Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials. The package in question is "fabrice," which typosquats a popular Python library known as "fabric," which is designed to execute shell commands remotely over

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan," ESET said in its APT Activity Report for the period April to

Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their moves. Read on to learn more about hackers'

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said. "At this time, we do not know the specifics of the

Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x:

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses "allow attackers to hijack important servers in the

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways,

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

Historically, both law and facts are on the gun owners’ side of the “gun control” debate, and the Other Side had relied largely on emotion.  I respectfully submit that emotion is something our side should play to, as well. I made that point recently at the 2024 Gun Rights Policy Conference in San Diego last […]

On the interesting properties of becoming the kind of person who buys vinyl records.

In the waning days of his campaign, former President Donald Trump has further embraced some of Robert F. Kennedy Jr.’s incorrect or controversial views on health, including vaccines and fluoride.

The post Trump Embraces RFK Jr.’s Views on Vaccines, Fluoride appeared first on FactCheck.org.

We'll know soon enough who won the 2024 general elections for president, Congress and other important positions. But we don't have to wait a second longer to find out this year's FactCheck Award winners.

The post The 2024 FactCheck Awards appeared first on FactCheck.org.

Posts shared on Facebook make an unfounded claim of racially motivated threats of violence in Gwinnett County, Georgia, "from now until the Inauguration." The county sheriff's office said it had "not received any information indicating threats to any group(s) on or after election day."

The post Posts Spread Unfounded Claim of Race-Based Threat of Violence in Georgia appeared first on FactCheck.org.

I had email FOMO. I could be making a million dollars a year from my subscriber list! I read email marketing advice like it was porn — people say it can happen but I don’t think it really does happen. Finally I capitulated and started collecting data. The best insight from that data set is […]

The post Why am I subscribed to Penelope’s Substack? appeared first on Penelope Trunk Careers.

The post A Tiny Place for Rent in Saint Petersburg appeared first on English Russia.

The post Ulyanovsky Cartridge Manufacturing Factory appeared first on English Russia.

The post Black and White Portraits of Country Girls by Oleg Videnin appeared first on English Russia.

The post Russia Accepts Refugees From Donbass, Ukraine appeared first on English Russia.

The post Soviet Actors and Actresses Get Beautified appeared first on English Russia.

The post Characters of “Star Wars” Reimagined by a Russian Artist appeared first on English Russia.

The post Russian Food Trucks Replace McDonald’s in Russia appeared first on English Russia.

The post Hydro-Electric Power Station In a Freezing Cold Place of Russia appeared first on English Russia.

The post Russian Space Corporation Dives Into Fashion appeared first on English Russia.

From Music Week:

From Variety:

Come one, come all! nycdevops does its first virtual meetup! All are invited!

• Speaker: Adarsh Shah
• Topic: "Continuous Delivery for Machine Learning"
• Time: Thursday, September 17, 2020, 5-630 PM
• Link: https://www.meetup.com/nycdevops/events/272914068/

Hope to see you there!

Twenty years ago the first edition of The Practice of System and Network Administration shipped! Since then there has been a 2nd and 3rd edition (2006 and 2014), plus a sequel book The Practice of Cloud System Administration, and many printings. (see the timeline here)

When we started the project we had no idea if it would be a success. There was a real chance it could be a flop. Many people told us that our proposal was illogical: How could you have a book about system administration that is vendor agnostic and talks about process and people instead of specific tools and operating systems? Well, to be honest, we took a deep breath and started writing anyway. It took 2+ years but in Sept/Oct 2001 the book finally shipped!

Instead of a flop, the reaction we got was very positive! It has sold tens of thousands of copies. Many universities have used the book and its future editions as text books. It received the Usenix LISA Outstanding Achievement Award. One DevOps pundit told me she considers it to be "the first devops book" which was quite humbling.

When I visited Google in 2004 (a year before I considered joining) I was told everyone in the "systems operations" team was given a copy on their first day. The person giving me a tour then took me to a supply closet with 30 copies awaiting to be distributed to new hires.

However the real satisfaction comes from how it has helped others. Fans have related many heartwarming stories. Many fans have told us they felt like reading the book was a turning point in their life, that the book "turned me into a professional system administrator".

To thank our readers, our publisher is offering a special deal: 45% off the latest editions now until Oct 31, 2021 What? You still have the 2nd edition and haven't seen the dozens of chapters of new material in the 3rd edition? Or maybe you haven't heard of our Cloud book? Now is your chance to get the 3rd edition or the cloud sequel!

• Use this link: https://informit.com/tposa
• Use this coupon code: TPOSA

Thank you to everyone that gave us feedback on the early drafts! Thank you to all our readers! This book changed our lives and we hope it changed yours too!

P.S. We would love to hear from you! Please post a comment with reflections on the book.

1. Wie die Öffentlich-Rechtlichen aus der Krise kommen sollen (taz.de, Ann-Kathrin Leclère) Ann-Kathrin Leclère hat die wichtigsten Fragen und Antworten zur Rundfunkreform zusammengestellt, beispielsweise: Warum braucht es Reformen? Wer kümmert sich darum? Was wurde beschlossen? Wer hat Angst vor welchen Änderungen? Und was ist mit dem Rundfunkbeitrag? 2. Wie das insolvente Kreml-Medium Ruptly unter neuem […]

1. RSF verurteilt israelische Nachrichtenblockade (reporter-ohne-grenzen.de) Die Organisation Reporter ohne Grenzen (RSF) verurteilt den Umgang der israelischen Armee mit Medienschaffenden. “Aus dem Norden des Gazastreifens dringen immer weniger Informationen heraus, und gerade deshalb wird Journalismus immer wichtiger”, so RSF-Geschäftsführerin Anja Osterhaus: “Die israelischen Streitkräfte verhindern zunehmend Bilder und Stimmen von der Realität des Krieges und […]

1. Euronews-Redaktionen protestieren gegen ihren neuen Chef Claus Strunz (uebermedien.de, Stefan Niggemeier) Stefan Niggemeier fasst die Diskussionen um den neuen Euronews-Chef Claus Strunz, Ex-Mitglied der “Bild”-Chefredaktion, zusammen. Mitarbeiterinnen, Mitarbeiter und Gewerkschaften in Lyon und Brüssel würfen Strunz vor, die Prinzipien der Neutralität und Unparteilichkeit zu verletzen, insbesondere durch öffentliche Pro-Trump-Äußerungen und politische Eingriffe in die […]

Princeton chemists used MacMillan's µMap, a molecular mapping technology, to watch tiny changes in a DNA-protein complex called chromatin — essentially, an architecture that allows for the compaction of DNA — in the presence of genetic mutations associated with cancer.