It ain’t a party if you can’t join us Towards the end of April, SpotOn

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

TORONTO – The Ontario Securities Commission (OSC) today

TORONTO – The Ontario Securities Commission (OSC) has issued an award of nearly $150,000 to an international whistleblower who provided information about significant issues at an early-stage firm.

Here is a Storify round up of the SpotOn London session: Incentivising Open Access and Open

Here is a Storify collecting the online conversations from the Communicating Science in an Open Access

TORONTO – The Ontario Securities Commission (OSC) is warning the public about aggressive promotion of Crestview Exploration Inc.

La igualdad de género y el empoderamiento de las mujeres y niñas se ve reflejado en distintas prioridades de políticas a nivel global y local. El Objetivo de Desarrollo Sostenible 5 busca lograr la igualdad de género y empoderar a todas las mujeres y niñas.

This document is only available in PDF format.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Web applications often have the ability to interface with system functions and critical databases to add or modify data. By design, web applications need to enable customers and users access to this data.  This capability means that attackers are often able to leverage the same forms or other data entry methods to exploit flaws in web frameworks or other related software to bypass access controls. Web applications exist on remote servers or in cloud environments, and data is transmitted over public networks, presenting a very real and present attack path in the organization’s global attack vector. Web application security is a critical aspect to ensure the confidentiality, integrity, and availability of web applications. This report provides a combined view of data collected using the Tenable Web App Scanner and Tenable Vulnerability Management using Nessus.

Organizations need to know what web services are operating in the environment to ensure these web services are analyzed for current known vulnerabilities and attacks. Tenable Security Center along with Tenable Web App Scanning provides a thorough view of risks related to web services.  Leveraging both scan methods enables the security operations team and application developers to see risk and threat vectors from application frameworks and vulnerabilities on the host servers themselves.

Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. Tenable Web App Scanner attributes vulnerabilities using the Cross Reference field to link to all published OWASP versions. Upon completion of the web application scan, the vulnerabilities detected and linked to OWASP 2021 provide an industry best practice approach to mitigating vulnerabilities.  

The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Threat Detection & Vulnerability Assessments. The requirements for this report are:

• Tenable Security Center 6.2.0
• Tenable Nessus 10.5.4
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Chapters

Executive Summary: The chapter provides a high-level view of web related vulnerabilities collected by Tenable Web App Scanner and Tenable Nessus. Through trending and comparative charts, security managers are able to view current and past health of web applications and the associated server assets.  

SSL Related Vulnerabilities: This chapter provides the development team with information related to SSL, TLS and other encryption related vulnerabilities. The trending charts and tables enables risk migration teams to identify the affected assets and begin the remediation process.  

Most Critical OWASP 2021 Vulnerabilities: This chapter combines the OWASP 2021 categories along with CVSSv3 categories to identify the top vulnerably that needs to be mitigated first. A series of tables and charts provide the vulnerability details and affected URL assets. 

Web Application Vulnerabilities by Collection Method: This chapter provides a summarized list of all web application vulnerabilities from both Nessus and Tenable Web App Scanner.  A series of tables and trend charts helps security operations teams and risk managers to track progress and focus efforts as needed. 

Les modèles d’équilibre général calculable (MEGC), largement admis dans la littérature et utilisés comme outils d’analyse d’impacts potentiels de politiques économiques, sont alimentés par des données provenant de la Matrice de Comptabilité Sociale (MCS). Celle-ci appartient à la grande famille des comptes nationaux, représentant l’ensemble des interrelations entre les activités, les institutions d’une économie.

Ce document présente une analyse des chaînes de valeur agroalimentaires de manioc, de riz, de lait et de poisson le long du corridor économique entre les capitales provinciales de Bukavu (Sud-Kivu) et Kalemie (Tanganyika) situées dans la partie orientale de la République démocratique du Congo (RDC). Les principales données utilisées pour cette étude proviennent d’enquêtes menées en 2021 auprès d’environ 3000 acteurs conomiques familiaux, y compris des agriculteurs, des transformateurs et des intermédiaires, actifs dans une ou plusieurs des quatre filières ciblées.

Web applications often have the ability to interface with system functions and critical databases to add or modify data. By design, web applications need to enable customers and users to access this data.  This capability means that attackers are often able to leverage the same forms or other data entry methods to exploit flaws in web frameworks or other related software to bypass access controls. Web applications exist on remote servers or in cloud environments, and data is transmitted over public networks, presenting a very real and present attack path in the organization’s global attack vector. Web application security is a critical aspect to ensure the confidentiality, integrity, and availability of web applications. This dashboard provides a combined view of data collected using the Tenable Web App Scanner and Tenable Vulnerability Management using Nessus.

