#credentials

[ follow ]
vulnerability
Developer Tech News
3 months ago
Information security

GitHub rotates credentials following vulnerability discovery

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials.
GitHub addressed another high-severity vulnerability this week that could have allowed elevation of privilege. [ more ]
TechRepublic
11 months ago
Information security

How business email compromise attacks emulate legitimate web services to lure clicks

New BE cyberattacks use phishing with a legitimate Dropbox link as a lure for malware and credentials theft.Threat actors have added a new wrinkle to traditional business email compromise cyberattacks.Call it BEC 3.0 - phishing attacks that bury the hook in legitimate web services like Dropbox.Avanan, a unit of Check Point Software, has tracked a recent example of this attack family, in which hackers created free Dropbox accounts to grab credentials or hide malware in legitimate-looking, contextually relevant documents such as potential employees' resumes.
SecurityWeek
11 months ago
Information security

Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation

Vulnerabilities in Netgear's NMS300 ProSAFE network management system allow attackers to retrieve cleartext credentials and escalate privileges, cybersecurity firm Flashpoint reports.The tool provides users with a web-based interface for network device management.It uses TCP port 8080 for communication and supports administrator accounts and lower-privileged operator and observer account roles.
SecurityWeek
11 months ago
Privacy professionals

Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services

A Russian espionage group tracked as Nomadic Octopus has been observed spying on Tajikistan's high ranking government officials, public service infrastructures, and telecoms services, likely by infiltrating a mobile phone carrier, cyber threat intelligence company Prodaft reports.Active since at least 2014 and also referred to as DustSquad, Nomadic Octopus is known for the targeting of individuals and diplomatic entities in Central Asia, mainly in Afghanistan and former Soviet Union countries.
Theregister
1 year ago
Information security

Cisco reveals PoC attacks for flaws in rival Netgear's kit

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022.
ComputerWeekly.com
1 year ago
Privacy professionals

Vidar, nJRAT re-emerge as prominent malware threats in January | Computer Weekly

Negro Elkha - stock.adobe.comBy
The veteran Qbot or Qakbot banking trojan, the Lokibot commodity infostealer, and the AgentTesla remote access trojan (RAT) were the most prevalent malwares observed during January 2023, according to the latest monthly Global threat index from Check Point, but the first few weeks of the year also saw the return of the Vidar infostealer and njRAT malware, following a number of new campaigns.
morevulnerability
US news
www.nytimes.com
10 months ago
US news

The war is an afterthought at the St. Petersburg forum, once a marquee event for Putin.

The annual international economic forum opening in the Russian city of St. Petersburg on Wednesday has long been the country's premier event for attracting Western investors, and, at first glance, the agenda this year seems to indicate that the Kremlin's invasion of Ukraine changed little.Planned panel topics include Russia as a Global Tech Hub and The Arctic: Territory of Investment Opportunities and Vivid Travel, while the word war never appears even if euphemisms crop up repeatedly, such as the evolving circumstances or the military-political crisis in Europe.
www.nytimes.com
11 months ago
US news

Campaign, Interrupted: Pence May Run, but He Can't Hide From Trump's Legal Woes

Former Vice President Mike Pence, seemingly in his element as he addressed a gathering of evangelical Christians in Iowa this month, was speaking of the greatest honor of my life, serving in an administration that turned this country around by rebuilding the military, securing the southern border, and unleashing American energy.
www.nytimes.com
1 year ago
US news

DeSantis, Breaking Silence on Trump, Criticizes Manhattan Prosecutor

Gov. Ron DeSantis of Florida on Monday broke his silence about the potential indictment of his state's most famous resident, former President Donald J. Trump, attacking the Manhattan district attorney pursuing the case but also pointedly noting the personal conduct over which Mr. Trump is being investigated.
moreUS news
applications
Tomayac
10 months ago
Web frameworks

Web Apps on macOS Sonoma 14 Beta

Executive summary ????

With macOS Sonoma, Apple goes all-in on the concept of installable web apps.They're highly integrated in the overall macOS experience and don't give away their web roots by not showing any Safari UI at all.Testing environment ????

Tested on macOS Sonoma 14.0 Beta ( 23A5257q) with Safari version 17.0 ( 19616.1.14.11.11).
Coding Dojo
10 months ago
Software development

Coding Dojo Alumni Success | Heather D

Disclaimer: Coding Dojo cannot guarantee employment, salary, or career advancement.The experience of this alumnus/alumna may not be representative of all students.Worked as a part-time orchestra teacher at a public middle school, business owner and private teacher of her own private studio, and as a gig musician
Felt overworked, underpaid, under-appreciated, and trapped with no upward mobility
Was exhausted, and often ran into challenges making ends meet no matter how hard she worked




Works as a web developer and is learning what the tech world is like and what it has to offer
Has newfound problem solving skills and made great connections with classmates
Plans to expand her skill set by learning more React and some Node.js in the future


Program: Online Part-Time Accelerated Software Development
"I left bootcamp with a newfound appreciation for "sitting in the struggle."
TechRepublic
10 months ago
Information security

Improve your app security on Azure

1. Leverage Azure Security Center to monitor security threats and vulnerabilities related to your applications.
2. Utilize Azure's built-in security and identity management features to improve the security of your applications.
3. Take advantage of Azure's secure development lifecycle practices to ensure your applications are
SecurityWeek
11 months ago
Privacy professionals

