ExecutionExploitedZero-DayNetworkCybercriminalsCritical2014Why it’s significant: An attacker could craft an environment variable that contained both a function definition and additional malicious code. When Bash, a command interpreter used by Unix-based systems including Linux and macOS, processed this variable, it would execute the function, but also run the arbitrary commands appended after the function definition. “Shellshock” quickly became one of the most severe vulnerabilities discovered, comparable to Heartbleed’s potential impact. Attackers could exploit Shellshock to gain full control of vulnerable systems, leading to data breaches, service interruptions and malware deployment. The impact extended far beyond local systems. Bash is used by numerous services, particularly web servers, via CGI scripts to handle HTTP requests.CVE-2015-5119: Adobe Flash Player Use After FreeRemote Code Execution Denial-of-ServiceExploitedZero-DayCybercriminalsAPT GroupsCritical2015Why it’s significant: Discovered during the Hacking Team data breach, it was quickly weaponized, appearing in multiple exploit kits. CVE-2015-5119 is a use-after-free flaw in Flash’s ActionScript ByteArray class, allowing attackers to execute arbitrary code by tricking users into visiting a compromised website. It was quickly integrated into attack frameworks used by Advanced Persistent Threat (APT) groups like APT3, APT18, and Fancy Bear (APT28). These groups, with ties to China and Russia, used the vulnerability to spy on and steal data from governments and corporations. Fancy Bear has been associated with nation-state cyber warfare, exploiting Flash vulnerabilities for political and military intelligence information gathering. This flaw, along with several other Flash vulnerabilities, highlighted Flash’s risks, accelerating its eventual phase-out.CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution VulnerabilityRemote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsHigh2017Why it’s significant: The vulnerability existed for 17 years in Equation Editor (EQNEDT32.EXE), a Microsoft Office legacy component used to insert and edit complex mathematical equations within documents. Once CVE-2017-11882 became public, cybercriminals and APT groups included it in maliciously crafted Office files. It became one of 2018’s most exploited vulnerabilities and continues to be utilized by various threat actors including SideWinder.CVE-2017-0144: Windows SMB Remote Code Execution VulnerabilityEternalBlueRemote Code ExecutionExploitedNetworkWannaCry NotPetyaHigh2017Why it’s significant: CVE-2017-0144 was discovered by the National Security Agency (NSA) and leaked by a hacker group known as Shadow Brokers, making it widely accessible. Dubbed “EternalBlue,” its capacity to propagate laterally through networks, often infecting unpatched machines without human interaction, made it highly dangerous. It was weaponized in the WannaCry ransomware attack in May 2017 and spread globally. It was reused by NotPetya, a data-destroying wiper originally disguised as ransomware. NotPetya targeted companies in Ukraine before spreading worldwide. This made it one of history’s costliest cyberattacks.CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution VulnerabilityRemote Code ExecutionExploitedNetworkEquifax BreachCritical2017Why it’s significant: This vulnerability affects the Jakarta Multipart Parser in Apache Struts 2, a popular framework for building Java web applications. An attacker can exploit it by injecting malicious code into HTTP headers during file uploads, resulting in remote code execution (RCE), giving attackers control of the web server. CVE-2017-5638 was used in the Equifax breach, where personal and financial data of 147 million people was stolen, emphasizing the importance of patching widely-used frameworks, particularly in enterprise environments, to prevent catastrophic data breaches.CVE-2019-0708: Remote Desktop Services Remote Code Execution VulnerabilityBlueKeep DejaBlue Remote Code ExecutionExploitedNetworkRansomware GroupsCybercriminalsCritical2019Why it’s significant: Dubbed "BlueKeep," this vulnerability in Windows Remote Desktop Services (RDS) was significant for its potential for widespread, self-propagating attacks, similar to the infamous WannaCry ransomware. An attacker could exploit this flaw to execute arbitrary code and take full control of a machine through Remote Desktop Protocol (RDP), a common method for remote administration. BlueKeep was featured in the Top Routinely Exploited Vulnerabilities list in 2022 and was exploited by affiliates of the LockBit ransomware group.CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution VulnerabilitySMBGhost EternalDarknessRemote Code ExecutionExploited NetworkCybercriminalsRansomware GroupsCritical2020Why it’s significant: Its discovery evoked memories of EternalBlue because of the potential for it to be wormable, which is what led to it becoming a named vulnerability. Researchers found it trivial to identify the flaw and develop proof-of-concept (PoC) exploits for it. It was exploited in the wild by cybercriminals, including the Conti ransomware group and its affiliates.CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution VulnerabilityPath TraversalExploitedNetworkAPT GroupsRansomware GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway is significant due to its rapid exploitation by multiple threat actors, including state-sponsored groups and ransomware affiliates. By sending crafted HTTP requests, attackers could gain RCE and take full control of affected devices to install malware or steal data. The vulnerability remained unpatched for a month after its disclosure, leading to widespread exploitation. Unpatched systems are still being targeted today, highlighting the risk of ignoring known vulnerabilities.CVE-2019-10149: Exim Remote Command Execution VulnerabilityRemote Command ExecutionExploitedNetworkAPT GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Exim, a popular Mail Transfer Agent, allows attackers to execute arbitrary commands with root privileges simply by sending a specially crafted email. The availability of public exploits led to widespread scanning and exploitation of vulnerable Exim servers, with attackers using compromised systems to install cryptocurrency miners (cryptominers), launch internal attacks or establish persistent backdoors. The NSA warned that state-sponsored actors were actively exploiting this flaw to compromise email servers and gather sensitive information.CVE-2020-1472: Netlogon Elevation of Privilege VulnerabilityZerologonElevation of PrivilegeExploitedLocalRansomware GroupsAPT GroupsCybercriminalsCritical2020Why it’s significant: This vulnerability in the Netlogon Remote Protocol (MS-NRPC) allows attackers with network access to a Windows domain controller to reset its password, enabling them to impersonate the domain controller and potentially take over the entire domain. Its severity was underscored when Microsoft reported active exploitation less than two months after disclosure and the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to patch the flaw. Despite available patches, it continues to be exploited by ransomware groups, APT groups, and others, highlighting its broad and ongoing impact on network security.CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass VulnerabilitySpectreSpeculative Execution Bounds Check BypassLocalMedium2018Why it’s significant: In a speculative execution process, an idle microprocessor waiting to receive data speculates what the next instruction might be. Although meant to enhance performance, this process became a fundamental design flaw affecting the security of numerous modern processors. In Spectre’s case, an attacker-controlled process could read arbitrary memory belonging to another process. Since its discovery in January 2018, Spectre has affected nearly all modern processors from Intel, AMD and ARM. While it’s difficult to execute a successful Spectre attack, fully remediating the root cause is hard and requires microcode as well as operating system updates to mitigate the risk.CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load VulnerabilityMeltdownSpeculative Execution Rogue Data Cache LoadLocalHigh2018Why it’s significant: Meltdown, another speculative execution vulnerability released alongside Spectre, can allow a userspace program to read privileged kernel memory. It exploits a race condition between the memory access and privilege checking while speculatively executing instructions. Meltdown impacts desktop, laptop and cloud systems and, according to researchers, may affect nearly every Intel processor released since 1995. With a wide reaching impact, both Spectre and Meltdown sparked major interest in a largely unexplored security area. The result: a slew of research and vulnerability discoveries, many of which were also given names and logos. While there’s no evidence of a successful Meltdown exploit, the discovery showcased the risk of security boundaries enforced by hardware.CVE-2021-36942: Windows LSA Spoofing VulnerabilityPetitPotamSpoofingExploitedZero-DayNetworkRansomware GroupsHigh2021Why it’s significant: This vulnerability can force domain controllers to authenticate to an attacker-controlled destination. Shortly after a PoC was disclosed, it was adopted by ransomware groups like