Organizations need to know what web services are operating in the environment to ensure these web services are analyzed for current known vulnerabilities and attacks. Tenable Security Center along with Web Application Scanning provides a thorough view of risks related to web services.  Leveraging both scan methods, enables the security operations team and application developers to see risk and threat vectors from application frameworks and vulnerabilities on the host servers themselves.  

Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. Tenable Web Application Scanner attributes vulnerabilities using the Cross Reference field to link to all published OWASP versions. Upon completion of the web application scan, the vulnerabilities detected and linked to OWASP 2021 provide an industry best practice approach to mitigating vulnerabilities.  

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable Security Center Feed under the category Threat Detection & Vulnerability Assessments.

The requirements for this dashboard are:

• Tenable Security Center 6.2.0
• Tenable Nessus X.Y.Z
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Scanner discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. 

Components

Web Services - WAS Highest Vulnerabilities by Plugin Family: This component provides a summary of the highest risk affecting (severity Medium to Critical) vulnerabilities collected using Tenable Web App Scanner. The Plugin Family Summary tool enables security teams to see at a high level the percentage of high-risk vulnerabilities. In addition to the severity filter, a new filter called Web App Scanning, set to “Only Web App Results” ensures that only the vulnerabilities that are collected from the web application scan are presented.  The drill down will also go straight to the “Web App Scanning” tab in the Analysis view.

Web Services - Most Critical Web Application Vulnerabilities Discovered by Nessus: This component provides a summary of the highest risk affecting (severity Medium to Critical) vulnerabilities collected using Nessus. The Plugin Family Summary tool enables security teams to see at a high level the percentage of high-risk vulnerabilities. The component also uses the Plugin Family filter and only selects the CGI and Web Server families. In addition to the severity and Plugin Family filters, a new filter called Web App Scanning, set to “Exclude Web App Results” ensures that only the vulnerabilities that are collected from a Nessus scan are presented.  

Web Services - Host and Web Application SSL Vulnerabilities: This matrix compares the web server related vulnerabilities by severity and collection method. Each row is separated using the Web App Scanning filter.  The top row has the filter set to “Exclude Web App Results” and bottom row is set to “Only Web App Results”.  This view allows the security operations team to get a side-by-side view of web-based vulnerabilities linked by severity.  

Web Services - Most Critical OWASP 2021 Categories: This matrix provides an indicator for each OWASP 2021 category where vulnerabilities were detected using the Tenable Web App Scanner. In addition to Cross Reference filter, the matrix uses CVSSv3 Vectors to provide a higher level of risk. The vectors used are: Attack Vector: Network (AV:N), Attack Complexity: Low (AC:L), Privileges Required: None (PR). If the vulnerability has any of these vectors applied, the attacks on the asset are at a greater risk to being exploited, and need to be addressed immediately.

Web Services - Web App Vulnerabilities over last 50 days: This component provides a trend summary of the highest risk affecting (severity Medium to Critical) vulnerabilities collected using Tenable Web App Scanner.  The data points are calculated with the Vulnerability Last Observed set to within the last day, thus each query point in the graph will show the total vulnerabilities that were seen since the last query point. In addition to the date and severity filters, a new filter called Web App Scanning, set to “Only Web App Results” ensures that only the vulnerabilities that are collected from the web application scan are presented.

Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America

Tools for food system policy development.

The post Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America appeared first on IFPRI.

Survey: Rural Papua New Guinea faces an array of food security challenges

Starch-heavy diets, the reach of extension instruction, and other issues.

The post Survey: Rural Papua New Guinea faces an array of food security challenges appeared first on IFPRI.

From risk to resilience: How strategic government partnerships can enhance access to insurance-linked credit for smallholders in Zambia

The power of bundled solutions

The post From risk to resilience: How strategic government partnerships can enhance access to insurance-linked credit for smallholders in Zambia appeared first on IFPRI.