New Android Trojans Infected Many Devices in Asia via Google Play, Phishing

Security researchers are warning that two new Android trojans have been observed targeting users in Southeast and East Asia.One of them has amassed hundreds of thousands of installs via Google Play.Dubbed Fleckpe, the first malware family has been active since 2022, being distributed via malicious applications in Google Play, Russian cybersecurity firm Kaspersky reports.
Azure DevOps Blog
1 year ago
DevOps

Introducing Service Principal and Managed Identity support on Azure DevOps - Azure DevOps Blog

Angel Wong
This feature is in public preview.We are proud to announce that Service Principals and Managed Identities can now be used to authenticate with Azure DevOps.For those who have not heard of them before, these Azure Active Directory identities enable teams to gain access to your Azure DevOps organizations acting as their own application, not as a human user or service account.
SecurityWeek
1 year ago
Privacy professionals

Why Endpoint Resilience Matters

Last month, LastPass, a password management firm, made headlines by revealing that one of their DevOps engineers had a personal home computer hacked and implanted with keylogging malware, which subsequently led to the exfiltration of corporate data from the vendor's cloud storage resources.The story shines a rare spotlight on the importance of endpoint resilience.
moreapplications
Chicago Tribune
10 months ago
Chicago

Mike Pence launches 2024 presidential campaign

Former Vice President Mike Pence promised "the best days of the greatest nation on earth are yet to come" in a video released Wednesday formally launching his campaign for the Republican nomination for president."Different times call for different leadership," Pence, who served four years alongside then-President Donald Trump, says in the video, released hours ahead of a kickoff event in Des Moines.
Coding Dojo
10 months ago
Software development

Coding Dojo Alumni Success | Halima B

Disclaimer: Coding Dojo cannot guarantee employment, salary, or career advancement.The experience of this alumnus/alumna may not be representative of all students.Worked as a Network Administrator
Grew up in Nigeria and moved to the U.S. two years ago
Did not enjoy her job and wanted something better




Works as a Data Scientist
Has newfound motivation, confidence, and other soft skills
Dreams of reaching the peak of her career as a data scientist, as well as establishing a data science and analytics company in Nigeria


Program: Online Part-Time Data Science
"But after I got the job, it turned out that I actually have what it takes to start my journey as a data scientist.
SecurityWeek
11 months ago
Privacy professionals

Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) are warning critical infrastructure organizations of the BianLian ransomware group's attacks.Active since at least June 2022, the gang has been observed gaining access to victim networks via remote desktop protocol (RDP) credentials that were likely acquired from initial access brokers or via phishing attacks.
SecurityWeek
11 months ago
Information security

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

Researchers at industrial cybersecurity companies Otorio and Claroty have teamed up to conduct a detailed analysis of products made by Teltonika and found potentially serious vulnerabilities that can expose many organizations to remote hacker attacks.Teltonika Networks is a Lithuania-based company that makes LTE routers, gateways, modems and other networking solutions that are used worldwide in the industrial, energy, utilities, smart city, transportation, enterprise, and retail sectors.
SecurityWeek
1 year ago
Privacy professionals

CISA, NSA Issue Guidance for IAM Administrators

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week announced new guidance for identity and access management (IAM) administrators.A framework for the management of digital identities, IAM covers the business processes, policies, and technologies that ensure user access to data.
SecurityWeek
1 year ago
Information security

US Government Warns Organizations of LockBit 3.0 Ransomware Attacks

The Federal Bureau of Investigation (FBI), the Cybersecurity and Information Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) this week issued an alert on the LockBit 3.0 ransomware operation.Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure entities and using a variety of tactics, techniques, and procedures (TTPs).
TechRepublic
1 year ago
Information security

Learn the basics of cybersecurity with this $60 web-based training package

The Premium Ethical Hacking Certification Bundle features eight courses that introduce students to the fundamentals and prepare them to earn important credentials from CompTIA.The threat of a cyber attack is always looming, so experts advise companies to bolster their IT security budgets on the regular.
ESPN.com
10 months ago
Real Madrid

Mexico's Big Board: Who'll make Nations League, Gold Cup squads and why?

It's fair to say that there's cautious optimism right now for Mexico's men's national team.In a new era under manager Diego Cocca, who was hired in February after Mexico's dismal group stage exit in last year's World Cup, El Tri have kicked off 2023 with a three-game undefeated run.Advancing to the 2022-23 Concacaf Nations League knockout round with a win (2-0 vs. Suriname) and a draw (2-2 vs. Jamaica), as well as making things difficult for the U.S. men's national team in a 1-1 draw during an April friendly, Cocca has done a decent job of laying down a foundation that focused on his pragmatic style of play.
time.com
10 months ago
US politics

Pence Officially Launches Presidential Bid: 'Different Times Call for Different Leadership'

DES MOINES, Iowa Former Vice President Mike Pence promised the best days of the greatest nation on earth are yet to come in a video released Wednesday formally launching his campaign for the Republican nomination for president.Different times call for different leadership, Pence says in the video, released via Fox News and Twitter hours ahead of a kickoff event in Des Moines.
www.nytimes.com
11 months ago
US politics

States' Push to Protect Kids Online Could Remake the Internet

People in Louisiana who visited Pornhub in recent months were met with a surprising new demand.Before they could stream sexually explicit videos, they had to provide proof that they were at least 18.That's because Louisiana lawmakers had passed legislation last year requiring publishers of online material that could be harmful to minors to verify that their users were adults.
www.cnn.com
1 year ago
US politics

