2024

FYI: News Briefs in HVAC - March 25, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - April 8, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - April 22, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - May 6, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - May 20, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - June 3, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - June 17, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - July 1, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - July 15, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - July 29, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - August 12, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - August 26, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - September 9, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - September 23, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - October 7, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - October 21, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

FYI: News Briefs in HVAC - November 4, 2024

For your information news briefs from a wide variety of categories within the HVAC industry. Price increases, mergers and acquisitions, award winners, and more are highlighted here each week.




2024

Chillventa 2024: CO₂ Heat Pumps Take Center Stage

Chillventa 2024, held Oct. 13-15 in Nuremberg, Germany, showcased some of the world’s most innovative technologies to more than 33,000 attendees from 49 countries. Through more than 250 presentations, visitors were privy to the latest developments driving innovation throughout the HVAC industry.




2024

2024 Top Women in HVAC List

All of these women have made a mark on the HVAC industry and continue to do so. While they serve in different areas of the industry, each is making a contribution to both improve the industry and make it a more welcoming career for females.




2024

HVAC and the 2024 Election

The federal government has become much more involved in the HVAC industry. How will the 2024 election affect this trend?




2024

2024 Dealer Design Awards: Refrigeration & Ice Machines

The winner is a kit that is a universal, field-mount refrigeration controller with temperature sensors and pressure transducer kit that can be installed up to 40 feet from an air or electric defrost unit cooler.




2024

2024 Top Women in HVAC: Alana Ward

The most rewarding aspects of working in the HVACR field is being able to solve comfort and efficiency issues for homeowners. I love to look back at a job upon completion and say, “Yeah! We did that!”




2024

2024 Top Women in HVAC: Kim Starkey

During my time in this industry, I think we’ve done a really good job of adding more women across different fields. Women don’t always think about HVACR, but it’s an industry that needs good leaders just like any other.




2024

2024 Top Women in HVAC: Heather Ripley

Women entering the trades as technicians must overcome the perception that they aren’t strong enough or mechanically inclined enough to be a service tech. Even though women have worked in the skilled trades industry for decades, there is still a stigma about women working as HVAC technicians, plumbers, or electricians.




2024

2024 Top Women in HVAC: Kelley Raymond

Like anything you really want to achieve, I think bringing more women into this field needs to be an active and purposeful exercise.




2024

2024 Top Women in HVAC: Thomasena Philen

I love fixing things. I always have. But what is super exciting to me is the frontier. This field is changing daily, and new technology is everywhere.




2024

2024 Top Women in HVAC: Holly Paeper

We don’t have enough women in this industry. The largest challenge is that I still see so many rooms that don’t have diversity that represents the communities we operate in.




2024

2024 Top Women in HVAC: Misty Haynes

I aspire to mentor young female professionals in the HVACR space. Especially the women that desire to advance professionally while carrying the load as single parents.




2024

2024 Top Women in HVAC: Mary Jo Hann

This is a great industry. We need to keep spreading the word. Features (like this) with such wide readership are a huge help. I think that mentorship and participation in national organizations also provide a camaraderie that many women don’t find in the day-to-day.




2024

2024 Top Women in HVAC: Kelsey Fuller

Don’t be affected my any negative feedback or comments you may receive. If you’re passionate about what you do, you will succeed.




2024

2024 Top Women in HVAC: Renee Fiorelli

My advice is simple: Don’t be afraid to pursue this industry if you have a passion for it. The HVACR field is full of opportunities, and your technical skills, creativity, and leadership can make a significant impact.




2024

2024 Top Women in HVAC: Beth Dischar

I strongly believe that there should be more bold and in-your-face advertising campaigns directed towards women in the trades. This marketing strategy needs to drive it home, to everyone, that there are massive and inclusive employment opportunities in the trades.




2024

2024 Top Women in HVAC: Elena Chrimat

Make sure you have some thick skin and don’t take offense to social biases that you’ll eventually run in to. Women can do anything they set their minds to — just set your mind to it and do it.




2024

2024 Dealer Design Awards: Contractor Services & Software

The gold winner can service, certify, and ship a combustion analyzer the same day it’s received.




2024

Commercial Cooling Showcase 2024

Commercial cooling equipment manufacturers are introducing HVAC systems that are energy efficient, as well as service friendly for contractors.