LockFile, which have chained Microsoft Exchange vulnerabilities with PetitPotam to take over domain controllers. Patched in the August 2021 Patch Tuesday release, the initial patch for CVE-2021-36942 only partially mitigated the issue, with Microsoft pushing general mitigation guidance for defending against NTLM Relay Attacks.CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code ExecutionFollinaRemote Code ExecutionExploitedZero-DayLocalQakbot RemcosHigh2022Why it’s significant: Follina, a zero-day RCE vulnerability in MSDT impacting several versions of Microsoft Office, was later designated CVE-2022-30190. After public disclosure in May 2022, Microsoft patched Follina in the June 2022 Patch Tuesday. After disclosure, reports suggested that Microsoft dismissed the flaw’s initial disclosure as early as April 2022. Follina has been widely adopted by threat actors and was associated with some of 2021’s top malware strains in a joint cybersecurity advisory from CISA and the Australian Cyber Security Centre (ACSC), operating under the Australian Signals Directorate (ASD).CVE-2021-44228: Apache Log4j Remote Code Execution VulnerabilityLog4ShellRemote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsCritical2021Why it’s significant: Log4j, a Java logging library widely used across many products and services, created a large attack surface. The discovery of CVE-2021-44228, dubbed “Log4Shell,” caused great concern, as exploitation simply requires sending a specially crafted request to a server running a vulnerable version of Log4j. After its disclosure, Log4Shell was exploited in attacks by cryptominers, DDoS botnets, ransomware groups and APT groups including those affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC).CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery VulnerabilityProxyLogonServer-Side Request Forgery (SSRF)ExploitedZero-DayNetworkAPT Groups Ransomware GroupsCybercriminalsCritical2021Why it’s significant: CVE-2021-26855 was discovered as a zero-day along with four other vulnerabilities in Microsoft Exchange Server. It was exploited by a nation-state threat actor dubbed HAFNIUM. By sending a specially crafted HTTP request to a vulnerable Exchange Server, an attacker could steal the contents of user mailboxes using ProxyLogon. Outside of HAFNIUM, ProxyLogon has been used by ransomware groups and other cybercriminals. Its discovery created a domino effect, as other Exchange Server flaws, including ProxyShell and ProxyNotShell, were discovered, disclosed and subsequently exploited by attackers.CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution VulnerabilityPrintNightmareRemote Code ExecutionExploitedLocalAPT GroupsRansomware GroupsCybercriminalsHigh2021Why it’s significant: This RCE in the ubiquitous Windows Print Spooler could grant authenticated attackers arbitrary code execution privileges as SYSTEM. There was confusion surrounding the disclosure of this flaw, identified as CVE-2021-34527 and dubbed “PrintNightmare.” Originally, CVE-2021-1675, disclosed in June 2021, was believed to be the real PrintNightmare. However, Microsoft noted CVE-2021-1675 is “similar but distinct” from PrintNightmare. Since its disclosure, several Print Spooler vulnerabilities were disclosed, while a variety of attackers, including the Magniber and Vice Society ransomware groups exploited PrintNightmare.CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection VulnerabilitySQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2021Why it’s significant: The file transfer appliance from Accellion (now known as Kiteworks) was exploited as a zero-day by the CLOP ransomware group between December 2020 and early 2021. Mandiant, hired by Kiteworks to investigate, determined that CLOP (aka UNC2546) exploited several flaws in FTA including CVE-2021-27101. This was CLOP’s first foray into targeting file transfer solutions, as they provide an easy avenue for the exfiltration of sensitive data that can be used to facilitate extortion.CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection VulnerabilitySQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2023Why it’s significant: CLOP’s targeting of file transfer solutions culminated in the discovery of CVE-2023-34362, a zero-day in Progress Software’s MOVEit Transfer, a secure managed file transfer software. CLOP targeted MOVEit in May 2023 and the ramifications are still felt today. According to research conducted by Emsisoft, 2,773 organizations have been impacted and information on over 95 million individuals has been exposed as of October 2024. This attack underscored the value in targeting file transfer solutions.CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure VulnerabilityCitrixBleedInformation DisclosureExploitedZero-DayNetworkRansomware GroupsAPT GroupsCritical2023Why it’s significant: CVE-2023-4966, also known as “CitrixBleed,” is very simple to exploit. An unauthenticated attacker could send a specially crafted request to a vulnerable NetScaler ADC or Gateway endpoint and obtain valid session tokens from the device’s memory. These session tokens could be replayed back to bypass authentication, and would persist even after the available patches had been applied. CitrixBleed saw mass exploitation after its disclosure, and ransomware groups like LockBit 3.0 and Medusa adopted it.CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection VulnerabilityRemote Command InjectionExploitedZero-DayNetworkAPT GroupsCritical2023Why it’s significant: Researchers found evidence of zero-day exploitation of CVE-2023-2868 in October 2022 by the APT group UNC4841. While Barracuda released patches in May 2023, the FBI issued a flash alert in August 2023 declaring them “ineffective,” stating that “active intrusions” were being observed on patched systems. This led to Barracuda making an unprecedented recommendation for the “immediate replacement of compromised ESG appliances, regardless of patch level.”CVE-2024-3094: XZ Utils Embedded Malicious Code VulnerabilityEmbedded Malicious CodeZero-DayUnknown Threat Actor (Jia Tan)Critical2024Why it’s significant: CVE-2024-3094 is not a traditional vulnerability. It is a CVE assigned for a supply-chain backdoor discovered in XZ Utils, a compression library found in various Linux distributions. Developer Andres Freund discovered the backdoor while investigating SSH performance issues. CVE-2024-3094 highlighted a coordinated supply chain attack by an unknown individual that contributed to the XZ GitHub project for two and a half years, gaining the trust of the developer before introducing the backdoor. The outcome of this supply chain attack could have been worse were it not for Freund’s discovery.Identifying affected systemsA list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:CVE-1999-0211CVE-2010-2568CVE-2014-0160CVE-2014-6271CVE-2015-5119CVE-2017-11882CVE-2017-0144CVE-2017-5638CVE-2019-0708CVE-2020-0796CVE-2019-19781CVE-2019-10149CVE-2020-1472CVE-2017-5753CVE-2017-5754CVE-2021-36942CVE-2022-30190CVE-2021-44228CVE-2021-26855CVE-2021-34527CVE-2021-27101CVE-2023-34362CVE-2023-4966CVE-2023-2868CVE-2024-3094 Full Article
ign Social Media for Science Outreach – A Case Study: Lessons From a Campaign Twitter Account By www.nature.com Published On :: Fri, 24 May 2013 10:07:42 +0000 James King is a geomorphologist interested in exploring the processes that govern sediment transport and Full Article Featured Guest Posts Outreach SpotOn NYC (#SoNYC) #reachingoutsci Social Media Case Study
ign Something is killing the children. Volume 3 / written by James Tynion IV ; illustrated by Werther Dell'Edera ; colored by Miquel Muerto ; lettered by AndWorld Design ; cover by Werther Dell'Edera with colors by Miquel Muerto. By library.gcpl.lib.oh.us Published On :: "As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher. Full Article
ign OSC Investor Alert: FX Bit Pro and BitFxProSignals By www.osc.ca Published On :: Fri, 28 May 2021 13:19:58 GMT TORONTO – The Ontario Securities Commission (OSC) is warning Ontario investors that FX Bit Pro and BitFxProSignals are not registered to deal or advise in securities in Ontario. Full Article
ign Batman, White Knight presents : Harley Quinn / Katana Collins, writer, story ; Sean Murphy, story, covers ; Matteo Scalera, art, variants ; Dave Stewart, colorist ; Matt Hollingsworth, cover colors ; AndWorld Design, lettering. By library.gcpl.lib.oh.us Published On :: "Batman: White Knight Presents: Harley Quinn takes place two years after Batman: Curse of the White Knight. Azrael has wiped out criminals in Gotham, Jack Napier (formerly The Joker) is dead, Bruce Wayne (Batman) is in prison, and Harley Quinn is adjusting to life as a single mother, raising the twins she had with Jack. But as new villains arise, Harley is forced to dance with madness once again and confront her own past with The Joker and Batman while helping the Gotham City police and an eager young FBI agent uncover the truth behind a series of gruesome murders. This collection also features a chapter from Harley Quinn's newest digital first series, Harley Quinn Black + White + Red, told in a traditional black-and-white format with the color red uniquely shaping Harley Quinn's story." -- Provided by publisher. Full Article