Senate committee set to vote on Biden's embattled FAA nominee

The Senate Committee on Commerce, Science, and Transportation is scheduled to vote on President Joe Biden's pick to lead the Federal Aviation Administration on Wednesday morning marking a consequential moment for the embattled nominee and the agency, which is attempting to address a slew of major challenges.
Ars Technica
10 months ago
Gadgets

Google Wallet for Android now supports digital IDs

Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs.Google says the feature is rolling out this month, and it will slowly start bringing states online this year.Of course, your state has to be one of the few that actually supports digital IDs.Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them."
Medium
10 months ago
Vue

DynamoDB Version Control Using Sort Keys and Atomic Versioning in Next 13, TypeScript and AWS-SDK

I am creating an application where I am collecting applications from people.The business logic states that we can get many applications from one person, typically once per year.I went down the path of whipping up a DynamoDB table, and then I realised I can really leverage the value of Sort Keys.I figured I would write a blog post about it.
Speckyboy Design Magazine
10 months ago
Graphic design

25 Best Free Resume Templates for Figma in 2023

Let's face it: today's job market is tougher than ever.We work in a competitive global landscape, and it can be difficult to stand out!That's where a powerful and striking resume design comes in.But hiring managers may see hundreds of resumes.How can you help ensure that yours gets noticed?Resume templates for Figma are a great starting point.
Inverse
11 months ago
Graphic design

How To Use Adobe Firefly For Generating AI Images and Graphics

Adobe has created industry-standard creative tools for almost 40 years, but that doesn't mean it's run out of tricks just yet.Now, with an influx of new generative AI, Adobe is following in the footsteps of companies like OpenAI, Microsoft, and Google to augment tools like Photoshop with an added dose of AI capabilities.
Creative Bloq
11 months ago
Graphic design

Alienware m17 R5 review: sleek, powerful gaming laptop is a creative keeper

The Alienware m17 R5 is, for those au fait with Dell's naming conventions for its gaming laptops, the fifth iteration of its 'mid-spec' gaming portable.Sporting a sharp 17-inch screen, Alienware's well-established and stylish aesthetics get a subtle upgrade on the outside and a slightly less subtle one on the inside.
The Code Barbarian
11 months ago
JavaScript

Introducing Private Preview for Stargate-Mongoose Astra Support

1. Mongoose Astra is introducing a private preview, allowing developers to try out their new database service. 2. Mongoose Astra is a fully managed, cloud-native database service that is compatible with existing MongoDB applications. 3. Mongoose Astra is a scalable and cost-effective
Medium
1 year ago
JavaScript

v0.2.0 Envio-The Modern And Secure CLI Tool You Absolutely Need Environment Variables

Hey everyone 👋!If you have been living under a rock and have no idea what envio is, check out another article that I wrote:
After that article envio went from 0 to 245 stars on github!With the release of version v0.2.0, envio now includes a new envio launch subcommand that makes it even easier to manage your environment variables.
LogRocket Blog
1 year ago
JavaScript

Debugging GraphQL APIs with Insomnia - LogRocket Blog

According to the official documentation, GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data.GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful dev tools.
GitHub
11 months ago
JavaScript

GitHub - Azure-Samples/contoso-real-estate: Enterprise-grade Reference Architecture for JavaScript

1. Azure Samples provides a comprehensive repository of code samples for leveraging Azure services for creating real estate applications.
2. Contoso Real Estate is an example of a real estate application which leverages several Azure services, such as Azure Storage, Azure Functions and Azure Cosmos DB.
3. Cont
www.nytimes.com
11 months ago
Sports

Haney and Lomachenko Give Lightweight Boxing a Stirring Matchup

LAS VEGAS Forty minutes into an April workout, Devin Haney, the undisputed lightweight champion, stalked across the ring at the Top Rank Gym to throw punches at a coach wearing target mitts, a thick body pad and, as the session continued, a grimace.A string of jabs and a crisp right hand.A pivot, and some thudding body blows.
SecurityWeek
11 months ago
Information security

Access to Energy Sector ICS/OT Systems Offered on Hacker Forums

Threat actors have been offering access to energy sector organizations, including industrial control systems (ICS) and other operational technology (OT) systems, according to a new report from Searchlight Cyber.The UK-based threat intelligence company has conducted an analysis of posts published between February 2022 and February 2023 on cybercrime forums, dark web sites, and marketplaces, and found many offers for initial access into the environments of energy sector organizations, including oil and gas and renewable energy firms in the US, Canada, UK, Italy, France and Indonesia.
ITPro
11 months ago
Privacy professionals

The rise of identity-based cyber attacks and how to mitigate them

Identity-based cyber attacks are an increasing weapon of choice the more we work in a world increasingly reliant on identity-based authorization.This means, in essence, stealing or faking our passwords or other login credentials.In response, organizations are adding new layers of authentication, which, inevitably, cyber criminals work to find ways through or around.
TechRepublic
1 year ago
Artificial intelligence

How to use GPTZero to check for AI-generated text

GPTZero can tell you whether a document, report or other item was possibly written by a human or by AI.Here's a step-by-step guide on using GPTZero for this purpose.With the popularity of ChatGPT, many people are starting to rely on AI to generate emails, documents, reports and other content that they would normally have tried to write on their own.
www.cnn.com
1 year ago
US news