Lonely Planet: The world's leading travel guide publisher Lonely Planet's Pocket Reykjavik is your passport to the most relevant, up-to-date advice on what to see and skip, and what hidden discoveries await you. Jump on a whale-watching boat at Reykjavik's Old Harbour, peruse priceless artefacts at the National Museum, or wash away your cares at the ethereal Blue Lagoon geothermal waters set in otherworldly lava fields; all with your trusted travel companion. Get to the heart of Reykjavik and begin your journey now! Inside Lonely Planet's Pocket Reykjavik: *Full-colour maps and images throughout *Highlights and itineraries help you tailor your trip to your personal needs and interests *Insider tips to save time and money and get around like a local, avoiding crowds and trouble spots *Essential info at your fingertips - hours of operation, phone numbers, websites, transit tips, prices *Honest reviews for all budgets - eating, sleeping, sight-seeing, going out, shopping, hidden gems that most guidebooks miss *Free, convenient pull-out Reykjavik map (included in print version), plus over 13 colour maps *Covers Old Reykjavik, Old Harbour, Laugavegur & Skolavordustigur, Laugardalur, Videy Island, Blue Lagoon, Reykjanes Peninsula, Golden Circle, South Coast, Jokulsarlon, West Iceland and more The Perfect Choice: Lonely Planet's Pocket Reykjavik, a colorful, easy-to-use, and handy guide that literally fits in your pocket, provides on-the-go assistance for those seeking only the can't-miss experiences to maximize a quick trip experience. * Looking for a comprehensive guide that recommends both popular and offbeat experiences, and extensively covers all of Iceland? Check out Lonely Planet's Iceland guide. * Looking for more extensive coverage? Check out Lonely Planet's Scandinavia guide for a comprehensive look at all the region has to offer. Authors: Written and researched by Lonely Planet and Alexis Averbuck. About Lonely Planet: Since 1973, Lonely Planet has become the world's leading travel media company with guidebooks to every destination, an award-winning website, mobile and digital travel products, and a dedicated traveller community. Lonely Planet covers must-see spots but also enables curious travellers to get off beaten paths to understand more of the culture of the places in which they find themselves.

Event Begins: Wednesday, November 13, 2024 6:00pm
Location: Munger Fellows Lounge
Organized By: Sessions @ Michigan

Come Join the Munger Community by attending events hosted by our RA's! Feel free to select and attend as many events as you would like!

Event Begins: Wednesday, November 13, 2024 4:00pm
Location: East Hall
Organized By: Algebraic Geometry Seminar - Department of Mathematics

Joint work with Ailsa Keating (Cambridge). We prove the homological mirror symmetry conjecture of Kontsevich for K3 surfaces in the following form: The Fukaya category of a projective K3 surface is equivalent to the derived category of coherent sheaves on the mirror, which is a K3 surface of Picard rank 19 over the field of formal Laurent series. This builds on prior work of Seidel (who proved the theorem in the case of the quartic surface), Sheridan, Lekili--Ueda, and Ganatra--Pardon--Shende.

I will try to keep prerequisites to a minimum, in particular, I will not assume prior knowledge of the Fukaya category.

Event Begins: Wednesday, November 13, 2024 2:00pm
Location: Off Campus Location
Organized By: Rackham Graduate School

If you have a quick question or have a time sensitive matter, attend the Rackham Consultation Services open office hours weekly on Monday and Wednesday from 2:00 to 3:00 p.m. via Zoom. In the interest of providing students as much privacy as possible, you may spend a brief time in a waiting room if the resolution officer is engaged with another student. They will be with you as quickly as possible.
Join Zoom Meeting
https://umich.zoom.us/j/99196090990
Meeting ID: 991 9609 0990
One tap mobile
+13092053325,,99196090990# US
+13126266799,,99196090990# US (Chicago)
—
Dial by your location

+1 309 205 3325 US
+1 312 626 6799 US (Chicago)
+1 646 876 9923 US (New York)
+1 646 931 3860 US
+1 301 715 8592 US (Washington DC)
+1 305 224 1968 US
+1 386 347 5053 US
+1 507 473 4847 US
+1 564 217 2000 US
+1 669 444 9171 US
+1 669 900 6833 US (San Jose)
+1 689 278 1000 US
+1 719 359 4580 US
+1 253 205 0468 US
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 360 209 5623 US
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 780 666 0144 Canada
+1 204 272 7920 Canada
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada

Find your local number: https://umich.zoom.us/u/aUy8Alk2
—
Join by SIP

99196090990@zoomcrc.com

We want to ensure full and equitable participation in our events. If an accommodation would promote your full participation in this event, please follow the registration link to indicate your accommodation requirements. Please let us know as soon as possible in order to have adequate time, preferably one week, to arrange for your requested accommodations or an effective alternative.