ign My little pony. 14, Shadowplay / story by Josh Haber ; adaptation by Justin Eisinger ; lettering and design by Nathan Widick. By library.gcpl.lib.oh.us Published On :: "When Sunburst discovers the lost journal of Star Swirl the Bearded, he shares it with Twilight Sparkle. Together, they find out how the sorcerer and several other of Equestria's heroes, known as the Pillars of Old Equestria, sacrificed themselves to defeat the evil Pony of Shadows. After researching more about the heroes' disappearance, Twilight believes that the Pillars are still alive and trapped in limbo and becomes obsessed with trying to free them, but it might not be such a good idea!" -- Provided by publisher Full Article
ign Abraham Lincoln : Defender of the Union! / by Mark Shulman ; illustrated by Tom Martin ;lettering & design by Comicraft ; cover art by Ian Churchill. By library.gcpl.lib.oh.us Published On :: "Considered by many historians to be the greatest American president, Abraham Lincoln led the Union at the greatest turning point in the nation's history. Abraham Lincoln: Defender of the Union! tells the story of one of America's most admired figures in graphic novel format. From his childhood on a farm in Kentucky to the battlefields of the Civil War, Abraham Lincoln served the United States with resolve, intelligence, and courage unlike that of any other president. Readers of all ages will be entertained and educated by the full-color illustrations and historically accurate narrative of this graphical biography." -- Provided by publisher. Full Article
ign Alexander Hamilton : the fighting founding father! / by Mark Shulman ; illustrated by Kelly Tindall ; lettering & design by Comicraft ; cover art by Ian Churchill. By library.gcpl.lib.oh.us Published On :: "A fascinating and entertaining biography of Alexander Hamilton, in graphic novel format. Alexander Hamilton: The Fighting Founding Father!tells the story of one of the most ambitious and controversial figures in American history in a graphic novel format. From a rough childhood on the Caribbean island of Nevis to the highest levels of American politics, Alexander Hamilton's life was filled with adventure, conflict, and controversy. Full-color illustrations and an entertaining narrative make this graphical biography of America's first Secretary of the Treasury accessible for readers of all ages." -- Provided by publisher. Full Article
ign Amelia Earhart : pioneer of the sky! / by James Buckley Jr ; illustrated by Kelly Tindall, lettering & design by Comicraft ; cover art by Ian Churchill. By library.gcpl.lib.oh.us Published On :: "When Amelia Earhart became the first woman to make a solo flight across the Atlantic Ocean in 1932, she immediately became an American icon and a subject of endless fascination for generations to come. In Amelia Earhart: Pioneer of the Sky!, the story of the bold and daring aviator's life is presented in graphic novel format, with full-color illustrations and historically accurate details. From her hardscrabble childhood to her final flight— and mysterious disappearance— Earhart's journey will entertain, captivate, and inspire readers of all ages." -- Provided by publisher Full Article
ign Benjamin Franklin : inventor of the nation! / by Mark Shulman ; illustrated by Kelly Tindall ; lettering & design by Comicraft ; cover art by Ian Churchill. By library.gcpl.lib.oh.us Published On :: "Benjamin Franklin has been called one of the most accomplished and influential Americans in history, and his role in shaping the United States has had a lasting impact that is still felt today. Franklin's research into topics as varied as electricity, meteorology, demography, and oceanography were as wide-ranging and important as his travels, which took him across the globe as a diplomat." -- Provided by publisher. Full Article
ign Martin Luther King, Jr. : voice for equality! / by James Buckley Jr. ; illustrated by Youneek Studios ; lettering & design by Comicraft: John Rosell [and four others] ; cover art by Ian Churchill. By library.gcpl.lib.oh.us Published On :: "A graphic biography of civil rights leader and American icon Martin Luther King Jr. This graphical biography tells the story of the most prominent leader of the American civil rights movement. With full-color illustrations and a historically accurate narrative, Martin Luther King Jr.: Voice for Equality! will inform and entertain readers of all ages. From his childhood in Atlanta to his rise as an international icon of human rights and a fiery orator who refused to back down in the face of adversity, King's life story serves as an ongoing source of inspiration." -- Provided by publisher. Full Article