The Coast Guard renewed a mariner's ability to work at sea after he was accused of rape. Now, the agency is trying to keep him off ships | CNN

More than a year after a student told the US Coast Guard she was plied with alcohol and raped by her boss while training at sea, the agency is going after her alleged assailant's ability to work on commercial ships.Coast Guard officials filed administrative charges against mariner Edgar Sison for alleged alcohol violations stemming from the rape accusations on Friday, a day after CNN reported that the agency had not taken any disciplinary measures against Sison and had even renewed his government-issued credential.
Azure DevOps Blog
11 months ago
DevOps

GitHub Advanced Security for Azure DevOps public preview starts now! - Azure DevOps Blog

Aaron Hallberg
In October of last year we announced that GitHub Advanced Security was coming to Azure DevOps, starting with a private preview in November.Since then, we've been working hard on the product and incorporating feedback from our private preview customers.Today, we are excited to announce that GitHub Advanced Security for Azure DevOps is available to everyone in a public preview!
TechRepublic
11 months ago
Information security

How to manage and share files online using NordLocker

With NordLocker, you can store, manage and share individual files.Learn how with this step-by-step guide.If you're looking for a secure place to store, manage and share files in the cloud, one option is NordLocker.With a free or paid NordLocker account, you can secure your cloud storage with both a regular password and a master password.
SecurityWeek
11 months ago
Information security

Discord Informs Users of Data Breach Involving Customer Support Provider

VoIP and instant messaging social platform Discord is notifying users that some of their information was compromised in a cybersecurity incident at a third-party services provider.Late last week, the company informed users that a "third-party customer service agent's support ticket queue" was accessed without authorization, resulting in user email addresses, contents of customer service messages, and attachments being compromised.
SecurityWeek
11 months ago
Information security

Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

Industrial and IoT cybersecurity firm Claroty on Thursday disclosed the details of five vulnerabilities that can be chained in an exploit potentially allowing threat actors to hack certain Netgear routers.The vulnerabilities were first presented at the 2022 Pwn2Own Toronto hacking competition, where white hat hackers earned a total of nearly $1 million for exploits targeting smartphones, printers, NAS devices, smart speakers and routers.
SecurityWeek
11 months ago
Information security

New 'Greatness' Phishing-as-a-Service Targets Microsoft 365 Accounts

For roughly a year, a new phishing-as-a-service (PaaS) offering has been used to target Microsoft 365 accounts in the manufacturing, healthcare, technology, and real estate sectors, Cisco's Talos security team warns.Dubbed ' Greatness ', the service has been used in several phishing campaigns since mid-2022, mainly targeting organizations in the US, with other victims in the UK, Australia, Canada, and South Africa.
ITPro
11 months ago
Information security

As Google launches passwordless authentication for all, what are the business benefits of passkeys?

Google has announced that users can now create and use passkeys on personal Google accounts, marking another leap towards a potential passwordless future for businesses.In an announcement this week, the tech giant revealed that users will be able to ditch their traditional passwords and two-factor authentication processes when signing into accounts.
TechRepublic
11 months ago
Information security

Google's 2FA app update lacks end-to-end encryption, researchers find

Data synced between devices with the new Google Authenticator app update could be viewed by third parties.Google says the app works as planned.On April 25, security researchers Tommy Mysk and Talal Haj Bakry, who are known collectively on Twitter as Mysk, warned users of Google's Authenticator 2FA app to not turn on a new syncing feature.
BBC Sport
11 months ago
Soccer (FIFA)

'The car's changing direction' - how City's SWPL title drama unfolded

Naturally, a final-day Scottish title fight is going to be hard pressed to avoid the tagline of Helicopter Sunday - the famous 2005 about turn for the destination of the men's Scottish league trophy when Motherwell's late double against Celtic handed the title to Rangers.Rather less ostentatiously, the Scottish Women's Premier League title was never airborne on Sunday evening.
www.theguardian.com
11 months ago
Europe politics

What happened in the Russia-Ukraine war this week? Catch up with the must-read news and analysis

Every week we wrap up the must-reads from our coverage of the Ukraine war, from news and features to analysis, visual guides and opinion.G7 leaders seek unity on Ukraine and China at Japan summit US president Joe Biden arrives at the G7 summit in Hiroshima, Japan.Photograph: Brendan Smialowski/AFP/Getty Images The leaders of the G7 group of wealthiest nations are meeting in Hiroshima this weekend to discuss war; how to prosecute one in Ukraine and how to prevent one with China, Patrick Wintour writes in his analysis of the G7.
www.theguardian.com
11 months ago
UK politics

UK unveils new sanctions against Russia as Rishi Sunak arrives at G7 talks

The UK has unveiled a swathe of new sanctions against Russia, as Rishi Sunak arrived at the G7 summit in Japan with a self-declared mission to push India into showing greater support for Ukraine.Flying into Hiroshima for the three-day gathering of world leaders and becoming the first British prime minister to visit the city destroyed by a US atomic bomb in 1945, Sunak announced a UK ban on imports of Russian diamonds and Russian-origin copper, nickel and aluminium, with other G7 members expected to follow suit.
Mission Local
11 months ago
Mission District

Potrero, Sunnydale public housing mismanaged by private firm, city report says

The sprawling, 54-building Potrero Terrace-Annex public housing complex is being mismanaged by the private company in charge of day-to-day operations, according to a review of the firm's performance by San Francisco city officials obtained via public records request.The management firm, Eugene Burger Management Corporation, was out of compliance in all five metrics tracked in January and failed four of the five metrics in February, according to a report by the San Francisco Housing Authority of the management firm's contract serving public housing units in the Potrero Terrace-Annex and Sunnydale.
Yanko Design - Modern Industrial Design News
11 months ago
Design

Does your home need an air-purifier? This Air Quality Monitor helps detect more than 20 common air pollutants - Yanko Design

Designed to be no larger than a Mac Mini, the IAQ is the first comprehensive home air quality monitor, with the ability to detect up to 20 common indoor air pollutants in real-time.The IAQ device includes an array of sensors that work right out of the box, monitoring your indoor air quality better than your smoke alarm or any other smart home device you may have.
LawSites
11 months ago
Law

There's A New Top-Level Domain for Lawyers: '.esq'

Google has announced the release of eight new top-level domains that include one specifically designed for lawyers and law firms, ".esq,"based on the abbreviation of esquire that lawyers use to show they are admitted to practice.Google says the new domain for lawyers is "perfect for showing off your credentials."
laterallink.com
1 year ago
Law

Back To Normal: A Reality Check On The Associate Lateral Market

If you're an associate entering the lateral market, I have good news and bad news.The good news?Despite all the talk of recession, the lateral market remains open for business.The bad news?The days of minimal scrutiny and massive sign-on bonuses are behind us.For associates whose conception of the lateral market was forged in the chaotic, unprecedented period from late 2020 through mid-2022, a reality check is in order.
www.dailynews.com
11 months ago
Health

4 considerations when choosing a health and wellness coach

It's routine to have regular checkups with your physician, dentist and other specialists, but have you ever worked with a health coach as part of your healthcare team?If you are focused on wellness and reaching health-related goals, health coaching may be right for you.Similar to how an athletic coach can help with sports performance, a health and wellness coach helps others live a healthy life.
www.nytimes.com
11 months ago
Wellness

How to Choose the Fitfluencers' to Follow, and the Ones to Avoid

According to some estimates, Instagram is home to around 50,000 fitness influencers, most claiming to have the secrets to a healthy lifestyle.While some share science-backed helpful tips, others promote fitness advice that's misguided at best and dangerous at worst.In a new study, researchers found that nearly two-thirds of the 100 most popular fitfluencer a term that can describe any influencer who posts content related to fitness lacked sound advice or posted messages that could negatively affect people's mental and physical health by, say, promoting exercise as a tool to become skinnier.
Medium
11 months ago
Data science

Using Azure ML to Train a Serengeti Data Model for Animal Identification

Article on Azure ML by Bethany Jepchumba and Josh Ndemenge of Microsoft In this article, I will cover how you can train a model using Notebooks in Azure Machine Learning Studio.To get the data, you will need to follow the instructions in the article: Create a Data Solution on Azure Synapse Analytics with Snapshot Serengeti - Part 1 - Microsoft Community Hub, where you will load data into Azure Data Lake via Azure Synapse.
DevOps.com
11 months ago
Business intelligence

Why We Need to Rethink Data Pipelines

By: Dima Spivak on
Data is the fuel that powers modern business.But as demand for data surges, so does the pressure on data leaders and practitioners to deliver it.Businesses need resilient data pipelines that deliver critical insight for real-time decision-making to users on demand.However, against the backdrop of today's chaotic modern data ecosystems, this is much easier said than done.
Marcin Wanago Blog - JavaScript, both frontend and backend
1 year ago
JavaScript

API with NestJS #101. Managing sensitive data using the AWS Secrets Manager

When managing the architecture of our system, we often deal with sensitive data.It's our job to ensure they don't fall into the wrong hands.An excellent example of confidential information is the database password and the Json Web Token secret key.In this article, we explore how we can use the AWS Secrets Manager to increase the security of our NestJS application.
Theregister
1 year ago
Privacy professionals

Here's how Chinese spies exploited a critical Fortinet bug

Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers.Fortinet fixed the path transversal vulnerability in FortiOS, tracked as CVE-2022-41328, earlier this month.
SecurityWeek
1 year ago
Privacy professionals

NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust

The National Security Agency (NSA) this week published guidance to help system operators mature identity, credential, and access management (ICAM) capabilities to improve their cyberthreat protections.Immature ICAM capabilities pose a risk to critical infrastructure, national security, and defense industrial base (DIB) systems, but improvements can be made by integrating zero trust principles and designs into enterprise networks.
Social Media Explorer
11 months ago
Online marketing

Driving Lessons Are Essential for Drivers: Building Confidence on the Road

For many people, learning to drive is a significant turning point.While some may be able to learn the basics from friends or family, taking driving lessons is essential for becoming a confident and safe driver.Affordable Driving Lessons in Calgary can help to build the skills and confidence needed to be a responsible driver on the road, by teaching the basics of driving, providing practice behind the wheel, and introducing drivers to the rules of the road.
Social Media Explorer
11 months ago
Online marketing

How Driving Instructors Tailor Instruction to Meet Students' Needs

Learning to drive can be a daunting task for anyone, especially for those who have never been behind the wheel of a car.However, with the help of a good driving instructor, the process can be made much easier.In this article, we'll explore how Driving Instructor Kelowna BC tailors their instruction to meet the individual needs of their students.
Los Angeles Times
11 months ago
California

Two USC journalism students covering NFL draft arrested in jersey thefts

Two USC journalism students covering the NFL draft were arrested while boarding a plane back to Los Angeles in the theft of more than $1,000 worth of first-round-draft-pick jerseys, according to the Kansas City (Mo.)Police Department.The students, Eric Lambkins II and Jude Ocañas, had been in Missouri last week covering the NFL draft for the student-run multiplatform news outlet known as Annenberg Media, which operates under the USC Annenberg School for Communication and Journalism, according to USC's journalism school publication.
SecurityWeek
11 months ago
Privacy professionals

Meta Swiftly Neutralizes New 'NodeStealer' Malware

Facebook parent company Meta says it disrupted a novel malware family within weeks after it emerged earlier this year.Dubbed NodeStealer, the threat was designed to steal cookies and usernames and passwords from browsers such as Chrome, Edge, Brave, and Opera, to compromise online accounts.A custom JavaScript malware first observed in January 2023, NodeStealer is likely of Vietnamese origin, being distributed disguised as PDF and XLSX files.
ITPro
11 months ago
Privacy professionals

There's only one way to avoid credential stuffing attacks

Back in December 2022, PayPal didn't suffer a data breach, but nearly 35,000 of its customers had their accounts accessed by an unauthorized party over the course of three days.Wait a minute, I hear you say; why isn't that a PayPal data breach, then?It's a tricky one, truth be told, but the account access didn't happen as a result of any compromise of PayPal security systems.
SecurityWeek
11 months ago
Privacy professionals

Google Obtains Court Order to Disrupt CryptBot Distribution

Google this week announced that it has obtained a court order that helped it disrupt the CryptBot information stealer's distribution.Initially designed to harvest and exfiltrate sensitive information such as credentials, cryptocurrency wallets, and more, CryptBot was also seen distributing banking trojans.
SecurityWeek
1 year ago
Privacy professionals

'Nexus' Android Trojan Targets 450 Financial Applications

The Nexus Android banking trojan is being promoted on underground forums as a new botnet, under the malware-as-a-service (MaaS) business model, according to fraud prevention firm Cleafy.The trojan was initially announced in June 2022, but was active months before that.Starting January 2023, however, its authors started promoting it as a botnet, at $3,000 per month for a MaaS subscription.
ComputerWeekly.com
1 year ago
Privacy professionals

NCSC launches cyber check-up tools for SMEs | Computer Weekly

The UK's National Cyber Security Centre (NCSC) is today launching two new services pitched at the country's 5.5 million small businesses, a third of which were targeted by cyber criminals in 2022, but which frequently lack the know-how and resources to effectively respond to the threat and protect their livelihoods.
The Verge
1 year ago
Privacy professionals

Two cybercrime group members charged with last year's DEA portal hack

/
Sagar Steven Singh and Nicholas Ceraolo, who are said to belong to the cybercrime group 'Vile,' allegedly used the information from a federal database to extort their victims.Two men have been charged for their alleged roles in last year's hack of the Drug Enforcement Agency's web portal, as reported earlier by Gizmodo.
Old Trafford Faithful
11 months ago
Manchester United

Man United send scouts to watch AS Roma striker, Tammy Abraham

Man United have had eyes watching AS Roma striker, Tammy Abraham, ahead of a huge summer transfer window.It's no secret that going into the summer transfer window, Manchester United's big need is a new striker.Anthony Martial has looked good during limited minutes due to injuries.His body cannot be trusted.
www.standard.co.uk
11 months ago
Manchester United

Manchester United vs Aston Villa LIVE! Premier League match stream, latest team news, lineups, TV, prediction

M anchester United vs Aston Villa LIVE!Old Trafford is the setting for an intriguing Premier League clash between two high-flying teams this afternoon.Manchester United are 14 games unbeaten at home in the top-flight and can take a giant step towards Champions League qualification with a win here, though saw the momentum gained from their FA Cup semi-final shootout win over Brighton dented by carelessly throwing away a two-goal lead at Tottenham on Thursday night.
Rubyflow
11 months ago
Ruby on Rails

[ANN] httpx 0.23.0 released

https://gitlab.com/honeyryderchuck/httpxhttpx 0.23.0 has been released.HTTPX.get("https://gitlab.com/honeyryderchuck/httpx") HTTPX is an HTTP client library for the Ruby programming language.Among its features, it supports:


HTTP/2 and HTTP/1.xprotocol versions
Concurrent requests by default
Simple and chainable API
Proxy Support (HTTP(S), CONNECT tunnel, Socks4/4a/5)
Simple Timeout System
Lightweight by default (require what you need)


And also:


Compression (gzip, deflate, brotli)
Streaming Requests
Authentication (Basic Auth, Digest Auth, AWS Sigv4)
Expect 100-continue
Multipart Requests
Cookies
HTTP/2 Server Push
H2C Upgrade
Automatic follow redirects
International Domain Names
GRPC
Circuit breaker
WebDAV
Datadog integration
Faraday integration
Webmock integration
Sentry integration


Here are the updates since the last release:
0.23.0 Features :retries plugin: resumable requests
The :retries plugin will now support scenarios where, if the request being retried supports the range header, and a partial response has been already buffered, the retry will resume from there and only download the missing data.
VentureBeat
11 months ago
Data science