Event Begins: Wednesday, November 13, 2024 1:30pm
Location: Off Campus Location
Organized By: Institute for Social Research

Are you grappling with a piece of code, trying to compute on a cluster, or just getting started with a new method such as machine learning? Then we might have just the right space for you.

All members of the U-M community are invited to join our weekly virtual CoderSpaces to get research support and connect with others.

Tuesdays, 9:30-11 a.m. ET, via Zoom
Wednesdays, 1:30-3 p.m. ET, via Zoom

The Conversation Africa has published an oped by Joachim De Weerdt and Jan Duchoslav analyzing the food security situation in Malawi, which has been put at severe risk by the drought brought on by the El Niño weather pattern. 

Red Sea attacks reverberate in food and ag trade (Successful Farming) 

Successful Farming quotes the IFPRI blog post on the Impacts of Red Sea shipping disruptions on global food security by senior research fellow Joseph Glauber and senior research analyst Abdullah Mamun.  According to the article, Houthi attacks on cargo ships in the Red Sea are disrupting grain shipments from Europe, Ukraine, and Russia. “Trade disruptions are most likely to impact […]

The post Red Sea attacks reverberate in food and ag trade (Successful Farming)  appeared first on IFPRI.

Seer Showcases Deep Proteomics Capabilities, Announces Co-Marketing Deal with Thermo Fisher Scientific  Genetic Engineering & Biotechnology News

The Chicago Transit Authority (CTA) announced the launch of an agency-wide strategic planning process to determine the strategic direction for the agency over the next several years. “Powering Our Transit Future” marks the agency’s first-ever comprehensive, long-term strategic planning effort.

As part of ongoing efforts to provide riders with a modern transit riding experience, the Chicago Transit Authority (CTA) today announced the awarding of project stipends of $55,000 each for two vendors selected to provide digital bus stop sign solutions for testing under the new Innovation Studio.

The post BNP Paribas enhances employee rights globally appeared first on Personnel Today.

It was just another day at the office. Then the phone started ringing and the caseload kept growing...on today's show, your favorite Planet Money gumshoes investigate your listener questions. | Fill out our listener survey here.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Whenever the economic data start to look rough, we're forced to confront a familiar question: Are we in a recession, or about to be? But there are actually only eight opinions in the country that officially matter. Today on the show, we meet the committee that calls recessions. | Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

It's macro time! Today: Keynes vs. Hayek.

Season 3 of summer school is here asking the biggest economic questions about what makes an entire economy grow or contract? Things like, is there a "right" level of unemployment? Who gains from trade? What rhymes with 'paradox of thrift'? Also, inflation, we'll get to inflation.

Episode 1 begins with the rise of macroeconomics as a field, with one of the great economic debates of the 20th century: what causes booms and busts, and what can the government do about it? How free should a free market be?

It's a debate (over beats and with an actual rap battle) between John Maynard Keynes and F.A Hayek.

Watch this Tik Tok to learn more. | Subscribe to our weekly newsletter here. | Listen to past seasons of Summer School here. | Listen to our econ songs of the summer on Spotify. |

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

So are we in a recession or not? The jury is still out, but there are some warning signs. GDP is down and inflation is up. But how much do we know about the 'indicators' that tell us how the economy is doing? Today, the stories of two of our most important indicators, the Consumer Price Index and GDP, and what they can and can't tell us about our current economic predicament.| Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

We're not in a recession, but why are the vibes feeling so off? We put the question to an economist and one expert on "vibes" and also hire a jazz band to take a pun way too far.

Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Earlier this month, we saw the largest bank collapse since the 2008 financial crisis. For many of us, seeing Silicon Valley Bank's meltdown brought us right back to that time 15 years ago, at the beginning of what would become the Great Recession.

In early 2009, one or two banks were failing every week. That's when Planet Money reporter Chana Joffe-Walt went inside one of those banks: the Bank of Clark County, in Washington State. Her reporting on the inner workings of a bank collapse and government takeover helps explain exactly what happens when a bank goes under, minute-by-minute.

This story originally aired in March 2009 on This American Life, from WBEZ Chicago. We're airing it for the first time in full on our podcast.