ign Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America By www.ifpri.org Published On :: Tue, 03 Sep 2024 16:14:37 +0000 Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America Tools for food system policy development. The post Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America appeared first on IFPRI. Full Article
ign Teach For America Ignite Fellowship Info Session (November 13, 2024 6:00pm) By events.umich.edu Published On :: Wed, 13 Nov 2024 00:32:44 -0500 Event Begins: Wednesday, November 13, 2024 6:00pm Location: Organized By: University Career Center Interested in jumpstarting a purpose-driven career and making an impact with elementary, middle school, or high school students this coming spring? Join Teach For America to learn about a paid, part-time, virtual tutoring opportunity as a TFA Ignite Fellow.As a TFA Ignite Fellow, you become a catalyst for change, driving educational success for the students you work with. Our program is designed to break down barriers for students in low income communities, creating limitless learning opportunities. Your efforts will help students achieve their full potential, making education accessible and impactful.Looking for opportunities to gain real world experience and grow as a professional? Join our info session to learn details about the fellowship experience and application process.*Open to all undergraduate and graduate students and accepting applications for Spring 2025**All majors welcome* Full Article Careers / Jobs
ign Student Number Theory: Deligne-Lusztig Induction (November 13, 2024 3:00pm) By events.umich.edu Published On :: Sun, 10 Nov 2024 16:59:58 -0500 Event Begins: Wednesday, November 13, 2024 3:00pm Location: East Hall Organized By: Student Number Theory Seminar - Department of Mathematics Deligne-Lusztig theory gives a way to construct and study the characters of finite groups of Lie type via l-adic cohomology. In this talk, we will sketch this construction and explain their basic properties with some examples. Full Article Workshop / Seminar
ign Why a campaign has started to bring back some plants that have been forgotten (NPR) By www.ifpri.org Published On :: Thu, 18 Apr 2024 17:55:14 +0000 Why a campaign has started to bring back some plants that have been forgotten (NPR) In a radio story, NPR explains that the world depends on just a few crops for most of its food. Because that dependence could be risky, a new international effort supports research and development of overlooked plants as food sources. NPR interviewed Purnima Menon, senior director of Food and Nutrition Policy at IFPRI, who discussed countries that had invested in […] The post Why a campaign has started to bring back some plants that have been forgotten (NPR) appeared first on IFPRI. Full Article
ign Proteomic profiling reveals diagnostic signatures and pathogenic insights in multisystem inflammatory syndrome in children | Communications Biology - Nature.com By news.google.com Published On :: Wed, 05 Jun 2024 07:00:00 GMT Proteomic profiling reveals diagnostic signatures and pathogenic insights in multisystem inflammatory syndrome in children | Communications Biology Nature.com Full Article
ign , Revolutionary Fluorescence Signal Removal Technology, Transforming CellScape Spatial Proteomics Platform - Business Wire By news.google.com Published On :: Fri, 08 Nov 2024 12:00:00 GMT , Revolutionary Fluorescence Signal Removal Technology, Transforming CellScape Spatial Proteomics Platform Business Wire Full Article
ign Quantitative proteomics reveals tissue-specific, infection-induced and species-specific neutrophil protein signatures - Nature.com By news.google.com Published On :: Tue, 12 Mar 2024 07:00:00 GMT Quantitative proteomics reveals tissue-specific, infection-induced and species-specific neutrophil protein signatures Nature.com Full Article
ign Native-state proteomics of Parvalbumin interneurons identifies unique molecular signatures and vulnerabilities to early Alzheimer’s pathology - Nature.com By news.google.com Published On :: Mon, 01 Apr 2024 07:00:00 GMT Native-state proteomics of Parvalbumin interneurons identifies unique molecular signatures and vulnerabilities to early Alzheimer’s pathology Nature.com Full Article
ign Serum proteomics reveal APOE-ε4 -dependent and APOE-ε4 -independent protein signatures in Alzheimer’s disease - Nature.com By news.google.com Published On :: Wed, 21 Aug 2024 07:00:00 GMT Serum proteomics reveal APOE-ε4 -dependent and APOE-ε4 -independent protein signatures in Alzheimer’s disease Nature.com Full Article
ign Proteomic signatures improve risk prediction for common and rare diseases - Nature.com By news.google.com Published On :: Mon, 22 Jul 2024 07:00:00 GMT Proteomic signatures improve risk prediction for common and rare diseases Nature.com Full Article