New Starburst integration unlocks cross-platform data transformations for dbt users

Boston-based data lake analytics company Starburst today announced an integration with transformation tool dbt Cloud to help users of the platform build data pipelines spanning multiple data sources via one central plane.The integration, which is now live as a dedicated adapter inside dbt Cloud, connects to Starburst's SaaS offering Starburst Galaxy.
SecurityWeek
11 months ago
Information security

Chinese Cyberspies Delivered Malware via Legitimate Software Updates

A Chinese APT actor tracked as Evasive Panda has been observed targeting in-country members of an international non-governmental organization (NGO) with the MgBot backdoor, and the malware was likely delivered through the legitimate update channels of popular Chinese software, cybersecurity firm ESET reports.
SecurityWeek
11 months ago
Information security

Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13

A Cl0p ransomware operator affiliated with the FIN11 and TA505 threat actors has been exploiting recently patched PaperCut vulnerabilities since April 13, Microsoft says.Impacting the PaperCut MF/NG print management system and tracked as CVE-2023-27350 (CVSS score of 9.8), the issue can be exploited to bypass authentication and achieve remote code execution (RCE) with System privileges.
Washingtonian - The website that Washington lives by.
1 year ago
Washington DC

What TikTok Tax Advice Gets Wrong And Who to Go to Instead

TikTok offers a font of information at the swipe of your finger, with creators claiming authority on topics from home improvement and hair care to parenting and medicine.Even taxes aren't immune from the TikTok effect: Short videos sharing advice for how to hack your taxes are abundant on the app, and videos under #taxtips have more than 185.3 million views.
Calm Sage - Your Guide to Mental and Emotional Well-being
1 year ago
Mental health

Child Counseling: 7 Most Effective Counseling Techniques

There are various counseling options available for children but most of them are not as effective as they appear to be.If you think your child needs to be counselled for their behavior, traumatic issues, or any other issues, you might want to look for more effective counseling techniques.We completely understand that child therapy is not an easy topic to discuss with guardians.
TechRepublic
1 year ago
Information security

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit.Learn how to protect your business from this AitM campaign.New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign.
ComputerWeekly.com
1 year ago
Career

Everywoman in Tech Forum 2023: What it means to be an authentic tech leader | Computer Weekly

"I got this recruitment letter from a high-tech company that said, 'We're particularly interested in you as a female thought leader'," Radia Perlman, fellow for Dell Technologies and inventor of Spanning Tree Protocol, told the 2023 Everywoman in Tech Forum."I wasn't interested in the job, so I didn't reply," she said.
www.aljazeera.com
1 year ago
Europe news

China foreign minister urges solution to Ukraine war in rare call

Qin Gang in phone call with counterpart Dmytro Kuleba expresses concern that war with Russia could spin out of control.China's Foreign Minister Qin Gang has told his Ukrainian counterpart that Beijing is concerned about the war against Russia spinning out of control and urged talks on a political solution with Moscow.
Nieman Lab
1 year ago
Media industry

Goodbye, newspapers on Kindle: Amazon stops selling newspaper and magazine subscriptions

It doesn't matter whether they're for your Kindle or in print - starting this week, Amazon will no longer sell print or digital newspaper and magazine subscriptions.Publishers were alerted to the coming change in December, and subscribers were notified last week.(If you have any of these subscriptions, you can see the timing for how they'll be phased out; you won't lose money.)
TechRepublic
1 year ago
Information security

Attack campaign on edge appliance: undetected since 2021 and resists firmware update

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates.As reported by a new Mandiant research document, a new malware is made of several bash scripts and a single Executable and Linkable Format (ELF) binary file identified as a TinyShell backdoor variant.
www.vice.com
1 year ago
Privacy professionals

Ransomware Group Claims Hack of Amazon's Ring

Image: Chip Somodevilla/Staff Hacking.Disinformation.Surveillance.CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.A ransomware gang claims to have breached the massively popular security camera company Ring, owned by Amazon.The ransomware gang is threatening to release Ring's data.
TechRepublic
1 year ago
Information security

SYS01 stealer targets Facebook business accounts and browser credentials

The SYS01 infection chain uses DLL sideloading to steal information.Learn how to protect your business from this cybersecurity threat.Morphisec, a security solution provider based in Israel, has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers' credentials.
www.mediaite.com
1 year ago
World news

Energy Sec. Granholm Claims U.S. Can Learn' From China on Climate Change to Combat Existential Threat'

Department of Energy Secretary Jennifer Granholm declared at South By Southwest that climate change is an existential crisis and the U.S. can learn from China.During an exchange with Wajahat Ali at the multi-day Texas event, Granholm made an excited pitch for people to attend an upcoming talk by her on climate change.
www.nytimes.com
1 year ago
Women in technology

Opinion | Nikki Haley's Resume Is Perfect. It Might Not Matter.