This version of the story was produced by Dylan Sloan and edited by Dave Blanchard. It was fact-checked by Sierra Juarez and engineered by Katherine Silva. Jess Jiang is Planet Money's acting executive producer.

Music: "Butter" "Bassline Motion" and "Fantasmi."

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

What's going on with consumers? This is one of the trickiest puzzles of this weird economic moment we're in. We've covered a version of this before under the term "vibecession," but it's safe to say, the struggle is in fact real. It is not just in our heads. Sure, sure, some data is looking great. But not all of it.

What's interesting, is exactly why the bad feels so much worse than the good feels good. Today on the show, we look into a few theories on why feelings are just not matching up with data. We'll break down some numbers and how to think about them. Then we look at grocery prices in particular, and an effort to combat unfair pricing using a mostly forgotten 1930's law. Will it actually help?

Today's episode is adapted from episodes for Planet Money's daily show, The Indicator. Subscribe here.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

How do spaces shape the human experience? In what ways do our rooms, homes, and buildings give us meaning and purpose? This hour, TED speakers explore the power of the spaces we make and inhabit. Guests include architect Michael Murphy, musician David Byrne, artist Es Devlin, and architect Siamak Hariri.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Between the pandemic and America's reckoning with racism and police brutality, many of us are anxious, angry, and depressed. This hour, TED Fellow and writer Laurel Braitman helps us process it all.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

How do spaces shape the human experience? In what ways do our rooms, homes, and buildings give us meaning and purpose? This hour, TED speakers explore the power of the spaces we make and inhabit. Guests include architect Michael Murphy, musician David Byrne, artist Es Devlin, and architect Siamak Hariri.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original broadcast date: July 24, 2020. How do spaces shape the human experience? In what ways do our rooms, homes, and buildings give us meaning and purpose? This hour, TED speakers explore the power of the spaces we make and inhabit. Guests include architect Michael Murphy, musician David Byrne, artist Es Devlin, and architect Siamak Hariri.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

This hour, journalist Saleem Reshamwala gives us a tour of surprising people and places — Lima, Nairobi, and prehistoric New Jersey — to inspire new perspectives on travel and cultures.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original broadcast date: July 24, 2020. How do spaces shape the human experience? In what ways do our rooms, homes, and buildings give us meaning and purpose? This hour, TED speakers explore the power of the spaces we make and inhabit.Guests include architect Michael Murphy, musician David Byrne, artist Es Devlin, and architect Siamak Hariri.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original broadcast date: July 30, 2021. This hour, journalist Saleem Reshamwala gives us a tour of surprising people and places — Lima, Nairobi, and prehistoric New Jersey — to inspire new perspectives on travel and cultures.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Lots left vacant, offices full of equipment but devoid of people, entire villages literally left to the wolves--this hour, TED speakers share stories about bringing new life to abandoned places. Guests include evolutionary biologist Shane Campbell-Staton, entrepreneur Garry Cooper, urban renewal expert Anika Goss, and conservationist Alysa McCall.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at: plus.npr.org/ted

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original broadcast date: December 9, 2022. We think our faces are our own. But technology can use them to identify, influence and mimic us. This week, TED speakers explore the promise and peril of turning the human face into a digital tool. Guests include super recognizer Yenny Seo, Bloomberg columnist Parmy Olson, visual researcher Mike Seymour and investigative journalist Alison Killing.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at plus.npr.org/ted.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Original broadcast date: July 23, 2021. How can we create public places that feel welcoming and safe for everyone? This hour, TED speakers examine our physical and digital spaces—how they run, who they serve, and how to make them better. Guests include community organizer Shari Davis, researcher Eli Pariser, Wikipedia Library founder Jake Orlowitz, Wikipedia co-founder Jimmy Wales, and artist Matthew Mazzotta.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at plus.npr.org/ted.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Lots left vacant, offices full of equipment but devoid of people, entire villages literally left to the wolves--this hour, TED speakers share stories about bringing new life to abandoned places. Guests include evolutionary biologist Shane Campbell-Staton, entrepreneur Garry Cooper, urban renewal expert Anika Goss, and conservationist Alysa McCall.
Original broadcast date: September 8, 2023.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at: plus.npr.org/ted

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

We all work in teams, from families, to companies, and everything in between. So what's the secret to doing it better? This hour, TED speakers share surprising strategies for successful teamwork. Guests include activist Hajer Sharief, social psychologist Amy Edmondson and private equity investor Pete Stavros.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at: plus.npr.org/ted

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy