The Canadian Centre for Occupational Health and Safety (CCOHS) has launched a suite of free resources.

Women have made amazing strides in many fields and industries throughout the 20th and 21st centuries. Unfortunately, there are many others in which it remains a big challenge for a woman to rise to the top — or even, in some cases, to enter the industry at all.

Revolutionizing Backpacking with Affordable Accommodation Options in the Heart of the City

Reservation Resources Unveils Holiday Stay Infographic, Showcasing Potential 30% Savings; Contact Us for Personalized Details.

Disability Law Group is excited to announce the return of its highly anticipated 6th Annual Free Legal Aid & Resource Fair, happening on May 10th, 2024, from 12-3 pm, at the Troy Community Center, located at 3179 Livernois Road, Troy, Michigan 48083.

Romita V. Kane is noted for her achievements in global compliance, labor & employment law and strategic HR.

Professional Development Resources, a national provider of accredited continuing education units, is preparing for its annual event that involves keeping its curriculum fresh by introducing new courses and retiring older ones.

Dr. Todd Armstrong, dentist in Kenosha, WI, improves patients' oral health care knowledge through the availability of educational resources.

Dr. Gregory Robins, West Covina dentist, helps patients better understand their dental health with the availability of online educational resources.

BDE Style is a growing men's health platform that advocates for men's health topics that men of all ages can relate to.

Only swim goggles certified to address the needs of those with autism

Shirley J. Nosakhere-Fountain celebrates over three decades of continued leadership at Æsir Insurance Services LLC

Angela Persaud channels years of expertise into her work with Empower HR Solutions

Leana C. Lien, a partner at Solution Architects Group, LLC, is an expert in human resources and Workday systems

Kenneth "Kenny" Mark Vallespin excels in leadership development at Texas Partners Bank

Brigadier General (Retired) Shawn W. Campbell, Executive Partner at Gartner, Inc., and Director at Victory Strategies, was an inaugural human resources executive for the U.S. Space Force

Renee M. Stewart is honored for two decades of dedicated service as a leader with Yang Ming American Corporation

Stephen Philip Sunstrom, MBA, is the chief executive officer of The Institute for Leadership and Strategic Foresight

Jamie A. Griffith is the founder and CEO of Echelon Search Partners, an executive search and HR consulting firm for health systems, health plans and digital health organizations.

Cate Bray is the Head & Managing Partner of HR Executive Recruitment at Simply Driven Executive Search

Rebecca Edwards channels years of expertise into her work with Infinite HR of Charlotte

Shannon R. Glass recognized as a talent management and development leader at H&R Block

Woman & minority-owned creative branding & marketing agency makes Initiative for a Competitive Inner City's annual Inner City 100 list.

The foundation of the Alabama Military Stability Commission partnered with the Military Spouse Advocacy Network to create the the Alabama Mentorship-HUB

Manny Aponte, MBA, honored for his commitment to excellence and innovation in the renewable energy sector

Company receives over 120 customer inquiries every week for providing these technical resources – editable ISO 17025 documents and online ISO 17025 auditor training. Now 13 customers from different countries has already purchased them online.

A comprehensive asphalt additive online resource designed to keep DOTs, cities, counties, producers, and agencies abreast of the latest updates and insights in asphalt additives. tailored to facilitate understanding and action of the IIJA..

Unlock Exclusive NYC Extended Stay Deals with Reservation Resources! Rates from $45/Night vs. Average Hotel Prices $150-$300/Night

Reservation Resources, the premier platform for affordable stays, special promotion tailored for those celebrating Fourth of July in New York City.

The Villarreal Law Firm unveils new content aimed at empowering Spanish-speaking immigrants in Brownsville, Texas, involved in auto accidents, emphasizing their legal rights and the importance of bilingual legal representation.

Naterena A. Parham-Cofield, PhD., M.Ed., MSW, MBA, is a distinguished Executive Director of Administration with Wurzweiler School of Social Work at Yeshiva University

Tye Lawson-Beard, MA, MS, CPTD, recognized as the director of live training and on-demand solutions at ASTM International

Armi Noorata is a distinguished expert in Total Rewards with 20 years of experience within human resources

Rene A. Ronquillo serves as the Director of Operations for the Dallas Independent School District Police Department

Curious about LLM agents? Here’s a list of free courses, guides, and blogs that make it easy to start learning and stay updated.

There is a huge variety of free and premium web design tools and resources to choose from to help you create stunning websites. They range from complete website design platforms to design frameworks and wireframing tools to plugins featuring “must have” functionalities. And, a whole lot of things in between. These design tools and resources […]

The post The Best 13 Tools & Resources for Designers and Agencies for 2023 appeared first on WebAppers.

It’s 2024 and the number of web design resources and tools on the market seems overwhelming. That’s good news since you need the right tools and resources to come up with competitive designs. The bad news is, rather than sifting through thousands of products to get the ones that best meet your needs you might […]

The post 15 Great Tools & Resources for Designers & Agencies in 2024 appeared first on WebAppers.

With WordPress 5.8 launching on July 20th, it seems like a great time to round up some resources to help theme authors prepare for the future. By now, you’ve probably heard about block themes and the upcoming future of full site editing. Perhaps you have even begun to explore creating a block theme or adapting […]

View and Vote

Web design tools and resources, both free and premium, are designed to help you take full advantage of your creativity. Thereby enhance your ability to create stunning websites. There is a huge variety of products and services to choose from. They are ranging from complete platforms to specialized software applications. Just like design frameworks, wireframing […]

It’s a New Year, but one thing hasn’t changed. The number of web design resources and tools just keeps on increasing. That’s a good thing. But it does make it that much more difficult to find a theme, plugin, or resource you really have a need for if you are to stay abreast of or […]

The content provides a detailed list of tools essential to digital marketing including areas of social automation, organic outreach, content creation, research, content discovery, and search engine optimization. Key tools like Hoot Suite for scheduling social media posts, Social Quant for driving engagement, Buzzsumo for content popularity, Envato for content creation, and SemRush for SEO analysis were highlighted as particularly useful in their respective fields.

The post Awesome list of top 28 social marketing resources appeared first on WPCult.

In a follow up to James Currall's plenary talk on "The Tangled Web is but a Fleeting Dream ...but then again..." this session will discuss the challenges of Web preservation (what should we actually preserve?; what about IPR? and how do we address the technical challenges?). The session will review some of the approachs to the preservation of static content which were addressed at the first of the JISC PoWR workshops which was organised by the JISC-funded Preservation of Web Resources (PoWR) project. The workshop will go on to explore some of the adaditional challenges being posed by Web 2.0. The session was facilitated by Marieke Guy and Brian Kelly, UKOLN, University of Bath.

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights

Avenues to empowerment.

The post Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights appeared first on IFPRI.

Resource-poor rice farmers in Myanmar suffer double impact from political conflict

Productivity erodes amid turmoil.

The post Resource-poor rice farmers in Myanmar suffer double impact from political conflict appeared first on IFPRI.