Last month, I listened to my former colleagues on Slate's Political Gabfest podcast discuss Nikki Haley after she declared her run for president.John Dickerson, also of CBS News, explained that in a pre-Donald Trump world, you could make a strong case about Haley's credentials for the job: She comes from an important primary state.
Theregister
1 year ago
Information security

Reddit reveals security incident

Colorful web forum Reddit has revealed it has suffered a security breach.In a post titled " We had a security incident.Here's what we know" Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5 "we became aware of a sophisticated phishing campaign that targeted Reddit employees."
SecurityWeek
1 year ago
Privacy professionals

Documents, Code, Business Systems Accessed in Reddit Hack

Reddit on Thursday informed users that its systems were hacked as a result of what the company described as a sophisticated and highly targeted phishing attack aimed at employees.According to Reddit, the intrusion was detected on February 5.The hackers gained access to some internal documents, source code, internal dashboards and business systems.
ComputerWeekly.com
1 year ago
Privacy professionals

Social media platform Reddit breached in phishing attack | Computer Weekly

Social media platform Reddit has moved to reassure its users that their data is secure, after a cyber attack on its systems that saw an unspecified threat actor gain unauthorised access to a limited number of internal documents, code and some internal business systems.The data breach first came to light on Sunday 5 February, when Reddit's security team became aware of the "sophisticated" and targeted phishing attack, where Reddit employees were targeted with seemingly plausible email prompts that directed them to a cloned version of its intranet gateway.
Silver Screen and Roll
1 year ago
LA Lakers

5 potential buyout candidates for the Lakers

The Lakers completely reworked their roster at the trade deadline, bringing in five new faces in the 24 hours before the deadline and six if you include Rui Hachimura, who was acquired in the weeks beforehand.Impressively, through all that dealing, the Lakers maintained an open roster spot to use in the buyout market.
Silver Screen and Roll
1 year ago
LA Lakers

Woj: Lakers interested in extending D'Angelo Russell, possibly signing Danny Green on buyout market

Even after an extremely active NBA trade deadline that saw Lakers general manager Rob Pelinka swap out six of the team's 14 players for six new ones, the team may still not be done with business yet.According to NBA insider Adrian Wojnarowski - during a series of media appearances over the last 24 hours - the team may be interested in extending new (re)acquisition D'Angelo Russell, and potentially bringing back another former Laker: Danny Green.
Bklyner
1 year ago
Education

Deputy Secretary of Education Visits Brooklyn STEAM Center For Its Magic Formula

Education"A deep sense of belonging and well-being in a very rich academic environment that leads to well-paying jobs and careers that make a difference in the community.That's the magic formula," Marten says."And we want to see that replicated everywhere."The Brooklyn STEAM Center hosted the U.S. Deputy Secretary of Education Cindy Marten Wednesday morning, offering her a glimpse of what can be done when education and industry leaders work together to develop the kind of vocational training - also known as Career Technical Education (CTE) - that quickly leads to well-paying jobs for high school graduates.
www.nytimes.com
1 year ago
World politics

A National Medical License May Ease Canada's Doctor Shortages

It won't end the pronounced shortage of physicians that's plaguing many parts of Canada.But the Canadian Medical Association has an idea that it thinks might help.Image Applying for a medical license in another province is costly and time-consuming.Credit...Jackie Dives for The New York Times Its proposal seems simple: a single medical license that allows doctors to practice without restrictions anywhere in the country.
Boston.com
1 year ago
Boston Bruins

Why Jake DeBrusk's return can't come soon enough for the Bruins

Bruins "I just missed scoring goals."After missing more than a month of action with both a reported broken fibula and hand injury, Jake DeBrusk knows the Bruins will be cautious with him over the next week.But after sitting on the shelf for such an extended stretch, DeBrusk hopes those protective measures don't last very long.
Insidehighered
1 year ago
Higher education

Chinese food cost complainer sues over Harvard tenure denial

A Harvard University professor who was publicly scorned in 2014 over his reaction to being overcharged for Chinese takeout didn't earn tenure.On Tuesday, that now former associate professor, Ben Edelman (at right), sued Harvard over that rejection.Now an economist at Microsoft, Edelman received four degrees, including a law degree, from Harvard; joined the faculty there at age 26; and went on to expose significant online misdeeds, his lawsuit says.
ZDNET
1 year ago
Remote teams

How to use Microsoft Remote Desktop on a Windows 11 PC

Klaus Vedfelt/Getty Images I have an array of computers scattered around my home and home office that I use for testing and other tasks.And when I want to connect to and control one, I typically turn to Microsoft's Remote Desktop.Now with Windows 11 nestled on a few of my PCs, I need to be able to use the new version of Windows both as a host and as a guest for my remote sessions.
SecurityWeek
1 year ago
Information security

Atlassian Investigating Security Breach After Hackers Leak Data

A threat actor named SiegedSec, whose members have claimed to be hacktivists, announced on its Telegram channel and hacking forums that it "hacked the software company Atlassian".They made 35 Mb of files public.This includes two image files apparently storing floor plans of Atlassian buildings in San Francisco and Sydney, and one file allegedly containing the information of 13,000 Atlassian employees, including names, email addresses, and phone numbers.
SecurityWeek
1 year ago
Information security

Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks

Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released.Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection.
Riggo's Rag
1 year ago
Washington Redskins

Commanders put the NFC on notice with Eric Bieniemy hire

Appointing Eric Bieniemy as the team's new offensive coordinator represents a major coup for the Washington Commanders heading into 2023.Many doubted the prospect of Eric Bieniemy taking a sideways step and becoming Washington Commanders' offensive coordinator.Those doubters are now eating their words.
SecurityWeek
1 year ago
Information security

GoDaddy Says Recent Hack Part of Multi-Year Campaign

GoDaddy has disclosed another cybersecurity incident and the company believes the attack was part of a multi-year campaign conducted by a sophisticated threat actor.In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected.
[ Load more ]