2024

How the Federal Infrastructure Bill Still Affects Electric Utilities in 2024

With more than a trillion dollars designated from the Infrastructure Investment and Jobs Act (IIJA) starting to hit the wider economic field, HVAC contractors and the utility industry should be aware of how to cash in.




2024

Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

Posted by Xen . org security team on Nov 12

Xen Security Advisory CVE-2024-45819 / XSA-464
version 2

libxl leaks data to PVH guests via ACPI tables

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

PVH guests have their ACPI tables constructed by the toolstack. The
construction involves building the tables in local memory, which are
then copied into guest memory. While actually used...




2024

Xen Security Advisory 463 v2 (CVE-2024-45818) - Deadlock in x86 HVM standard VGA handling

Posted by Xen . org security team on Nov 12

Xen Security Advisory CVE-2024-45818 / XSA-463
version 2

Deadlock in x86 HVM standard VGA handling

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The hypervisor contains code to accelerate VGA memory accesses for HVM
guests, when the (virtual) VGA is in "standard" mode. Locking involved
there has an unusual discipline, leaving...




2024

CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Posted by Daniel Augusto Veronezi Salvador on Nov 12

Severity: important

Affected versions:

- Apache CloudStack 4.0.0 through 4.18.2.4
- Apache CloudStack 4.19.0.0 through 4.19.1.2

Description:

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the
primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack
4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that...




2024

Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

Posted by Solar Designer on Nov 12

NIST doesn't appear to provide their own CVSS vectors/scores lately.
However, they republish (with attribution) some third-party ones, this
time from CISA-ADP. The CISA-ADP CVSS vector for this vulnerability
specifies that it not only is network-reachable, but also that it has
High impact not only on Availability, but also on Confidentiality and
Integrity. This results in a CVSSv3.1 score of 9.8. Even merely
correcting the vector not to...




2024

Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

Posted by Clemens Lang on Nov 12

Hi,

I think the source for the CISA-ADP data is at [1]. For this specific CVE, the relevant file would be [2]. Their readme
has a section at the bottom, where they encourage feedback:

I’m aware of at last one prior case where a similar case of (IMHO) overblown CVSS scores was discussed in an issue on
this particular GitHub project [3].

Somebody seems to already have opened a ticket for this CVE, too: [4]

[1]:...




2024

RE: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets

Posted by Joel GUITTET on Nov 12

Hello
First thanks to Alexander for reposting because I was not able to do so!
You're right Clemens, I have myself ask the question on this github
(https://github.com/cisagov/vulnrichment/issues/130), but still no information for the moment.
Joel




2024

Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

Posted by Andrew Cooper on Nov 12

Data are leaked into the PVShim guest, but it is the shim Xen
(exclusively) which has access to the ACPI tables.

The guest which has been shim'd can't architecturally access the leaked
data.

~Andrew




2024

Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

Posted by Demi Marie Obenour on Nov 12

Is this unconditional (perhaps because the relevant data gets zeroed out
by the shim), or does it only apply when the PV guest can't extract data
from the shim's memory? For instance, 32-bit PV guests aren't security
supported anymore, but the PV shim isn't supposed to rely on the
security of the shim itself, only of the rest of the system.




2024

CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1

Posted by Alan Coopersmith on Nov 12

Another CVE was issued by Mitre yesterday for another bug listed on
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

https://gitlab.gnome.org/GNOME/glib/-/issues/3461 reports that:
"set_connect_msg() receives a buffer of size SOCKS4_CONN_MSG_LEN but it writes
up to SOCKS4_CONN_MSG_LEN + 1 bytes to it. This is because SOCKS4_CONN_MSG_LEN
doesn't account for the trailing nul character that set_connect_msg() appends...




2024

Snort Subscriber Rules Update 2024-10-10

Posted by Research via Snort-sigs on Oct 10

Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories




2024

Snort Subscriber Rules Update 2024-10-15

Posted by Research via Snort-sigs on Oct 15

Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image,
malware-cnc, malware-other, os-windows and server-mail rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories




2024

Snort Subscriber Rules Update 2024-10-17

Posted by Research via Snort-sigs on Oct 17

Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories




2024

Snort Subscriber Rules Update 2024-10-22

Posted by Research via Snort-sigs on Oct 22

Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories




2024

Snort Subscriber Rules Update 2024-10-24

Posted by Research via Snort-sigs on Oct 24

Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-multimedia,
malware-cnc, protocol-snmp and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories